PCI DSS 3.2 - Rolls Out Early 2016

February 29, 2016|Mariann Utrosa

A new revision of Payment Card Industry Data Security Standards (PCI DSS) is slated for release as early as next month, replacing the original November 2016 expectancy date.  It is rumoured to be an incremental sub-version update from 3.1 to 3.2 rather than a completely new version and standard.

In a recent Q&A blog post, Troy Leach, PCI Security Council Chief Technology Officer (CTO) touched on what to expect for PCI DSS 3.2 and gave several reasons for rolling-out earlier than expected. Troy stated:

Read More

LinkedIn - Spotting Fake Profiles

February 25, 2016|Dr. Wael Hassan, PhD.

LinkedIn’s main source of profit is not the average user, but rather those who purchase premium services. These include recruiters, as well as companies looking to boost their search engine profiles or establish business-to-business (B2B) relationships. These also include scammers, spammers, and hackers.

What makes LinkedIn unique among social media networks is that most members are seeking to connect with people they do not yet know. This makes it more vulnerable to certain types of threats.

Read More

Ransomware - Protect Your Data

February 22, 2016|Mariann Utrosa

Imagine waking up in the morning, picking up a coffee and sitting down at your office computer to check the latest Facebook wall posts and there it is … a message telling you that someone has 'locked' your system and is demanding payment of a ransom to release your files.

Larger institutions have become targets for ransomware attacks, such as the Hollywood Presbyterian Medical Center in Los Angeles, where a computer system was recently compromised by attackers who demanded 40 Bitcoin (~$17,000.00) before they would remove the ransomware and return the hospital's access.

Read More

Data at Rest, Data in transit, and Encryption

February 17, 2016|Mariann Utrosa

Computer data spends most of it’s lifecycle being stored ‘at rest’, punctuated with brief periods ‘in transit’ between storage media.  Whether being stored locally on hard drives, servers and other physical media or stored remotely in the cloud … computer data is always either at rest or in transit. 

In either instance, encrypting your data can help protect it from hackers and theft, but over time and as hackers get smarter, and existing encryption techniques become progressively less effective.  How do you protect your data against the inevitable day when that very encryption just isn’t enough anymore?

Read More

EMV is not the silver bullet

February 09, 2016|Mariann Utrosa

Many countries, including Canada, the United States and much of Europe have recently phased-out magnetic stripe technology on payment cards and replaced it with a more secure Chip and PIN or EMV technology.

The United States introduced EMV in 2015 to help prevent fraudulent transactions.  EMV is a acrronym representing the three companies which created it - EuroPay, Mastercard, and Visa - and it is quickly becoming the global standard for secure payment card transactions.

Read More

When Your Employees Leave

February 01, 2016|Jason Wittick

59% of employees admit to stealing data on the way out

Employee turnover is a fact of life.  Unfortunately, the ‘break-up’ is not always pleasant. A recent study suggested that 59% of employees admitted to stealing company data on their way out.  Even more alarming, 67% of those ex-employees admitted to using that stolen data to leverage a new job. The most popular data exfiltration sources include files, emails, and storage devices.

Read More