May 1, 2016

Data Breach Story: Law firms hacked for insider information

As you can imagine, there are a multitude of reasons why businesses get hacked. Often, its for personal information in support of identity theft. But while […]
May 12, 2016

The Teachable Moment: Finding your organization's current level of vulnerability to phishing attacks… for free.

Are Phishing Assessments Really a Thing? By now, you've probably heard that some organizations are using simulated phishing attacks on their employees. Is this a smart thing to do, or is it just the security team trying to scare people? Filling up employees' inboxes with even more malicious email may just sound cruel. But there's a very good reason for doing this.
May 30, 2016

When there's a choice between privacy and sizzle Google usually goes with sizzle by default

Google is offering an innovative messaging product called Allo to compete with other mobile messaging apps. It has features like suggesting responses to messages from your friends, to save you time. But to do this, it needs access to all of the message content. On the other hand, you will have an option to turn on end-to-end encryption, which uses the secure SIGNAL protocol... On the other hand, if you do turn on the end-to-end encryption feature, you won't get the "sizzle" features like the message reply suggestions. So, let's just be clear about privacy versus convenience.
June 3, 2016

A live recorded example of how attackers get into online accounts using social engineering

If you think companies you trust have good security practices for authenticating their customers in phone support calls, you may be right. But the security of call-centre support processes is becoming a serious issue. Every call-centre rep is human, and humans respond to emotional situations in different ways. This is what many attackers are learning to exploit.
June 9, 2016

It just got more expensive to lose your personal information to identity theft

In one sense, it’s hard to believe it’s taken so long for identity theft to get to this point. At least, up until now, most of […]
June 26, 2016

Many LinkedIn users don't seem to be aware of risks from fake connection requests

By now, you might think that employees are able to distinguish between legitimate LinkedIn connection requests and those from people using faked profiles. Unfortunately, recent statistics […]
June 28, 2016

Why users need to understand a little about the risks of Zero Day vulnerabilities

You may believe that even uttering the words “Zero Day Vulnerability” in front of a non-technical user would be enough to either cause a panic attack […]
September 1, 2016

Archives of Security Views blog posts are available from before 2016

Did you know?… While the blog column you’re currently readaing has all my posts from about December, 2015 to now, I actually have posted over 100 […]
September 8, 2016

Why use a hammer when you can use a blender to wipe your device's memory?

When Hillary Clinton’s aids apparently took a hammer to a couple of her old Blackberries to destroy them, regardless of their intent, it was not a […]
September 30, 2016

Insider threats may come from people you don't suspect

How would you expect an insider threat to materialize in your organization? Could it be the recent new hire who just seems too keen? Or do […]