Your browser identified itself as a version of IE that was often shipped with default settings that were less than secure. Your internet experience could be made more secure by opening Internet Options in your browser, going to the Advanced tab and looking under the security settings for "Use TLS 1.1" and "Use TLS 1.2". Ensure these are turned on (checked). Doing so will enable your browser to support a higher quality of encryption on this and other websites. You will still be able to browse this site without turning on support for TLS 1.1 and 1.2, but we will have to use a lower level of encryption to accomodate you. See this question on Stack Exchange's Superuser forum from 2011 for more details keeping in mind the comments about TLS 1.2 non-support were made many years ago, and things have changed since then.

If the support for better cryptography has been turned on for your browser, thank you, and you can safely ignore this advisory.

Browser Security Alert

Blog

With Data Security, Compliance Is The Beginning, Not The End

Ask PKWARE customers about the biggest challenge they face, and many respond with one word: compliance.

Every industry has separate mandates to worry about, such as HIPAA for healthcare, and PCI DSS for financial services. The common denominator in just about every compliance mandate is the need for Data Loss Prevention.

Overall, compliance requirements have been good for security. If it weren’t for these regulations and industry standards, many enterprises wouldn’t be doing nearly enough to safeguard sensitive data.

But there are risks in how enterprises handle compliance. A checkbox mentality often ensues, where companies put their primary focus on checking off the boxes on a list during a compliance audit.

They may indeed pass the audit, but that doesn’t mean the technology is correctly configured, the necessary follow-up is happening, or that employees are adhering to and complying with new policies and regulations .

For me, one of the best examples is from nearly a decade ago, when the Hannaford Bros. supermarket chain suffered a devastating data breach.

I was a reporter back then, and had interviewed the then-CISO a few weeks before the breach went public. The interview was about how Hannaford’s achieved PCI DSS compliance. He outlined specific technologies deployed, specific rules adopted, and so on.

But that didn’t stop the breach from happening. And for Hannaford’s, it was costly.

Since then, the company has taken steps to fix the holes that allowed the breach to occur. As a Hannaford’s shopper, I’ve seen some of those changes up close, specifically with the deployment of more robust card-swiping devices.

The bottom line? Spending money on security is important. Checking everything off the auditor’s list is also important. But it’s not enough to just deploy technology and walk away.

Enterprises must continuously review how well employees are heeding policies. IT shops need constant training and review to ensure they are deploying technology properly and using it as intended.

Most importantly, enterprises must think of compliance as a means to an end, not the end in itself. Look at it as one piece of leverage to build the security program the company needs and deserves, the starting point of a much larger, much more rigorous data protection plan.

Related: How PKWARE helps with FIPS 140-2 Compliant Encryption

Bill Brenner

Bill Brenner

Journalist. Family man. Blogger. History buff. Heavy Metal fanatic. Frequent traveler. As senior content strategist, Bill Brenner writes about all manner of security threats and how PKWARE's data encryption technology can help. On the side he writes a personal blog called The OCD Diaries, chronicling his experiences with OCD and other challenges, and opines about the big security stories of the day via the Liquidmatrix Security Digest.

Find more posts by: Bill Brenner