Business IT Security 101 As the cyber threats facing businesses keep multiplying, owners are asking "what should I do to protect my business?". Let's break this down. Step 1 – Understanding your Risk and Exposure Before you can fix the
An overview of Hashing One of the fundamental pillars of security is something called cryptographic Hashing, a checksum, or a Hash Function. Often you will hear this referred to "as a one-way mathematical function". But what does that mean and why should you care?
When most people think of IT security they think of either the bad guys, sitting in hoodies in the basement "breaking through the firewall" or the good guys chasing them in a helicopter.
While we are battling Covid-19 most employees are forced to work remotely. This brings up the question of what's the most secure way to connect remote employees.
When I tell people that I work in Cybersecurity the first question I get is if I can hack. The second question I get is, "if I use Norton or Mcafee as my Anti-Virus and I all set" ?
In traditional physical security as well as fire prevention there is a KPI that deals with the time it takes for an attacker to bypass the system or in the case of fire prevention, how long a device can withstand fire, for example a 2-hour fire-rated door.
There is a saying in automotive safety, the safest accident is the one that never happens. Applied to IT Security, the best security incident is the one that never occurs. This is where DNS filtering is perhaps the most powerful tool in your arsenal, both in terms of cost for level of protection and ease of obtaining end-user buy-in.
Security Through Obscurity is the practice of hiding vs securing. It generally conjures negative associations but when used strategically it could help to improve an organization's security posture.
Let me start by saying that you will be hard-pressed to find another profession with as many acronyms as we have in IT. I will run through several must-know IT acronyms for business owners.
Today everyone has a favorite application for antivirus and everyone you ask will have a story about how their AV "saved them from an attack". As a lover of analogy, I immediately draw a comparison to cars and collision avoidance technology. Today almost every new car comes with some sort of automatic emergency braking technology. What separates one from the other lies in the details. Similarly with Anti-Virus software, the devil is in the details.
One of the toughest parts of my job is explaining the difference between security and privacy. I find that the confusion between the two often leads people to a feeling of Learned Helplessness. Learned Helplessness is the feeling that regardless of your efforts, what happens to you is beyond your control. Just sit back because you are along for the ride.
I've always said that security starts with organization. What does that really mean for your organization (no pun intended)? The idea is that you cannot secure what you do not know exists. And what level of protection do these assets really need.
Multi-Factor Authentication (MFA) was designed to offer a higher level of security than passwords alone. However, like many security safeguards, the addition of one safeguard is often followed by the expectation, by both users and management that something will become easier in exchange. This quid-pro-quo relationship often leads administrators to whitelist IP Addresses, such as the main office, users' homes, and even whitelist certain users from having to use MFA while logging in altogether.
We often hear the phrase, "layers, layers, and more layers". The reality, as I have written before, is that not all layers are created equal and some do more harm than good. An example of this is a policy without enforcement. A policy is only as good as your ability to enforce it. This is really no different than today's mandate of masks. The idea is that we wear a mask not because we are sick but because we may not know that we are sick.
