ControlScan Blog

Stay informed with the latest security + compliance updates, news and best practices.

August 13, 2018Published by

I’ve found myself in this conversation a few times recently, about what determines that a device on the network is “unapproved.” The fact is, the only unapproved devices on your network are those that defeated your security measures to get on it. If you build the network correctly, then you have lists of monitored and unmonitored devices, but not unapproved.The issue at hand is how to identify and account for your monitored and unmonitored devices. With that accomplished, it’s much easier to spot an anomaly that could lead to a breach.



August 6, 2018Published by

I hate to say it, but what we all hear way too often is true: Nothing will focus you on your business’ cybersecurity like a data breach. Dealing with the aftermath of a breach is also much more expensive than proactively implementing the necessary security tools. If you’re a small business, a breach of your […]


April 13, 2018Published by

As a security consultant, I’ve been in a lot of hospitals, clinics and practices—and I’ve seen a lot of “worry” over the cybersecurity threat landscape. I’d like to see more of this worry translate into action, because it’s just not happening.Other than worry, what can healthcare institutions and their IT/IS leaders do to protect electronic personal health information (ePHI)? I have been part of three major healthcare breaches and post-breach forensics revealed that two of them could have been limited in scope if they had been actively monitoring and alerting to changes inside their IT networks.


March 29, 2018Published by

Outpacing cybercriminals’ tools and techniques is tough work, and that’s why the payments industry is embracing payment security innovation. ControlScan Executive Chairman Tom Wimsett recently sat down with Jason Oxman, CEO of the ETA, to discuss the challenges facing acquirers, ISOs, processors and payment facilitators as they work to assist merchants with security and compliance.


October 23, 2017Published by

Last week, it was announced that the Wi-Fi security protocol WPA2 has a serious flaw. WPA2 is the current encryption standard; there is nothing generally available that’s known to be more secure.Wi-Fi has become a necessity for businesses everywhere, so disconnecting and waiting for a solution to the current Wi-Fi security flaw isn’t an option. The answer lies in a layered approach to your security efforts.


July 24, 2017Published by

The ability to devalue credit card data has made point-to-point encryption (P2PE) technology a hot topic among franchisors. And what’s not to love? With a PCI P2PE solution in place, your franchise can check off that PCI compliance box as well as rest assured that your payment transactions are safe and secure.But is securing your credit card transactions between the POS and the payment processor all your business should worry about? Does implementing P2PE make every other security technology irrelevant to your business?


July 16, 2017Published by

Payment card data security isn’t a new concept, yet businesses everywhere still can’t get it right. The payment card industry has a growing body of standards, merchants and technology providers strive to follow them, and consumers continue to demand them.But payment card data breaches still happen. Regularly. Why?It’s time we upped the ante on our efforts to help merchants protect themselves.


May 21, 2017Published by

Last week was a rough one in the IT world, as organizations around the globe scrambled to avoid being caught up in the WannaCry ransomware attack. If your organization was spared this round, it doesn’t mean you should pat yourself on the back and move on, business as usual. Fact is, most organizations aren’t at a state of security maturity that affords them this level of comfort.Read on for my list of 5 things any IT professional can learn from the WannaCry ransomware attack.

  Read More