Getting Employees Involved In Cybersecurity

teamworkThis week we have focused on the people part of the security puzzle.  As we know, people are the weakest link and the easiest point of access.  But beating this point into your employees will not help them be better at computer and network security, and just make them feel hopeless and badgered.

Getting employee buy-in requires a little bit of strategy mixed in with a lot of fun.

  • Sharing the actual experiences of ...
Continue Reading →
0

The Human Factor

employee_trainingOn Monday we discussed the effect that living in a code yellow world has on creating security fatigue.  Peter Herzog, in his blog Dark Matters expanded on this theme recently, giving examples of how teaching your employees how to stay secure in an insecure world may be counter-intuitive to the way we usually accomplish this.

Here are his recommendations:

  • Teach your employees to say “I don’t want ...
Continue Reading →
0

Extended Vigilance and Security Fatigue

It seems like we are being barraged with a never ending string of news stories about cybersecurity events, breaches, and lapses.  Often these stories will provide helpful tips or advise us how to avoid or recover from these security incidents.  This author, in our own humble way, is contributing to the constant ringing alarms about cybersecurity.  Maybe it is getting to be too much.

I ...

Continue Reading →
0

Facebook Hardens Authentication

facebookFacebook recently announced an improvement to it’s logon system.  Login security seems to be taking a position from and center lately.  Wednesday we wrote about Yahoo’s new authentication system, and today we will move on to Facebook’s Login Approvals.

Previously, Facebook users were able to get Login Notifications. When you entered your user name (usually your email address) and password from a new location, browser, or device, Facebook Notifications would send users an ...

Continue Reading →
0

Google Apps Features Single Sign-On

google-logoIf you are having trouble managing “all those passwords” for your online resources, one solution would be to use a password manager like LastPass or Dashlane.  Google has come up with a single sign-on (SSO) product that not only will log you into all your Google apps (Gmail, Voice, Blogger, YouTube, Apps, Drive, Analytics, AdWords, etc) but  also integrates access into 17 other ...

Continue Reading →
0

Comcast Subscribers: Change Your Password

comcastAccording to a post on Sophos, Comcast has reset the passwords on 200,000 customers after a security researcher discovered an advertisement on the Dark Web offering to sell 500,000 Comcast passwords in pain text for $1000 in BitCoin.  Investigation by Comcast found that “only” 200,000 of there accounts were active and proactively reset the passwords on all the affected accounts.  Comcast ...

Continue Reading →
0

Buy Your Password From 11-Year Old Girl?

Would you buy your password from an 11-year old girl?  I would, and maybe you should, too.  Mira Modi, an 11-year old New Yorker, has very very cool service called Diceware.  Using a technique developed by Arnold Reinhold, Mira uses dice to come up with a unique 6 word passphrase, which she will send to you in the US Mail.  Her fee is two bucks.

Understanding that passwords are cracked by cyber-criminals one of two ways, either ...

Continue Reading →
0

How Secure Is Your Smartphone?

smartphone-securityI read an article recently on Dark Matters, by Bob Monroe, that talked about smartphones from the perspective on an attacker – just how good of an attack surface is your average smartphone?  Pretty good, as it turns out, which is not so good for you and me.

The first problem is that these little computers are very chatty.  If they are turned on, they are talking to the nearest cell ...

Continue Reading →
0

What To Do When Your Personal Information Is Breached

penetration_test_436x270We recently learned that credit report service Experian had a breach of T-Mobile customer information.  This is just another addition to the pile of Personally Identifying Information (PII) that has been exfiltrated from sundry organizations including the Office of Personnel Management, various BlueCross BlueShield organizations, and Harvard University.

So what to do when this happens to you?  When you are notified by the offending ...

Continue Reading →
0
Page 50 of 59 «...2030404849505152...»