ControlScan Blog

Stay informed with the latest security + compliance updates, news and best practices.

January 26, 2018Published by

This morning I read that Apple is letting you keep your medical records on your iPhone or Apple Watch and it got me thinking: How secure will this data be? How well will people work to protect their personal health data? I am a cybersecurity guy and I am a skeptic, so let me give you some facts and then some things to think about.


December 12, 2017Published by

Penetration tests have always had a higher price tag, but their overall cost to you is about to increase in 2018. Here’s what’s changing and how you can keep these costs contained in 2018 and beyond.


November 17, 2017Published by

When they’re successful, phishing attempts can have a significant impact on you personally, as well as on your workplace. They begin innocently enough—a seemingly legitimate DocuSign request or email from a friend—but they can quickly turn your world upside down.Avoid becoming a victim of phishing by following these 3 best practices.


October 30, 2017Published by

On October 5th, 1953, the New York Yankees became the only team in baseball history to win five championships in a row. Today I’m pleased to tell you that ControlScan has passed the PCI Approved Scanning Vendor (ASV) revalidation test, also for the fifth consecutive year!This was no easy feat. Read on to learn how we did it.


October 23, 2017Published by

Last week, it was announced that the Wi-Fi security protocol WPA2 has a serious flaw. WPA2 is the current encryption standard; there is nothing generally available that’s known to be more secure.Wi-Fi has become a necessity for businesses everywhere, so disconnecting and waiting for a solution to the current Wi-Fi security flaw isn’t an option. The answer lies in a layered approach to your security efforts.


August 28, 2017Published by

These days many organizations do not feel confident about their ability prevent a data breach, mainly because they feel they can’t trust the humans working for them. And for good reason! Cyber criminals continue to exploit the human element, which was blamed for over 400 reported data breaches and 7.6 million+ compromised records in 2016.Regardless of whether the employee is knowingly part of a malicious effort, or is inadvertently involved in allowing an intrusion or other form of unintended disclosure, a breach of valuable data is not what you want to have happen. Therefore, you must minimize the human impact.


August 16, 2017Published by

I’ve been an information security assessor (PCI, HIPAA, ISO, etc.) for a long time and it’s always interesting to find out why a company has brought me in to do an assessment.Is the goal to shore up their existing security environment, or just check a compliance box to make one of their clients or vendors happy? The answer to that question will usually determine the assessment’s success.


July 24, 2017Published by

The ability to devalue credit card data has made point-to-point encryption (P2PE) technology a hot topic among franchisors. And what’s not to love? With a PCI P2PE solution in place, your franchise can check off that PCI compliance box as well as rest assured that your payment transactions are safe and secure.But is securing your credit card transactions between the POS and the payment processor all your business should worry about? Does implementing P2PE make every other security technology irrelevant to your business?



July 16, 2017Published by

Payment card data security isn’t a new concept, yet businesses everywhere still can’t get it right. The payment card industry has a growing body of standards, merchants and technology providers strive to follow them, and consumers continue to demand them.But payment card data breaches still happen. Regularly. Why?It’s time we upped the ante on our efforts to help merchants protect themselves.

  Read More