Monthly suggestions and recommendations to help make your Crimson Circle experience smoother and easier!
CREATING A SAFE CYBERSPACE
WITH SHAUMBRA – PART 2
Crimson Circle has a plan to keep a safe cyberspace, and it involves YOU.
We will soon require multifactor authentication (MFA) to use the CC store. Please keep reading for more information!
As we mentioned in our CC tips article last month, we’re diving deeper into the realm of Safe Cyberspace.
For this month’s article, we sat down with Jorge Merino, Crimson Circle Senior Director of Technologies, to get the inside scoop on how we’re safeguarding Crimson Circle’s systems. Jorge is the wizard behind the digital curtains, and we wanted to know what it takes to keep our sacred online space safe and secure, ensuring your safety while you roam our digital platforms.
Shaumbra Magazine: Hi Jorge. The entire team has talked on numerous occasions about cyber security. We know you guys are always pretty busy working on this, but today we wanted you to give Shaumbra an inside look at Crimson Circle’s plan to make sure that both payment and personal information stay safe when they shop online in the CC store.
Senior Director of Technologies
Jorge Merino: Here at Crimson Circle, we want Shaumbra to feel safe and secure when sharing their personal information with us. That’s why our tech team follows strict PCI DSS regulations to keep payments and other details protected. These regulations are crucial for anyone who handles customer information, and we take them very seriously.
Surprisingly, not all companies do this, but it’s been a core principle for Crimson Circle from day one.
What is the PCI DSS?
It is the Payment Card Industry Data Security Standard, which is a global forum that develops standards for safe payments worldwide.
What do we need to do to comply with the standard?
We have been working hard to make sure that Shaumbra’s information is kept safe and protected. To do this, we have added extra measures to our servers. Every 90 days, we send a report to the PCI to check everything carefully. This report makes sure that all our databases are coded correctly and our software is updated.
We work very hard to check if our systems have any problems. We use special tools from other companies to test if someone can break into our systems. Our team leaders regularly check important parts of our business like the store, website, and online Connection Center. They are also ready to fix any problems that might come up.
What are some of the challenges you have to deal with?
Our websites always have a difficult task to keep up with changing internet programs. When the programs are updated, they might have new ways to keep the websites safe, which could affect how they work. To keep up, we update our software often and add new rules to follow these new policies.
Actually, the most demanding task we have is the constant upgrading of operating systems, programming languages, and databases, along with patching our systems and software.
What can Shaumbra do to stay safe while using our systems and other systems they encounter every day?
To make sure a device is safe and working well, one needs to do three things: update the system, update the web browser, and avoid adding plugins (Chrome has many plugins).
When you talk about plugins, is it the same as extensions?
That is correct.
Plugins and extensions are programs that you can add to your web browser, such as Firefox, Chrome, Safari, and others. However, you need to be careful when using them because they may not be fully checked by the browser makers. Some of them can even take your private information, like passwords, without you knowing it. So, it’s important to be cautious when using them, and if possible, prevent all of them from being on your system.
Another important thing is to add an extra layer of security to your accounts by using multi-factor authentication or MFA. Many apps offer this feature, and I suggest using Google Authenticator, which is well-known and supported, or others from Microsoft or other vendors.
Another option is allowing the application to send a confirmation email, which is the second most secure option.
Some people prefer the SMS or text message option, but in my opinion, these are not very secure.
Why are SMS not that secure?
If someone steals your phone, they can easily take out the chip or SIM card and use it on another phone and steal your identity. Also, it’s easy for someone to hack and impersonate you if they know your phone number. So, it’s better to use a more secure authentication method.
What if a website does not offer the MFA option?
For websites without the multifactor authentication option enabled, like ours at the moment, the good practice is to have passwords with 12 characters (including numbers and symbols) and change them at least every 90 days.
Will Crimson Circle implement this multi-factor authentication option to log into the store in the future?
Yes. This is a layer we have been working on for the past few months. We are implementing multifactor authentication, and will offer two options to verify your identity:
- Use the Authenticator app
- Send the emails with the access code
We won’t be using text messaging because it’s not secure and we don’t want to risk it.
We plan to introduce this new feature for Shaumbra in October 2023. At first, it will be optional, so they can get used to it. Eventually, everyone will have to use it, like most Web applications nowadays.
Why does it have to be mandatory?
The PCI DSS rules will force everyone in the industry to use MFA. That’s why you see more sites, like Amazon, eBay, and even newspapers, making it mandatory to log in with MFA.
Can you give other examples of things Shaumbra should watch for to make sure that they are shopping safely ANYWHERE online?
To check if a website is safe, you need to look for something called HTTPS:// protocol in the website’s address. If it is not there, or if the lock icon is broken or red, you should close the website quickly.
Another thing to check is the website’s name in the address. If you see a “1” instead of an “i” or “0” instead of “o”, it might be a fake website made by hackers. They like to use similar names like crims0nc1rcle.com.
Also, make sure there is nothing after the website’s name like crimsoncircle.com.ducky.com.
The same applies to bank websites and other sites like Amazon, eBay, Mercado Libre, and many others.
Thank you for all this information and everything your team is doing to support our cyber security. We look forward to sharing more about this with Shaumbra very soon!