This blog post originally published in 2018. Fire, Flood, and Cybersecurity In some respects, cybersecurity is not that different than protecting your building against fire or flood. For instance, if…
Read More
In previous posts, I’ve explained how cybercrime is big business, and the criminals behind the illegal activity run sophisticated online companies. Today, let’s begin talking about how to defend your…
The cybersecurity world is full of horror stories. Examples of "what not to do." Now, here’s a story about a real victim, Norsk Hydro, a global supplier of infinite aluminium...
Read More
If you really want to change the way people behave, the core issue isn’t how to write this email. To be successful, you’ll need to create a long-term, multi-channel approach…
Length. Here’s a simple example. Which of these passwords is more attack-resistant? &^567*=M barbell-farther-grocery-sans-bluster-voyageur It’s the second one. Why? Because the typical approach to compromising a password requires brute force:…
There are two main strategies I use when I’m in the role of CISO: Make sure people know what’s expected of them. This includes written procedures, training, and periodic reminders…
Q: What are the key topics you would cover in your initial one-hour basic training program on security for non-IT personnel? AND What sort of additional security related training might…
We’ve just begun a series of blog posts that cover some of the most common questions I get asked about cybersecurity. Here are the last two weeks of questions in…
Here are my best practices for online passwords: Do not reuse passwords with different accounts. Ever. There is a major, often successful cyber attack pattern used against those people who…
People often ask me questions about cybersecurity. Over the next several weeks I’m going to share some of these questions here. Q: What should I look for when shopping for…