Skip to content

So now we are in July 2018 and the 3rd quarter has started in earnest, have you completed  your compliance reports for 1st and 2Q?

PCI compliance is just a bunch of check marks right?

Just say your network is secure, the payment transactions are all encrypted, all the employees know what to do in all situations, etc. etc.

Did you perform Risk Analysis as the PCI compliance documents require at PCI Security standards?

Unfortunately if you ever do get breached and you do not have all the paperwork, the fines will make paying an auditor for years chump change.

Contact us to audit or create Compliance security policies.


Worried about Cybersecurity?  Or do you want to improve your Cybersecurity program?

With the new Facebook data leak scandal in the spotlight - are you concerned over how your company deals with customer data?


Our latest blogpost at Oversitesentry: discusses what could happen as the new EU privacy regulations are going to be enforced.

Make no mistake the regulations in America will also change (towards Cyber privacy).  As self-regulation has not worked for the industry.

You may have needed a security policy for PCI(Payment Card Industry) compliance in the past, but you will likely need a way to write down what your policies are, hence the need for a security policy for many regulations today and tomorrow.

Good news on that front  -  At we have a spring cleaning special April - through May   we will offer our Alpha scan at half price.

If you are in need to just discuss some Cybersecurity first - contact us and the half off - still stands.  Half off consulting time and material up to 10 hours.


There are many projects we are involved in, but we have a strict policy of not discussing our projects with the world. For the right project, we are willing to make monetary concessions so that we can use your project as an example on our marketing efforts.   We would never divulge details just general items such as:

Company ABC has improved security policy - performed Alpha scan due diligence.



CISA Certified Information Systems Auditor®


Do you need a fresh perspective?

Is your IT staff overworked? Do they get projects completed on time and under budget?

What is the true value of knowing your Cybersecurity risks and threats?

Does your IT staff have the experience to give you a proper report of your Cybersecurity compliance reports?

CISA certified means Certified Information Systems Auditor. Which means you will get a proper report after a thorough review.

We know that 25% of companies do not patch their computers within any reasonable time period, this is a very large amount of companies. We also know that 22% of companies do not backup their files.

So there is a large amount of entities not doing what they should to protect themselves and us as well.

since the problem is if they get infected, now their machines may have your email address in their address list.

And then you wonder, why is this person sending me an email?  Well, their machine was compromised and is now sending spam malware to everyone.

And guess what, the badly configured machines will get attacked again and again.

This is not like lightning - Cybersecurity strikes again and again until you fix the processes for good. although there are no guarantees at least you can make the risk minimal.

Contact Us to discuss how to check your IT staff and make sure you will stay in business even after an attack. Or to get your ship in shape before something happens.

If you want to use the Internet then you must know now you are within arms length of all people with a computer in this world, which is more than 3Billion people.

internetusersimage from website¹

Can you imagine being within a block of 3 Billion people (good and bad).

You must understand that whenever you use the Internet you are connected to 3 Billion people which means what?

It means that if 2% of the people are criminals in the seediest parts of the world then you are connected to 60 million criminals and some of these are _very_ sophisticated criminals. So everyone that connects to the Internet must have a sophisticated operation or it is a matter of time before disaster approaches.


As I have explained on my blog oversitesentry.com² - it is as if you are loading a X barrel gun (the X is dependent on how serious you are in your defense).

1000gunbarrelsis it a 500 barrel gun? or 1000barrels?

If you are loading a 500 barrel gun then every time you connect you are playing Cybersecurity roulette. Boom - missed today. whew...

But tomorrow is another day - will you have a vulnerability? Or go on a bad(infected) website?

The more computers you have the more risk you have.  the more you use the Internet the more risk you bear.

What have the criminals done? They are putting resources into areas which make them more money:


Above image from DarkReading.com³

So this is a problem - we need the Internet in 2016 and beyond, but we are also connecting to many bad elements.  A business needs to be sophisticated as well. You need a high degree of defense to keep up with the attackers, there is no way around it.


It has to do with risk analysis, next gen firewall, patching your systems on a timely basis, anti-virus, vulnerability analysis, testing your systems and more.

Contact Us to discuss all these details.




As Robert Graham says in his blog Errata¹ It is Human nature to do a number of Cybersecurity No No including fall for Phishing scams (even the experts fall for them). A well crafted email will look like it is coming from a trusted source not from a stranger.  So to avoid phishing scams one needs to look for more than just "is this email from someone I know?"

  1. A phishing Scam is where an unsuspecting email user clicks on a fake email and on it's attachment. The attachment then infects the computer due to the malicious software(malware) actually hiding within the attachment.
  2. Password reuse - due to laziness and bad practices employees use the same passwords on several sites. When a weak security site is hacked the hacker has your password and now can guess where else you might use it (banks, email account, and more)
  3. SQL injection (for programmers).   This is a computer programmer topic.

Consistently reusing passwords across many sites is human nature (laziness). But doing so in your hobby site and using the same password in your email account and facebook is a recipe for disaster.

Once a hacker has your email account they can change everything.

For the programmer it requires more work to sanitize data input and to make sure that an attacker won't use an ingenious method to insert some malicious code

Is Robert right? Are people really 'stupid' regarding these 3 items?

I would not be so harsh as to call everyone Stupid.


As a society we will be hacked in one form or another, but the reason is not stupidity, as most people understand the basics that hacking means to use ingenious ways to get around the standard.

Another thought that is wrong in general is the false belief that  we could design something that is foolproof, or at least it does not have to be worked on constantly.

I think we need to assume that we will need to consistently patch and fix our computers. we also need to see that the computer is a tool written by humans and used by humans.

Unless one has the mindset of the attacker and the tools and setup of sophisticated attacks one cannot really see the potential dangers under every rock. The IT people in every company are busy trying to connect and work on every system in your network. They do not spend every day researching new attack methods. Attacking test computers

You have to have a separate group of people with a separate pair of eyes to review your network defense, computer system setup and more.

Let me explain it for you if you still have questions.

Tony Zafiropoulos - 314-504-3974