MENTIS

Week of May 18, 2018

MENTIS
news

Week of May 18, 2018

Travel hacking simplified: Can you really fly for free?*:

  • Travel is expensive. Or is it? It's more than just a strategy, it's a travel art-form. Travel Hacking.
  • Enter Travel Hacking: Travel hacking is the art of number of different tips, tricks, and strategies that can help make traveling not only easier, but also significantly cheaper.
  • Talk to Me about Travel Hacking: Travel hacking encourages the use of your travel points, also known as airline miles or frequent flyer miles, are a part of loyalty program that are offered by both airlines and credit card companies.
  • How can I Travel Hack the Right Way? : They offer you a solid incentives for opening up their cards, and in return you will also be dedicating more of your money to that company.
  • Travel Hacking Mistakes: When you're beginning your travel hacking process, keep an eye out for these common mistakes:

    1.Not keeping an eye out for annual fees
    2.Spending minimums are real
    3.Don't spend more than you would with cash
    4.Forgetting to pay your balances every month
  • Travel Hacking: The Ideal Way to See the World: With the right strategy, sufficient research, and plenty of time, you'll be travel hacking your way across the globe in no time.

*Source: DCCU, May 15, 2018

 


What to Do If Total GDPR Compliance Is Impossible*:

  • GDPR enacts sweeping regulations when it comes to processing personal data.
  • In order to qualify what data is and is not subject to GDPR, every organization should fully understand the nature of all their data.
  • According to IDG, unstructured data is growing 62% per year.
  • There will be a need to reckoning between GDPR requirements and the reality of today's technical capabilities when it comes to data management and security.
  • Access versus control: There is a fundamental tension between controlling data access and supporting innovation.
  • Know where it is and where it's going: Under GDPR, the information technology (IT) operator, database administrator, data protection officer -- whoever is tasked with management -- needs to have a comprehensive view of not just where your data is right now, but how your data is flowing through the organization.
  • Not all data is created equal: "Personal data" a mismatch between GDPR's goals and the state of technology today, meaning organizations with complex data needs will soon confront significant technological barriers.

*Source: Forbes, May 16, 2018

 


Nuance Communications Breach Affected 45,000 Patients*:

  • Nuance Communications, which specializes in speech recognition software, says an unauthorized third party accessed one of its medical transcription platforms, exposing 45,000 individuals' records in December 2017.
  • The software is designed to convert dictation by clinicians into documents.
  • News of the data breach follows the company having been hit by the NotPetya malware outbreak in June 2017
  • We estimate that we lost approximately $68 million in revenues, primarily in our healthcare segment, due to the service disruption and the reserves we established for customer refund credits related to the malware incident.
  • Officials at Nuance Communications didn't immediately respond to a request for comment on the new data breach report.
  • Nuance's transcription software was used for the department's hospitals and clinics within San Francisco's Health Network.
  • The incident is a reminder that Insider breaches remain one of the most difficult kinds of improper access attacks to defend against.
  • Most organizations, however, tend to focus on ensuring that access is allowed, rather than always ensuring that employees only have the minimum amount of access they might require.
  •  
  • Some organizations are also lax when it comes to revoking employees' credentials when they depart.
  • SANS also recommends that organizations ensure that IT administrators regularly review access permissions and controls, especially as their organization grows.

*Source: Bankinfosecurity, May 16, 2018

 


Chili's data breach leaves credit and debit card information exposed

  • The chain's parent company Brinker International announced Saturday that a data incident at some Chili's restaurants may have resulted in a credit and debit card data breach.
  • The list of impacted restaurants has not been released, but officials said the incident happened between March and April
  • The company, who said it learned of the breach on Friday, is now working with third-party forensic experts to determine the details of what happened and how many customers are affected.
  • Preliminary investigation indicates that malware was used to gather payment card information, including credit and debit card numbers, as well as names of cardholders who made in-restaurant purchases.
  • Law enforcement has been notified of this incident and we will continue to fully cooperate.
  • We are working to provide fraud resolution and credit monitoring services for those guests who may have been impacted

*Source: USA Today, May 16, 2018

 


Report Offers Recommendations on Securing Digital Payments

  • To secure India's growing digital payments ecosystem, it's vital to have comprehensive regulatory guidelines as well as a threat sharing platform.
  • The ecosystem that enables the digital payment services is a complex one posing various challenges in terms of managing security of enterprises and data protection
  • Apart from European Union's General Data Protection Regulation, which deals with privacy issues, strong privacy laws are lacking around the globe, some experts assert.
  • The report recommends the following steps to help ensure the security of cashless payments in India:
    • Establish a long-term strategy for managing the dynamic global cybersecurity environment and controlling cybercrime;
    • Standardize data protection laws and cybersecurity frameworks for digital payments;
    • Develop comprehensive regulatory guidelines on risk management technologies, payment security management and business continuity management;
    • Encourage threat intelligence sharing across the ecosystem;
    • Build a regulatory sandbox environment for cybersecurity testing;
    • Incentivize companies to make cybersecurity and data protection a priority for boards and C-suites.
  • Minimum Security: The government needs to recognize that by not mandating a minimum security framework, it is actually damaging the growth in the payments space and causing the concern of citizens; and if widespread disruption occurs, it could be catastrophic
  • Threat Intelligence Sharing: We need to encourage active participation and partnerships with industry and government in research, standard building, threat intelligence sharing and development of frameworks, etc., to help secure the overall ecosystem for enhanced consumer trust.
  • Interim Steps: The ideal method is encryption at the point of inception and only reversal of the information for authentication, verification and authorization at the financial institution.

*Source: Data Breach Today, May 17, 2018

 


As Payments Speed Up, How Can Fraud Be Minimized?*:

  • Knowing as many details as possible about the customer, the payment and the recipient is a critical component of stopping fraud as payments become faster
  • Organizations need to determine "the absolute smallest, minute piece of metadata about the identity, about the payment" that they can collect.
  • That data can be used to answer a critical question before each payment goes through: "Does the payment and the identity make sense?"
  • Every touch point that a business deals with its consumer, whether that be in enrolment, the payment, and re-identification or in compliance - you need to understand and holistically look at the entire lifecycle of that customer.

*Source: Data Breach Today, May 17, 2018

 

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top