flash_area

Have any questions?

contactUs


The Futurex Blog. News, Announcements and Much More.


Data Security & Fraud Prevention Roundup – February 20th, 2015

by Futurex on February 20th, 2015

Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the last few weeks and our thoughts on them.

#1: The Enemies of Data Security: Convenience and Collaboration by Carl S. Young, Harvard Business Review (February 11, 2015)

While IT departments within each company seem to hold the key to data security measures, former Senior Executive of the FBI Carl Young argues that IT professionals are not solely to blame. Young believes that cybercrime must be combated throughout every level of the organization’s “culture” and he provides suggestions on how to harmonize this information security culture throughout the company.

#2: Carmakers urged to accelerate drive to keep vehicle data secure by Andy Sharman, ft.com (February 16, 2015)

Do you drive a “smart” car? The majority of cars made within the last few years are equipped with some sort of wifi-enabled software, and the concerns about securing the transmissions from these cars are rapidly growing. Auto manufacturers are realizing the need for strong encryption and authentication of wireless transmissions.

#3: Security Experts: Health Data Increasingly Being Sold on Black Market by iHealthBeat (February 19, 2015)

We all know that Personally Identifiable Information (PII) is valuable, but just how much money does it fetch on the black market? One recent instance had Medicare IDs going for almost $5,000. The value of healthcare data means that healthcare organizations must put extra care into defending that data against hackers, but are medical facilities doing enough?

#4: Agriculture Giants Boost Cybersecurity to Shield Farm Data by Jacob Bunge, The Wall Street Journal – Technology (February 19, 2015)

While the Retail and Healthcare industries have been publicly impacted by breaches of data security, organizations from many other industries are beginning to realize that their business might be the next target. Check out this article to see why it’s important for your company to prepare for an outsider attack as well as possible measures that can be taken.

If you find something interesting that you’d like to see considered for our next Data Security & Fraud Prevention Roundup, don’t hesitate to let us know. We’re always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to info@futurex.com, or share them with us on Twitter (@Futurex).


Bookmark and Share

A Cloud Perfect for Retailers

by Futurex on February 19th, 2015

Every industry has its own needs and considerations when it comes to data security, and retail organizations are no exception. When deciding on a cloud vendor for your organization, it’s important to consider the aspects that may not fit into a generic, black box cloud solution. Your organization may require more than just simple data storage; what about transaction processing? EMV? Tokenization? You don’t have to go to several different vendors in order to get all the functionality you need; VirtuCrypt offers financial processing combined with the easy access of the cloud.

To ensure that the cloud vendor you choose has your needed technology, consider these five areas:

Using the Securus, the world’s first FIPS 140-2 Level 3-validated remote access tablet, VirtuCrypt provides retailers with the ability to create a connection to their cloud that is truly secure. The touchscreen tablet can configure encryption keys for your retail cryptographic infrastructure from virtually anywhere.

Futurex’s HSMs perform all encryption and transaction processes within FIPS 140-2 Level 3-validated Secure Cryptographic Devices. In addition, Futurex HSMs boast the fastest TPS rates in the industry.

Retailers are subject to a bevy of compliance mandates through regulatory standards such as PCI DSS and TR-39. Futurex has decades of experience and technology helping organizations meet and exceed compliance.

Managing encryption keys for retail environments can be a costly and time-consuming process, but Futurex’s key management servers significantly reduce those constraints on retailers. Through Futurex’s RKMS Series, retailers can remotely inject keys into POS terminals without requiring on-site insertion. As well as virtual access to Futurex’s key management servers, VirtuCrypt offers a key custodian service in which Futurex’s trained and CTGA-accredited Solutions Architects maintain your encryption keys in-house.

VirtuCrypt’s technology is far reaching, with support for everything from Point-to-Point Encryption to tokenization. As EMV gains popularity in North America, it’s imperative that your retail organization be equipped to handle it. Through VirtuCrypt, retailers can perform EMV transactions with ease. These technologies and more are available through one compliant, secure cloud: VirtuCrypt.

Want to know more about VirtuCrypt? Visit our website or contact us today.


Bookmark and Share

The Need for Stronger Healthcare Data Security

by Rachel Barnett on February 10th, 2015

Think about the phrase “sensitive customer data.” What comes to mind? Social security numbers, cardholder information, mother’s maiden name, driver’s license numbers…All data that could inconvenience or even ruin a person’s life if exposed, as well as ruin a company’s bottom line if the exposure was due to their lack of data security.

