COVID-19/Coronavirus – Reducing risks to your organisation.

COVID-19/Coronavirus – Reducing risks to your organisation.

For over two decades I was a member to a voluntary fire department, the better part of this time as a battalion chief. This inevitably made me a part of numerous exercises including epidemic/pandemic scenarios. Together with other international best practices, the knowledge I have gained therein have become a part of my work as … Continue reading COVID-19/Coronavirus – Reducing risks to your organisation.

Your cloud software solution should have an offline version for business continuity purposes

Your cloud software solution should have an offline version for business continuity purposes

That an increasing amount of corporations were pressing users, and corporations to move to what is now known as the cloud. Back then the associated services were referred to as software as a service/ S a a S.  Even 10 years ago this was not the most clever solution to vet your company's existence on. … Continue reading Your cloud software solution should have an offline version for business continuity purposes

Lessons learned from the internet: from creation to finish, what what not to implement into autonomous driving and the smart grid

Lessons learned from the internet: from creation to finish, what what not to implement into autonomous driving and the smart grid

The first thing that comes to my mind when I think of the internet and its advancement is that we should have done a much better job in securing it against… well pretty much anything going amok today.  But then you start thinking of a famous remark that the internet wasn’t invented with security in … Continue reading Lessons learned from the internet: from creation to finish, what what not to implement into autonomous driving and the smart grid

Why a detailed network documentation is essential?

Why a detailed network documentation is essential?

More often than not when I walk into a building I will see RJ-45 network outlets in the wild. Without having done exact calculations I was able to hook up my laptop to this outlet, and have full access to the network. This goes for supermarkets, public administration buildings, and even military installations. What’s particularly … Continue reading Why a detailed network documentation is essential?

Printers should be segregated from the rest of the network

Printers should be segregated from the rest of the network

When it comes to security risks for networks, hardly anyone will think of a printer as an existential threat to an organization. However, multiple cases proving that printers, and other IOT devices can act as Trojan horses have surfaced over the last couple of years. There are probably multiple reasons why this is happening, and … Continue reading Printers should be segregated from the rest of the network

Why it’s a bad idea to have your device’s IP address publicly visible!

Why it’s a bad idea to have your device’s IP address publicly visible!

You know how you walk into an office building, and the machines standing around have stickers on them with their IP address clearly visible to the general public? Well, thank you for that! You just saved me a ton of work figuring out which printer I want to attack to get access to the rest … Continue reading Why it’s a bad idea to have your device’s IP address publicly visible!

Do encrypted cloud backups have benefits I’m missing?

Do encrypted cloud backups have benefits I’m missing?

n fact, they do! Unless you are set in a very dynamic environment, where a lot of changes to files in operational Infrastructure happens You have probably follow the trend, and have a cloud-based back up system in place. And that is a good thing to have! The benefits are obvious… Affordable colocation Of your … Continue reading Do encrypted cloud backups have benefits I’m missing?

The data you store in the cloud must be segregated from that of other clients

The data you store in the cloud must be segregated from that of other clients

One of the most problematic issues that is going to strike us in the near future is the cross infection of systems. Currently there are no sane arguments to support insisting on a totally isolated the violin from the cloud storage provider, but the future in cyber security is always very exciting, and surprises us … Continue reading The data you store in the cloud must be segregated from that of other clients

Why you should isolate un-patchable, end-of-life software

Why you should isolate un-patchable, end-of-life software

And another blog post from the recent past I outlined why a patch policy and an update policy maybe critical for survival of an organization. On rare occasions, and actually more often than desirable critical software upon which the organization relies to operate cannot be updated or patched simply because this piece of software has … Continue reading Why you should isolate un-patchable, end-of-life software

Why your privacy matters, and how you can defend it effectively.

Why your privacy matters, and how you can defend it effectively.

Being in IT inevitably brings you to the discussion about privacy. You won’t believe how many times I’ve heard that the person I’m having a conversation with has nothing to hide. And to be perfectly honest this pisses me off. The reason is That privacy it’s not up for debate simply because it’s not something … Continue reading Why your privacy matters, and how you can defend it effectively.

Application security is not necessarily necessary

Application security is not necessarily necessary

Often times applications have reached end-of-life, or are no longer supported by the vendor. In this case organizations tend to weed out or replace such applications simply due to this fact. I was confronted with this organization while performing a due diligence for an investment company. The course after of the organization in question was … Continue reading Application security is not necessarily necessary

Visitors by appointment only… even tech workers, maintenance staff, cleaning staff, etc

Visitors by appointment only… even tech workers, maintenance staff, cleaning staff, etc

Probably one of the most interesting incidents I have investigated was the theft of computers from a university. The perpetrator had done a good job scouting out the procedures of the organization, and through his reconnaissance put together a whole deal of information. He knew for instanceHe knew for instance that onHe knew for instance … Continue reading Visitors by appointment only… even tech workers, maintenance staff, cleaning staff, etc