October 31, 2016

Cartoon: The Internet of Ransomware Things from Joy of Tech

It was inevitable that somebody would find a way to put a funny spin on the security vulnerabilities of the Internet of Things and “smart devices”.  […]
October 30, 2016

Don't take everything security experts say at face value, even me

TL:DR - Sometimes security people make sweeping statements without considering how they will be interpreted, or their effects on people in different stakeholder groups. We need to stop saying "Security education and studies are a waste of time" when we really mean, "Developers should do a better job of building security into their technologies". For as many years as I can remember, security professionals have been arguing about whether or not security awareness training has value. Even still, security experts feel that individual users or employees should not be required or counted on to learn about security threats and vulnerabilities. Their rationale seems to be that security technologies should really be able to compensate for vulnerabilities well enough that humans should not need to worry about the risks they face. In fact, Bruce Schneier one of the most respected security thought leaders, has taken this position more than once. But I'm not sure that making these kinds of statements is helpful to anyone, except perhaps developers of security products.
October 19, 2016

Being proactive on employee vulnerabilities

In the past month or two, I’ve been learning a lot, through some of my business associates, about why employees might act against the interests of […]
September 30, 2016

Yahoo learns poor security can affect business value

As you may have heard, Yahoo recently disclosed that it had suffered a major security breach affecting the personal data (and possibly passwords) of 500 million […]
September 30, 2016

Insider threats may come from people you don't suspect

How would you expect an insider threat to materialize in your organization? Could it be the recent new hire who just seems too keen? Or do […]
September 8, 2016

Why use a hammer when you can use a blender to wipe your device's memory?

When Hillary Clinton’s aids apparently took a hammer to a couple of her old Blackberries to destroy them, regardless of their intent, it was not a […]
September 8, 2016

Automated license plate readers are quietly tracking vehicle movements

If you’re concerned at all about protecting your privacy, you may occasionally think about how your mobile phone is being tracked, and what that data is […]
September 1, 2016

Archives of Security Views blog posts are available from before 2016

Did you know?… While the blog column you’re currently readaing has all my posts from about December, 2015 to now, I actually have posted over 100 […]
August 31, 2016

Employees selling company secrets and access on the Darknet

What would your employees do if they had the chance to sell company secrets without getting caught? Some large organizations are finding out that their employees […]
August 30, 2016

$5.5 Million penalty to hospital for not protecting patient health records

Advocate Health Care Network is the largest hospital chain operator in Illinois, and was recently hit with a fine for violating the information security requirements of […]