Thumbnail for Securing a Mobile PoS (mPOS)
The shift to have the flexibility of a POS application running on a mobile device has allowed business to become more agile, user friendly and profitable. The concern with this shift is that there are major concerns with putting certain applications and processes within a mobile environment without the proper protection and due diligence. That’s what makes the security of mobile POS (mPOS) such a hot topic.
Thumbnail for Penetration Testing for PCI
Penetration testing is an extremely important aspect of an information security program and just so happens to be a requirement of PCI. Throughout this blog we’ll explain what penetration testing is and review what’s expected of you from a PCI perspective. This is an important topic that assists with finding risks within your infrastructure and promotes better overall security throughout your environment.
Thumbnail for The Beginner’s Guide to Understanding PCI Compliance
While you may not at first recognize the terminology, as a consumer you are actually already seeking the benefits of it. Are you curious yet?
When your health care company experiences a data breach, which could include the loss of protected health information (PHI), passwords, intellectual property, internal disclosures etc., you may face stiff penalties and fines if you are found non-compliant with HIPAA. These fines, along with lawsuits, drive the cost of a health care breach into the stratosphere.
Hot on the heels of Braintree's acquisition by PayPal, 3 of the major card brands - Visa, Mastercard, and American Express - have announced a joint effort to create their own token-based standard for securing ecommerce transactions. No word on why Discover was left out of the party.
Thumbnail for MegaplanIT Launches PCI-DSS 3.1 and a New Website!
Our team has been very busy with a wide variety of assessments and special projects. One such project involved revamping the MegaplanIT website. Another big project is getting our clients up to speed with the newPCI-DSS 3.1 standard.
Clients often ask us "If we had one more dollar to spend on IT security, where should it go?" In today's web-driven world, with new technologies and threats emerging all the time, there is always one constant element - your employees. These are the people interacting with strangers on the phone, multi-tasking on multiple password-protected sites or internal networks, and otherwise keeping an eye on the shop. Your dollar would be well spent, we reply, on Security Awareness Training to help employees avoid causing breaches, and developing an Incident Response Plan to reduce costs associated with a breach. Why are these two programs worth budgeting for?
Thumbnail for Tips to Securing Mobile Devices in a HIPAA Compliant Environment
Tips to Securing Mobile Devices in a HIPAA Compliant Environment - See more at:
Thumbnail for Hackers Attack Apple! Mac Users, Update Your Java
The same elite squad of (Chinese?) hackers that aimed their digital cross-hairs at Facebook has been blamed for targeting a group of corporate Apple users via their Mac's Java browser plug in. While no data was stolen, the event prompted Apple to release an update to Java that would close the vulnerability. All Mac users are highly recommended to download the patch
Thumbnail for Evernote Users: You've Been Hacked
Evernote, the software that helps users take notes and conduct research, was recently hit by hackers. The company is forcing its members, upwards of 50 million users, to change their passwords ASAP. The malicious individual(s) responsible gained access to usernames, passwords, and email addresses. Evernote has good company, as recent hacker attacks have targeted sites like Facebook, Apple, Twitter, and Microsoft.
Thumbnail for Netflix Uses Big Data to Produce Original Content
If you haven't already heard, Big Data is becoming a rather big deal. Managing massive data sets and correlating trends using deep-rooted analytical tools is already opening doors in the way businesses are solving problems and improving their customer service. These trends are going to grow, but recently a prime example of the way Big Data is currently being used was brought to our attention thanks to Netflix and their original series, House of Cards.
Thumbnail for Secure Your Social Media for Compliance's Sake
Last week, Twitter announced that it had discovered a data breach and upwards of 250,000 accounts had been compromised. Twitter user details included the usual suspects: usernames, emails, session tokens and encrypted/salted copies of passwords. Twitter was quick to respond, notify those affected, and begin the process of implementing more stringent password protection policies. With that said, it's a good time for all of us to review our social media profiles and ensure that processes you have in place are going to help defend your business data and online reputation. - See more at:
Thumbnail for Homeland Security Starts Taking Medical Device Security Seriously
After a new medical management tool developed by Philips was found to be full of vulnerabilities, the Department of Homeland Security (DHS) and the Food & Drug Administration (FDA) rushed in to force the manufacturer to correct the issues. The Xper system is not the first medical device to be found with exploits, which is frightening considering the deadly consequences.
File this in the "Good to Know" category. Most people are unaware that just about every photo copier machine built since the early '00s contains a hard drive. These drives not only store settings and profiles, but they also keep a copy of every single document scanned into the machine. As this video from CBS shows, the amount of information stored on these photo copiers is staggering. From police files to health records, photo copiers see (and remember) everything. - See more at:
Thumbnail for 4 Steps to Reduce Assessment Costs and Improve Risk Management
If you're like most IT security officers or business owners, you are striving to avoid any "hiccups" with this year's information security and/or compliance assessment. MegaplanIT's team of QSAs and auditors always recommend that continuous monitoring is key to successful risk management, but there are a few other checklist items that, if implemented throughout the year, may just reduce the level of effort required by your auditor - which should save you time and money!
Most business owners are creating their budgets for 2013, and IT security compliance continues to demand a sizable chunk of operational expenses. To help these business owners focus their IT budget on maximizing data security and risk management, which will enable compliance costs to be reduced, we offer a few New Year's resolutions.
Thumbnail for Medical Data Biggest Target for Hackers in 2013
A report in the Washington Post highlights what many in the IT security field have been discussing for months: the lack of even basic security protocols and procedures at well-established health care facilities to protect patient data from falling into the hands of criminal enterprises. Will 2013 be the year that the health care sector gets serious about defending patient data, or will the hackers continue to steal PHI at ever increasing frequencies?
Thumbnail for Experian Credit Reports Leaked After Hacker Attacks Bank
In September 2011, a hacker managed to infiltrate the Abilene Telco Credit Union and got his hands on data from hundreds of Experian credit report users, even those that had never done business with the Texas bank. Using a compromised employee's computer, the individual made away with Social Security numbers, dates of birth, and other sensitive information on over 800 people. Since 2006, Experian's databases have been breached on numerous occasions, leading the US government - and an angry public - to discuss the amount of information credit bureaus retain and how best to stem the tide of breaches.....
According to a new analysis of health care related data breaches, small medical and physician offices claim the infamous crown of "worst offender." For this specific analysis, conducted by the Health Information Trust Alliance (HITRUST), 495 breaches were evaluated. Overall, these incidents involved 21 million patient records and cost in the neighborhood of $4 billion. Why are these offices targeted, and what can be done to improve the situation?
Thumbnail for Visa Launches Real-Time Transaction Analysis Solution
Available in all Visa markets immediately, the new Consumer Authentication Service is intended for issuers and is designed to reduce online eCommerce fraud. Visa's new solution offers real-time analysis of transactions, and works in conjunction with the Three Domain Secure (3-D Secure) program. Now, issuers can verify the authenticity of transactions on the fly.

Learn how bundled services can benefit you

Get more protection for your money with MegaplanIT bundled services