October 17, 2014

Not only is Malvertising hard to say, it's hard to recover from

  It’s an ugly word, and not one you want to say often. But you will be hearing more about malvertising in the future. It’s a […]
November 19, 2014

Twitter never forgets, what you thought was ancient history

Not long ago, I remember noticing that when I did a search on Twitter, I could only see tweets going back a couple of weeks. At […]
January 31, 2015

Three ways to make security awareness training more engaging and effective

I was speaking this week at the local chapter of the Information Systems Security Assocation (here in Ottawa) on the topic ofsocial engineering. The presentation was […]
February 28, 2015

Don't blindly accept all privileges requested by mobile apps (they often don't need all of them)

Most of us have probably downloaded at least one app to our mobile devices or phones by now. But have you ever noticed what they are […]
April 24, 2015

Why the Internet of Things needs your attention now

As a wise man once told me, the two most important reasons people invest in security are: Fear and Compliance. Of course, there are a few […]
May 31, 2015

High impact, low likelihood security incidents are hard to prevent, but you can still prepare

One of the most difficult problems in risk management is dealing with what’s called a “High impact, low likelihood incident”. An Example Think of the risk […]
July 27, 2015

Politically correct justifications for addressing insider employee security threats

Nobody wants to be suspected of being untrustworthy, or acting against their employer or other employees. So, senior managers can be hesitant or unwilling to deal […]
January 27, 2016

Putting all your eggs in one basket with a password manager

Should you use a password manager? It really depends on how many different accounts you have. The trade-off you need to decide on is: Should I […]
February 28, 2016

Streetwise Security Tip: Don't forget to back up your smartphone data

Nobody ever thinks they will lose their phone, and they don't think much about the importance of the data on their devices. Aside from the privacy implications of the data on your phone being accessed by others, you should consider the impact of what would happen if you lost access to the data on any of your devices.
February 28, 2016

…But our iOS passwords go to 'Eleven'

If you haven't been following the controversy around Apple and the FBI, maybe all you need to know is that you should probably have an 11 character, random alpha-numeric passcode on your iPhone. This will probably be good enough to protect your iPhone from being cracked open by a brute force attack, no matter what Apple is forced to do for law enforcement.