November 17, 2017 •
When they’re successful, phishing attempts can have a significant impact on you personally, as well as on your workplace. They begin innocently enough—a seemingly legitimate DocuSign request or email from a friend—but they can quickly turn your world upside down.Avoid becoming a victim of phishing by following these 3 best practices.
Malware • Security Awareness • Social Engineering
October 30, 2017 •
On October 5th, 1953, the New York Yankees became the only team in baseball history to win five championships in a row. Today I’m pleased to tell you that ControlScan has passed the PCI Approved Scanning Vendor (ASV) revalidation test, also for the fifth consecutive year!This was no easy feat. Read on to learn how we did it.
Compliance • Vulnerability Management
October 23, 2017 •
Last week, it was announced that the Wi-Fi security protocol WPA2 has a serious flaw. WPA2 is the current encryption standard; there is nothing generally available that’s known to be more secure.Wi-Fi has become a necessity for businesses everywhere, so disconnecting and waiting for a solution to the current Wi-Fi security flaw isn’t an option. The answer lies in a layered approach to your security efforts.
Firewalls • Wireless Security
August 28, 2017 •
These days many organizations do not feel confident about their ability prevent a data breach, mainly because they feel they can’t trust the humans working for them. And for good reason! Cyber criminals continue to exploit the human element, which was blamed for over 400 reported data breaches and 7.6 million+ compromised records in 2016.Regardless of whether the employee is knowingly part of a malicious effort, or is inadvertently involved in allowing an intrusion or other form of unintended disclosure, a breach of valuable data is not what you want to have happen. Therefore, you must minimize the human impact.
Security Awareness • Vulnerability Management
August 16, 2017 •
I’ve been an information security assessor (PCI, HIPAA, ISO, etc.) for a long time and it’s always interesting to find out why a company has brought me in to do an assessment.Is the goal to shore up their existing security environment, or just check a compliance box to make one of their clients or vendors happy? The answer to that question will usually determine the assessment’s success.
Compliance • Security Assessments
July 24, 2017 •
The ability to devalue credit card data has made point-to-point encryption (P2PE) technology a hot topic among franchisors. And what’s not to love? With a PCI P2PE solution in place, your franchise can check off that PCI compliance box as well as rest assured that your payment transactions are safe and secure.But is securing your credit card transactions between the POS and the payment processor all your business should worry about? Does implementing P2PE make every other security technology irrelevant to your business?
Encryption • Firewalls • Malware
July 16, 2017 •
Payment card data security isn’t a new concept, yet businesses everywhere still can’t get it right. The payment card industry has a growing body of standards, merchants and technology providers strive to follow them, and consumers continue to demand them.But payment card data breaches still happen. Regularly. Why?It’s time we upped the ante on our efforts to help merchants protect themselves.
Point of Sale
June 5, 2017 •
As an IT security assessment professional, my job is to look at companies’ data security zones and their network perimeter compliance. I am looking at the normal stuff: Firewalls, servers and hardening standards as required by PCI, HIPAA, ISO 27001, etc.Without properly implemented and maintained security technologies in place, it’s impossible to protect your perimeter from compromise. But are you truly clear on what that perimeter is?
Cloud Security • Network Security • Security Assessments
May 21, 2017 •
Last week was a rough one in the IT world, as organizations around the globe scrambled to avoid being caught up in the WannaCry ransomware attack. If your organization was spared this round, it doesn’t mean you should pat yourself on the back and move on, business as usual. Fact is, most organizations aren’t at a state of security maturity that affords them this level of comfort.Read on for my list of 5 things any IT professional can learn from the WannaCry ransomware attack.
Endpoint Security • Ransomware • Security Awareness