Security Policies That Respect Users

Often it seems that security policies are designed with the assumption that average computer users are ID10Ts (idiot users).  Related terms such as PEBKAC (Problem Exists Between Keyboard And Chair), PICNIC (Problem In Chair, Not In Computer), IBM error (Idiot Behind Machine error) and other similar phrases illustrate the dark side of our interactions with our users.  Sometimes we allow our ...

Continue Reading →
0

Make Cyber Awareness Training Fun

There are members of the cybersecurity profession who say that Cybersecurity Awareness Training is a waste of time and money, because the average computer user just doesn’t care or can’t retain technical information.  To them, I repeat a quote from Eppie Lederer aka Ann Landers –  “If you think education is expensive – try ignorance.”  I firmly believe that one of the best returns on investment in the cybersecurity realm is Cybersecurity Awareness Training for your employees.

You and your employees are ...

Continue Reading →
0

How Valuable Is Cybersecurity Training?

We are a big proponent of cybersecurity awareness training for your employees. Humans are always the weakest link in the cybersecurity chain, so enlisting your employees in the fight against cyber-attacks has to begin with some basic training, and ideally continue with periodic refreshers, and activities like phishing simulation exercises.

Today’s infographic is a guest post by security training firm Everycloud Technologies.

Why cyber security training is crucial ...</a></p><a class= Continue Reading →

0

Safe and Legal Places to Exercise Your Pen-Testing Foo

In our last post we looked at a great way to set up a pen-testing lab.  Fortunately, the quandary over finding a safe place to practice your pen-testing skills has led to the creation of dozens of hacker-friendly learning sites.  Several have been provided by OWASP, and there are other contributors out there with multiple sites.  Here are a bunch of good options.

Continue Reading →
0

Tools for Pentration Testing

I have been fortunate to have had time to pursue a couple of information technology certifications recently.  I have added CompTIA’s Network+ and CASP (Certified Advanced Security Professional), and I am working on the brand new CompTIA Pentest+.  The certification is so new there are no text books yet, and the exam was just released on July 31.  I have been taking the ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Windows 10 security can be bypassed by Settings page weakness

The file type used by Windows 10’s settings page can be used to trick Windows into running files it’s supposed to block.


Here are the 4 best ways to train employees for better cybersecurity

87% of companies experienced an ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


 Top 9 Free Phishing Simulators

Looking to run a phishing attack against your team?  Here’s a article from Infosec institute on the top 9 free phishing simulation products.


Your Nigerian Prince is a 67 year old from Louisiana

Sure looks like a prince to me.  Like Prince Charles.  (Those ...

Continue Reading →
0

Details on New Email Exploit – No Attachment Required

People often ask me if it is dangerous to simply open an email, if it is possible to get a malware inflection just by reading an email.  My answer has been a qualified “not at this time.”  Unfortunately, this is no longer true.  It is possible to get a malware installation from the new DDE (Dynamic Data Exchange) exploits reveal by Sophos Labs on October 13 2017.  This can be accomplished without an attachment or link if the email is ...

Continue Reading →
0
Page 1 of 4 1234