Let's Talk
Welcome to the EiQ Networks Blog

What Are PCI DSS Requirements for Retailers and Why Are They Important?

Posted by Shawn O'Brien on Dec 22, 2016


Card security has become a big problem for retailers.

While credit and debit cards are extremely convenient, they've also opened up a whole new world of fraud. This makes the systems that retailers use to process these payments seem like great targets for hackers, and organizations from every corner of the globe are scrambling to secure themselves against these threats.

One big solution to this has been the Payment Card Industry Data Security Standard. The PCI DSS is a regulatory code that tells companies how they can better defend themselves against attacks levied to steal card data. It's an important tool in the fight against fraud and should be strictly followed.

Why is Compliance Important to the Healthcare Industry?

Posted by Shawn O'Brien on Nov 7, 2016


It's critical that health care companies are in compliance with federal and state regulations.

Do you know what the HIPAA Security Rule is? What about the Privacy Rule? If you're a health provider, it's paramount you understand what both of these regulations are, otherwise you could end up like a number of health companies - in a financial mess.

 

"It's paramount that you understand what HIPAA's Security and Privacy Rules are, respectively."

Take St. Elizabeth's Medical Center in Brighton, Massachusetts, which broke HIPAA's Security Rule by violating regulations regarding electronic Protected Health Information, according to Elizabeth Snell of Health Security.

How to Craft an Effective Data Security Plan

Posted by Security Steve on Aug 2, 2016

A data security plan is an organization's framework for employing security tools to make sure digital information is accurate, reliable, and available when those with authorized access need it—and not those without authorized access, such as malicious hackers. There are a few basic steps involved in assembling a quality data security plan:

SMS Not Recommended for Two-Factor Authentication Says NIST

Posted by Trevan Marden on Jul 29, 2016

In recent years, two-factor authentication has rapidly become a standard best practice for securing accounts. One of the most common ways to implement this is through SMS messages sent to a cell phone. For example, if you enable two-factor authentication for a Google account, when you try to log in with your password from a new computer or other device, Google will send a text to your cell phone with a code you’ll need to enter on the login screen to verify that along with having the correct password, you also have physical access to the associated cell phone for the account.  That sounds good. But, recently, flaws in the SMS system have been uncovered that render this method of two-factor authentication inadvisable. In fact, the National Institute of Standards and Technology (NIST) will recommend against its use as a two-factor method.

Credit Unions Under New Pressure As NCUA Becomes More Rigorous About FFIEC Compliance and Plans to Incorporate Cybersecurity Assessment Tool in Examination Process

Posted by Shawn O'Brien on Jul 28, 2016

Credit unions face major challenges when protecting financial data in today’s threat landscape. In addition to protecting consumer data and financial records, IT security teams must also deal with compliance mandates for FFIEC and a patchwork of federal, state, and other industry regulations. With so many regulations and areas to consider, the task of securing a network from breaches and vulnerabilities while meeting compliance requirements can seem overwhelming. That task has become even more onerous with the National Credit Union Administration (NCUA) buckling down even further on FFIEC compliance to ensure that credit unions are as secure as possible, given how many data breaches are still happening in the financial services industry today.

Why PCI DSS is Mandating SSL/TLS Migration

Posted by Trevan Marden on Jun 8, 2016

 

If your organization is subject to PCI DSS 3.2 compliance, you’re likely aware of the looming deadline mandating the migration away from the use of SSL and TLS v1.0 to a “secure” version of TLS, as defined by NIST (currently v1.1. or higher). The PCI Security Standards Council previously released a bulletin on the migration to help explain the reasons for the change and what steps are necessary. While the PCI Security Standards Council has extended the deadlines for compliance, there are very real reasons not to wait to make the move.

 

How Consumer Financial Services Can Meet Compliance Requirements

Posted by Security Steve on Apr 21, 2016

Banks, credit unions, and other financial institutions face major challenges when protecting financial data in today’s threat landscape. In addition to protecting consumer data and financial records, IT security teams also deal with auditing mandates for GLBA, FFIEC, SOX, PCI, and a patchwork of federal, state, and other industry regulations. In 2014, the Federal Financial Institutions Examination Council announced a new effort focusing on cyber security, including an audit of an organization’s ability to manage cyber security and mitigate cyber risk. The task of monitoring thousands of network and system events can seem overwhelming. EiQ’s SOCVue® hybrid SaaS security services help overcome these challenges by providing the right people, process, and technology in order to deliver increased security visibility and guidance to effectively reduce cyber risks and meet compliance requirements.

Top 3 Takeaways From the 2016 RSA Conference

Posted by Shawn O'Brien on Mar 14, 2016

A recent post by Ulf Mattsson, CTO at Compliance Engineering, cited several key takeaways from the 2016 RSA Conference. Specifically, three of these takeaways echo the challenges that many of EiQ’s current customers faced prior to partnering with us:

  • Increasing regulatory compliance requirements
  • Shortage of IT security skills
  • Rising security costs

Transforming IT Security at Mid-Market Organizations

Posted by Security Steve on Jan 5, 2016

If you are like most IT professionals these days, you are no doubt juggling an increasingly complex security landscape while struggling to stay up-to-date with the latest tools and techniques.

 

This can add up to an incredible amount of unproductive time. In fact, according to IDC, 35% of organizations spend more than 500 hours a month just reviewing security alerts, and The Ponemon Institute has revealed that some organizations waste a staggering 395 hours per week on average just investigating false positives!

 

Compliance Reporting: How to Stay on Top of Audit Regulations

Posted by Security Steve on Oct 19, 2015

When people usually think about audit regulations, say in the financial industry, their first thought on how they can backfire is about fines and reputation. You cut a corner to save money and time, and your company is found out. You receive a huge fine and your reputation takes a big and embarrassing hit.

That certainly can happen, and it’s reason enough to stay on the straight and narrow.

 

Having said that, regulations can be overwhelming. All the various industry regulations with which your organization has to comply can lead to the temptation to cut corners because of how difficult the regulations can be to keep up with, how demanding they are (a tiny change can have an outsized effect), and how often they change. This can lead not just to legal problems but, especially when it intersects with cybersecurity demands, it can also lead to breaches.

 

Subscribe to Email Updates

How Prepared Are You to Battle Cyber Attacks?

Find out with EiQ's free cyber security readiness assessment!

Find Out Now!

Posts by Topic

See All