Malware 2016

Prevent, detect, and contain: that’s the National Security Agency (NSA) advice for mitigating the damage of malware attacks. The NSA is warning businesses and agencies to prepare for an upswing of attacks in which data is not only stolen/exposed, but is, along with the network systems that house the data,  destroyed or left unusable in […]

Man-In-The Middle Exploits and the IOT

Man-In-The Middle Exploits and the IOT There are roughly 25 billion smart devices and objects busily gathering data and beaming information back to their respective motherships (and business partners). That’s up from 7 billion things a mere five years ago. And five years from now? The consensus is that 50 billion things will be interconnected, […]

Securing Health Care Records

Insider negligence is no longer the number one cause of data breaches in the healthcare industry—cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data shows that healthcare information has become a prime target for malicious hackers, with lone cybercriminals and […]

Data Security Lessons To Learn Right Now

Data Security Lessons To Learn Right Now Much has been said about the recent Ashley Madison (AM) hack attack, and even more was said about the subsequent data dump of highly sensitive customer information. Are there lessons to be learned from AM? To some extent—the consequences would have been worse had card data not been […]

Compliance Audits And Data Security

A random audit program to gauge Phase 2 HIPAA compliance is expected to be underway soon. This round will target business associates, including financial institutions that are typically exempted from HIPAA compliance when they provide what are considered to be typical banking services such as payment processing and credit/loans. But financial institutions that “create, receive, […]

HIPAA and Your Business Associates

The number of claims filed under the Health Insurance Portability and Accountability Act (HIPAA) have spiked recently. The latest figures from the U.S. Department of Health and Human Services (DHS) show that the government is increasing its enforcement efforts regarding the federal privacy law. The U.S. Office of Civil Rights (OCR) has reported that it […]

The Clock Is Ticking – Part 2 Migrate From SSL/TLS Now

It has now been over a month since the Payment Card Industry Data Security Standard (PCI DSS) 3.0 as officially retired on June 30. In part 1 of this series on PCI DSS 3.1 migration, we noted that version 3.1 was swiftly introduced in April 2015 as a response to major security flaws discovered in open […]

Malware Risk Management

Prevent, detect, and contain: that’s the National Security Agency (NSA) advice for mitigating the damage of malware attacks. The NSA’s new report, “Defensive Best Practices Against Destructive Malware,” provides a good proactive baseline for warding off attacks, along with advice on how to keep attackers from running amuck after they have gained some access to […]

PCI DDS 3.1 – Managing Migration

It’s nearing a month since the Payment Card Industry Data Security Standard (PCI DSS) 3.0 as officially retired on June 30. PCI DSS 3.1 was swiftly introduced in April 2015 as a response to major security flaws discovered in open source SSL, and the exploits –  including Heartbleed, Shellshock and POODLE – that targeted the […]

Securing Government Systems

A new report released today from the software security firm Veracode contained alarming news about the data security practices of many federal agencies. Veracode’s business is auditing the source code of applications for security vulnerabilities. The report documents 208,670 application scans conducted over 18 months for the company’s private and government customers. An analysis of […]