Prime Factors Blog

HITECH vs. HIPAA: What You Need to Know

Posted by Pete Flagella on Sep 1, 2016 10:00:00 AM


HIPAA and HITECH rules are often discussed together for a number of reasons, and it makes sense because one is meant to be an extension of the other. However, HIPAA was developed before the days of ubiquitous technology, meaning that it wasn't properly accounting for or regulating patient privacy when it came to keeping electronic records from prying eyes. Instead of working solely with the language used in HIPAA, regulators decided to make the update more memorable in the form of a plan that was meant to help the additional rules related to technology stand out to the various affected businesses. We'll tell you what you need to know about how and why the Health Information Technology for Economic and Clinical Health strengthens the measures laid out by the Health Information Portability and Accountability Act.

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption 

Read More

Topics: Enterprise Data Protection, encryption

5 Tips for Success in Key Management

Posted by Pete Flagella on Aug 30, 2016 10:00:00 AM


As anyone can tell you who does it, key management can get complicated to the point where major mistakes are made. This is especially true when you don't have iron-clad policies in place or use software that seems to have been engineered to be overly complicated. The general trend is that companies sometimes relax their rules for special circumstances or simply fail to think through what they really need as a company. You can see the lack of preparation practically every day, as credit card information, social security numbers and even email addresses are compromised in a number of ways, and it upsets and scares consumers of all kinds. If you currently have an encryption system in place but feel that you're just barely holding it all together, now is a good time to reevaluate. Encryption is not an inexpensive option (even if you’re using a “free” solution), and without effective key management it's essentially worthless. Read these tips for continued strength and advanced protection.

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption 

Read More

Topics: Enterprise Data Protection, encryption

Lessons to Be Learned from Major Data Breaches

Posted by Pete Flagella on Aug 25, 2016 10:00:00 AM


Maybe when you hear about a major data breach, your first reaction is happiness that it wasn't your company that was targeted. The headaches that stem from a breach are substantial for everyone affected, and it's not abnormal to experience relief that it hasn't happened to you. However, once that initial reaction has subsided, hopefully you're looking into what occurred so that it's less likely to happen to you. With so much information zipping around and opportunistic minds noticing how easy it is to get their hands on that data, it's really not a surprise that network security has failed us as much as it has. We'll share some of the lessons that can be learned from data breaches, so that you can keep a more proactive approach in mind at all times.

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption 

Read More

Topics: Enterprise Data Protection, encryption

Five Ways Your Company Can Improve Its Compliance

Posted by Pete Flagella on Aug 23, 2016 10:00:00 AM


Compliance comes in a variety of forms, and the rules can get messy quickly. Because it's so tied up with the technology of today, compliance laws have to be built with enough breathing room to account for advances in both software and privacy standards. However, one company's definition of 'reasonable accommodations for protection' can be very different from another company's, which is why it's easy for companies to get sidetracked on the wrong matters or feel unable to keep pace with the regulations. We'll look at 5 ways you can improve your compliance so you don't have to go through a messy legal struggle with endless fines and lawyer fees due to your company coming up short on securing data.

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption 

Read More

Topics: Enterprise Data Protection, encryption, PCI Data Encryption

Why Anti-Malware Simply Isn't Enough to Keep Hackers Out

Posted by Patrick Riley on Aug 16, 2016 10:00:00 AM


Anti-malware has aided the fight against hackers a great deal, there is no dispute regarding this fact. These programs scan and predict hacker behavior before anyone even has a chance to open a dangerous email or click on a suspicious link. Some companies have done a better job than others in implementing this software into their devices, but for the most part, consumers and employees can stay safe from attacks whether they know it or not. While these preventative strategies are exceptionally important, it just isn't enough to keep hackers at bay. All companies will need to look beyond anti-malware to have a fighting chance against them.

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption 

Read More

Topics: Enterprise Data Protection

Hacks of Corporate Systems on the Rise, says PYMNTS.com

Posted by Patrick Riley on Aug 15, 2016 2:07:13 PM



Interesting article in PMNTS. "Computer hacks of corporate systems are on the rise, and while KPMG found 80 percent of organizations have confirmed their systems have been hacked, only half spend the money and time to invest in cybersecurity.

http://www.pymnts.com/news/security-and-risk/2016/corporate-hacks-kpmg-ransomware/

Read More

Topics: Enterprise Data Protection

Closing the Gaps in Your IT Security: Tips to Get Everything Under Control

Posted by Patrick Riley on Aug 15, 2016 10:00:00 AM


No one wants to go in front of a boardroom or a managerial meeting and say the company's network is at risk to large-scale threats, and that there needs to be major changes. It either means that an IT expert is accusing the people who make decisions of being short-sighted in some way, or it means admitting that they haven't done what's necessary to secure the infrastructure. However, as uncomfortable as this conversation may be, it is far better to deliver this report rather than the report that announces there's been a breach on the company. The silver lining here in that there are a variety of options to begin tightening up your security, and we'll give you a few tips you can take to the bank.

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption 

Read More

Topics: Enterprise Data Protection

Encouraging Customer Trust Through Encryption

Posted by Pete Flagella on Aug 8, 2016 10:00:00 AM


The messy truth is out there about identity theft, and your customers are afraid of it. Receiving a new debit or credit card after a breach is annoying, but it's also at the bottom of the list in terms of what they worry about. Everyone knows a story of someone's identity being stolen which resulted in a nightmare of forms, denials and misunderstandings. It's not as simple as showing a driver's license and being done with the matter. These tales include descriptions of bankruptcies, days in courts, hours of arguments and of entire lives being put on hold until everything has been worked out — however long it ended up taking. Cautious citizens have made identity monitoring companies (e.g., LifeLock) a booming industry, and they've also made the victim businesses close up shop after a breach has occurred. When customers can't trust you with their data, you risk far more than you realize. Encryption is an additional step that companies everywhere need to take for the sake of their businesses. We'll look at how this technique may help you boost your reputation and help keep your customers coming back.

Read More

Topics: Enterprise Data Protection

How Will PCI DSS V3.1 Impact You?

Posted by Jeff Cherrington on Apr 16, 2015 3:00:00 AM

The Payment Card Industry Security Standards Council (PCI SSC) announced the latest version, 3.1, of PCI Data Security Standard (PCI DSS) today (April 15, 2015).  This incremental update to v3.0, released in November, 2013, is largely a set of clarifications, with at least one notable exception impacting allowable secure communications protocols. The latter had been anticipated by a prior notification from the SSC to Qualified Security Assessors (QSAs) in a newsletter last January:

In order to address a few minor updates and clarifications and one impacting change, there will be a revision for PCI DSS and PA-DSS v3.0 in the very near future. The impacting change is related to several vulnerabilities in the SSL protocol. Because of this, no version of SSL meets PCI SSC’s definition of “strong cryptography,” and updates to the standards are needed to address this issue.  [Bolding of font is mine, for emphasis.]

While SSL and early versions of TLS were considered adequately secure by prior versions of the DSS, this update serves notification that they will not be allowed after the end of June, 2016.

Read More

Topics: Enterprise Data Protection

Healthcare Lacks Breach Warning System - Needs Data-at-rest Encryption

Posted by Jeff Cherrington on Feb 8, 2015 9:12:00 PM

Much of the media chatter regarding the Anthem data breach focuses on asking when that company’s management team knew about the breach. That question is important – delays in notifying authorities and individuals impacted means the latter were exposed to risk unknowingly for weeks if not longer. While research shows that “only” 36% data breach victims suffer out-of-pocket expense related to stolen health records, such costs average almost $19,000 when expenses occur. These victims can be compelled to reimburse “…healthcare providers for services provided to identity thieves.” Those impacted certainly want every chance to avoid such costs, and any delays only increase the risk of being one of the unlucky 36%.

Read More

Topics: Enterprise Data Protection