Blog Banner

Category Archives: Security

Keeping Data Safe This Black Friday

Decorative image of "E-Buy" Computer Key Tomorrow, most Americans will be enjoying Thanksgiving festivities with their family, celebrating what they are truly thankful for over a feast of plenty. However, the Friday after is a different story. While some might want to stay put and watch the shopping unfold on the news, others will be in the depths of shopping galore. And while I do like a little shopping myself, I’d like to take a minute to remind everyone about keeping data safe this black Friday.

High profile retail data breaches have also been of plenty over the last year. It was almost a year ago that Target was breached, and Sally Beauty, Neiman Marcus, Michaels, Kmart and Home Depot have all recently suffered data breaches that exposed their customers’ personal and payment card data. With billions to be spent on Black Friday, and a lot of that spent via credit and debit cards, retailers are responsible for a whooping amount of personally identifiable information (PII) and financial information.

With the constant threat of security breaches looming, it is more critical now than ever to keep data safe this Black Friday. Retailers need to secure the payment processes and protect customers’ account data. If you are storing cardholder data or any of your customers’ PII, you’ll need to protect that information. Here are a few suggestions to keep data safe:

  • Don’t trust the network – If an area of the network houses data, applications, or systems that are considered highly sensitive, then no one accessing them should be completely trusted, ever! Instead, the context and posture of the user’s current environment and device should be assessed and compared to corporate policy: What type of device are they using? Where are they? Does the device comply with corporate policy?
  • Don’t trust that application content is secure – Unfortunately, even with content management system in place, files move around in companies– via copying, desktop download, email, etc. Therefore, you cannot always trust that sensitive information will remain there and stay secure. Put controls in place to restrict what authorized users can do with sensitive documents to limit the damage that can be done by accidental or unauthorized sharing.
  • Enforce policies on the handling of cardholder data – Paper policies are great, but how can you ensure employees are following them? Prevent or warn users if they attempt to distribute sensitive information such as cardholder data or confidential documents against policy using predefined rules. Key stakeholders should be automatically notified of violations so that appropriate actions can be taken.
  • Know how cardholder data is used – Track and monitor the entire lifecycle documents containing cardholder data. Audit trails to record what users opened, printed or emailed documents containing cardholder data or other PII content are an important step to assess security and track potential misuse or leaks.

Learn more about securing application content with PII and securing network and application access.

Lastly, Happy Thanksgiving from all of us at Cryptzone and HiSoftware.

What Every Business Can Learn from Snowden

Decorative image of 4News out that there is a second or even third leaker turning sensitive documents about the U.S. government’s terrorist watch list to a journalist reminds us all about the security of information. With this in mind, today we focus on what every business can learn from Snowden.

While you may not be keeping national secrets, content is the bread and butter for any organization. It might be customer information, HR details, intellectual property (IP) or financial and commercial information. For organizations to get the most out of content, we collaborate on it. We have it stored in platforms like SharePoint or in file shares. It is online, offline, in the cloud, on our desktops or mobile devices. We need it to achieve an end goal.

2014 Sees 25% Increase in Data Breaches

Decorative image of infographic on data breachesAnother year, another data breach; or so it seems. Year after year, the importance of securing personally identifiable information (PII), protected health information (PHI), credit card information or even company confidential information increases. In our globally connected world, data needs to be secured.

Discouragingly though, the Identify Theft Resource Center (ITRC) reports that as of this week’s total of 644 breaches, there has been a 25.3 percent increase over the same time period last year (514 breaches).

Trick or Treat? IT Security Pros Beware

IT security professionals, beware! Here are four individuals you’ll want to avoid this Halloween and steps you can take to protect your organization against them throughout the year!

Decorative image of vampire mouth and teethThe Vampire

Vampires feed on the blood of living creatures and cause mischief amongst the neighborhoods they live. This Halloween, avoid vampires in the workplace. These are the employees that maliciously suck information like client contacts, internal communications on products and confidential information from the organization. With 50% of employees admitting to taking corporate data with them when they leave a job, it’s important these vampires are stopped.

HiSoftware’s New Product and Accessibility Training Portal

Screenshot of  training video portalWant to learn more about using HiSoftware’s products? Now we have the tool for you. Today we announced the availability of a new on-demand, video-based Product and Accessibility Training Portal to improve customers’ working knowledge of products and provide in-depth Web accessibility training for developers.

Join HiSoftware at SharePoint Saturday New Hampshire #SPSNH

Logo of SharePoint Saturday EventsSharePoint Saturday New Hampshire#SPSNH is tomorrow and it’s in HiSoftware’s backyard. We’re excited to support our local SharePoint Saturday as a lunch sponsor and will offer you an overview of HiSofware as you eat. Our CTO and Microsoft MVP, Chris McNulty will also present a session on “Access Apps for Business Users with PowerBI on Office 365” (see details below).

Simplifying the Creation of Non-Employee Portals in SharePoint

decorative image of employees with question marksSharePoint 2013 offers companies more flexibility in creating portals for internal and external collaboration alike. Many companies are now looking to use the platform to build hubs for non-employees to access information. The problem is there are some issues and limitations with Microsoft’s recommended strategy for creating these portals that could waste resources and present security issues.

5 W’s of ITAR and EAR Compliance in SharePoint

decorative image of the word securityIf you are using SharePoint and need to comply with or learn more about ITAR and EAR, read our five W’s to help you ensure compliance with these strict regulations.

What

ITAR, or the International Traffic in Arms Regulations, are issued by the United States government to control the export and import of defense-related articles and services on the United States Munitions List (USML). In short, the U.S. Government requires all manufacturers, exporters, and brokers of defense articles, defense services or related technical data to be ITAR compliant. TAA documents (Technical Assistance Agreements) are ITAR contracts between parties, these documents are required to be restricted from transfer or access by authorized persons only.

How to Control Non-Employee Access to SharePoint

Decorative image of peopleChanges to SharePoint 2013 licensing have made it affordable for companies to build non-employee access portals in SharePoint. The expectation was that companies would rapidly deploy non-employee portals to collaborate with clients and suppliers. The reality is that very few SharePoint customers have deployed these portals.

HiSoftware and the BASH Exploits

Decorative ImageBourne again! It seems scarcely a week goes by that we don’t see another data breach or exploit running wild. Following on the Heartbleed code defect earlier this year, this week has seen the rise of a new round of exploits. The defect covers the BASH command line utilities used on Unix-derived operating systems, such as Linux and Mac OS X. Windows systems are immune to this flaw.

We are pleased to report that all of HiSoftware’s solutions are Windows-based, and thus have no known exposure to this defect. Similarly, there are no known exposures in any of the Cryptzone portfolio of products (see Cryptzone’s statement).

As always, failures of any peripheral controls could lead to indirect exposure for other systems. We encourage all customers to be careful about any potential use of Linux or Macintosh systems until the defects are patched. We will continue to monitor the situation and share relevant information as it becomes available.

Incidents such as this highlight the importance of proper security, audit, compliance and governance solutions.  If you have any additional questions or concerns, please contact us at info@hisoftware.com.

Powered by WordPress