Author: Ken Lynch

Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more at ReciprocityLabs.com.

If your business accepts credit card payments, then you need to comply with PCI-DSS standards. PCI-DSS stands for Payment Card Industry Data Security Standard. These are sets of rules established to protect against credit card fraud, hacking, and other security breaches. Credit card issuers and companies that store, process, and transmit card information implement the rules defined by the PCI-DSS. Here’s what you need to know about these standards. Origin of PCI-DSS The 1990s to early 2000 saw an increase in credit card fraud. Different companies that produce credit cards started to independently conduct research and development to come up…

Read More

Today’s businesses are more interconnected than ever. Your company may rely on a network of third-party service providers who handle payroll, taxes, new employee recruitment, and much more. These service providers often need to access sensitive information to complete their functions. As a result, SOC reporting is necessary to ensure that your vendors are maintaining a secure data environment. A breach in your vendor’s network may also compromise your company’s data, which is why SOC reporting is critical. SOC (Service Organization Controls) are internal control reports that provide information on the current state of vendor systems. These reports vary in…

Read More

24-hour support and uninterrupted services are at the core of SaaS product offerings, and a single downtime could be detrimental to the business. Case in point, when Slack went down, the support staff had to deal with numerous complaints from customers. Considering that most organizations rely on Slack for their daily operations, this is understandable. Sadly, risk is not foreign in the SaaS world, and companies often have to look for ways to mitigate it. In fact, with data breaches having increased by 54% in 2019, there has never been a more demanding time to be conscious of the security…

Read More

The Payment Card Industry Data Security Standards (PCI DSS) outlines specific requirements to be followed by every ecommerce website. For safe storage, transmission, and handling of cardholder details, the requirements are fully governed by the major credit card organizations including Visa, Discover, MasterCard, and the American Express. You might have some of the best products on the market, but if your payment method is complicated, your customers will be scared away. Today, retailers are experiencing a shift in the online cash systems, and need to, therefore, learn about the best payment processing solutions for easier trading. What is PCI Compliance?…

Read More

IT and cybersecurity are fundamental components of any company’s data security plans. Although used interchangeably, there are differences between how these terms are defined and what they involve. IT (information technology) security refers to protecting data and information systems from unauthorized access. It involves implementing processes that prevent the misuse, modification, or theft of sensitive company information. On the other hand, cybersecurity covers the protection of data on the internet- particularly from hackers and other cybercriminals. You can think of cybersecurity as a subset of IT security. While cybersecurity deals with protecting data from internet hacks, IT security is the…

Read More

Today, technology plays a critical role in business. Consumers are increasingly ordering items online; financial institutions are storing customers’ credit cards in their systems, colleges and universities are accepting payments online, and so on. The ease of doing business brought about by technology also comes with its challenges, one of them being data security breaches. ISO certification assures customers that the entities which they want to engage with have been independently certified to follow strict industry practices meant to safeguard their data. Overview of ISO 9001 The International Standards Organization (ISO) is an organization whose aim is to create industry…

Read More

Many businesses across the globe are increasingly adopting cloud storage thanks to its reduced IT overhead, accessibility, and scalability. Nonetheless, the security of cloud storage has raised a lot of concern for businesses despite its convenience and provision of employees with access to your company’s data at any given time, place, and device. Cloud storage offers an excellent cost-effective option to costly, locally applied hardware. Nevertheless, carrying out your affairs in the cloud can put your confidential files and sensitive data at risk of exposure, as cloud storage data does not fall within the boundaries of the safeguards that you…

Read More

Strong information security management calls for the understanding of critical principles and concepts such as data classification, change management/control, and protection mechanisms. Nonetheless, such terminologies might be overwhelming at the beginning, causing most enterprises to blindly adhere to compliance requirements without complete knowledge of whether they secure their software, networks, and systems. Comprehending the primary purpose of data security measures promotes a security-first data protection approach that enables companies to protect themselves against cybercriminals and satisfy compliance requirements as well. Understanding the Main Purpose of Data Security Controls What do data security controls mean? Data security controls not only safeguard…

Read More

Data breaches continue to raise concerns over privacy among businesses which has led to an avalanche of regulations to protect Personally Identifiable Information (PII). In 2018, the European Union General Data Protection Regulation (GDPR) was instituted to ensure that all the organizations protect private data. A new regulation was introduced in California with a similar mission as GDPR. The California Consumer Privacy Act (CCPA) requires that every organization that handles PPI in California devise robust strategies to protect the data from compromise or exposure. CCPA: Overview Businesses may find the process of regulatory compliance intensive and time-consuming, but it’s crucial…

Read More

The compliance date for the EU’s General Data Protection Regulation was May 25. The deadline has since elapsed. As it stands, GDPR is a reality. The regulation will certainly change the manner in which organizations handle and process personal data. In addition, GDPR will considerably change how organizations handle data breaches. GDPR came into effect in 2016. It affects organizations that operate both within and outside the EU. The regulation requires these organizations to set up either new or advanced data protection practices. The most significant thing that you need to do is determine whether or not GDPR affects your…

Read More