If you are involved in the management of a commercial bank, The Federal Financial Institutions Examination Council (FFIEC) has developed a Cybersecurity Assessment Tool that was released in June 2015. As a cybersecurity practitioner who provides security audits, compliance audits, vulnerability scans, and penetration tests, I was encouraged to see another example of a federal government agency getting serious about improving cybersecurity practices ...
The Tor Project released the beta of their new Messenger app. This messenging client is based on Mozilla’s Instantbird, and works with several popular messaging platforms, including Facebook Chat, Twitter, Google Talk, and Jabber.
The encryption piece is handled using Tor’s OTR Protocol (for Off-The Record), and requires that users exchange a secret key. This is available in Windows, Linus, and OSX versions from the Tor website.
For more information:
Continue Reading →
I was surprised to discover proof that my business is a target of cyber-criminals. After installing some security and reporting tools on my websites, I was alerted to the almost constant state of attack that they were under. And all I am doing is writing a cybersecurity blog. And you, dear reader, what of your business? There is a good chance that you are too, but simply don’t know it ...
My Facebook friend Jeff Wegge asked: “Security question Bob. Is the hotspot on my mobile verizon phone any more secure than public Wi-Fi?”
This is a most excellent question! Generally speaking, the mobile hotspot will be more secure for two reasons The first is that only you are likely to be using it, unless you explicitly shared the SSID (network name) and passphrase with someone else. The second reason ...
Continue Reading →
Classical computer and network security has relied on perimeter defense, in the form of firewalls, intrusion detection devices, and similar technologies for quite some time. This is usually coupled with some form of endpoint security, typically in the form of a security software package. We are finding that this no longer is working. The reasons are many, but the big one ...
I was recently interviewed by Carolyn Heinze for ChannelPro Network magazine on the subject of ransomware. Ransomware is back (if it ever really left) and there are strategies you can use to defeat it. If you do nothing, there will be nothing for you but to pay up.
On October 21st at the Cyber Security Summit in Boston, comments by Joseph Bonavolonta, Assistant Special Agent in Charge ...
Continue Reading →
Mashable reported to wide popularity in September that in 2015, more people have died taking selfies than in shark attacks. The score is Fatal Selfies 12 vs. Sharks 8. Either way not a huge risk, something tells me that lightning strikes score higher (according to NOAA – 26) than either of these. The reason this statistic is so popular is the same reason we find ...
This week we have focused on the people part of the security puzzle. As we know, people are the weakest link and the easiest point of access. But beating this point into your employees will not help them be better at computer and network security, and just make them feel hopeless and badgered.
Getting employee buy-in requires a little bit of strategy mixed in with a lot of fun.
On Monday we discussed the effect that living in a code yellow world has on creating security fatigue. Peter Herzog, in his blog Dark Matters expanded on this theme recently, giving examples of how teaching your employees how to stay secure in an insecure world may be counter-intuitive to the way we usually accomplish this.
Here are his recommendations: