Blog

A Real-World Example of Social Engineering

A Real-World Example of Social Engineering

A social engineering test presents a challenge to your IT security team like no other.  Typically, advanced systems can manage technical points of entry into your environment with firewalls, logging, SIEM systems, malware scanners, etc.  However, when the point of entry into your system is user error, things become much more difficult to manage. During one of our network vulnerability assessments, we were engaged to perform a social engineering test.  We decided the most effective test would be a spear phishing attempt.  Spear phishing is a modified form of phishing where the attacker...

Read More

Integrating Instant Issuance Cards

Integrating Instant Issuance Cards

While instant issuance eliminates waiting for a debit card to arrive in the mail, it is important financial institutions closely evaluate the solution from an integration standpoint. Multiple systems are often involved with card – and cardholder – information. And because the goal is to make the card immediately usable, the integration tasks must be completed as close to real-time as possible.

Read More

How to protect yourself from ransomware.

How to protect yourself from ransomware.

You have a top-flight antivirus solution deployed and managed on your system. Your hardware firewall is automatically updated and continuously monitored by a great security team. You’ve blocked access to all known malicious and questionable web sites. Your email and web surfing is filtered by the best service money can buy. You just paid $1,000 worth of Bitcoin to somebody you’ve never met in a country you’ve never heard of.

Read More

Why EMV cards won’t stop CNP fraud.

Why EMV cards won’t stop CNP fraud.

As U.S. banks deploy chip-enabled EMV debit and credit cards, most articles on the subject imply the new cards will dramatically reduce fraud. Because EMV card technology utilizes a unique one-time code created by the chip for each transaction, it is unlikely fraudsters will be able to produce counterfeit cards which mimic the original, meaning fake cards will essentially disappear. Is it time to celebrate?

Read More

Protecting your virtual infrastructure just got easier.

Protecting your virtual infrastructure just got easier.

With the release of version 8, Veeam introduced Cloud Connect. This new feature allows you to easily send your backup data off-site to a third party data center. As opposed to on-line backup systems like Carbonite or Mozy, Veeam allows you to maintain complete control of your data. If you’re in a highly regulated network environment like a bank or credit union, it’s in your best interest to know where your data is stored. Having your data “in the cloud” isn’t a good enough answer for your examiners.

Read More

Can you afford HIPAA non-compliance?

Can you afford HIPAA non-compliance?

According to the American Medical Association, your company may be fined up to $1.5 million per year for HIPAA non-compliance. The first step of HIPAA compliance is making sure all of the companies who have access to your systems are, themselves, compliant. If you have a managed service provider keeping your systems up to date and secure, they must have enough access to your systems in order to perform their job. In general, that level of access places your MSP into the HIPAA Business Associate category. What is a HIPAA BA? A HIPAA Business Associate is any company who has the potential to...

Read More