Townsend Security Data Privacy Blog

I recently attended a webinar for accountants on the importance of IT security.  The webinar discussed findings from the newly released 2012 Global State of Information Security Survey®, a worldwide study conducted by Pricewaterhouse Coopers, CIO Magazine and CSO Magazine.  They used the information from the survey to make two important points

1. IT security isn’t just the responsibility of the compliance officer and IT department, everyone in the organization is responsible for keeping corporate assets secure - all of us, even those in accounting, customer service and sales play an important role in data privacy.  
2. IT security is not just a project with a due date for completion, it is something all of us must remain diligent about.  

Some of us have access to sensitive customer information or account numbers, while others may be collecting credit card information to process payments.  Sure, our IT department implements safety policies, installs security software and sets access rules and passwords to give us access to data we need to see.  But do we stop and think about what information is on our laptop before we take our laptops home or what files might be on that USB drive?  We need to think about the information that we email or send outside the company and think twice about the way we send it, especially if we think the information could cause damage if it landed in the wrong hands.

The companies used for the survey all felt they implemented strong controls around access to their data, but nearly all of them had some sort of budget allocated for additional resources because they know they need to do it better.  Interestingly, the confidence level these companies felt about their security strategy had declined over the years due to the increase in use of mobile devices and social media, which have introduced new risks and challenges for companies.  In 2009, 73% of the companies surveyed felt they had a good security strategy in place, however, in 2011 that fell to only 53% feeling confident about what they are doing.

It was very apparent to me after viewing this webinar that the adoption of mobile devices by employees and the acceptance of social media has made IT security everyone’s responsibility.  Key take-aways for me from this webinar – we all need to be thinking about how we keep information that our company entrusts with us secure.  We need to follow company policies and procedures and be diligent. We are all in this together.

For more information on data privacy, we have put together a podcast titled "Data Privacy for the Non-Technical Person."  Let us know what you think.

Lately we are seeing an increase in questions around PCI requirements for encryption key management.  We are hearing from Level 2 merchants who are preparing for the June 30, 2012 deadline for companies that accept Mastercard. These companies are beginning to realize that they can’t just encrypt data to meet PCI requirements, they also need to securely manage their encryption keys.

To summarize the deadline, which is effective June 30, 2012, MasterCard Level 2 merchants have 2 choices for complying with PCI-DSS requirements.   

Option 1: They can complete an annual self-assessment questionnaire AND prove that a member of their organization has attended and successfully passed PCI SSC-offered merchant training program. 

Option 2: Businesses can elect to complete an annual onsite assessment conducted by a PCI SSC approved QSA.

Whether a business elects to certify a member of their team or undergo a PCI audit by a QSA auditor, they are becoming better educated about PCI-DSS requirements. Additionally, they are asking questions internally about how to meet requirements and seeking out answers to questions they can’t answer themselves. These Level 2 merchants are now starting to understand the NEED to be PCI complaint and realize how much they need to do. Townsend Security can help answer questions businesses have about data privacy and security because we focus on encryption and key management, which are discussed in section 3 and 3.5 of the PCI-DSS.

I talk to merchants on a daily basis around this topic and people understand the importance of encrypting data, but many don’t understand the need to securely manage their encryption keys. Storing your encryption keys on the same server as your data is problematic.  Before these new regulations Level 2 merchants weren't aware that PCI DSS requires separation of duties and dual control.  Quite simply, you don’t want the same person who has access to the encrypted data to have access to the encryption keys. Think of your encryption key as the figurative “key to the kingdom” - it unlocks the data that you have secured with encryption.  You wouldn’t lock your front door and leave a note saying the key is under the mat. You take your keys with you and only give keys to trusted people – the same philosophy should apply to the way you secure your encryption keys.

Level 2 merchants are realizing they need a secure server to protect their keys. They are researching encryption key management solutions and discovering our FIPS 140-2 certified Alliance Key Manager may be the solution they need.  

If your company is struggling with understanding PCI requirements for key management, download this whitepaper to learn more.  If you need a solution for key management and want to talk to a security advisor about the specifics in your IT environment, send us an email.  We are happy to answer your questions and schedule a 15 minute technical overview. 

