Independent Audit Verifies Connectria’s Information Security Controls and Processes using NIST 800-53

St. Louis, MO – February 14, 2017 – Connectria Hosting, a global cloud hosting company and founder of the No Jerks Allowed® movement, today announced that it has achieved FISMA Moderate Certification. An independent licensed CPA firm, KirkpatrickPrice performed the FISMA audit which documented the physical, administrative, and technical safeguards Connectria has implemented, as well as the effectiveness of the Connectria’s Risk Management Strategy and how its controls achieve FISMA compliance.

“FISMA is a stringent framework built on guidelines issued by the National Institute of Standards and Technology (NIST),” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “Though NIST standards and guidelines ensure proper levels of information security as it pertains to U.S. federal agencies and assets, it is also designed to be used as guidance by any information technology department, in any industry. We are happy to report that Connectria’s management has demonstrated a commitment to FISMA compliance and consistent adherence to the implementation of best practices as it applies to information security.”

“We’re extremely pleased to achieve FISMA Moderate Certification,” noted Steve Grzybinski, Connectria Director of Security, Compliance & Technology. “For nearly 20 years, Connectria has been a leader in compliance hosting and we’re committed to adhering to the strictest security standards and regulations including SSAE 16 Type II SOC1 and SOC2, PCI/DSS and HIPAA in addition to FISMA. Given our world-class 24/7 Security Operations Center along with our years of experience, Connectria is unique in our ability to deliver the highest levels of security and compliance services for our customers, regardless of whether they’re running systems in our data centers, their data centers, or in public clouds like Amazon Web Services or Microsoft Azure.”

About Connectria Hosting

Since 1996, Connectria (connectria.com) has provided award-winning cloud hosting, remote monitoring and cloud security for more than 1,000 customers in over 30 countries worldwide. At the core of Connectria is our No Jerks Allowed® company philosophy. As The Jerk Free Company®, we’ve established a unique culture where every employee goes “the extra mile” to take care of our customers. Being The Jerk Free Company® extends beyond our people too. We make it easy to do business with us through flexible terms, scalable solutions and straight-forward pricing to serve the technology needs of large and small organizations alike.

About KirkpatrickPrice, LLC

KirkpatrickPrice is a licensed CPA firm, registered with the Public Company Accounting Oversight Board.  By specializing in Service Organization Control Reports (SSAE, SOC 1, SOC 2, SOC 3), security audit services and compliance issues, the firm offers efficient expertise with relevant skills and qualifications for engagements governed by the AICPA and other data security best practices. The firm’s employees are certified with CPA, CISA, CISSP and other certifications critical to the audit process. www.kirkpatrickprice.com.

St. Louis, MO – February 7, 2017 – Connectria Hosting, a global cloud hosting company and founder of the No Jerks Allowed® movement, today announced it has successfully completed its PCI audit and received certification of compliance for PCI DSS 3.2.

The Payment Card Industry Data Security Standard (PCI DSS) provides a baseline of technical and operational requirements designed to protect account data and applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers.

Connectria undergoes an annual audit for PCI DSS compliance as standards and requirements evolve.

PCI DSS 3.2 introduced several new requirements including multi-factor authentication for access to the cardholder data environment, Designated Entities Supplemental Validation (DESV) to ensure ongoing security efforts to protect payments and additional service provider controls such as maintaining documented descriptions of cryptographic architectures, reporting on failures of critical security control systems and executive responsibility for PCI DSS compliance.

KirkpatrickPrice, a licensed CPA and PCI QSA firm, performed the audit and appropriate testing of Connectria’s controls that are relevant to the storing and transmitting of information from credit, debit, or other payment cards. In accordance with the PCI Security Standards Council, KirkpatrickPrice’s Qualified Security Assessors validated Connectria’s PCI compliance.

“Many of Connectria’s clients rely on their systems to process or store sensitive data and protect information,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “As a result, Connectria has implemented best practice controls demanded by their customers to address information security and compliance risks. Our third-party audit validates these controls and the tests we perform provide assurance regarding the services provided by Connectria.”

“Connectria is committed toward ongoing compliance with the PCI DSS requirements,” noted Steve Grzybinski, Connectria Director of Security, Compliance & Technology. “Many of our customers rely upon Connectria’s world-class 24/7 Security Operations Center for secure hosting of their eCommerce applications and protection of cardholder data according to industry standards. We are pleased once again to have received our PCI DSS certification.”

