April 1, 2020 •
What happens in social distancing situations like the one we are in now, when security assessments such as PCI, HIPAA, risk analysis, and many more require an onsite visit to your in-scope locations? Events such as COVID-19 create a need to become more agile in order to maintain business as usual while shifting the paradigm of working in person.
Compliance • Coronavirus • Security Assessments
January 2, 2020 •
We’ve all worked with them, and at some point in our career, we may have even been one: A disengaged employee. Most companies and leadership teams concern themselves with unhappy employees for one basic reason, and that’s the costs of lost productivity. But have you ever thought about the cybersecurity threat posed by an actively disengaged employee?
Access Control • Endpoint Security
August 16, 2018 •
In the business world, compliance audits are a fact of life. Standards must be followed, and each governing body must receive its assurances. We’ve identified the number one reason businesses fail their PCI QSA audit, and it’s not what you may think.
July 27, 2018 •
A PCI DSS readiness assessment (also known as a gap analysis) is an effective method for finding and fixing compliance holes efficiently and economically. Read this post to learn if your business can benefit from a readiness assessment.
Compliance • PCI Compliance • Security Assessments
June 25, 2018 •
How do you find the best PCI QSA for your company? Here are the 6 criteria you should apply when searching for your next Qualified Security Assessor.
Compliance • Security Assessments
October 23, 2017 •
Last week, it was announced that the Wi-Fi security protocol WPA2 has a serious flaw. WPA2 is the current encryption standard; there is nothing generally available that’s known to be more secure.Wi-Fi has become a necessity for businesses everywhere, so disconnecting and waiting for a solution to the current Wi-Fi security flaw isn’t an option. The answer lies in a layered approach to your security efforts.
Firewalls • Wireless Security
July 24, 2017 •
The ability to devalue credit card data has made point-to-point encryption (P2PE) technology a hot topic among franchisors. And what’s not to love? With a PCI P2PE solution in place, your franchise can check off that PCI compliance box as well as rest assured that your payment transactions are safe and secure.But is securing your credit card transactions between the POS and the payment processor all your business should worry about? Does implementing P2PE make every other security technology irrelevant to your business?
Encryption • Firewalls • Malware
April 19, 2017 •
FTP servers are essential for sharing files and data, but healthcare providers continue to utilize them in an insecure manner. Just last year, the ControlScan Security Consulting team saw this in action within a large healthcare organization. What happens when FTP goes wrong and how can you prevent your FTP server from leaking ePHI? Read on to find out.
Encryption • Network Security
October 7, 2016 •
One of the easiest ways you can protect business accounts from unauthorized use is to incorporate multi-factor authentication, or MFA. But how do you use it in a way that has a meaningful impact on your organization’s security risk reduction efforts?
Access Control • Network Security • Vulnerability Management
May 2, 2016 •
Split Decisions Cost Big BucksOne of the worst things that can happen to a convenience store manager is their cooler shutting down without their knowledge. Beer gets warm and food spoils, translating into hundreds of dollars lost.But what’s worse than a cooler shutting down? A firewall “shutdown.”Let’s assume a third party comes in to implement […]
Firewalls • Internet of Things • Vulnerability Management
April 12, 2016 •
Physical Security • Security Awareness • Social Engineering
Chances are you’ve helped someone get into a building without verifying whether or not they should be allowed in, or even asking if they had a legitimate reason for being there. It might have been at a hotel, or the building in which you work, or a building where you had a meeting. […]
February 26, 2016 •
Network Security • Physical Security • Security Awareness
Taking care to not disclose patient information is critical to the success of any healthcare organization. In this post and accompanying video clip, I discuss the security issues I commonly run across in the healthcare setting, as well as actionable tips for preventing their occurrence.
January 25, 2016 •
Whether it is PAN data (credit card numbers), ePHI, PII or intellectual property, the rationale is all the same; disclosing any sensitive data can be a nightmare for your company or product’s future. This post, however, is focused on cardholder data, because businesses with POS environments are the most commonly breached entities that exist and quite frankly, their average security posture is pretty low.
Encryption • Point of Sale
January 18, 2016 •
Buzz is growing about a new HTTP coming to market. This new version of Hypertext Transfer Protocol, HTTP/2, is attracting much fanfare because it promises greater speed and efficiency. The Internet isn’t “broken,” so why fix it?
Internet of Things
November 9, 2015 •
Today’s unprecedented breach activity—and the high costs breached companies are paying as a result—are causing executive teams to sit up and take notice. Those responsible for organizational IT are finding themselves under increasing pressure to reinforce and report on a strong security posture to stakeholders.
Network Security • Security Awareness • Vulnerability Management