It’s amazing how many projects there are where money doesn’t play a role; as long as it doesn’t involve user experience, or a user interface that makes sense to users. Recently I was on a project in the financial sector which focused on digital change. We had very fruitful discussions in terms of what to … Continue reading Ux/UI confirmation screens with color differentiation
Often times applications have reached end-of-life, or are no longer supported by the vendor. In this case organizations tend to weed out or replace such applications simply due to this fact. I was confronted with this organization while performing a due diligence for an investment company. The course after of the organization in question was … Continue reading Application security is not necessarily necessary
As you can see this post was published in 2019. We’ve had pretty much everything about you go south. Probably the most revealing thing, and the only one in years that led to some kind of reaction, where the Snowden revelations. No, one of the main issues is that even after such a major incident, … Continue reading Your email server should ensure encrypted communication and messaging only
Probably one of the most interesting questions to ask when reviewing a cyber crisis reaction document is the phone number of the cloud hosting platform that is chosen to be the one to store the back ups of all critical systems of an organization. Chances are that the survival of your company relies on this … Continue reading Is your cloud service provider contactable in case of crisis?
I hope I will be stating the obvious in this post; but I have seen so many things going wrong that I will risk repeating myself! On location back ups are totally cool! They are directly connected to your ethernet, have blazing accessibility rate, superb file transfer speeds, and a variety of other bills and … Continue reading Why you need on-location and co-location backups and why they should be encrypted
When I heard this argument for the first time over a decade ago I thought it would never be a thing. I was to be proved wrong! A few years ago, I was hired to figure out how a perpetrator got into a corporate network. Like so often, my blue-chip/fortune 500 colleagues had failed to … Continue reading You seriously have to regularly upgrade your printer firmware!
Here is an example of why it's a pretty good idea to have an update policy in place...
Humans are still the weakest link in cyber security, and they lack training to become aware of the risks. This is a very good example.
One of the most costly cyber threats/risks is CEO fraud.
What is the "Advanced Cybersecurity Risk Assessment Checklist" (ACRAC)?ACRAC allows any organisation to assess a status quo of their cybersecurity. It's a thorough, and constantly updated checklist to reduce common cyber threats organisations are confronted with. Its goal is to raise awareness for vulnerabilities, thereby neutralising a majority of threat vectors an organisation sees itself … Continue reading Project: Advanced Cybersecurity Risk Assessment Checklist
When it comes to passwords, there are many opinions. However, a save passwords strategy doesn’t have to be so complex that you cannot remember the password you entered. Instead it is about choosing passphrases which are easy to remember for the human mind.
Differentiating the terms risk, vulnerability, and threat is quite difficult in a cyber security setting. This post intends to give a clear outline.
Removable media still presents one of the greatest threats; this post outlines one solution of how to deal with it properly.
Cyber insurance is becoming every increasingly important product for most organizations. Finding an insurance policy, and an underwriter to understand the risk is very difficult.
DDoS attacks are still a thing. But they are also easy to mitigate. Here is how, and an interesting discussion about the topic.
Bring your own device or BOYD has become a trend in organizations and bring as many benefits. However, certain risks along, too!
Software that it’s not regularly updated presents at risk. However, sometimes it is out of our influence whether or not a software remains up to date. If the software vendor does not provide updates and patches in time, and option to deal with such situations is to isolate software in virtual machines etc.
This post is about the security risks of having exposed RJ 45 sockets and your organization.