flash_area

Have any questions?

contactUs


The Futurex Blog. News, Announcements and Much More.


Breaking Down FIPS 140-2

by Futurex on September 2nd, 2014

Here at Futurex, we know the importance of keeping data secure. That’s why we enhance our encryption solutions through robust, FIPS 140-2 validated secure cryptographic devices (SCD). You may find yourself questioning just what is FIPS 140-2 validation, how does it work, and why is it important? Fortunately, we’re here to answer those questions.

What is FIPS 140-2 Validation?

FIPS 140-2 refers to the Federal Information Processing Standard, security standard published by the National Institute of Standards and Technology. The standard is responsible for establishing the criteria to accredit cryptographic modules used with security systems protecting sensitive information. These standards are broken down into four security levels, each with increasingly stringent requirements.

How Does it Work?

The process to validate cryptographic modules begins with the Cryptographic Module Validation Program (CMVP). Within an accredited testing laboratory, each SCD is rigorously tested according to 11 different security requirements. Depending on how the SCD performs during those tests, it is assigned 1 of 4 different security levels.

Each level incorporates the requirements of the previous level:

Level 1: Modules have little to no enhanced security.

Level 2: Modules are required to be tamper-evident and employ role-based authentication.

Level 3: Modules are required to be tamper-responsive and employ identity-based authentication.

Level 4: Modules are required to have additional environmental protection against extreme temperature or voltage fluctuations.

Why is it Important?

Without FIPS 140-2 validation, there is no way for organizations to know which data security solutions are capable of protecting their valuable information. By designing our technology to pass the extensive tests required for FIPS 140-2 validation, we can confidently assure our customers that our solutions are well equipped to withstand both the rigors of everyday life and the challenges of attempted attacks by malicious individuals.

For more information on FIPS 140-2, download our whitepaper.


Bookmark and Share

Top Corporate Data Security Tips

by Alex Hopkins on August 27th, 2014

Data security isn’t just the responsibility of your IT department: it’s something that every facet of the organization needs to consider. We have compiled a helpful list of ten essential practices that you, and your company, should observe in order to protect sensitive data

Back up your data frequently – Though this tip seems obvious, we know that it’s easy to forget, especially when life is so hectic. However, if you can establish a regular schedule (weekly, monthly, etc.) or set reminders for yourself, backing up your data will be simple to remember. You can use an external hard drive, your company’s network-attached storage server, or something similar. It only takes a few minutes and can save you a great deal of time and money.

Keep paper documents protected as well – Nowadays, we may think that all of our important data is stored on our computers or in the cloud, but things like payment receipts, passwords, account numbers and more are important as well. Keep them locked up in a secure location.

Keep your system regularly updated – Be sure to always update your software or virus protection every time an update is available. The update may be meant to fix any weaknesses that could be left open to attack. Data breaches are more common on systems that are out of date.

Have a disaster recovery plan in place – What happens if all of your important information is stored on a single computer or server and your building catches fire? Having a backup device in an offsite location is a great way to protect your organization against unforeseen disasters. Similarly, your company could greatly benefit from a disaster recovery environment within your data centers. If a critical security server (a hardware security module (HSM), for example) stops working or if something happens to one of your data centers, do you have the ability to switch incoming data over to another unit to prevent any downtime in performance?

Internal theft is also a risk – Not all security threats come from external hackers. As much as no one wants to believe that coworkers would harm your company, a staggering percentage of data breaches come from insider attack. Here are a few measures you can take to make sure that your data is protected from internal attacks: ensure that your security system is strong enough to protect your data from internal and external attacks, carefully and frequently monitor employee access permissions, and lock the devices at your workstation any time you leave.

Be careful of what you download & trust your instincts – Don’t download programs or files from sources you do not know or trust. Viruses can often be attached to online downloads and can destroy your system, or even provide attackers with the ability to steal sensitive information or intellectual property from inside your corporate network. Also, if something feels wrong, it probably is. For example, if you receive an email from an unknown source that seems unsafe to you, don’t open it. Attackers may send harmful links that will damage your system when clicked. Delete the email immediately.

Encrypt your sensitive data – Don’t take chances and don’t leave your sensitive data vulnerable. Customer information, confidential emails, and electronic payment records are all good examples of information that should be encrypted. Furthermore, don’t take for granted that your device or data is secure simply because you encrypted it. Test your defenses to make sure that they are really as secure as you believe them to be.

