February 28, 2017
Many inputs to computers

Don’t be asleep at the wheel, Big Data privacy issues are critical for businesses and individuals to grasp

By now, you’ve probably heard the term “Big Data”, and may even be getting sick of hearing about it. Whether you’re new to it or not, […]
February 14, 2017
Goldfish with hooks around

Why do so many people click on phishing email messages?

Your UPS delivery was missed… The IRS says you owe them thousands of dollars… You’ve reached your computer disk storage limit… Your Apple account information has […]
January 16, 2017
Safe with USB cables

Working with extremely sensitive data

A friend of mine is developing some complex software that he hopes to license to other companies. When I asked him how he was protecting it […]
January 1, 2017
Collage of computers and users

Attacks on prominent businesses show how industrial and economic spies are targeting and finding valuable intellectual property

While most of the cyber crime news stories focus on financial and personal information theft, there is clear evidence emerging that large-scale espionage is being conducted […]
January 1, 2017
Let's make a deal doors

When Popcorn Time ransomware offers you Door #2, don’t choose it

Ransomware that takes your computers hostage has hit an all time low, from a morality point of view. While you have to admire their creativity, the […]
December 31, 2016
Explosives box

Hey Joe. Do you know where we keep the explosives?

Collaboration is an important element of business productivity. But it’s sometimes too easy to set up methods for sharing files between employees in different geographical locations, […]
December 1, 2016
Robot at keyboard

Employees need to learn to handle Cyber Threat Overload or they will be replaced

Remember back in that simpler time – 5 years ago – when botnets simply sent out spam or collected credit card numbers; or 10 years ago, […]
November 30, 2016
Leaking faucet

Nebraska Irrigation District teaches us all a lesson in thwarting ransomware

What’s the best way to combat a ransomware threat? The secret is to be proactive, and maybe extra paranoid. I’ll bet the guy who decided to […]
November 1, 2016
Recycling-devices

Three reasons you may need to throw away your Smart Devices

While I have been pointing out the risks of using Smart Devices and adopting the Internet of Things (IoT) over the past year, there has definitely been a gathering recognition among the security industry - and now the news media - about these risks. Certainly, the high profile outage of Twitter, Spotify, Pinterest, Google and Netflix last week focused attention on the security vulnerabilities within IoT devices. Now people are starting to realize the potentially scary scenarios that are just wait to happen thanks to the poor security around these devices. It's great that more people now share my concern, and many are trying to identify solutions. But here are my reasons why many of the devices you've already purchased may always be vulnerable - and you may need to throw them away to stay safe.
October 30, 2016

Don't take everything security experts say at face value, even me

TL:DR - Sometimes security people make sweeping statements without considering how they will be interpreted, or their effects on people in different stakeholder groups. We need to stop saying "Security education and studies are a waste of time" when we really mean, "Developers should do a better job of building security into their technologies". For as many years as I can remember, security professionals have been arguing about whether or not security awareness training has value. Even still, security experts feel that individual users or employees should not be required or counted on to learn about security threats and vulnerabilities. Their rationale seems to be that security technologies should really be able to compensate for vulnerabilities well enough that humans should not need to worry about the risks they face. In fact, Bruce Schneier one of the most respected security thought leaders, has taken this position more than once. But I'm not sure that making these kinds of statements is helpful to anyone, except perhaps developers of security products.