ControlScan Blog


Stay informed with the latest security + compliance updates, news and best practices.



May 17, 2020Published by

It struck me recently that there are interesting parallels for a business trying to deal with all the shots coming out of COVID-19, both early on and over time. They were fast and furious at the beginning; I am sure we all agree. But what does the small business threat landscape look like now?

  Read More   


May 13, 2020Published by

Individuals in the security industry often comment that the foundation of any company’s security program is its policy and procedures. I am not saying they are incorrect; however, I do not believe they see the big picture. Policy and procedures look to address risk, but they do not define it. Therefore, the foundation of any security program is formed by the activities around risk identification.

  Read More   


May 1, 2020Published by

We can learn a lot from the same protective measures that are working to defeat this insidious coronavirus enemy. The parallels are striking between the social and professional measures that are swiftly becoming business-as-usual, and the security measures that should have been business-as-usual all along. Now may be the perfect time to remind ourselves of a few.

  Read More   


April 1, 2020Published by

What happens in social distancing situations like the one we are in now, when security assessments such as PCI, HIPAA, risk analysis, and many more require an onsite visit to your in-scope locations? Events such as COVID-19 create a need to become more agile in order to maintain business as usual while shifting the paradigm of working in person.

  Read More   


March 25, 2020Published by

Today’s news cycle is all about the impact that coronavirus/COVID-19 has been having within the world’s economy and health and welfare of most all individuals. I am sure you are prepared to handle the loss of a server or recover lost data, but what about your staff? Does your business continuity planning include the loss of people as part of your operational resources? If not, it should!

  Read More   


March 23, 2020Published by

While quantum capabilities are still a few years out, it’s important to be thinking about their future impacts to our crypto systems today. How will we prepare and upfit our systems to meet the challenge of tomorrow’s adversaries? There are four important things we need to be thinking about when building crypto-agility into our applications and systems for the coming quantum era.

  Read More   


March 18, 2020Published by

With an immense amount of FUD (fear, uncertainty, doubt) circulating regarding coronavirus/COVID-19, cybercriminals are playing on those emotions and have already begun to alter their attack methods, patterns and content. We have received multiple reports from our customers, along with threat identification in our SOC, of attackers using coronavirus-related messaging in their phishing attempts for email compromise and malware/ransomware infection.

  Read More   


March 12, 2020Published by

After leaving the March 2-5 conference, I ate lunch at an open seating restaurant at the airport. Over lunch I educated two people on the latest Intelligence on credit card security and fraud, armed with new stats and insights I’d picked up at the MAC Level Up conference. This was proof positive that MAC delivers as it relates to educational content and relevance. In this post, I will share my biggest takeaways from the conference.

  Read More   


March 10, 2020Published by

The more we think about data privacy, the more we realize how complex it truly is. From both the technical and the legal side, there are new capabilities that are exciting and offer an incredible capacity for use cases we haven’t even considered. Some of the topics discussed at the RSA 2020 Conference that are worthy of consideration focus on these new and emerging services, and how they must be viewed through the lens of personal privacy.

  Read More   


March 9, 2020Published by

A ransomware variant, DoppelPaymer is showing some interesting new features that have morphed it into what we call “extortionware.” It is infecting systems and performing not only data encryption for ransom, but also exfiltrating data back to the attackers to be potentially released to the public if payment for the ransom is not made.

  Read More   


March 3, 2020Published by

In my daily scan of the security news headlines, I’ve been noticing that more and more frequently, companies hit by ransomware are paying up. A more recent example is the City of Cartersville, Georgia, which paid a whopping $380K to its attackers. But it doesn’t have to be this way! Read on for 3 ways to avoid a ransomware lock down.

  Read More