Skip to content

Cyber Security Threats 2016 – Part 3

February 1, 2016

Monday ~ Monday!  Awesome people we are moving into “Hacks Targeting User Data” and it would be hard to miss the hack of shhhhh! Ashley Madison website that made headlines this past summer and not to mention dropped a name or two, yikes! Then T-Mobile, Experian and VTech it makes one wonder, who’s watching the store.

Let’s consider Big Data requires new tools to filter traffic and secure networks. More then just authenticating access once,  keeping track of the coming and going and any suspicious behavior.

Analyzing the anomalies in your network is highly recommend and asking yourself is there encrypted data or suspicious behavior?  Who is logging in and out, what is being accessed?

Suspicious activity using a transaction monitor, SQL server logs, application logs, or network session data? 

Has your server been manipulated or configurations changed. Is everything still in compliance with security policies?

Are there any changes in the infrastructure configuration management and vulnerability and is everything in compliance with your security policy?

Analyze everything, consolidate risk and protection, choose your data sources and anonymize your data traffic.  These are just some of the ways big data is changing enterprise security. Keep developing security strategies that target big data weaknesses.

Till next time, Keep your eye on the store!

 

Cyber Security Threats 2016 – Part 2

January 15, 2016

Welcome back! And it’s Friday, I am hopeful your week was successful and productive!  If your organization is concerned about security take a look at the case of APTS – ADVANCED PERSISTENT THREATS .

APT, sophisticated social engineering – such as meticulously targeted phishing – is combined with sophisticated technological tools that can camouflage themselves on networks and relay information back to a central server in order to very explicitly fool an enterprise and steal data.  According to IT association  ISACA , one of four  companies or 28% have already experienced an APT attack.

Internationally deployed and targeted with a specific goal in mind, APTs represent a growing threat, especially to government enterprises. They tend to go a long time without being either discovered or effectively cleaned, leading to very large amounts of top-secret data being stolen of a duration of months, if not years.

It is more critical than ever for cyber security leaders, IT professionals and business owners to have a thorough understanding of these threats, and to be prepared to quickly and effectively respond.”

Next week – Hacks Targeting User Data..

Cyber Security Threats 2016 – Part 1

January 11, 2016

To say that data breaches are a growing problem is perhaps an understatement.  The frequency with which enterprises of all sizes have found themselves targets, and victims of online criminality, has increased at a fantastic rate.  From public schools, government institutions, health care, private and publicity owned businesses appear to be at risk for fraud and cyber attacks.  But there is hope! Security professionals are finding ways to get ahead of the threats . The malware and the people using it are getting smarter and a new model, based intelligence, is  necessary.

Intelligence on where threats are arising, their capabilities and their targets – is necessary to keep up with the threats. That is digital threat intelligence.

To keep an enterprise secure and understand the role of digital threat intelligence we will take a look at the most recent trending exploits to appear on the cyber threat landscape. Till next time lock it up and stay secure!

 

WELCOME 2016

January 8, 2016

Happy New Year! I am excited about the possibilities and opportunities that this year will bring.  There will be new technology to learn, new social media to implement and creating new marketing for our businesses.

I will be creating new posts that will be engaging, something to think about and it is my intention that you will be inspired to take action with your business that brings liveliness, growth, fun and thrive so your excited about 2016.

2016 start your engines!

WHO’S LURKING IN THE SHADOWS

November 2, 2015

Baiting, Click-Jacking, Cross-Site Scripting (XSS), Doxing, Elicitation and Pharming.  According to Facebook people in the US spend 9 hours every day with digital media and 40 minutes of those 9 are on Facebook. We reach out to our friends, business associates and loved ones. We at times enjoy sharing videos, funny crazy posts and look forward to the Happy Birthdays.

Here are some helpful hints to be aware and think about so keep your privacy private. Have a great week!

And by the way if you need anything regarding your business growth check out my website here.

Boo…….

October 30, 2015

Have a safe and enjoyable “Halloween or Harvest” weekend!

P.S.No that is not my child:)

JUST CHECKING THE BOX ON A PCI COMPLIANCE PROJECT IS NOT A GOOD IDEA!

August 18, 2015

Having a sixteen year background in payment processing and all that goes with it is constantly changing.  And in today’s data security environment it is critical to be engaged in protecting my clients best interest and that is their business.  Here are six excellent requirements for PCI Compliance an MSP must put in place:

Build and maintain a secure network

~Install and maintain a firewall configuration to protect cardholders data.

~Not use vendor-supplied defaults for system passwords and other security parameters.

Protect cardholders data

~Protect stored cardholders data.

~Encrypt transmission of cardholders data across open, public networks.

Maintain a vulnerability management program

~Use and regularly update anti-virus software.

~Develope and maintain secure systems and applications.

Implement strong access control measures

~Restrict access to cardholders data by businesses need-to-know.

~Assign a unique ID to each person with computer access.

~Restrict physical access to cardholders data.

Regularly monitor and test networks

~Track and monitor all access to network resources and cardholders data.

~Regularly test security systems and processes.

Maintain an information security policy

~Maintain a policy that addresses information security.

It is important not only to educate our clients regarding data protection from terminal hardware and WiFi based terminals, the importance of PCI Compliance are the standards to which we operate as a group to ensure we are providing the best technology.  Thank you techtarget.com and Margaret Rouse from WhatIs.com 

IT’S FRIDAY!

July 17, 2015

A simple message to my followers! Enjoy your weekend!

GET THE FACTS ABOUT EMV AND CARD-NOT-PRESENT FRAUD

July 7, 2015

EMV is the buzz for retailers migrating to new terminal technology in the US and the deadline is right around the corner for US merchants, October, 2015. EMV stands for Europay, MasterCard,Visa and was introduced in the 90’s and has replaced the magnetic stripe in Europe. The benefits for US merchants in the retail market is that the Chip embedded credit card is used in person and creates a unique code that cannot be re-used.  Further benefits if a card is stolen and a new counterfeit card created the unique code would not be usable and any future fraudulent attempts would be declined at the point of sale transaction.

Good news for retail how about the hundreds of thousands of online merchants? Since the Chip cards will make it harder for fraudsters to clone credit cards they will make their move to the Card-Not-Present online businesses.  History has a funny way of repeating itself, when Europe transitioned to EMV the CNP merchant experienced an increase of fraudulent transactions from £45 million to £181.7 million five years later, ouch!

How can online merchants protect themselves from these fraudsters? Do your homework by seeking reliable authentication technology providers,Verified by Visa, MasterCard Secure Code, Hosted Tokenization and Risk Management tools. You have worked hard to build your business online so keep your eye on the ball and get the facts today! The liability is about to shift to the merchant.

Free Consultation email Tina@paylab-plus.com or call 888.413.9186.

ARE YOU EMV READY

June 12, 2015

The Strawhecker Group (TSG) released survey results today showing only 34 percent of US merchants will be EMV-ready by the October 2015 deadline, and just 53 percent of merchants are expected to be fully compliant by 2017 – more than 15 months after the deadline. EMV, or “Europay, MasterCard, and Visa,” is a globally accepted card standard that uses an embedded microchip to provide unique data protection when the card is inserted into a chip-card reader. Most card accepting US merchants may be liable for fraudulent transactions if they are not “EMV compliant” by October 1, 2015.

TSG survey finds just 34% of merchants in the US will be EMV-ready by October 2015.  For more information click here BusinessWire.

If your not EMV ready contact PayLab Plus @ www.paylab-plus.com 

%d bloggers like this: