Dara Security

Archived News from 2014

Thank You To All Of Our Clients

Thank you to all of our clients.

As you can see from the map of our clients' locations, our reach has extended nationwide and internationally.

We close out 2014 with gratitude to you for helping our business grow, and we hope that our services allowed you to grow your business as well.

We look forward to partnering with you in 2015 for all of your information security needs.

Sincerely,

The Dara Security Team

Read More

Small Steps to Secure Your Information

Still unsure how to secure your information? It may not seem like there is much you can do to counteract hackers. The image that comes to mind is one of mysterious, computer-savvy supervillains preying on helpless victims whose futile efforts are the equivalent of plastering the Hoover Dam with Scotch tape to prevent leaks. But this is simply not true. There are a multitude of simple things you can do to secure yourself and secure your information.

Tips To Secure Your Information

Use a secure internet connection. Free Wi-Fi at your local coffee shop may be convenient, but it's...

Read More

Understanding Chip & PIN and P2PE

As credit card fraud has increased in recent months, merchants have worked towards replacing the traditional magnetic stripe credit card with the more secure "Chip & PIN", "encrypted swipe", or "EMV" solution. As the momentum builds towards this enhanced security solution for card transactions, it's worthwhile to understand what this new technology means for consumers and merchants.

When Will Chip & PIN Enter the U.S.

Chip & PIN technology has been used in Europe for years. In the US, full adoption of Chip & PIN is mandated by the card brands for all merchants by...

Read More

Identity Theft and Credit Card Theft - What's the Difference?

With the recent spree of credit card breaches, the press has used the terms "identity theft" and "credit card fraud" together so frequently that the two crimes have become synonymous. However, there is a distinct difference between these two crimes. While credit card fraud is a form of identity theft, true identity theft is far more serious.

When Is It Credit Card Fraud?

Credit card fraud occurs when someone steals and uses the information of a particular credit (or debit) card. Often these crimes are snatch-use-ditch affairs, where the thief will continue to use the card as long as...

Read More

Security Breaches: Is Your Small Business Safe?

Since the announcement of the Target security breach in December of 2013, a string of similar intrusions have affected retailers including Home Depot, SuperValu, Kmart, Goodwill, UPS Stores, Dairy Queen, and Jimmy Johns. In fact, SuperValu announced on September 29, 2014 that they had experienced a second intrusion separate from their August 14, 2014 announcement. It seems that no retailer is safe, not even a retailer that has been previously breached.

Common Theme in the Data Breaches

The press has reported many details about each breach, laying out the brand name retailers that...

Read More

P2PE: The Importance of Encryption

As the number of reported security breaches continues to rise, many individuals and businesses are asking what can be done to further defend against cyber crime.

One approach that has drawn much attention lately is encryption. By encoding messages so that only authorized parties can read it, information is kept more secure.

About P2PE and Security Encryption

Google, Yahoo, and other major internet players are coordinating efforts to provide their users full encryption of information accessed and sent.

In addition, businesses are pursuing an extra layer of security...

Read More

HackSurfer Hangout on Healthcare Cybercrime

Curious about healthcare and cybercrime? We're discussing this on an upcoming Hangout with our friends at Hacksurfer. Mark your calendars for Tuesday, September 30th, from 1-2 PM EST.

You can find out more about the Google Hangout here. Dara Security President Barry Johnson will help you find out more about how we help you stay protected from cyber threats!

Read More

Email On Your Phone – An Open Door To Your Data

In today's age, not having remote access to company email would be crazy. How would one stay abreast immediately about the latest events in the office? How would one access that critical spreadsheet with company financial data emailed by the accounting department or that customer leads list emailed by the head of sales? In many organizations, email is the default method for file sharing. It is also used by many to archive critical communications, notes, and any files that may be attached to them.

The Growth Of Mobile Email

At one time, remote access to these emails required the...

Read More

BitCoin Mining…Are You Helping?

Search the Internet and you can readily find news regarding BitCoin. However, if you haven't heard of BitCoin, you should know it is a type of Digital Currency that is gaining a foothold in the Cyber-world as a payment method. In fact, it is bleeding over into the brick-and-mortar world as some merchants have decided to accept BitCoins as payment for good and services.

Like any other currency, even the US dollar, the value of BitCoin is directly tied to the value people assign to it when it is used in payment transactions. And like other currencies, this value is tied to the effort...

Read More

SMBs: Information Security Is Not An Option

News outlets are increasingly reporting stories of businesses hacked by cyber criminals. It is typically the well-established large company whose breach has affected millions of customers, causing other similarly sized companies to quickly take stock of their information security posture.

SMB Security Breaches Are More Common

However, protecting information is not reserved just for large companies that store a vast amount of customer data. Trends show that smaller merchants are falling victim to hackers as well. A recent article published by the LA Times states that “for...

Read More

EMV and PCI

EMV is a trademark and technology that stands for Europay, Mastercard, and Visa, the companies that developed standards for the use of integrated circuit (IC) cards in credit and debit card transactions. EMV or IC chip cards have been replacing the traditional magnetic stripe payment cards with the primary purpose of fraud prevention. A computer chip embedded in an EMV card uses cryptography and other security features that pose a stronger defense against fraud compared to a magnetic stripe which is easily captured and copied.

EMV Changes the Field of Financial Security

The...

Read More

Schools Are Not Immune To Cybercrime

Since 2013, there have been 65 reported breaches of educational institutions (www.privacyrights.org). Of these 65 School Cybercrime breaches, 15 involve K-12 institutions. The breaches ranged from lost laptops and students accessing records to successful hacks by outsiders. These cases show that data breaches not only happen in the corporate world, but cybercrime occurs within our school systems as well.

How School Cybercrime Is Governed Federally

Just as HIPAA protects patient information in the medical industry, there is a federal law that governs the privacy of information...

Read More

Child Identity Theft

Identity theft is no longer just for adults, as trends show that this growing crime has ballooned recently to include child identity theft. As with anyidentity theft, cyber criminals are after social security numbers. However,child identity theft compared to adult identity theft can go undetected for years. This offers a longer timeframe for criminals to benefit from their crime, ultimately driving thieves to shift their focus from adults to children in committing this crime.

Some Stats About Child Identity Theft

Carnegie Mellon‘s 2011 study on child identity theft yielded...

Read More

How Easily A Breach Can Occur

You've heard about a security breach happening to a company you never thought it would happen to. You ask yourself, "How could they be so vulnerable?" If companies who pay top dollar for their security can experience a breach, then imagine how exposed your company data might be.

Breach Scenario #1

A therapist is gathering patient files for review. Suddenly he receives a call from the ER that his son was just admitted, and he needs to be there now. He throws the files into his briefcase and rushes out the door. Frantically searching for his keys, he places his briefcase on the roof...

Read More

Cyber Crime: Security Is Not 100% Guaranteed

As hackers continue to develop new approaches of attack, companies are finding it increasingly difficult to fully safeguard themselves against cyber crime. A security consultant recently conceded that everything is hackable, and companies should prepare themselves for the effects of a hack rather than focusing on preventing one. To better understand this, one simply needs to review the data trends of previous years and the same alarming conclusion becomes clear. Hackers are gaining a significant edge in the battle between cyber criminals and organizations.

How Companies Can Stop Cyber...

Read More

Nevada's Data Privacy and Protection Law Updates

Nevada, as with 48 of the 50 states, has a Data Privacy and Protection law. This law has been in place since 2008 and has been updated twice since then.

Nevada's Data Privacy and Protection law has two principal sets of provisions. First, the law incorporates the requirements of the Payment Card Industry Data Security Standard (PCI DSS) for all companies doing business in the state that accept a payment card in connection with a sale of goods or services. With this provision, Nevada gives the PCI DSS, an industry standard developed by a private rulemaking body, the force of law in...

Read More

OpenSSL Flaw Discovered

Still recovering from Heartbleed, we heard of yet another OpenSSL flaw that was reported yesterday. The "SSL/TLS MITM" vulnerability allows a user to interfere with the "handshake" between a client and server, essentially disrupting web traffic encryption.

What The OpenSSL Flaw Means

In exploiting this OpenSSL flaw, a malicious user decrypts and modifies information flowing between client and server. Communication that appears to be over a private connection is actually directly controlled by the intruder. This form of active eavesdropping is known as a "man-in-the-middle" (MITM)...

Read More

Dara Security Now Only Accredited PCI QSA In Nevada

Dara Security is pleased to announce that it recently achieved its Accredited PCI QSA (Payment Card Industry Qualified Security Assessor) and PA DSS QSA (Payment Application Qualified Assessor) certifications. Our company is headquartered in Reno and is the only Accredited PCI QSA in Nevada.

