flash_area

Have any questions?

contactUs


The Futurex Blog. News, Announcements and Much More.


National Cyber Security Awareness Month: Sharing the Responsibility of Data Security

by Futurex on October 30th, 2014

As National Cyber Security Awareness Month comes to an end, it’s important to set habits now that will carry on throughout the year. There’s no better time to start evaluating your IT system to ensure that it’s up to the task of keeping your customers’ information safe. This year, the NCSAM theme was “Our Shared Responsibility,” so let’s take a few moments to look into some sobering statistics, courtesy of the “Aftermath of a Data Breach Study” by the Ponemon Institute.

Data security is never the responsibility of just one individual. When establishing a strong, secure core cryptographic infrastructure, be sure to create policies and procedures for every group and place that has contact with customer data, from employees to third party vendors to internal storage.

Just as important as the human factor, ensure your system has the technology is needs to keep information secure. Consider adding these technologies to enhance the security of your core cryptographic infrastructure while reducing the cost and scope of compliance at the same time:

  • P2PE: a data protection method that encrypts sensitive information at the Point of Interaction (POI). The information remains encrypted through transit until it reaches the secure boundary of a FIPS 140-2 Level 3and PCI HSM validated hardware security module, at which point it is safely decrypted without fear of tampering.
  • Tokenization: a storage technology that protects data by removing it altogether, replacing it with an identifier known as a token. In typical financial applications of tokenization, a payment transaction occurs and the merchant retains only the token, which is linked to that specific cardholder account and, by itself, has no worth to fraudsters.
  • EMV: a chip-integrated payment technology used to prevent card duplication. Often referred to as PIN and Chip, EMV-enabled payment cards have an embedded cryptographic chip that is used in conjunction with a PIN to verify cardholder authenticity.

Want more information? Contact Futurex today, and don’t forget to check out National Cyber Security Awareness Month’s website for more data security tips.


Bookmark and Share

Key Management Refresher: Checkbox Compliance

by Futurex on October 20th, 2014

For any organization managing encryption keys, the process of creating, maintaining, and improving a key management system can seem like a frustrating or even impossible task. These feelings of frustration often stem from a few prominent mistakes that frequently occur. Beyond simple annoyance with an inefficient system, key management mistakes can have a far more damaging effect: data breaches.   Fortunately, these mistakes are easily preventable with some instruction. In our whitepaper, Ten Key Management Mistakes…And How to Avoid Them, we discuss ten actions that can make or break a key management system.

“Wait, we have a data breach? But we passed our audit!”

Companies of every size and industry find themselves discovering data breaches months or even weeks after passing an audit. The shock when this happens is usually due to a common key management mistake: falling for “Checkbox Compliance.”

Checkbox Compliance is the belief that, once an auditor passes your IT infrastructure for compliance, your organization is golden until the next audit comes along. Unfortunately, data security doesn’t work that way. Any changes to your IT infrastructure between audits can represent a security risk, and with how fast technology moves, changes to IT infrastructure can occur daily. Upgrading technology is a good and necessary practice, but such updates still require proper monitoring to see how those changes affect the system.

This timeline represents an average organization that is audited once a year. As the scheduled audit approaches, the company beefs up its data security measures. Because of the increased security, the organization passes its audit. Armed with the knowledge that their infrastructure has been deemed “secure,” the company slowly becomes complacent, giving hackers more opportunities to infiltrate the system. Once the data breach is discovered, the PR nightmare begins. Time and resources have to be allocated to assuring the public that the company is dedicated to increasing security in the future. After implementing stronger policies, the organization is able to keep its data security strong.

The end result of the process was a strong IT infrastructure, but at what cost? From a financial standpoint, it makes much more sense to adequately fund data security at the beginning and avoid the high cost of a data breach altogether. However, simply pouring money into the IT department is not the key to avoiding data breaches. Investing in advanced and efficient technology to protect your data is an important first step, but as with any tool, it is how you use it that matters. Your infrastructure must be properly managed and monitored to remain secure.

The strength of data security depends on how you view it. If you view data security as a box that you check off your to-do list, you’re in trouble. Organizations must enforce the idea that data security is a journey, not a destination.

In short, follow these brief policies:

  • Be vigilant, looking for security risks at all times
  • Make security updates not just for the present, but also for the future
  • Have respect for industry experts, and leverage their knowledge often
  • View compliance as the minimum, not the end goal
  • Don’t cut corners with data security just to save money

Bookmark and Share

Data Security & Fraud Prevention Roundup – October 17th, 2014

by Futurex on October 17th, 2014

Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the last two weeks and our thoughts on them.

#1: Are You a Cybersecurity Expert? Then This Post Isn’t For You by Jeff Peters, Hacksurfer (October 10, 2014)

Not many of us can actually say that we are cybersecurity experts. In fact, most people feel overwhelmed by all of the security information that must be acquired in order to properly guard sensitive company data. However, Jeff Peters provides a simple breakdown of the most essential part of understanding cybersecurity.

#2: Data Protection Strategy to Secure Your Business by Jason Bowden, Business2Community (October 10, 2014)

Data security requires a multifaceted approach. When analyzing the strengths of your IT infrastructure, it’s best to consider every angle. Jason Bowden has broken down the process of enhancing data security into nine different areas.

#3: Mastering Security Analytics by Ericka Chickowski, InformationWeek Dark Reading (October 14, 2014)

Even if you have reliable data security services in place, having the wherewithal to know what to look out for with data attacks can become one of your biggest cybercrime fighting assets. In this article, Ericka Chickowski discusses why having “data smarts” is vital to protecting your company’s sensitive data.

#4: Agencies should pursue cloud for performance, not cost benefits, says report by Molly Bernhart Walker, FierceGovernmentIT (October 15, 2014)

As cost effective as the cloud can be, the real value of cloud services lies in the increased efficiency and functionality that it offers. A new whitepaper by the Advanced Technology Academic Research Center states that government agencies can utilize the cloud to great effect, but first must instigate policies that will change the culture of how the cloud is treated.

If you find something interesting that you’d like to see considered for our next Data Security & Fraud Prevention Roundup, don’t hesitate to let us know. We’re always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to info@futurex.com, or share them with us on Twitter (@Futurex).


Bookmark and Share

Celebrating National Cybersecurity Awareness Month

by Futurex on October 13th, 2014

This October marks the eleventh year of National Cyber Security Awareness Month (NCSAM). This year’s theme is “Our Shared Responsibility”.

The initiative encourages us all to do our part by implementing stronger security practices, raising community awareness, educating young people, and training employees to follow measures to secure sensitive information. This year’s theme takes a particular focus on the personal responsibility that comes with constant Internet connectivity and how we can all help each other remain safe while connected.

Each week during October takes on a different focus, from simple awareness to more specific information technology practices, cybercrime prevention, and law enforcement.

Futurex is dedicated to showing its support by educating the public and clients about cyber security safety measures, and has been recognized as a “National Cyber Security Awareness Month Champion” by StaySafeOnline.org.

For more information about how you can get involved, assess your risk or the risk of your organization, and learn about implementing a cyber security plan, please visit StaySafeOnline.org.


Bookmark and Share