A core facet of Futurex’s corporate culture is the ability to continually improve one’s own knowledge of the data security industry. From time to time, it can be beneficial for those of us at Futurex to revisit the fundamental concepts that shape what we do. In this vein of committing to improving our own knowledge, I decided to revisit the fundamentals of PCI requirements. To do so, I enrolled in the PCI Training course, which became available at no cost, as part of Global Payment Security Education Week. PCI Data Security Standards are set forth by the Payment Card Industry Security Standards Council (PCI SSC) to safeguard cardholder data, and they apply to any organization that has a hand in transmitting cardholder data.Read More
In today’s world, where much of our lives are lived while being connected online, there is limitless personally identifiable information (PII) in existence. Identifying data, such as your name, address, and date of birth, is freely available on the web. Also prevalent is the information about terms you search, where you work, where you have lived, which public figures you follow, which restaurants and shops you frequent, and any content you like or favorite. Due to this rich breadth and depth of information, it is important that we collectively make maintaining our privacy hygiene a higher priority.Read More
Audits constitute a portion of every business, every organization, and every industry. Audit trails help protect the secure, safe, flow of data. By consequence, a weak audit trail causes critical threats to organizations.Read More
Imagine making a dozen copies of the keys to your house, labeling those keys with an address, and handing them to the first 12 strangers you see. You wouldn’t, would you?
But say someone who had a copy of your house key decided they wanted to widely disseminate it. Could you stop them? Should they have had the key in the first place? Unwittingly, companies that do not regularly control and review permissions, by which we mean access to specific information and actions, run the risk of stirring access with malevolence—handing the keys to the kingdom to the wrong person.Read More
Many industries need to collect and store the personally identifiable information of their customers. PCI DSS best practices recommend that one of the best ways to provide security is to never store clear information unless absolutely necessary. Whenever information is collected or stored in the clear, there exists risk of compromise, but tokenization can provide mitigation for this risk.Read More