Clik here to view.
Why Encryption is (Sometimes) Not Enough
Hackers easily take advantage of encryption delays. By: Gary GloverA common (and untrue) statement I hear from many businesses is, ‘My point of sale system encrypts all data that is stored, so I’m...
View ArticleClik here to view.
PCI – You Don’t Have to be Perfect
Breach protection helps fill in security gaps after compliance. By GilesWitherspoon-BoydPlease raise your hand if you’ve ever felt intimidated by PCI compliance. You’re not alone. It’s a tall order to...
View ArticleClik here to view.
Hacking Trends 2014: Hackers Actually Clean Up After Themselves
Will security ever surpass cybercriminal sophistication? By: David EllisIn my 27 years of law enforcement and forensic investigations, I’ve seen the gamut of criminal techniques. The cleverness of...
View ArticleClik here to view.
Is Your Credit Card Data Leaking?
The lifecycle of customer payment data often includes hidden liability. By: David EllisPayment card information is often found by criminals because it is electronically ‘laying around’ in unprotected...
View ArticleClik here to view.
HIPAA Social Media Compliance
What does your office staff post on Facebook and Twitter?By: Tod FerranThe wave of social media is almost impossible to stop, especially at work. The problem is, employees who irresponsibly use social...
View ArticleClik here to view.
Warbiking: Hacking with Your Helmet On
The creativity of hackers never ceases to amaze me. By: Brand BarneyHackers on bikes. Sounds ridiculous, right? Well, it’s a serious business security issue. It’s called warbiking. Hackers bike around...
View ArticleClik here to view.
Is Working From Home HIPAA Compliant?
Securing remote access in healthcare environments. By: Tod FerranDo employees at your office like to work from home? Does the doctor regularly access patient data in another place besides your office?...
View ArticleClik here to view.
10 Tips for Keeping Security in the Budget
Security doesn’t have to be expensive to be effective. By GilesWitherspoon-BoydSometimes security can be an overwhelming (and expensive) burden for small businesses to bear. According to Spiceworks,...
View ArticleClik here to view.
PCI 3.0: What You Need to Know
What requirements changed from PCI 2.0, and why? By: Gary GloverThe PCI DSS was updated for the fourth time (1.0, 1.2, 2.0, 3.0) in November 2013. As always, the changes the PCI Council made address...
View ArticleClik here to view.
HIPAA Alphabet Soup: Unjumbling the Jargon
What do all those acronyms stand for anyway? By: Tod FerranSometimes I wish I could ban acronyms from the planet. HIPAA includes many such acronyms, mostly security-related. You may come across them in...
View ArticleClik here to view.
Which PCI SAQ is Right for My Business?
Prove your payment card security to your bank through an SAQ. By: Brand BarneyA PCI Self-Assessment Questionnaire (PCI SAQ) is a merchant’s statement of compliance. It’s basically proof that you’re...
View ArticleClik here to view.
Fire, Shred, Pulp: How to Properly Destroy Sensitive Documents
Dumping medical records in an alley dumpster is a sure way to end up on the HHS Wall of Shame. By: Tod FerranDid you hear about the Texas hospital fined for their PHI-filled microfiche found in a park...
View ArticleClik here to view.
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Just because you can get on the Internet, doesn’t mean you should. By: Gary GloverThe following post is a segment in the Auditing Archives series. Hopefully the security failures I’ve seen while...
View ArticleClik here to view.
Infographic - 63% of businesses don’t encrypt credit cards
Lack of payment card security continues to plague the business world. During onsite audits and forensic investigations, SecurityMetrics security experts consistently find unencrypted card data ‘lying...
View ArticleClik here to view.
Social Engineering – It’s OK To Be a Little Paranoid
After all, gullible employees lead to security breaches. By: Brand BarneyHumans want to trust other humans. If I struck up a conversation with a gentleman in a suit at the bus stop who explained his...
View ArticleClik here to view.
Understanding the HIPAA Application of Firewalls
Like a security guard, firewalls control what goes in, and what comes out. By: Tod FerranMany smaller healthcare entities and business associates struggle to understand how HIPAA requirements translate...
View ArticleClik here to view.
How to Configure a Firewall in 5 Steps
A basic lesson on establishing rules and creating VPNs. By: Tod FerranLet’s discuss some basic firewall configurations. I have chosen to use a Cisco ASA 5505 as an example. It is a business-class...
View ArticleClik here to view.
Auditing Archives: The Case of the Evil JavaScript
Dynamically included script is usually good, but no good deed goes unpunished. By: Gary GloverThe following post is a segment in the Auditing Archives series. Hopefully the security failures I’ve seen...
View ArticleClik here to view.
Eliminate Internet Browsing on Check-In Machines
Can customer service and security co-exist? By: Gary GloverThis article was also featured inHospitality Upgrade Tech Talk.At virtually every hotel security audit I’ve ever conducted, and at every hotel...
View ArticleClik here to view.
The Do’s and Don’ts of Storing Card Data
The rules about keeping 16-digit card numbers, CVV, and expiration dates. By: Brand BarneyPayment card data is one of my favorite discussion topics with merchants. It doesn’t matter who they are, how...
View Article