Bill Burr, the guy that originally recommended password rules at NIST years ago, seems to regret how far that advice traveled and was used. While it's possible people will misstate his current views on the subject (proving his point again), at issue is how we simple humans use passwords…
Continue Reading
Bill Burr says you can St0P Uz1ng P@ssw0rdz l1k3 th1s!
Since significant M&A due diligence activity centers on on valuation both of the asset today (point in time) and as an ongoing source of positive economic activity, risk assessment has long been a foundation of transactions. The dawning realization among [some] M&A due diligence teams is that risks…
Continue Reading
Avoid Cybersecurity Risk in Mergers and Acquisition with these Top Strategies
You are Here For reasons yet unexplained, I'm a fan of those maps you find in traditional shopping malls. The maps that say "You are here" and offer a bright little star to indicate your location. They do something simple and they do it simply. They provide context. I…
Continue Reading
Mall Maps and Privacy in Real Life – Protecting Secrets Starts by Knowing Them
Recently, the Federal Trade Commission (FTC) announced a $250,000 fine and a Consent Order with Henry Schein over misleading claims about encryption in their software. If we're honest, for the average consumer it’s not even a blip on the radar. That changes when we're talking about a child's health records. I've…
Continue Reading
Shocked by False Security in Medical Records Software – The Rough Edges of Encryption Claims
I attended a Cyber Security presentation this morning organized by a leading insurance and benefits provider with offices in St. Louis. They brought together speakers representing brokers, wholesale as well as accounting and audit to discuss cyber security with business owners.As they build momentum around cyber-liability offerings, it’s becoming clear…
Continue Reading
Start Crushing Cyber Risk in your Company Now
If you have the curiosity and time, I recommend reviewing NIST Special Publication 800-115, "Technical Guide to Information Security Testing and Assessment". In addition to being 80 pages of excitement and fun, this document provides us with rich details on testing information technology systems using a consistent approach. For the sake…
Continue Reading
Cybersecurity Assessments that Work for You – Three Techniques to Find (and Eliminate) Risks
There are no 100% guarantees in information security. We all talk about it. Often, we turn to technical solutions to solve security problems. For each solution, someone can offer a reason it won't work. Far too often we end up declaring "breaches are inevitable." This is where many firms throw…
Continue Reading
Leading Cybersecurity from the Top of your Company – A CEO’s Role in Setting the Tone
At work, home, or in public, everyone is exposed to threats while using WiFi on their phones, tablets or computers. Fortunately, many Wi-Fi risks can be mitigated easily. "Open" hotspots create an immediate risk of eavesdropping with few barriers, but even secured networks in public can compromise the path between…
Continue Reading
Wireless Risks will Wreck your Day – Pick Secure HotSpots and Watch for the Signs
Updated: This is an outdated list, but I leave it here as a reminder. Software has security a half-life. That half-life is the combination of how long it takes for an attacker to find a weakness, for an exploit to be developed, and for you to realize it's…
Continue Reading
Usual Suspects – Let’s Play Patch or Pitch