Announcing iScan Online Cyber Security Summer Roadshow

iScan Online has partnered with Angelbeat IT & Security seminar to visit 4 cities throughout the midwest to discuss topics ranging from data breaches, mobile security, compliance, BYOD, cloud and more. There are speakers from Microsoft, Dell, iScan Online, Verizon Wireless and other leading firms. Attendees receive CPE credits, breakfast and hot lunch, complimentary self-parking and wi-fi, and can win great prizes including iPads and gift cards.

iScan Online also kicks off the week in Music City, Tennessee with a Breakfast & Learn – ‘How to detect data breaches before they happen.’ Event details and free registration: iScan Nashville TN RSVP

This is an ideal opportunity to learn about defending against cyber data thieves and security incidents. After each event, iScan Online will host a separate session on the combined intelligence to know what devices are at risk to compromise from existing vulnerabilities as well as detecting sensitive unencrypted data at rest on the device.

Registration details, agenda and location are provided in the map below. Navigate to your location of convenience and register now.

When To Use PII Discovery in the Audit Process

If you perform assessments as a career, you know the importance of providing great results. An effective security or compliance report may mean the difference between a potential security incident or data breach.

While your company may have exceptional skill sets and technologies, if you don’t know how to use them in an assessment process, their value diminishes.

There are unlimited opportunities to leverage personal identifiable information (PII) Discovery during a routine audit or assessment. After all, your traditional vulnerability scanning process shouldn’t be the same old report with vulnerable computers on the network. Rather, it should align with what your customer needs and how he/she could improve the overall security posture.

The key to leveraging any PII Discovery is to use it in a way that has impact, depending on your customer.

How to know when the timing is right?

Evaluate each of the examples below to determine which situation is best for your customer or management team. If you have enough PII Discovery examples, you may consider using them at several times during your assessment process.

1. Grabbing Attention

A powerful assessment that contains measurable results can be the one thing that makes a client take notice. If you’re having trouble getting a response from the recipient of the report, use a PII Discovery to get their attention.

Remember, exposing unencrypted PII data opens eyes. If you’ve had trouble getting attention, provide them a short 1-page report highlighting a metric that impacts the bottom line.

Sally’s Computer discovered 143 instances of Social Security Numbers
Bob’s Home Laptop discovered 3 instances of XYZ sample of PII

2. Demonstrate Value

If you have your customer’s attention, the first part of any value-based security assessment is to focus on their goals.

– What are the assessment requirements?
– What positive results are they expecting to achieve?

Once you reach a stage where you truly understand your clients pain points, it’s the perfect time to inform them how your assessment can solve problems.

Security and Compliance stakeholders are cynical; they want to know that you can do what you promise. An effective PII Discovery provides tangible evidence in the eyes of your client. Stating that you can reduce costs by 50% is one thing. Showing that same cost savings combined with both vulnerability and unencrypted sensitive data is more impactful, and can increase your value over others.

3. Differentiate Your Assessment

Once you’ve demonstrated your value, you need to show your differentiation. Other security specialists are always a phone call away. If your customer is contemplating a long-term security as a service contract, most likely they’re reviewing your competition. A PII Discovery that exhibits your differentiation is an effective way to show how your assessment is more effective that others. Here are three PII Discovery assessment talking points and actions to consider:

3.1 Illustrate a sample report uncovering a few types of PII, such as unencrypted cardholder and social security data on a computer in different folders and document types.

3.2 Demonstrate an assessment capability immediately on the spot that is important to your client, and one you know your competition doesn’t have. How about visiting your web site, with a ‘Scan Now’ button providing a quick vulnerability assessment check. Now discuss the relationship between the conditional risk and impact.

<a href='https://www.iscanonline.com/scan_me/WMJTOFW/scan'>
  Click to run a Security Scan on your computer.
</a>

Conditional Risk – If | And | Then = Impact

(If you store unprotected data, And your device is vulnerable, Then you are at risk and prone to be Impacted by a data breach.)

3.3 Include BYOD, remote workers and mobile devices as part of the assessment. Most vulnerability and/or compliance assessments are performed by a network scanner, which is great for scanning static devices that are physical on the network. BYOD and Mobile security are hot topics presenting new attack vectors that are invisible to historical assessment approaches. When it comes time for routine audits, demonstrate your capabilities by assessing both stationary and on-the-go devices for both vulnerabilities and unprotected PII.

