July 16, 2017 •
Payment card data security isn’t a new concept, yet businesses everywhere still can’t get it right. The payment card industry has a growing body of standards, merchants and technology providers strive to follow them, and consumers continue to demand them.But payment card data breaches still happen. Regularly. Why?It’s time we upped the ante on our efforts to help merchants protect themselves.
Point of Sale
June 5, 2017 •
As an IT security assessment professional, my job is to look at companies’ data security zones and their network perimeter compliance. I am looking at the normal stuff: Firewalls, servers and hardening standards as required by PCI, HIPAA, ISO 27001, etc.Without properly implemented and maintained security technologies in place, it’s impossible to protect your perimeter from compromise. But are you truly clear on what that perimeter is?
Cloud Security • Network Security • Security Assessments
May 21, 2017 •
Last week was a rough one in the IT world, as organizations around the globe scrambled to avoid being caught up in the WannaCry ransomware attack. If your organization was spared this round, it doesn’t mean you should pat yourself on the back and move on, business as usual. Fact is, most organizations aren’t at a state of security maturity that affords them this level of comfort.Read on for my list of 5 things any IT professional can learn from the WannaCry ransomware attack.
Endpoint Security • Ransomware • Security Awareness
April 19, 2017 •
FTP servers are essential for sharing files and data, but healthcare providers continue to utilize them in an insecure manner. Just last year, the ControlScan Security Consulting team saw this in action within a large healthcare organization. What happens when FTP goes wrong and how can you prevent your FTP server from leaking ePHI? Read on to find out.
Encryption • Network Security
March 31, 2017 •
Historically speaking, tax season is prime for tax-themed scams and social engineering attacks. Specifically, the number of W-2 phishing scams have peaked recently. Attackers and social engineers begin by targeting finance and HR departments with spear phishing emails that spoof C-level executives and request employee W-2 forms.
Endpoint Security • Security Awareness • Social Engineering
March 29, 2017 •
The popularity of ransomware among cyber thieves continues to grow, not just in America but around the globe. Ransomware victims paid over a billion dollars in 2016 for decryption keys in the hopes that their data would be unlocked. Sometimes it was, sometimes it wasn’t. Read this blog post to learn the five things your business can do now to avoid becoming a victim of ransomware.
Endpoint Security • Malware • Security Awareness
March 17, 2017 •
The U.S. Department of Health and Human Services maintains an online database that HIT cybersecurity pros refer to as the “HHS Wall of Shame.” It’s an exhaustive listing of all healthcare data breaches resulting in the loss of 500 or more PHI records. No one wants to end up there, but the fact is, 318 healthcare organizations were listed on the HHS Wall of Shame in 2016. Altogether, these breaches were responsible for the loss of more than 16 million records.Understanding the security gaps that could put your organization on the Wall of Shame starts with conducting a proper risk assessment on a regular basis. In my experience, however, most organizations don’t ever get started. Read on to learn about the four common HIT cybersecurity gaps that can put you on the Wall of Shame, and how to close them.
Security Assessments • Vulnerability Management
February 19, 2017 •
Your business relies on antivirus technology to keep the bad guys out, all the time and every time. But what if I told you that cybersecurity professionals have been noticing a downward trend in antivirus software effectiveness for a while now?The fact is, malware has advanced to become more complex and automated, while the malware protection most businesses have come to rely on has not kept pace. What’s next in malware protection for your business?
Endpoint Security • Malware