Tuesday, November 14, 2017

It's All About the Squirrels!

   Did you know that in 2016 there were more selfie-related deaths than shark-related deaths?  Same is true in 2015.  We'll see what happens in 2017!

   That might seem counter-intuitive.  And that's exactly the point... we are programmed through evolution to focus on the sensational risks.

   We've been hearing plenty about cyber-war and state-sponsored attacks.  These are big and scary things.  It seems that the power grid is a key target.  Well, it turns out that cyber attack is not the top issue that effects the power grid.  Not even close.  And what's a more serious and regular threat???  Squirrels!  No, that's not a joke.

Here's a great presentation at this year's ShmooCon, an annual security conference:


   But here's the point of all this... while it's fun to laugh at, or dislike, squirrels, there's an important lesson here.  We do need to speculate and consider the future when conducting risk assessments.  But we also need to have strong focus on reality!  That means assuring you are considering mundane, but very real threats and vulnerabilities that are actually happening.  It's far to easy for us to focus on high impact, very low likelihood events to the exclusion of those high-probability, common attacks like phishing.

   So skip the sharks and watch out for the squirrels!

Tuesday, October 31, 2017

Easy as 1-2-3

   It's US Cyber Security Month and the key themes I've been discussing here for years are very bit as relevant today.  In honor of Cyber Security Month I'm re-running a post from 2016.  The more things change, the more they stay the same.  Happy Cyber Security Month!

   Well, I was trying for something catchy like Stop, Drop and Roll.  That's a saying we learned in school, back in the day, for what you should do if your clothes catch on fire.

   Fortunately, it seems like everyone has heard that saying and it rolls off the tongue.

   Unfortunately, my three word phrase Patch, Vault and Fob, is not nearly as catchy.

   Fortunately, the odds of your clothes catching on fire is low.

   Unfortunately, the odds of your software, browsers or accounts being compromised is very high.

   A couple of weeks ago the internet was hit with the highly impact-full and publicized distributed denial of service (DDoS) attack on Dyn, a DNS provider.  I won't go into the details here but I think I will cover DDoS in a future post.  Anyway, shortly after that I was chatting with someone at a dinner who asked me about this attack, internet safety in general and what they could do.  To keep it simple and because, as a math person I like things in 3's!, I provided these 3 simple (well, maybe straight-forward is more accurate) things that absolutely everyone should do at home...

Tuesday, October 24, 2017

Internet Safety for our Parents

   It's US Cyber Security Month and the key themes I've been discussing here for years are very bit as relevant today.  In honor of Cyber Security Month I'm re-running a post from 2016.  The more things change, the more they stay the same.  Happy Cyber Security Month!


   I've written about Internet safety for families, kids, teens and I've even spoken on safety for pre-schoolers.  But it's important to think about online safety for parents as well.

   That's true both for parents of young children was well seniors with grown children.  The safety challenges for seniors are similar but there are some differences.  They may not be as familiar with technology and, according to the FBI:
  • they are often financially secure and/or have good credit
  • they may be more trusting and they don't think they'd be a target
   This article by the AARP lists some common scams against seniors including some we've discussed like fake Microsoft support calls or IRS-related tax fraud.

   What got me thinking about this topic was a great article entitled "10 Ways to Help Our Parents With Online Security".  The article touches on a number of themes we've discussed in the past.  I'll list the 10 items with links back to some past editions of this blog - typically they:
  1. don't think they have anything worth stealing
  2. have bad password habits - just like most people
  3. are confused by 2-factor authentication - something we all should use
  4. leave mobile devices unattended and without security measures
  5. don't recognize phishing emails
  6. don't understand social media and how it can be used in scams
  7. share too much information
  8. can be manipulated by online media
  9. place too much trust in an anti-virus product
  10. don't understand how sophisticated scams and attacks can be
   In what ways can you help your parents stay safe online?

Tuesday, October 17, 2017

Still Can't Live With 'Em


   It's US Cyber Security Month and, like clockwork, we have Yahoo! in the news again telling us that the worst case from the past just keeps getting worster (I can make up words, can't I??? :-).  They are now counting their breached accounts at over 3 billion!  How many people are there in the world these days?...  Last year at this time, they announced the breach of 500 million Yahoo! account passwords and other info (while announced in 2016, the breach actually took place in 2014, and is not the same as the password breach they had in 2012! - yes, I know... it's hard to keep up!).  In honor of both Cyber Security Month and Yahoo!, I'm re-running a post I wrote in... wait for it... 2012!  Not only is everything I wrote in that post 100% relevant today, but I even commented on that 2012 Yahoo! breach.  The more things change, the more they stay the same.  Happy Cyber Security Month!


