People by nature don’t like to be told what to do. Most people would rather be told what needs to be done and left to their own devices to produce the end result. That approach works fine if you are an organization of one. Bring in another person and suddenly things start to get done differently by each person. Those…
A company can have the best security controls in place, have a staff that is highly security-aware and have what they consider outstanding security practices in place and yet bad things can and do happen. Many times, security breaches are caused by malicious actors exploiting some unnoticed vulnerability in a running service or other infrastructure. These breaches happen without involving…
A recent post by Kendra Cooley led to a lively discussion around the value of SOC2 attestations. She followed this up with an article that goes into a bit more depth. Discussion around these sorts of issues is always educational. The devil is in the details. When one discusses SOC without clarifying the details, the waters get muddy very fast.…
Happy New Year! As I began 2024, I spent a little time last weekend evaluating my online presence and personal security practices. I thought it would be worth sharing my perspective on how I manage my personal online accounts and access to those accounts. In doing this, maybe I can motivate you to make it a point to evaluate and…
Cybersecurity seems to dominate our lives. So much of our lives are dependent upon the Internet as we use connected devices to manage our shopping, finances and communications. The amount of data consumed and copied worldwide in 2010 was about 2 zettabytes. The amount predicted for 2024 is 147 zettabytes – almost 7500% growth in 14 years! Data is an…
In 2013, malicious actors stole 40 million credit card numbers and the personal details from 70 million customers in what has become known as the Target data breach. For those of you that don’t know, Target is a very large retail chain with locations around the world. In addition to credit card numbers, the cybercriminals also got away with PINs,…
In the advertising world, there is an acronym called TOMA. TOMA stands for Top-of-Mind Advertising or Top-of-Mind Awareness. This is defined by Marketing Metrics as “the first brand that comes to when a customer is asked an unprompted question about a product or service category.” This can be thought of as the most remembered or most recalled brand names. A…
Organizations must take risks in order to operate. Each organization determines what level of risk is acceptable to that organization. This concept is known as risk appetite. Security is the process of examining risk across an organization and taking defined steps to reduce those risks to a level that is acceptable to the organization. Security is NOT the act of…
We care for our bodies. We eat. sleep, bathe, brush our teeth, wash our clothes, clean our homes and see doctors as needed in order to keep ourselves healthy. This concept of self-care we call personal hygiene. We practice personal hygiene throughout our lives in hopes of having a long and healthy life. Many of us have pets that bring…
Possibly one of the most poorly understood and overlooked problems faced by businesses and consumers is the proper implementation and management of passwords. Typically, access is granted to a system or resource simply by entering a username and password. Usernames are typically email addresses or some combination of the user’s first and last name, so these are easy to guess.…
If you listen to much of the chatter on Twitter surrounding Elon Musk’s purchase of Twitter in October, you might think the world were coming to an abrupt end with Twitter burning to the ground. There’s been much whining and gnashing of teeth along with a significant number of people claiming they are leaving the platform forever. Most of the…