Accredited PCI QSA Expands Our Company

Our team has more than 20 years experience in QSA and PA QSA work throughout the country, and the addition of certifications PCI will allow us to work better with companies to meet HIPAA, FERPA, CJIS, GLBA, PA DSS and state privacy mandates.

Why...

Read More

A Business Case for Retaining Credit Card Numbers

One of the benefits of my job is talking with a variety of people, merchants and customers alike, and discussing how merchants are growing their businesses and what customer expectations are. On my latest trip, I spoke with a number of doctors running their own practices. What I discovered is cash flow is king, and guaranteeing cash flow overrides the risk of retaining credit card data.

Why Retaining Credit Card Numbers Matters

Retaining credit card numbers establishes a payment method for patients. If payments can simply be charged to the credit card data on file, the doctor's...

Read More

Mobile Device Theft – What Can You Do?

Mobile device theft is a crime wave that continues to gain momentum. Last year, smartphone thefts were up 23% from the previous year. The crime rate has risen as thieves have increased their boldness to secure their stolen goods. Mobile phone thefts have progressed from thieves grabbing phones right out of people's hands to criminals murdering people to steal their smartphones.

Criminals want the hardware. A $200 phone in the United States will sell for up to $2000 in Hong Kong or Brazil. With enormous profit margins like this, the stolen smartphone industry overseas has grown...

Read More

Healthcare Breaches – What Can You Do?

Healthcare organizations are being targeted at an alarming rate. Whether it's an insider breach (an employee stealing information or an untrained staffer unintentionally mailing out sensitive data) or a hacker gaining unauthorized access, medical organizations are paying hefty penalties for these breaches. New York Presbyterian and Columbia University were recently fined a record $4.8 million for a HIPAA violation which exposed the records of 6800 patients. However, medical groups are not the only ones paying the price. Patients and employees are the owners of the very data that is...

Read More

BYOD – Bring Your Own Disaster?

An increasing number of organizations are encouraging employees to bring and use their own devices to the workplace to access company data and systems. Companies recognize that employees are more comfortable, and therefore productive, using their personal devices rather than ones selected by the IT group. Also, personal devices are typically more cutting-edge, giving the employee the latest features that enable more work to get done faster.

From the perspective of increased productivity in the workplace, Bring Your Own Devices (BYOD) just makes sense. However, each device...

Read More

Information Security and the Internet of Things

Technology is advancing at a fast clip, changing our world faster than ever before. "A computer on every desk and in every home" was Bill Gates' goal in 1977. We have certainly surpassed his vision as we now rely on multiple computers in our homes, in our cars, and even on our bodies as wearable devices to make our lives easier. Companies have maximized the number of devices connected to the company network in the quest for increased productivity and profits. We have entered the age of the Internet of Things where most devices have internet connectivity, enabling us to do more, yet...

Read More

Not Just Consumer and Patient Data

A common misconception in securing information is that businesses only need to protect consumer and patient data. This would mean privacy mandates only apply to merchants who accept credit cards for payment or the healthcare industry. This simply is not true.

University of Pittsburgh Medical Center (UPMC) recently reported a breach that affected 27,000 of its employees. Typically, a medical center breach would involve stolen patient information. However, UPMC's case is unusual in that employee data, not patient data, was compromised. The breach involved the loss of tax records...

Read More

The Best Technology Doesn’t Always Win

Within all levels of an organization, teamwork is critical in getting the job done. When co-workers have effective working relationships with one another, productivity increases, and profits rise. Although team-building is easier done within one particular team, it is just as important to foster relationships between different teams of an organization.

Oftentimes, the Security department is seen as an outside group, isolated from the rest of the organization. This may be because people are unsure of what exactly the Security group does. Perhaps another reason is that when...

Read More

Biometrics Authentication and Passwords

Identity authentication has traditionally been accomplished via passwords. However, users do not always comply with suggested best practices for password creation and management, leaving devices and personal information at risk. With cyber crime incidents on the rise, a variety of biometric authentication methods have emerged to replace the password.

Laptops have implemented fingerprint scanners for quite some time now, with recent smartphone models offering this technology as well. Other smartphones employ face recognition as an alternative to entering a passcode to unlock the...

Read More