   They're dead.  They're here to stay.

   They're safe.  They're breached.

   They're encrypted.  They're visible.

   They're complex.  They're too simple.

   Once again, the topic we love to hate... Passwords!  And, you know what else???  It's also that greatest of holiday celebrations... US Cyber Security Month!

   Passwords are a mess!  A "good" password has these features:
  • hard to create
  • hard to remember
  • hard to enter
  • probably has to be changed as soon as you memorize it
  • plus other inconsistent, random rules depending upon the site

   Perfect!

Tuesday, October 3, 2017

Thoughts about Change

   We've all heard the cliche, the only thing that is constant is change.  Many of our organizations are undergoing all kinds of change.  We may have professional changes.  And, of course, there are personal or life changes.

   Sometimes you have control over changes - they can be choices.  Sometimes you don't have control over the change.  But you do have control over how you respond to change.

I've spoken with many people whose organizations are undergoing change.  That can lead to some uncertainty, but that is not necessarily a bad thing.  It's really just something new.  And change often brings opportunity!

   One model that can be used to help people through change is the Bridges Model of Transition.  Bridges defines a transition path that begins when a change is announced or recognized. and ends when people are successfully in the changed state.  The key is what happens in between!  Bridges describes 3 stages that people must move through.
  1. Letting Go - this means both understanding and coming to terms with the change.  It can be characterized by fear or other negative emotions.  Leaders can help by communicating, listening, and empathizing.  Recognize that different people change at different rates.  Individuals can help by talking things through with their leaders.
  2. The Neutral Zone - this occurs once people get past their initial reaction to change.  This can be a period of uncertainty.  Leaders can help by providing direction and continuing to communicate.
  3. The New Beginning - this occurs when the organization has arrived at the new state.  Since people do change at different rates, all team members may not arrive here together. Leaders can help by recognizing the state of team, providing extra direction where needed, and celebrating successes of the transition.
   I've been thinking about the topic of change for a couple of reasons.  First, my current organization is undergoing the change of integrating in a new organization.  This is actually a great synergy and creates many great opportunities both for the business and for individuals.  But as we discussed above, change affects different people differently.

   In addition, I'll be undergoing my own change soon as I transition to a new and exciting opportunity!

   Thank you to all my current colleagues for their partnership and support!  I know our paths will cross in the future.

Tuesday, September 19, 2017

Equi-Fail!

   Or maybe we should say Equi-Fiasco!

   By now you've certainly heard about the Equifax breach including leaked social security numbers and other personal information on over 143 million people.  And there's plenty more info to come with this one as the facts continue to get uncovered.

   I certainly don't mean to be jumping on the bandwagon here.  There has already been so much coverage of this breach, but it is a big deal.  And, while I've seen a number of articles on what to do now, I haven't seen any that really cover everything you must do to protect yourself.

   Let's do that now!

   The bottom line is this... it's 2017... no one can or will protect your personal information.  You must take appropriate steps to protect yourself.  And here they are... in no particular order... the top-10 things you should do to protect your personal and financial information:

Tuesday, September 5, 2017

I Have Neither Read Nor Understood

   The site masthead starts out with the statement:“I have read and agree to the Terms” is the biggest lie on the web. We aim to fix that.

   This is the lead statement on the tosdr.org website.  tosdr is an acronym for "Terms of Service; Didn't Read".  It's a play on words (play on acronyms? :-)) of tl;dr, Too Long; Didn't Read.  tl;dr has been a term floating around the interwebs for many years.  It simply expresses a sentiment that many people can relate to... that we're busy, so when there is a long article, post, whitepaper, document, documentation, etc., we might just not read it.  That also leads to the idea of the tl;dr version, i.e. executive summary!

   Clearly, Terms of Service statements fit into this category.  They tend to be exceedingly long.  They are often written FLBL (For Lawyers, By Lawyers)! :-)  You see them all over the place... on your bank's website, on social media sites, when you sign up for just about any kind of service, and with just about every app you install.

   So, if no one reads them, what's the problem?  Like a contract, the Terms of Service or EULA (End User License Agreement) provides some very important information.  For example, it may cover:
  • how the app, website or company can use your personal data;
  • if the site can sell your data,
  • whether or not you own any content you upload (such as to a social media site);
  • how, when, how much you can use the app, service or website;
  • if the site can charge you money, either one time or ongoing;
  • if you have any rights to seek damages against the company if you don't like how they conduct business
  • and more...