ControlScan Blog


Stay informed with the latest security + compliance updates, news and best practices.



October 27, 2020Published by

I’d like you to think about something: What, in your mind, is going to be the next mass exploitation of cardholder data affecting the secure e-commerce of small and medium online retailers? What simple mistake or mistakes are being consistently made by these retailers that will lead to the next rash of mass theft of credit card data? We’ve actually just seen a sign of the coming attacks.

  Read More   


September 17, 2020Published by

This week was an exciting one for us here at ControlScan, because we officially announced the general availability of ControlScan MDR Essential. A new tier of our Managed Detection and Response (MDR) product suite, MDR Essential is aimed at cost-conscious small and mid-sized businesses (SMBs) and the channel partners that serve them.

  Read More   


May 1, 2020Published by

We can learn a lot from the same protective measures that are working to defeat this insidious coronavirus enemy. The parallels are striking between the social and professional measures that are swiftly becoming business-as-usual, and the security measures that should have been business-as-usual all along. Now may be the perfect time to remind ourselves of a few.

  Read More   


August 13, 2019Published by

A new exploit known as e-commerce skimming is making the rounds. The PCI SSC recently released a blog warning of the growing threat of digital skimming, followed immediately by a bulletin from Visa warning of the same. There are three important areas to consider that will help protect your website from e-commerce skimming.

  Read More   


June 6, 2016Published by

Have you been told your organization needs to comply with certain information privacy and/or security standards, such as PCI, HIPAA, etc.? If so, you may find yourself quickly overwhelmed with all the requirements for bringing people, processes and technology into “compliance.” Yes, compliance can suck.

  Read More   


May 20, 2016Published by

Your Company is Under Attack Your company’s networks are being probed, prodded and attacked countless times every day. Unless you’re watching your logs, you’re likely unaware all this activity is taking place. Awareness, being a critical element of an effective defense, is important to cultivate and nurture. The Science Behind the “Pen Test” How do […]

  Read More   


May 2, 2016Published by

Split Decisions Cost Big BucksOne of the worst things that can happen to a convenience store manager is their cooler shutting down without their knowledge. Beer gets warm and food spoils, translating into hundreds of dollars lost.But what’s worse than a cooler shutting down? A firewall “shutdown.”Let’s assume a third party comes in to implement […]

  Read More   


January 25, 2016Published by

Whether it is PAN data (credit card numbers), ePHI, PII or intellectual property, the rationale is all the same; disclosing any sensitive data can be a nightmare for your company or product’s future. This post, however, is focused on cardholder data, because businesses with POS environments are the most commonly breached entities that exist and quite frankly, their average security posture is pretty low.

  Read More   


November 18, 2015Published by


Moving infrastructure and applications to the cloud enables a whole new level of connectedness for your organization and customers. Its accessibility and on-demand scalability make it an ideal platform for many evolving businesses. But, because it changes much of what we know about the traditional IT environment, there are some very real risks involved—even if hosting with a major service provider. Learn more about balancing the risk and reward of going to the cloud.

  Read More   


August 12, 2015Published by

Google has published some interesting statistics in continuation with their #NoHacked campaign: Over the past year, Google has noticed a 180% increase in the number of websites getting hacked. Google also offers some tips to protect your website from getting hacked. Unfortunately, the advice they offer, while good, is very basic and will only protect you to a point.

  Read More   


July 1, 2015Published by

You may have heard that EMV is a safer technology, which is why the banks and card brands want you to use it. So why would I say that EMV is not a security technology?

  Read More   


June 17, 2015Published by

Password managers are a critical component of authentication security. The average user has no less than 40 online accounts, and people who work in IT can easily have over 1000 accounts. Unless you somehow possess the mental capacity to memorize unique, random passwords for all of those accounts, you need a way to securely create and manage passwords for you.

  Read More