- Filter by
- Categories
- Tags
- Authors
- Show all
- All
- Events
- Funny
- Gamification and Game-Based Learning
- Hacker stories
- Health care security and privacy
- In The News
- Insider threats
- Intellectual property theft stories
- Malware
- Media mentions
- Organizations
- Privacy
- Scott's security musings
- Security news
- Security Solutions
- Smart devices
- Social engineering
- Stories about risks
- Tips
- Uncategorised
October 2, 2013
October 2, 2013
Categories
Here’s something meaningful we can all do to improve security awareness in our organizations. As your management to sit down for an hour or two and […]
Do you like it?
March 30, 2014
March 30, 2014
Categories
t seems like the momentum is really swinging to allow employees to do whatever they want in terms of accessing the web, as long as […]
Do you like it?
December 16, 2014
December 16, 2014
Categories
I’ve never been a big fan of the hype stories at the end of each year about security or privacy predictions for the coming year. But […]
Do you like it?
March 31, 2015
March 31, 2015
Categories
Just a quick thought after this week’s air crash in France, in which the co-pilot locked the pilot out of the cockpit and intentionally crashed the […]
Do you like it?
February 8, 2016
February 8, 2016
Categories
I was recently asked to participate in an interview with CBC news columnist Laura Fraser. The topic to be discussed was privacy risks from connected devices. […]
Do you like it?
February 28, 2016
February 28, 2016
Categories
If you haven't been following the controversy around Apple and the FBI, maybe all you need to know is that you should probably have an 11 character, random alpha-numeric passcode on your iPhone. This will probably be good enough to protect your iPhone from being cracked open by a brute force attack, no matter what Apple is forced to do for law enforcement.
Do you like it?
February 29, 2016
February 29, 2016
Categories
For the past several years, I've talked about how "fear or compliance" are often the best ways to help justify the need for security. It's not that I'm trying to convince my readers that security investment is needed in their organization by scaring them or threatening them... They know it is needed. The problem is that they have a hard time articulating the need to executives who have limited time to listen, a whole different mentality around risk and a need to watch the bottom line in the short term. Sometimes pointing out the worst case impacts (e.g. fear) or pointing to regulations (e.g. threats of penalties from non-compliance) are needed, but sometimes they aren't effective or appropriate. I recently had a conversation with an executive that gave me this idea, to focus on what I call Due Diligence Risk.
Do you like it?
April 1, 2016
April 1, 2016
Categories
This week, hospital chain Medstar Health in Washington, D.C. was hit with a crippling ransomware attack that encrypted file systems on computers throughout the organization’s network. […]
Do you like it?
April 1, 2016
April 1, 2016
Categories
If you're keen to use all the cool new gadgets that are coming on the market, but are wondering how you can protect your network from their inevitable vulnerabilities, I have a suggestion for you: Three Dumb Routers.
First, I'll explain, in simple terms, what it takes to set this configuration up, and then I'll try to briefly explain why it is a good approach to protecting your network from the Internet of Things, assuming you really have your heart set on playing with these things, or at least showing them off.
Do you like it?
May 1, 2016
May 1, 2016
Categories
I love using analogies when explaining things to people. If we compare learning some common activity that we all understand, like training people to drive, with […]
Do you like it?