December 19, 2018 •
Recently I sat down with CSP Magazine technology writer Jackson Lewis to talk about the technology “arms race” retailers and law enforcement are in with skimming criminals. We refer to it as such because, like every other area of cybersecurity, there is a continual one-upping of technology going on between the good guys and the bad guys. When it comes to fuel pump skimmers, however, there may be an end in sight…
Encryption • Payment Security • Point of Sale
November 15, 2018 •
Security automation is a hot topic these days, mainly because it’s become humanly impossible to keep up with the sheer volume and variance of cyber threats hitting organizational IT networks at any given time. Even with the best security defenses in place, sooner or later an attacker is going to get through. The goal, of course, is to discover the attack and mitigate it as quickly as possible—and that’s where security automation can be extremely valuable.
Active Monitoring • MDR
November 5, 2018 •
Here at ControlScan, a big part of our day-to-day lifestyle is knocking down threats and cyberattacks for our customers’ businesses as well as our own. Cybersecurity is where we live, so sometimes we lose sight of the fact that none of this makes any sense to a non-technical person. One topic we field a lot of questions on is event correlation. Let’s take a look at what it is and how it positively impacts your cybersecurity efforts.
Endpoint Security • MDR • Ransomware
October 31, 2018 •
Once an obscure processing model for special situations, the business of payment facilitation is now burgeoning. There are many benefits to becoming a payment facilitator, including increased control over the user experience. Unfortunately, the same qualities that serve as benefits often raise the payment facilitator’s PCI risk.
October 2, 2018 •
There’s a lot of buzz in the marketplace these days around SIEM, which is Security Information and Event Management. I’ve had people tell me that their SIEM technology isn’t of much use, and others tell me that it’s critical to their business’s everyday security posture. The vast difference between those two is usually the same thing, which is how the related tools are deployed, and what the staff around them looks like.
Active Monitoring • MDR • SIEM
August 16, 2018 •
In the business world, compliance audits are a fact of life. Standards must be followed, and each governing body must receive its assurances. We’ve identified the number one reason businesses fail their PCI QSA audit, and it’s not what you may think.
August 13, 2018 •
I’ve found myself in this conversation a few times recently, about what determines that a device on the network is “unapproved.” The fact is, the only unapproved devices on your network are those that defeated your security measures to get on it. If you build the network correctly, then you have lists of monitored and unmonitored devices, but not unapproved.The issue at hand is how to identify and account for your monitored and unmonitored devices. With that accomplished, it’s much easier to spot an anomaly that could lead to a breach.
August 6, 2018 •
I hate to say it, but what we all hear way too often is true: Nothing will focus you on your business’ cybersecurity like a data breach. Dealing with the aftermath of a breach is also much more expensive than proactively implementing the necessary security tools. If you’re a small business, a breach of your […]
Access Control • Endpoint Security
July 27, 2018 •
A PCI DSS readiness assessment (also known as a gap analysis) is an effective method for finding and fixing compliance holes efficiently and economically. Read this post to learn if your business can benefit from a readiness assessment.
Compliance • PCI Compliance • Security Assessments
July 16, 2018 •
Merchant service providers implement PCI compliance programs to lessen the likelihood of a data breach happening among the merchants within their portfolios. These programs help raise awareness of, and compliance with, the Payment Card Industry Data Security Standard (PCI DSS).But compliance is no small task, and applying the PCI DSS principals across a portfolio of tens (or even hundreds) of thousands of merchants can be daunting. That’s why I’m here at ControlScan: It’s my job to ensure our partners achieve measurable PCI compliance program success.
Payment Security • PCI Compliance
June 25, 2018 •
How do you find the best PCI QSA for your company? Here are the 6 criteria you should apply when searching for your next Qualified Security Assessor.
Compliance • Security Assessments