Dual control is in place for a reason – Dual control is a security best practice which requires two (or more) people to be present to perform a specific task. Sometimes dual control can seem troublesome, and it may be tempting to cut corners, but it is important to comply. If you notice that someone in your organization is not adhering to this regulation, it is imperative that you report it immediately.

Ensure server rooms are locked with restricted access – Your server rooms protect your data, so it only makes sense to protect the servers themselves. By limiting who has access to the servers and keeping track of who interacts with them, you’ll be able to better protect your sensitive data.

Write down your serial numbers and store them somewhere safe - This applies to any type of electronic device you may use: your cell phone, laptop, etc. You hope it never occurs, but if the worst should happen and any of your devices are stolen, you’ll have proof that it belongs to you in the event that the device is recovered.


Bookmark and Share

Data Security & Fraud Prevention Roundup – August 22, 2014

by Futurex on August 22nd, 2014

Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the last two weeks and our thoughts on them.

#1: 90% of hospitals and clinics lose their patients’ data by Jose Pagliery, CNN Money (August 20, 2014)

For healthcare organizations, keeping data secure is no walk in the park. Not only are healthcare providers responsible for incredibly valuable PII, they’re also statistically likely to expose that data. According to a Ponemon Institute study, only 10 percent of medical institutions have managed to avoid a data breach since 2012.

#2: Information Supplement: Third-Party Security Assurance by PCI Data Security Standard (August 2014)

Data breaches don’t always occur because of just one person; more often, they’re the joint responsibility of several parties. To help combat lax data security both for merchants and the vendors with whom they interact, the Payment Card Industry Security Standards Council has issued a new supplemental guide.

#3: A Guide to Physical Datacenter Security by Natalie Lehrer, WallStreet & Technology (August 12, 2014)

What does your organization look for in a data center? One of the main factors in evaluating the quality of a data center is its physical security measures. Natalie Lehrer discusses the ways in which data centers can enhance their physical security to prevent breaches.

#4: A Look at Cyber Security Trends for 2014 by SmartData Collective (August 14, 2014)

According to SmartData Collective, here’s what’s currently trending for data security in 2014: internet connections, cloud, mobile malware, and third parties. As these technologies get more popular, more flaws within their security are being exposed. Is your organization prepared?

#5: Need Data Breach Statute Compliance? There’s an App for That by Tara Seals, Infosecurity Magazine (August 11, 2014)

It’s difficult to keep track of all the different data breach laws out there, especially if your company operates in multiple states or countries. Fortunately, organizations can utilize the Data Breach 411 smartphone app, which gives relevant information on data breaches.

If you find something interesting that you’d like to see considered for next week’s Data Security & Fraud Prevention Roundup, don’t hesitate to let us know. We’re always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to info@futurex.com, or share them with us on Twitter (@Futurex).


Bookmark and Share

Data Security & Fraud Prevention Roundup – August 8th, 2014

by Futurex on August 8th, 2014

Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the last two weeks and our thoughts on them.

#1: Utilities ignorant of IT security despite pounding by hackers: Ponemon by David Braue, CSO Online Australia (July 30, 2014)

Utility companies are responsible for a vast amount of data. A new Ponemon survey reveals that the majority of critical infrastructure providers have suffered a data breach, and if you haven’t had a breach yet, you’re in dire risk of one in the near future.

#2: Approaching Data Security: IT Procurement in the Time of Ward War Zero by David Wyld, Spend Matters Network (July 31, 2014)

Companies all over the world are fighting against the loss of sensitive information during this time of heightened data breaches. Basic IT security measures, however, are not enough to stop hacktivists from taking that information. Instead, David Wyld provides insight on how to strengthen data security measures by uniting executives with their IT department.

#3:Information-centric Security: Protecting Data from the Inside Out by Ben Rossi, Information Age (August 1, 2014)

While many security specialists instruct organizations to protect their security networks from the outside, Ben Rossi advises companies to focus on monitoring and guarding individual data from the inside. Read this enlightening article to find out why.

#4: Close to Home by Anthony Pearlgood, LocalGov (August 6, 2014)

What’s the worst data security threat for public sector agencies? According to recent research, it’s their employees. Anthony Pearlgood outlines best practices for the secure storage and disposal of sensitive data.

If you find something interesting that you’d like to see considered for our next Data Security & Fraud Prevention Roundup, don’t hesitate to let us know. We’re always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to info@futurex.com, or share them with us on Twitter (@Futurex).


Bookmark and Share