I'll also be at the PCI Conference next week in Scottsdale, AZ so make sure to stop by our booth and say "hi".

When we walked in the room at St. Martins University, there was a look of amazement in my eyes to see the amount of people involved in our community.  Two hundred people filled the room Tuesday for a lunch put on by United Way for their Spirit of Giving celebration.  Today was not just a lunch date, it was for honoring businesses and community members for their stewardship.  We had the chance to enjoy listening to one of the local high school choir groups and Bill Grace, the director of Common Good Works, speak to us about “Leadership for the Common Good.”  We had a few heart felt moments during our special lunch, for example when handing out the Gladys Burns Human Service Award.  The award went to a man who has recently passed away, but has left a hand print in the world with his generosity toward Thurston County.  His wife accepted the award on his behalf and explained how his life was spent helping others.  

Townsend Security received the award of corporate sponsor of the year, by increasing our donations by 132%.  Here at Townsend, our company matches our donations dollar for dollar to any 501(c)(3) non-profit organization, up to $500 per employee each calendar year.

Patrick Townsend, the Founder and CTO of Townsend Security, is also a board member for the United Way.  He has started a path for this company and its employees to follow in his footsteps by giving back to our community.  Townsend Security is not only an encryption software company providing certified products to our customers and meeting PCI compliance, but also giving back to our community.  We understand the need of giving and United Way is one of the many ways we do that.  

We invite you to take a look at all of our community sponsorships we are apart of.  You can also follow us on Facebook, Twitter, and LinkedIn to see what we are up to next.

The other night I went to my very first WLC meeting.  WLC is apart of United Way, it stands for Women's Leadership Council.  WLC’s mission is to positively impact the lives of women in our community by promoting self sufficiency and financial stability through philanthropy and community service.

We went around the table and introduced ourselves.  There were many different job titles named;  financial advisor, real estate consultant, partner sales rep, and several others.  After we broke the ice (and secretly judged one another), we touched on all the subjects that women usually talk about, our children, significant others (what they are and are not doing), work and all the other stresses in our lives.   One lady suggested we do something that she does with all of her clients to help get to know them better and asked us, “What is your magic? What is it that sets you apart from everyone else in this world?”  
   
Well shoot!  What is my magic?  And for that matter, what is Townsend Security’s Magic - what sets us apart from the competition?

Our mission at Townsend Security is to provide our customers peace of mind when it comes to data privacy.  We help them do business securely and provide their customers peace of mind.  The way we deliver peace of mind is our magic, it is what sets us apart from any other encryption and key management company.  Our magic.... drum roll please.... is a combination of innovation, experience and our commitment to be known as more than just a data privacy company.  

Our independently certified solutions are developed by experts. The team at Townsend is well-known and well-respected in the industry. We understand the issues around data privacy and compliance and use that knowledge to create and support our solutions. We believe we should be the experts in data privacy so our customers can be the experts in their own industries. No one wakes up and says they want to start an encryption project and no project is the same - so when the time comes we are ready to listen to the problem that needs to be solved and deliver the right solution

In addition to data privacy, Townsend Security is locally known for its commitment to the community.  We are a proud supporter of the United Way and many other local non-profits.  In fact, we were just named the "2011 Corporate Supporter of the Year for Small Busineses" by the Thurston County chapter of United Way.  It is great to work at a company that not only says they want to make their community better - they actually do it and encourage all of its employees to do the same, this is how I became involved with the WLC, which gets back on track about the question posed to myself that night.   My magic, well.. it is everything WLC stands for a hard working young woman, who is graduating from college, raising a small child and doing it all with a positive attitude.  

The phone is ringing, so back to work I go. Time to share more of that Townsend magic (and my own) with one of our customers.  And if they haven’t read this blog post yet, I’ll send it their way.  We want our customers and our community to know how seriously we take our commitment to providing peace of mind in the solutions we sell and in the service we provide.  We know that everyone has their own magic and brings something unique to the table - let us know what yours is.