Securing Cloud Collaboration

Cloud collaboration, online storage, other cloud services and Bring Your Own Device (BYOD) adoption have all contributed to increased productivity and lower IT costs for most small businesses. Over half of companies surveyed now store data at a third party site and only a fraction of them have considered and vetted the cloud vendor’s security posture or even have cybersecurity policies in place themselves. Continue reading

Business Cyber-Insurance

While a business can never totally eliminate risk, there are three things which can be done about the risk:  (1) Mitigate the risk, (2) accept the risk, or (3) transfer the risk.  Larger companies have greater resources and access to skilled staff to document, assess and mitigate cybersecurity risks.  Smaller businesses may too often, by default and lack of proactive action, accept those risks.  Purchasing cyber-insurance transfers the risk to a third party, yet still requires effort and planning to be an effective investment. Continue reading

Become Rich and Stay Rich

Cyber Incident

Entrepreneur.com had an interesting article of value to any business titled: “The Only 5 Ways You Can Become Rich.”  One of those five points inspired me to think in terms of how how to become rich and stay rich.

As an entrepreneur becomes rich, staying rich can be an increasing challenge.  Cyber threats are all risks to to the business and wealth the entrepreneur has created and the greater the wealth, the larger the risk becomes.

Reading point # 2: “Knowing Your Day Rate,” can seamlessly be expanded into “knowing your risk.”  The first step in any cyber security program is a risk assessment and that assessment begins with knowing and identifying the assets.  In other words, each entrepreneur should always be able to answer the question:  “What am I trying to protect?”

Knowing our assets, and the value of those assets, is a prerequisite to then identifying the relevant threats to and making the right business case for investments needed to protect those assets.

Unfortunately, the security industry is full of either sales types or technical types.  Either will be more than willing to sell you a solution to the latest cybersecurity problem yet not fully understand your business and whether or not the solution is one relevant to your problem.

Building a successful business takes hard work.  Protect those assets after becoming rich and stay rich by making the right investments to protect your assets, and not investing in solutions without first doing the risk analysis.  Don’t just become rich, stay rich.

 

Political Cyberspeak

My hat is off to our politicians since as a general rule, they have an amazing gift of speaking without really conveying any substance.  Simply watch any political speech or news conference and leave still having the questions unanswered despite listening to a long response.  Hence, I am not surprised that politicians now have applied this remarkable gift to cyberspeak. Continue reading

Is Artificial Intelligence The Answer to Cybercrime?

Cyber Incident

Just about every company involved in the cybersecurity industry is looking at artificial intelligence, (AI), as a means to win the war against cybercrime and address the human element which has been attributed to 70% of IT breaches.  Many of the arguments are compelling, but is artificial intelligence the answer to cybercrime? Continue reading

Tor in The Workplace

Cyber Incident

The Tor browser is enticing, because it is a fantastic tool for remaining anonymous on the Internet.  We are constantly monitored and tracked at almost every site we visit, and of course, we never know when governments are snooping on our private online behavior.  Properly leveraging Tor, we can reclaim control of our online privacy. Continue reading

If it Isn’t Broke, It Still May Need Fixed

The security issue discovered last month with Juniper ScreenOS, (CVE-2015-7755) shatters the ageless wisdom of “if it isn’t broke, then don’t fix it.” In the wild age of cybercrime in which we live and do business, technology may still operate, but be vulnerable and this requires us to fix that which may seem to not be broken.  In this specific example, the technology continued to operate just fine, albeit with a hidden vulnerability which exposed a back door through which an attacker could gain administrative access to the device and even monitor encrypted traffic. Continue reading