About Connectria Hosting

Since 1996, Connectria has provided award-winning cloud hosting, remote monitoring and cloud security for more than 1,000 customers in over 30 countries worldwide. At the core of Connectria is our No Jerks Allowed® company philosophy. As The Jerk Free Company®, we’ve established a unique culture where every employee goes “the extra mile” to take care of our customers. Being The Jerk Free Company® extends beyond our people too. We make it easy to do business with us through flexible terms, scalable solutions and straight-forward pricing to serve the technology needs of large and small organizations alike. www.connectria.com

About KirkpatrickPrice, LLC

KirkpatrickPrice is a licensed CPA firm, registered with the Public Company Accounting Oversight Board. By specializing in Service Organization Control Reports (SSAE, SOC 1, SOC 2, SOC 3), security audit services and compliance issues, the firm offers efficient expertise with relevant skills and qualifications for engagements governed by the AICPA and other data security best practices. The firm’s employees are certified with CPA, CISA, CISSP and other certifications critical to the audit process. www.kirkpatrickprice.com

#PrivacyAware-Privacy Awareness DayData Privacy Day is here and an important reminder of the value of privacy and security when it comes to protecting our data, both at home and within the workplace. Getting our employees involved in the conversation about being #PrivacyAware is a good place to start in creating a culture of privacy within your organization. Follow us on Twitter @KPAudit to join the conversation and share how you help employees be #PrivacyAware.

In the meantime, here are a few tips we’ve come up with. What other ways are you encouraging employees to be #PrivacyAware?

1. Create a Culture of Privacy

When trying to create any kind of culture, it’s important to recognize that the impact is greater when the stakeholders and leaders are clearly invested. So, when trying to create a culture of privacy within your organization, it’s important to remember that it must start with the tone from the top.

Other great ways to encourage Privacy within your organization can be things such as hanging posters around the office with tips and best practices for ensuring the privacy and security of data.

2. Talk frequently about Privacy and Security

Continuous conversations surrounding privacy and security and what is expected of employees when it comes to protecting sensitive data is a great way to keep these things on the forefront of employees’ minds. How is privacy and security important to your business and what role do your employees play in achieving these business goals? Regular meetings or updates on new privacy and security trends and reminding employees of best practices is a good way to keep the conversation going and keep it relevant.

3. Teach Employees to recognize Phishing and Social Engineering Attacks

Every minute, someone becomes the victim of a phishing attack. Ransomware and social engineering attacks are constantly evolving as the cyber threat landscape grows. It’s more important than ever to teach employees to recognize phishing and social engineering attacks so they can be prepared to avoid giving out sensitive information that could lead to a breach or loss of data. Phishing emails and fake links that look like legitimate websites are still the most common form of attack. Social engineering is another common way to manipulate others into giving out sensitive information and employees should be taught to never give sensitive information out over the phone such as passwords and usernames without thoroughly vetting and verifying the identity of the person on the other end of the line.

There are online resources to help with data privacy awareness training.

4. Utilize a secure wireless network at work and at home

Connecting to free/public Wi-Fi leaves your information vulnerable and at risk. Be sure to connect only to secure networks to ensure data security during transfer over wireless networks. Consider subscribing to a VPN (Virtual Private Network) to reduce the risk of your sensitive information being stolen by cybercriminals. Securing your home network so that others can’t access your wireless network is another best practice for managing privacy and security. It’s important to remember that it’s equally critical to secure the privacy of your data at work and at home.

5. Regularly install updates

Keeping operating systems and applications updated to the latest version is a critical task that must be done to ensure privacy and security of data. Updates are complete with the latest patches for vulnerabilities and bugs, which can be used to exploit your network and gain access to sensitive data. When possible, enable automatic updates to add an extra layer of security and help reduce the risk of being vulnerable to cybercriminal attacks.

Follow us on Twitter @KPAudit and share how you’re helping your employees to be #PrivacyAware. Looking for more ways to get involved in Data Privacy Day? Visit www.staysafeonline.org for details. For a free consultation regarding what you’re currently doing to ensure privacy and security at your organization, contact us today.

Cyber risk has become a hot button issue of today, especially among business owners and stakeholders. With the threat landscape constantly changing and evolving, it’s challenging to stay ahead of these threats and be prepared to ensure the privacy and security of the data we’re responsible for. We can all help each other strive towards common goals of cybersecurity and privacy by starting with the following six tips for making cyber risk a priority:

1. Know Your Data

Start simple by understanding the type of data you store, collect, transmit, or process, and where it is kept. This is a critical step in order to protect your business, your data, and remain secure and compliant. Know your data so you can keep sensitive data secure and private from unauthorized use and disclosure. What kind of data are you protecting? Who has access to this data? Who has unnecessary access? Where do you store this data? Answering these questions can help you gain a better understanding of the measures you need to take and where to start to properly secure your data.