Don’t make your customer take your word for it, if your assessment will truly uncover the combination of vulnerabilities and sensitive data for both computing and mobility, educate the customer that you have the tangible evidence and capability.

4. Mitigate Data Breaches and Risk

Before the assessor has been selected, your client is focused on how your methodology maps to their pain points and budget. This is when you need to highlight how your PII Discovery can help alleviate their fear of a security incident or data breach while delivering an assessment experience combined like no other.


PII Discovery is a fundamental component of effective value-based security assessments. It can carry a lot of weight with your customer. Don’t dismiss the threat posed by remote workers and smart devices, as the real risk into your crown jewels may very well be in the pocket or connecting from home.

Exposing unencrypted PII combined with the power of vulnerability discovery provides insurmountable intelligence to thwart off security incidents and data breaches.

The Perfect Storm – Hackers eye on SMB

Managed Service Providers to the Rescue…

Every organization would be thrilled if it could scratch it’s name from tomorrow’s Hurricane of Data Breaches. Unfortunately for the small-midsize business (SMB), they are finding themselves on the coastlines of a data breach storm. Let’s face it; generating revenue is the priority. When it comes to IT security and compliance, most do not have a dedicated or experienced IT professional on staff they can rely upon.

After analyzing scan results (March 2014) from thousands of SMBs around the globe, the average desktop revealed 210 vulnerable entry points mostly from outdated 3rd party apps such as Adobe, JAVA and popular browsers.

Figure 1. Desktops storing unprotected PII data

Furthermore, 96% of these vulnerable desktops exposed unencrypted cardholder and/or social security data at rest, putting their business at risk. We predict this is only the eye of the storm or the calm before additional devastation occurs.

There are now over 10.8 million North American small businesses tasked with obtaining either PCI or HIPAA internal scanning requirements. This includes Tony’s Tacos, Dave’s Bike Shop to your local Dentist, all storing our credit card among other forms of our personal identifiable information (PII) at risk.

When we review the business operation of SMB owners, their business plan never embraced security as cost center, much less the skill sets needed to protect and secure. In fact, when SMB’s historically sought solutions, they ended up accepting the risk due to price, complexity of the solution, or think they are too small for their business to be in eyesight of the calm before the storm.

Data thieves and hackers fathom that SMBs have weaker defenses while storing a monstrous volume of valuable PII.

Figure 2. APT Data Breach example

Over the past several weeks, we demonstrated how data breaches occur to managed service providers, tasked with safeguarding and assessing the endpoint for these businesses at risk. The largest growth area for targeted attacks over the past few years are businesses with fewer than 250 employees. This is bad news for SMBs without a means of identifying their security posture.

The good news, most MSPs utilize remote monitoring and management (RMM) tools to service SMBs, removing the barrier of expensive appliances and complex software. iScan Online’s integration with popular RMM tools such as Kaseya, LabTech Software, LogMeIn and others, now enable the MSP to deliver security and compliance scanning to thousands of SMBs across the globe, regardless of their location.

The lack of security and protection of PII data threaten all of us, not just the business. Without a doubt, iScan Online, MSPs and our technology alliances are making an impact to what is before us, The Perfect Storm, of security incidents and data breaches.

Avoid the perfect storm by identifying unprotected data at rest before an incident occurs. To know what you don’t know is a powerful step to prevent data theft.
Sample Cardholder Discovery Report

MSPWorld 2014 Conference Invite – Hurricane of Data Breach Talk

Data breaches are affecting all size organizations just like hurricanes entering the Gulf of Mexico. With the most recent direct blow to Target, Neiman Marcus and others, we predict this is only the eye of the storm or the calm before additional devastation occurs. The alerts and warnings are on every news channel and the adoption of mobility, cloud, and BYOD make for a perfect storm.

Industry security veterans will demonstrate how recent security incidents and breaches are taking place and how they continue to evolve. Most importantly, this is an opportunity for Managed Service Providers to protect your customer from becoming tomorrow’s headline while generating a monthly recurring revenue stream as a trusted advisor.

If you are a Managed Service Provider and ready for some warm weather loaded with 2 days of MSP Content and interested in protecting your customer from data breaches, be sure to check out the short video below to receive your free conference pass.

Registration http://mspalliance.com/mspworld/
Promo code and details are in the video.

We look forward to seeing you in sunny Orlando, Florida and be sure and connect with us at the iScan Online booth throughout the event and Friday’s security track – ‘Hurricane of Data Breaches”.