Healthcare and insurance organizations in particular are facing a huge number of attacks, as hackers become more cognizant of the vast amount of valuable data housed in these companies’ servers. For Tier-1 organizations, the risks are even greater. The IT infrastructures of high profile companies are often scrutinized for the slightest chink in their armor, any weakness that will expose the data of millions of customers.

Obviously Tier-1 organizations can’t simply erase all of their data and thus remove the proverbial target on their backs. That data is often essential to the everyday management of their businesses. So what’s the solution? You have to enhance your data security even further. Simply meeting compliance mandates is not enough.

Data security for healthcare organizations has to meet the unique needs of the medical industry: secure sharing across a network of care providers, strong encryption of all Personally Identifiable Information (PII), and easy accessibility of patient data for payment and medical history, to name a few.

Here are some first steps healthcare providers should take to ensure that their businesses do not get added to the quickly growing “data breach” list:

  • Evaluate your system for weaknesses
    How often do you assess the strength of your security measures? Is it a habitual process, or do you wait until right before an audit to ensure everything is up to par. Hackers aren’t going to stop searching for a weakness in your infrastructure, so you can’t afford to either.

  • Incorporate strong encryption wherever possible
    Encryption removes a large amount of the temptation surrounding customer data, since there’s little point in trying to steal information that has been rendered useless by encryption. If you’re keeping in-the-clear data where hackers can get it, you’re practically asking for a data breach.

  • Educate and assess your employees
    Not every data breach happens from the outside. Often, the exposure of sensitive data is due to the innocent or intentional negligence of the organization’s employees. Be sure to vet your employees carefully, especially those with access to restricted portions of your infrastructure. Habitual reinforcement of data care policies, as well as an explanation of the importance behind those policies, will go far in ensuring that employees aren’t the weak chain in your data security system.

  • Secure data from every endpoint
    Data has a lifecycle; from generation to storage to transfer to eventual deletion, every aspect of that lifecycle needs to be protected. Healthcare organizations should implement technologies such as Point to Point Encryption for data during transfer, tokenization for customer information during storage, and a physically reinforced, FIPS 140-2 Level 3 validated hardware security module (HSM) for storing and using sensitive data and keys.

Bookmark and Share

Data Security & Fraud Prevention Roundup – February 6th, 2015

by Futurex on February 6th, 2015

Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the last few weeks and our thoughts on them.

#1: A Merchant’s Step-by-Step Guide to EMV Implementation by PYMNTS (January 28, 2015)

EMV is coming to the U.S., no doubt about that, but have you planned out your organization’s implementation plan? If not, you don’t need to worry. PYMNTS has outlined an overview of all the steps merchants must take to go from simple magstripe to chip-and-PIN.

#2: Data Protection Day: Five steps to securing data by Warwick Ashford, Computer Weekly (January 28, 2015)

Even though Data Protection Day has come and gone, the fact remains that every business needs to be aware of how to improve data security. This article provides a great list of steps to help your organization meet regulatory compliance as well as protect your sensitive data at the same time.

#3: Cybersecurity Careers are for Everyone: Lysa Myers Interview by Matt Lichtfuss, HackSurfer (January 28, 2015)

Data security is one of the most influential topics in the cyber realm. Everyone needs it, but is there an opportunity to make a career out of it? According to Lysa Myers, businesses of every type are becoming more proactive in hiring employees with experience in this field. If you have experience in data security and you’re looking for a career, you should see the recommended sectors to work for in this article and check out our career offerings as well.

#4: How to create an effective data security communication plan by Larry Ponemon, CSO (February 4, 2015)

The majority of personnel handling data on a regular basis don’t typically work in the IT department. Rather, the responsibility for treating sensitive company data with care is spread around all departments, highlighting the need for data security policies that are enforced by all employees. This article discusses ways to engage all employees in a meaningful and effective data containment policy.

#5: Proposed Cloud Standard Would Guard Personal Data by George Leopold, EnterpriseTech (February 4, 2015)

Is an official cloud information security standard on the horizon? Quite possibly. The International Standards Organization has published a whitepaper that proposes guidelines for the protection of data within the cloud, a standard many have said is long overdue.

If you find something interesting that you’d like to see considered for our next Data Security & Fraud Prevention Roundup, don’t hesitate to let us know. We’re always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to info@futurex.com, or share them with us on Twitter (@Futurex).


Bookmark and Share