Tag: security

We Were Hacked!

Verizon’s Data Breach Investigations Report

Verizon’s Security Report: Key Takeaways and Your Steps to Stay Safe

Here’s a breakdown of Verizon’s Data Breach Investigation Report with actionable advice:

  • People are the Weakest link. Most breaches involve human error. Secure your systems based on your needs.
  • Top Attack Methods: Credential theft (use 2-factor authentication!) Phishing emails (don’t click, don’t reply, and don’t share information) Unpatched vulnerabilities (update software regularly)
  • Browsers as Backdoors: Use Privacy Badger and uBlock Origin browser extensions. Clear your cache often.
  • Phishing Emails are effective; Many people fall for them. Be suspicious, verify senders, and delete unknown emails.
  • Lost Devices are common. 80% of mobile devices are lost, not stolen. Secure your devices!
  • Small businesses are targeted: Don’t underestimate your data’s value. Don’t rely on weak security practices.

For a deeper dive, download the free Verizon report!

Just Delete It

The FBI, Microsoft, and Google Will Never Call Or eMail You

A one-page computer security refresher from the FBI.

https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/on-the-internet

Of particular interest is the note in the lower right:

Note: The FBI does not send mass emails to private citizens about cyber scams. If you received an email that claims to be from the FBI Director or other top official, it is most likely a scam.

Replace FBI in that note with ‘Apple’, ‘Dell’, ‘Microsoft’, ‘Google’, etc., and it still holds true. Those companies will never contact you directly via email, browser pop-up, phone, text, carrier pigeon, etc., regarding a security issue. If you think they are contacting you directly with a legitimate communication, they aren’t. Please delete the email, don’t take the phone call, and dismiss the browser popup.

IT Axioms

Things I’ve learned in 30 years of IT

axioms
  • User convenience wins over IT security
  • Security and compliance are not the same
  • Security and privacy are not the same
  • Authentication and authorization are not the same
  • Trust and verification are not the same
  • If you have ‘nothing to hide’, you have everything to lose
  • Build a 10 foot security wall and users buy a 12 foot ladder
  • A backup is as good as the last tested restore
  • To understand how a decision is made, follow the money
  • Don’t confuse activity with productivity
  • If a user says something isn’t important…it is
  • A missing $50 cable can delay a $1M project…details matter
  • Complex projects take 2x the time of the estimate
  • Technical debt is easy to add and difficult to remove
  • A software sprint is anything but
  • MDM solutions don’t find 10% of your devices
  • Customers don’t pay for documentation
  • If every user is special…no one is
  • If everything is urgent…nothing is
  • Important and urgent are not synonyms
  • An end user problem is not my emergency
  • This will only take a minute…won’t
  • Anyone claiming 100% compliance…won’t pass an audit
  • If you can’t measure it…you probably don’t understand it
  • Complex IT system fail gradually…then suddenly
  • Managing people is convincing you my emergency is yours
  • Work-Life balance does not apply at end of quarter
  • If you have a quota…the number is the number
  • No good deed goes unpunished
  • A manager who is ‘here to help’…isn’t
  • A feature and a bug are all about perspective
  • Your initial project estimate is a client’s final price
  • In a training class of smart IT people…sit next to the quiet one
  • Junior IT people…mouth shut and ears open
  • Smart IT people sit in the back of the room
  • Open source is free…unless you’re the maintainer