Security, PCI, InfoSec, DSS, Payment Gateway, credit cards, debit cards, IDS/IPS, CDE

PCI DSS: When to Test Controls & Functions

Although 2019 promises a new version of the Payment Card Industry Data Security Standard (PCI DSS) the current version 3.2.1 is the de facto standard for measuring security programs for all merchants and service providers that participate in commerce using credit or debit cards.

There are twelve major requirements in the PCI DSS, and considering the complexity of the material we have chosen to dedicate individual blogs to the different requirements. The focus of these blogs will be to provide tips and pointers, help provide clarity for “what’s new” and to enhance understanding so that your organization can achieve a sustainable security posture that easily satisfies the requirements of the PCI DSS.

Read More
By Jeff Man on Jan 3, 2019 4:51:51 PM
Security, Digital Experience, Digital Transformation, GDPR, Artificial Intelligence, technology consulting, Agile Adoption, End-Point, Passwords, Design Thinking Process, Security Breach, Blockchain, CTO, Chief Technology Officer, Technology Trends, InfoSec

Our Top 10 Favourite Blog Topics From 2018

2018 has been a year of rapid technology growth. We have seen changes to the security landscape, an increased adoption of AI and continued generational adjustments to our workforce.  As we look back over the last 12 months, we wanted to share some of our favorite blog posts from 2018 that touch on some or all of these topics: from risk and security assessment, to user experience, design thinking, business consulting, and everything in between. Happy reading!

Read More
By Jamie Michie on Dec 10, 2018 1:07:47 PM
Security, Passwords, Cyber Monday, Cell Phone, Juice Jacking, USB Ports, Hacker, Security Breach, Black Friday

3 Ways to Protect Your Data From Hackers

(A friendly reminder from our RSP team on practical ways you can avoid being a target of identify theft when shopping on & offline this holiday season.)

What's Your Cellular Data (Protection) Plan?

There’s no shortage of stories from around the globe on new ways that hackers are learning to access our personal data.  Important preventative measures include keeping up-to-date antivirus software, having an active firewall, and using strong passwords.  Even with these controls in place, this can lead to a false sense of security.

While many of us focus on protecting laptops and computers, we often don’t stop to think about protecting our personal or work-assigned smartphones, which is exactly what criminals are counting on. 

Read More
By Security Consulting Team on Nov 23, 2018 4:27:17 PM
Security, HP, Printer, SimonShiu, SecurityLab, End-Point, NetworkSecurity, Malware, BlackHat2018, JetAdvantage, HPComputers, ConnectionInspector, DoD, NSA, cryptographer

Who Thinks of HP for End-Point Security?

Honestly, that was my first thought when I started looking at the marketing material HP had put together for Black Hat 2018 this year.

HP has been promoting its efforts to provide security to its enterprise printers for the past couple of years and has done a great job at offering secure solution. They have even involved the security research community by introducing a first-of-its kind enterprise printer bug bounty program. 

But end-point security? HP makes printers. What do they know about protecting end-points like desktops or laptops?

Read More
By Jeff Man on Nov 7, 2018 1:50:00 PM
Risk Assessments, Security, Privacy

Turn Down That Noise! Tuning into Cybersecurity for the Financial Sector

"Turn down that noise!" I suspect that at some point in your life you’ve uttered those words or perhaps had them spoken to you. In my case it was my parents telling me to turn down my music when I was a teenager. What I never understood was why they viewed my music as noise. To me, it was a symphony of sounds that I connected to in a variety of ways. I realized, as I got older, that noise was really just another term for “I don’t understand, like or connect with that.”

Sometimes it’s just about volume. Sometimes it’s about something else.

Read More
By Alain Espinosa on Oct 18, 2018 1:44:12 PM
Security, HPComputers, PrinterSecurity, ReinventSecurity, Cybersecurity, TechDay, #BugCrowd, #BugBounty, #TheFixer

HP Continues to Demonstrate its Commitment to Printer Security

In August 2018, Onliner Jeff Man attended the Black Hat Conference in Las Vegas, Nevada. While at Black Hat Jeff had the opportunity to connect with the team from HP and discuss the importance, and changing landscape of printer security.
 

In early 2017, HP invited a group of cybersecurity industry bloggers and podcasters to gather for an HP Print Security “Tech Day” at their headquarters in Palo Alto, CA. The purpose of the gathering was to introduce the group to HP’s printer security program (#reinventsecurity), foster discussion, and get feedback on the program. This event was the precursor to a major marketing campaign for HP to promote everything they’ve been doing in terms of making their printers more secure and also building printers with “cyber resilience”, meaning they have the capacity to detect malicious or accidental actions and even recover from the attacks. HP has worked diligently to improve the security of printers which in turn helps to create a more secure enterprise network.

Read More
By Jeff Man on Sep 20, 2018 3:57:53 PM
Leadership, Security, Privacy, PCI, SystemAdministrators, Authentication, Passwords, PasswordComplexity, Captcha

Password123! - Why Does Authentication Have to Be So Hard?

Password complexity and authentication has always been a subject of contention both for users and system  administrators. Many assume that forcing users to create more complex passwords, and changing them frequently,   will lead to greater system safety - in theory this may be true. Given human nature, things rarely go as planned and research has shown that forcing users to comply with these additional requirements has actually had a detrimental effect on system security.

Read More
By Security Consulting Team on Sep 13, 2018 11:28:04 AM
Security, GDPR, Privacy, CCPA, Statutory Damages, Attorney General, California, Regulators, Misconduct

The Name of the Game is Privacy, Especially in California: Part Three

In Part One of this blog we introduced the California Consumer Privacy Act of 2018 (CCPA) and highlighted some of the important points organizations need to look out for to be compliant. In Part Two we elaborated on the scope of the CCPA in terms of businesses covered and their obligations. In this final part we will discuss how the CCPA will be enforced and what you can do now to become CCPA compliant.

Read More
By Laura Sulymosi and Eugene Tyrrell on Sep 6, 2018 11:27:02 AM
Security, GDPR, Privacy, CCPA

The Name of the Game is Privacy, Especially in California: Part Two

In the first part of this blog series we took a look at the the California Consumer Privacy Act (CCPA) that is coming into effect in January 2020. The implications of being off side with the new regulations are not trivial and apply to more than 500,000 US businesses according to the IAPP - not to mention any business around the world that has the personal data of California businesses and meet the relevant threshold. That is A LOT of businesses. Now how is that possible you ask? Let’s take a closer look at the businesses who will fall under the CCPA’s umbrella come 2020. 

Read More
By Laura Sulymosi and Eugene Tyrrell on Aug 7, 2018 1:20:01 PM