As you can see this post was published in 2019. We’ve had pretty much everything about you go south. Probably the most revealing thing, and the only one in years that led to some kind of reaction, where the Snowden revelations. No, one of the main issues is that even after such a major incident, … Continue reading Your email server should ensure encrypted communication and messaging only
Emergency WAN connectivity to ensure business continuity
Probably The coolest thing in cyber security is that you constantly learn. On a conference I was speaking up I was asked by an attendee in my audience, and after my talk whether I could answer him a very confidential question. Turns out the guy was the CISO Of an oil and gas company, and … Continue reading Emergency WAN connectivity to ensure business continuity
Is your cloud service provider contactable in case of crisis?
Probably one of the most interesting questions to ask when reviewing a cyber crisis reaction document is the phone number of the cloud hosting platform that is chosen to be the one to store the back ups of all critical systems of an organization. Chances are that the survival of your company relies on this … Continue reading Is your cloud service provider contactable in case of crisis?
Why you need on-location and co-location backups and why they should be encrypted
I hope I will be stating the obvious in this post; but I have seen so many things going wrong that I will risk repeating myself! On location back ups are totally cool! They are directly connected to your ethernet, have blazing accessibility rate, superb file transfer speeds, and a variety of other bills and … Continue reading Why you need on-location and co-location backups and why they should be encrypted
New encryption law: Australia first Orwellian state?
The full impact of Australia's new law to crack down on encryption is still unknown. From what can be read currently, and currently available information the very broad and vague law is introduced to request the assistance of technology companies storing data in the country to make it available for law-enforcement. And the vagueness … Continue reading New encryption law: Australia first Orwellian state?
You seriously have to regularly upgrade your printer firmware!
When I heard this argument for the first time over a decade ago I thought it would never be a thing. I was to be proved wrong! A few years ago, I was hired to figure out how a perpetrator got into a corporate network. Like so often, my blue-chip/fortune 500 colleagues had failed to … Continue reading You seriously have to regularly upgrade your printer firmware!
Why you need a patch and update policy, and protocol
Here is an example of why it's a pretty good idea to have an update policy in place...
Protecting your organisation from the risk of social engineering
Humans are still the weakest link in cyber security, and they lack training to become aware of the risks. This is a very good example.
Protecting your organisation from CEO fraud
One of the most costly cyber threats/risks is CEO fraud.
Project: Advanced Cybersecurity Risk Assessment Checklist
What is the "Advanced Cybersecurity Risk Assessment Checklist" (ACRAC)?ACRAC allows any organisation to assess a status quo of their cybersecurity. It's a thorough, and constantly updated checklist to reduce common cyber threats organisations are confronted with. Its goal is to raise awareness for vulnerabilities, thereby neutralising a majority of threat vectors an organisation sees itself … Continue reading Project: Advanced Cybersecurity Risk Assessment Checklist
What is the best password strategy to pursue?
When it comes to passwords, there are many opinions. However, a save passwords strategy doesn’t have to be so complex that you cannot remember the password you entered. Instead it is about choosing passphrases which are easy to remember for the human mind.
Is your organizations data valuable to outside threats?
Whether or not your organizations data as valuable to outsiders depends heavily on what business you're in. Generally said, your organizations data is valuable :period. There is an ever increasing amounts of data being taken from paper, and digitized. Therefore they are not only victim to attempts of corporate espionage, but also to data collection … Continue reading Is your organizations data valuable to outside threats?
What’s the difference between risk, vulnerability, and threat in cyber security?
Differentiating the terms risk, vulnerability, and threat is quite difficult in a cyber security setting. This post intends to give a clear outline.
How do you handle antivirus alerts
Antivirus incidents are quite common. But there are special, and effective ways to handle them.
Removable media control, Endpoint security and The Problem of transportability of data
Removable media still presents one of the greatest threats; this post outlines one solution of how to deal with it properly.
Cyber insurance versus insurance companies
Cyber insurance is becoming every increasingly important product for most organizations. Finding an insurance policy, and an underwriter to understand the risk is very difficult.
Cyber Insurance: What is a DDoS attack and how to mitigate it?
DDoS attacks are still a thing. But they are also easy to mitigate. Here is how, and an interesting discussion about the topic.
Finding your next employer on the dark web?
With a potential bandwidth of the deep web increasing, it turns more and more into a profitable marketplace. Most recently, employers have sprung up, looking for qualified personnel. Work without the pension scheme’s, 9 to 5, and other inhibiting factors.
About John Cryan and the nonsense of the cashless society
Cache currency is a blessing for law-enforcement because it allows them to trace back the origins to a crime. When criminals are forced to resort to crypto currency, the game changes.
Mitigating sophisticated phishing attacks
The next generation of phishing attacks is there. Brace yourselves, and mitigate!