What’s a VPN and how it can make you safer online

What’s a VPN and how it can make you safer online

In this hyper connected world we live in more and more people go online from places other than home or office; this means using public access points like coffee shops, hotel rooms, a friend’s house, libraries (yeah some people still use them, I personally love them), etc.

The issue with accessing the Internet from “untrusted” networks is exactly that, you really don’t know what level of security (if any) these places offer. In most situations, people simply give you their wi-fi password without even realizing their own network can also be compromised (I’ll write about wi-fi guest access on another post soon).

To add insult to injury, a lot of naive computer users access their on-line banking, email and cloud storage from unsecured and open networks that don’t require any passwords, despite the fact that their own computers label the open networks as unsecured, right there! Here, any bad guy with a medium knowledge of data spoofing can see pretty much everything you’re doing.

If you often connect on the go, then a VPN is the right solution for you!

What’s a VPN? VPN stands for Virtual Private Network and in simple terms, it creates a secured, encrypted “tunnel” between your computer and the Internet location (website or end-point) that nobody can see/hack/steal/spoof/sniff. VPNs were the sole domain of complex IT infrastructures years ago, but today providers like Tunnel Bear have made this technology super available and super easy to use.

In this graphic (courtesy of Microsoft), your computer connects using a “tunnel” to another network called Intranet that could be your online banking website, your Google Drive/Dropbox storage or your Gmail. It is important to mention that Google, Apple, Microsoft and the other big companies offer encrypted access to their servers, and your bank also has plenty of security measures in place to make sure their end of the equation is secured, but they cannot guarantee YOUR side of the connection and it is your sole responsibility to do so. This is why a VPN can serve as the ultimate “piss off” tool to keep hackers away.

In summary, why use a VPN? According to my favourite provider Tunnel Bear:

Hide Your IP Address & Location: Your IP address is the unique number that websites use to determine your physical location and track you across different sites. Use a VPN to keep your IP address private from websites, hackers and advertisers.
Secure Your Data: VPN shields your personal information from prying third-parties and hackers on public WiFi, ISPs and other local networks.
Safe & Convenient Travel: Safely access your email, favorite sites, domestic news and entertainment while travelling abroad. A VPN can bypass restrictions, keep your online activity secure and help you stay connected with life back home.
Block Online Trackers: There are countless ways you are being tracked by advertisers, social media and other companies. a VPN blocks many of the common ways you can be tracked and limit advertisers from tracking everything you and your family do online.

VPN services range from free to about $50-$80 per year. The BIG advantage of paying for a VPN is constant support, reliable service and the convenience of being able to use it on multiple devices (computers, tablets and smartphones). This is definitely a service you should pay for.

Liked the post? Share the love!
Is your business PCI compliant?

Is your business PCI compliant?

If you take credit card payments, you need to know about PCI Compliance.

 

For the past 5 years or so, we have seen an increase on the number of service requests about something called PCI. In a nutshell: client gets email from PCI/his-her bank or merchant provider, client thinks it’s spam, client defaults compliance without knowing it.

 

What is PCI? The Payment Card Industry Data Security Standards (PCI DSS) are designed to provide merchants a single set of requirements for safeguarding sensitive data. These standards have been adopted by all the card brands in conjunction with the PCI DSS. The standards require that all merchants (regardless of their size or type of payment system) that store, process, transmit or have access to cardholder data must be in compliance to protect that data. (Source: Chase)

 

Here’s where the issue stops being a bookkeeping/accounting matter and becomes a complex and perplexing IT ordeal: clients usually get a link or a (very long) PDF file containing an extensive questionnaire about how they store and keep Personal Account Numbers or PANs a.k.a. credit card numbers. Questions like “do you use load balancers?”, “what kind of encryption your business uses?” “when was the last time you ran a vulnerability scan?” and the list goes on an on. Needless to say, our clients try to complete these as much as they can but, in our experience, they don’t get too far when the super geek mumbo jumbo kicks in.

 

Here’s how a typical PCI dashboard from a solution provider looks like:

Source: splunk.com

Business that take credit card payments must comply. In Canada, big players like Moneris and TD Bank offer a suite of services to help large business with multiple locations to manager their PCI Compliance. Small business owners usually work with their IT service providers in getting compliant. Businesses are required to get a “seal of approval” once a year.

 

For more information, the PCI Security Standards Council has an excellent website that provides very useful information about how to protect your data: https://www.pcisecuritystandards.org/merchants/

Liked the post? Share the love!