Blog

Featured

A Guide to New Requirements in PCI DSS 4.0.1

Get the 2026 SecurityMetrics PCI Guide

Clouds with sun rays behind and text that reads 'The Manufactured Mystery of Mythos'.

The Manufactured Mystery of Mythos

Multiple black fingerprints on white background with one fingerprint highlighted in blue at center.

SecurityMetrics Uncovers a Near 700 Site Global Skimming Operation

Firewalls for HIPAA.

Understanding the HIPAA Application of Firewalls

Like a security guard, firewalls control what goes in and what comes out.

Medical professional in scrubs and glasses using a computer on a mobile workstation.

HIPAA Compliance Best Practices

With over 20 years in the industry, we have found that these HIPAA compliance best practices are most helpful in securing your organization.

Stack of three report pages titled 'CVE Disclosure' with blue circuit-like lines background.

Blogengine.net Directory Traversal & Listing; Login Page Unvalidated Redirect

A directory traversal, CVE-2019-10717, was identified on BlogEngine.NET applications versions 3.3.7 and earlier through the /api/filemanager endpoint.

Stack of report pages titled ‘REPORT CVE Disclosure’ with circuit-like blue lines in background.

Authorization Bypass: CVE (2020-11679, 2020-11680, 2020-11681)

Attackers: Known or Unknown? That is the question.

3D layered text reading PCL 4.0 on a light gray background with small squares and circles around it.

Performing an SAQ C-VT version 4.0 Self-Assessment

This post will highlight changes made to the SAQ C-VT version 4.0 and provide guidance on how to comply with newly added requirements.

Checklist with a checked box labeled PCI, a checked box with a blank line, and a question mark box with a blank line.

How to Prepare for PCI DSS 4.0

Rather than worrying about the new PCI requirements, you can prepare for PCI DSS 4.0 by focusing on your current PCI DSS compliance efforts and choosing to think of 4.0 as a timely addition that will provide more defenses against developing attack methods.

Illustration of a clipboard with a checklist paper on a black background.

What Are Addressable HIPAA Requirements?

Contrary to popular belief, addressable does NOT mean optional.

Text 'Get your own Intrusion Detection System' with a red alarm siren icon on turquoise background.

Intrusion Detection System: What's Missing in HIPAA Security

The #1 most important piece of a data loss prevention method? An intrusion detection system.

Illustration of a hand holding a briefcase with a striped blue and white background.

7 Mistakes in Small Businesses Security

Small businesses often find themselves caught between limited resources and the threat of cybersecurity breaches. To avoid a data breach, here are 7 common Mistakes in small businesses security.

Office desk with a chair, computer displaying an error, a plant, and a clock on the wall.

Phishing Types, Tactics, and Techniques

To effectively protect your business, it's crucial to understand the various types of phishing tactics and how to prevent them.

White background with a word web including yellow text boxes and green arrows connecting ideas.

HIPAA Diagrams: the #1 Way to Help Your HIPAA Audits Go Faster

How can you secure your organization without knowing how patient data travels?

Text reading 'Who has access to your data?' with a large yellow key and a smaller white key on a dark blue background.

PCI Requirement 7: 5 Reasons You Should Limit Employee Access to Your Data

Learn why restricting employee access to data helps protect your business.

Laptop screen showing a login page with text asking if you are compliant with Requirement 7.

Limiting Employee Access: A Look at PCI DSS Requirement 7

See why you should comply with PCI DSS Requirement 7 and restrict employee access to sensitive data.

The Cost of Cyber Insurance.

Cyber Breach Insurance: How Much Does it Cost?

Depending on a few factors, cyber insurance premiums can cost from $650 to easily over $120,000 annually.

Illustration of a blue lock with white background

Vendor-Supplied Defaults Are a Serious Threat

When those defaults aren’t changed, you give hackers Wonka’s Golden Ticket into your system.

'Reduce Your PCI Scope' with illustration.

PCI Consultants Say: Reduce PCI DSS Scope

If you don’t have a compelling business need to store PAN, don’t store it!

Diagram linking medical, security, and computer icons to a HIPAA compliance guide cover.

9 Ways to Social Engineer a Hospital

Fight against social engineering by providing proper regular staff training.

Text asking how does your business fail in security next to a broken yellow padlock on a red background.

Top 10 Network Security Audit Fails

Security Consulting

The top PCI DSS assessment failures haven’t changed in years.

Open filing cabinet drawer labeled HIPAA 2015 with papers and text asking how much you are documenting HIPAA.

How to Meet HIPAA Documentation Requirements

A HIPAA document is more than a policy: it's proof you care about protecting patient data.

Text reading 'How will BIOMETRICS help your SECURITY?' with a large gray fingerprint on the right.

Biometrics: The Future of Payment Data Security?

Biometrics more accurately associates a specific individual to a device or system.

Text says Learn why SHA-1 isn't secure anymore with a monitor showing code and an unlocked padlock.

The Problem with SHA-1: Updating Your Security Certificate to SHA-2

On January 1, 2017, SHA-1 was officially no longer accepted by web browsers.

Illustration of paper shredding with text urging to ensure old data is gone for good.

Secure Data Deletion: Permanently Deleting PHI in Healthcare

Computer monitor on desk with tools and text 'Get compliant with REQUIREMENT 6'.

PCI Requirement 6: Updating Your Systems

PCI Requirement 6 is all about regularly updating your systems.

Text urges to stop using SSL and early TLS with a computer screen showing a stop sign.

SSL to TLS v1.2: Tips for Migration

Are you still using SSL encryption or TLS v1.0? If so, you’re putting your business at greater risk.