flash_area

Have any questions?

contactUs


The Futurex Blog. News, Announcements and Much More.


Data Security & Fraud Prevention Roundup – September 19th, 2014

by Futurex on September 19th, 2014

Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the last two weeks and our thoughts on them.

#1: Six Steps to Boost Data Security Protection by Jon May, Chain Store Age (September 10, 2014)

With the vast number of data breaches lately, retailers’ core cryptographic infrastructures have come under intense scrutiny. This article by Jon May discusses some sobering statistics, but ends on a high note, giving helpful advice for ways retailers can enhance the security of their systems.

#2: Businesses seeing positive results from big data use by Juliana Kenny, Blouin News (September 11, 2014)

Does your organization have all the facts about big data and ways it can be used to improve your company? This informative article demonstrates the advantages of big data as well as the statistics and surveys to back it up.

#3: Report: Healthcare industry must focus on endpoint security by Patrick Ouellette, Health IT Security (September 15, 2014)

For healthcare organizations, it can often seem like Personally Identifiable Information (PII) is leaking from every nook and cranny. As healthcare providers seek to bolster security and keep information safe, where do they focus their attention? Patrick Ouellette makes a compelling argument for the necessity of securing endpoint devices in this article.

#4: IT professionals not confident they can prevent cyber attacks by Ian Barker, BetaNews (September 15, 2014)

With all the cyber breaches occurring in several industries across the globe, many IT professionals are feeling discouraged in their task of providing data security. However, this helpful article discusses five ways in which data policies can be improved as well as a useful infographic on “Bridging the Data Security Chasm” in order to equip IT personnel with a better way of preventing data breaches.

If you find something interesting that you’d like to see considered for our next Data Security & Fraud Prevention Roundup, don’t hesitate to let us know. We’re always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to info@futurex.com, or share them with us on Twitter (@Futurex).


Bookmark and Share

DUKPT Within a Point of Sale Environment: How Does It Work?

by David Close on September 15th, 2014

Point-of-sale devices are used every day, yet few people know just how their cardholder information is kept secure during each transaction. POS devices typically safeguard data using an encryption key generation method called DUKPT, or Derived Key Per Transaction. For every transaction, a new, non-reusable key is made that cannot lead back to the original base key, keeping all the POS devices in the organization safe in the event of one device being compromised.

The process may only take a few seconds when you’re standing in line at the grocery store, but within the POS device, a lot is happening. Essentially, one Base Derivation Key (BDK) is used to initiate the DUKPT process. The BDK itself is never exposed, but instead is used to create another key, called an initial key. This initial key is injected into the new POS device along with a Key Serial Number containing identifying information for the host application. The initial key is used to create a pool of encryption keys, and during each transaction, one of the keys is selected from the pool to encrypt information. After the data is sent, the current key is used to create additional future keys, and then it is erased, removing any information about a previous transaction.

Derived keys keep information safe. The process cannot be reversed to lead back to the BDK, and if one of the keys were compromised in a POS device, it would immediately be replaced by a new key in the next transaction. Through derivation, DUKPT forms a self-recycling system that promotes security, efficiency, and ease of implementation.

For a more in-depth overview, download our DUKPT: Breaking Down the Process whitepaper.


Bookmark and Share

Key Management Refresher: The Lottery Test

by Futurex on September 9th, 2014

For any organization managing encryption keys, the process of creating, maintaining, and improving a key management system can seem a frustrating or even impossible task. These feelings of frustration often stem from a few prominent mistakes that frequently occur. Beyond simple annoyance with an inefficient system, key management mistakes can have a far more damaging effect: data breaches.   Fortunately, these mistakes are easily preventable with some instruction. In our whitepaper, Ten Key Management Mistakes…And How to Avoid Them, we discuss ten actions that can make or break a key management system.

Most companies have a trusted key administrator whom they rely on completely. Imagine your star employee has just won the lottery and said sayonara to his job. Can your key management system function without him? This scenario is called the lottery test, and it’s an easy way to determine if your key management system is headed for success or careening toward disaster.

Because best practices emphasize the importance of decentralized information and roles, solving the lottery test problem can be difficult, but it’s not impossible. Implementing the following policies will act as a failsafe in the event that you lose a critical employee:

  1. Identify Future Key Holders

Your organization can’t just pick a new hire at random and rush them through key management training. The first step toward having a pipeline of talented individuals ready to step in at a moment’s notice is to identify which individuals are fit for the role.

  1. Train Backup Users

After identifying potential key administrators, training is the next step. Don’t throw your employees in the deep end of the pool by expecting them to perform well in unfamiliar scenarios. Allow the backup user to train with the current administrator. Training should occur well before the backup user needs to step into a prominent role.

  1. Conduct Periodic Dry Runs

A great way to familiarize backup users with key management processes is through dry runs, in which a prominent employee hands over the reins to a backup user for a day. View vacations and sick leave as opportunities for training, not simply inconveniences.

  1. Utilize M of N Fragmentation

Key management technology has evolved to address the problem of needing a set amount of employees for key loading. With M of N fragmentation, an organization can select a number of required officers for a key ceremony that is less than the total number of key officers. For instance, if a key has 8 components, the organization can require that only 6 components be needed to recombine the key.

Follow these steps, and the loss of an employee will become an inconvenience as opposed to a major disaster for your organization.

Want to know more about key management best practices? Download our whitepaper or contact us today.

 


Bookmark and Share

Data Security & Fraud Prevention Roundup – September 5th, 2014

by Futurex on September 5th, 2014

Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the last two weeks and our thoughts on them.

#1: Encryption at rest and encryption in transit for HIPAA compliance are not easy questions to answer by Shahid Shah, The Healthcare IT Guy (August 29, 2014)

There are many different types of encryption available for organizations to use, but which encryption methods are best for protecting healthcare data? Shahid Shah has compiled a list of encryption-related questions to help your healthcare organization choose the ideal vendor.

#2: How to Mitigate Merchant Malware Threatby Tracy Kitten, BankInfo Security (September 2, 2014)

The chief technology officer of PCI SSC, Troy Leach, and Trustwave’s threat intelligence manager, Karl Sigler, are pushing to improve retailer’s networking and security environments in order to crack down on data breaches. This article gives a high-level overview of tips as well as changes they are promoting.

#3: 7 Security Must-haves for a Successful Enterprise Mobility Management Solution by Jason Moody, CIO (September 4, 2014)

Mobility is becoming more and more of a necessity for forward-thinking businesses. How can IT administrators ensure network security with so many mobile devices in the workplace? From encryption to access management, this article lists the top areas to focus on in order to strengthen your IT infrastructure.

#4: Phishing Scams at All-Time High, Employee Training Not Keeping Paceby Joe Ferrara, InformationWeek (September 3, 2014)

As relaxing as sitting in a boat with a pole in hand may sound, this type of phishing has become a major stress factor for organizations. In fact, according to reports, the extent of data security breaches from phishing outbreaks are only getting worse. However, this CEO of a leading cyber security education company provides common causes of successful phishing attacks and how to avoid them.

If you find something interesting that you’d like to see considered for our next Data Security & Fraud Prevention Roundup, don’t hesitate to let us know. We’re always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to info@futurex.com, or share them with us on Twitter (@Futurex).


Bookmark and Share