2. Know Your Risks

After you’ve defined your data and identified your assets, the next question you must ask yourself is, what are the risks to my data? What are the things that keep you up at night? Theft? Natural disaster? Disgruntled employee? A regular risk assessment process can help you to analyze vulnerabilities and potential risks and threats to an organization and the organization’s IT systems. Once your risks have been identified, you will rate the impact and likelihood of each security event in order to prioritize risks and determine the best plan for remediation and implement that plan.

3. Encrypt Everything

In light of the steady increase of data breaches across the globe, it’s a no-brainer that we should be encrypting everything. Without encryption we have zero privacy. Encryption protects our data, privacy, customers, and ultimately our business.

4. Use Advanced Authentication

As an information security auditing firm, we regularly preach the importance of password security and using strong passwords to protect access to sensitive data. Adding another form of authentication, known as two-factor authentication, is a great way to add one more layer of security to protecting the data you’re responsible for. Two-factor identification makes it more difficult for hackers because they don’t just need passwords and usernames. Two-factor authentication consists of a combination of two of the following: something you know (password, PIN), something you have (key fob, security card), something you are (biometrics, fingerprint).

5. Create a Culture of Privacy

It’s important to remember that even if you have the strongest controls in place to protect the security and privacy of your data, it won’t matter if those policies and procedures aren’t properly communicated to ALL personnel. Creating a culture of privacy within your organization must start from the top with management and stakeholders and be communicated all the way down to the operations level. Once an organization recognizes how important privacy and security are to those at the top, they will follow suit.

6. Implement Employee Training Programs

You’re only as strong as your weakest link, so the best way to be sure that every employee in your organization is prepared and equipped with security and privacy awareness is by developing and implementing a regular employee training program. Training employees on an annual or semi-annual basis can help keep them up to date on emerging security trends and create employees who are privacy aware. KirkpatrickPrice offers an online security awareness training program, perfect for organizations looking to train employees without butting into operations or the budget.

For more information on how you can make cyber risk a priority and strengthen privacy and security at your organization, contact us today.

More Resources

Auditing Basics: Audit Risk, Control Risk, and Detection Risk

Risk Assessment Checklist – 5 Steps You Need to Know

Security Awareness Training Compliance Requirements: SOC 2, PCI, HIPAA, and More

Independent Audit Verifies PayByPhone’s PCI Compliance

Vancouver, BC – January, 2017 – PayByPhone, a mobile parking and transportation services payment company, announced that it has successfully completed its eighth year of Level 1 PCI-DSS assessments. PayByPhone has received the Report on Compliance (RoC) and Attestation of Compliance for both Merchant and Service Providers.  These reports verify that PayByPhone adheres to the Payment Card Industry Security Data Standard and has the proper internal controls and processes in place to deliver high quality services to its clients and consumers.

KirkpatrickPrice, a licensed CPA and PCI QSA firm, performed the audit and appropriate testing of PayByPhone’s controls that are relevant to the storing and transmitting of information from credit, debit, or other payment cards.  In accordance with the PCI Security Standards Council, KirkpatrickPrice’s Qualified Security Assessors assisted PayByPhone in becoming PCI compliant.

“Investing in PCI compliance and security initiatives solidifies our lead on offering PayByPhone clients and consumers the best mobile payment platform in secure payment options,” explains Kush Parikh, president and CEO of PayByPhone. “Having been the first in the mobile parking industry to gain certification, PayByPhone has set the standard for security management.”

The PCI Data Security Standard is a complex security standard that focuses on security management, policies, procedures, network architecture, software design, and other critical protective procedures.  These security standards are relevant to any merchant or service provider that uses, stores or transmits information from a payment card.

“Many of PayByPhone’s clients rely on their systems to process or store sensitive data and protect information,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “As a result, PayByPhone has implemented best practice controls demanded by their customers to address information security and compliance risks. Our third-party opinion validates these controls and the tests we perform provide assurance regarding the accounts receivables management services provided by PayByPhone.”

About PayByPhone

PayByPhone is one of the fastest growing mobile payments companies in the world, processing more than $300 million in payments annually. Through the company’s mobile web, smartphone and smartwatch applications, PayByPhone helps millions of consumers easily and securely pay for parking without the hassles of waiting in line, having to carry change or risking costly fines. Registration is quick and easy and the app reminds the user when their parking is about to expire, allowing them to top up from anywhere, at any time. www.paybyphone.com

About KirkpatrickPrice, LLC

KirkpatrickPrice is a licensed CPA firm providing assurance services to over 550 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 10 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SSAE 16, SOC 2, HIPAA, PCI DSS, ISO 27001, FISMA, and CFPB frameworks. www.kirkpatrickprice.com.