Friday, June 27, 2014
Wednesday, December 18, 2013
Most high profile executives can be easier targets as they are usually absent from routine security training which now exists in most firms. Over 80% of breaches or threats result from common sense security protocols not being implemented by the executive or his/her immediate staff.
- Not doing routine upgrades on personal machines
- Accepting or using random memory drives
- Not having apps verified by IT/security departments before installing on phones, tablets or computers
- Leaving an office unlocked or making it accessible
- Taking sensitive work home
- Using generic email addresses (gmail, hotmail etc) for work
- Not having the latest anti-virus or internet security software installed
- Giving low level IT staff access to Super Admin on company servers
- Not having a security filter installed on company emails
- Lack of proactive cyber scanning for threat chatter or discussion relating to the executive
- Using unverified cloud backup services
- Not using a shredder (old school trash digging is still done by serious adversaries)
- Using public wifi
- Never changing passwords or using passwords which are weak
- Not doing due diligence on vendors and giving them access
- Randomly clicking links on “alarming emails” or alerts (designed to make you click)
Wednesday, October 16, 2013
- The security systems we have are good enough.
- Our security architecture is so complex no attacker will be able to get into our network.
- We only REALLY need to worry about inbound firewall policies. The danger is out there! (not in the network).
- We're up to date on patching our vulnerabilities so we are in the clear.
- The firewall configuration is secure because it’s managed by an outside firm.
- If no one is screaming about an outage or a virus then everything is hunky dory.
- Network operations and application owners understand security.
- Security is more important than business operations.
- The security processes we have are good enough – they are written down on paper.
- Employees will follow most if not all of the security policies.
- It’s much more secure if we virtualize it.
Thursday, August 29, 2013
- “What is the key to our wireless again?”
- “I downloaded something and now my computer is acting all weird”
- “Why do I need to use the VPN all the time?”
- “How come I have to apply updates all the time?”
- “At home I run macs because they don’t get viruses and malware”
- “Hey, can you teach me how to hack?”
- “Is there any way to get around me having to type my password over and over again?”
- “I clicked on it because it totally looked like it was from my bank”
- ”Should I get my CISSP?”
- “Is it safe to click on this self-signed cert?”
- “I have no idea how that pornography got on my computer?”
- “The webpage said that this cloud services was 100% secure?”
- “I locked myself out of my account again, can you reset it?”
- “I think I may have just lost a bunch of important files, what do I do?”
- “Can I get root access on this server?”
- “We will get back to you on those security-related changes you recommend”
Wednesday, May 15, 2013
Saturday, April 20, 2013