Cybersecurity Awareness Training

employee_trainingLast week we took an in depth look at social engineering, and looked a phone and email examples in depth.

Cybersecurity awareness training is one of the most effective ways to combat these threats. Not everyone engaged in cybersecurity practice agrees about the effectiveness of this solution, but I have been delivering public cybersecurity courses for over a decade, and I know from the responses that ...

Continue Reading →

Phishing and Spearphishing – Don’t Take The Bait!

Phishing HookHere’s a provocative statement:  If you could just prevent your staff for clicking on links or opening attachments in phishing emails, 95% of your cybersecurity problems would be prevented.

As perimeter defenses and anti-malware software products have become more effective, cyber-attackers have turned to the phishing email approach as their number one favorite method for acquiring user names and passwords or gaining unauthorized access to computers on your network.   The spearphishing ...

Continue Reading →

What Is Social Engineering?

social-engineeringThis should really be called “anti-social” engineering.  A good definition is “social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.”

My article on Wednesday will give an example of phone based social engineering – the fake tech support call. ...

Continue Reading →

Perils From The Edge – A Solution

turris-onamiaThere is a small company in the Czech Republic called Turris that developed a home and small office wireless router that may be the most secure small router available.  That is – when it’s available in April.  Right now its an Indegogo project.  You can pre-order it now for about $200.

This is an open-source project running OpenWrt.  According to the manufacturer, the router will be available in several ...

Continue Reading →

Perils From The Edge – Home Routers

ubiquitiMonday we looked at issues with the business class routers at Juniper Networks and Cisco Systems.  Today we are going to look at an exploit affecting the Ubiquiti brand of cable modems.

Cable and DSL “modems” are used by most consumers, and many small businesses to connect their home or business network to the Internet.  These “modems” are really routers.

(It has been a personal pet peave of mine that these devices were called modems ...

Continue Reading →

Perils From The Edge – Insecure Routers

juniper-networksAt the end of December last year Juniper Networks discovered that some malicious actors had added code to the firmware and software that run their routers, creating a back door that would allow attackers to access the router remotely, assume administrator privileges, and view and decrypt VPN traffic running through the routers.  As the story unfolded, it turns out that Juniper was using a random number generator from NIST, and that the Continue Reading →


CIT Cybersecurity Featured in New Business Minnesota

We were recently featured in the January edition of New Business Minnesota.  This is a monthly business magazine published by Pat Boulay.  You can download a copy of our featured article, Cyber-criminals Put Every Business At Risk, here.  There are some additional helpful links below the picture.


Pat also runs a great business networking meeting once a month as well, on ...

Continue Reading →

Twin Cities 2016 CISSP Study Group

I got this announcement yesterday and thought I’d post it here for interested cybersecurity professionals.


The 2016 CISSP Study Group for (ISC)2 “Common Body of Knowledge Examination” is forming with the first session starting Feb 23, 2016.  The study group is scheduled to last until June 28.

The board of directors of both the Minnesota Chapter of ISSA and the Twin Cities Minnesota (ISC)2 Chapter agreed to sponsor a CISSP Study Group.  “Our ...

Continue Reading →

Interview With Carolyn Heinze – Part Two

Continuing with my interview with Carolyn Heinze:

CH-       What are the key ingredients of a sound security preparedness strategy?

  • BW- They are:
    • Patch
    • Backup
    • Keep anti-malware software updated
    • Watch for and report suspected email exploits
    • Good password policy coupled with two-factor authentication when possible
    • Create an environment of cybersecurity awareness through training and fun employee events.

CH-       When we think of cyber security, the tendency is to consider breaches that come from the outside. What can organizations do to protect themselves from breaches that can potentially come from the ...

Continue Reading →
Page 70 of 83 «...4050606869707172...»