Heidi Shadid of the Eller & Detrich Law Firm and I sat down for an interview that covered several aspects of Cybersecurity Law. We discussed how to engage her firm, what to do after a hack or breach, and what your responsibilities are for reporting a breach. Ms. Shadid is an Attorney with the Eller & Detrich Law Firm in Tulsa, Oklahoma and includes Cybersecurity Law in her practice.
Her practice encompasses the following specialties:
Preston and I took a few minutes to recap the year so far in cybersecurity and to catch you up on what’s going on with breaches, security tips, and ransomware. We have a lengthy (for us) conversation that covers all things cybersecurity for the first half of 2017 and all that it had to offer. I want you to pay particular attention to my five rules concerning ransomware. Please take this advice as wisdom from not only Preston and myself but from other cybersecurity professionals as well.
Length: 33:56 minutes. Format: MP3. Rating: G for all audiences.
Preston and I had the pleasure of speaking with, Dr. Jerald “Jerry” Dawkins, the CEO and founder of True Digital Security, the premier local security company here in Tulsa, Oklahoma. For this one, I stayed behind the scenes (literally) and Preston took the solo spotlight for this rare interview with Dr. Dawkins. This podcast is actually the audio extract from the video (Coming soon) we captured during the interview. True Digital Security is headquartered in Tulsa but has offices in Tulsa and Oklahoma City and cover clients globally.
Jerry and Preston discuss passwords, compliance issues, security pain points, and how to engage True Digital Security for your corporate security needs. This is a special focus on a growing company of security experts who are ready to help you navigate HIPAA, PCI, FFIEC, NERC CIP, and your other corporate security requirements and needs.
I think you’ll agree that after listening to this interview that Dr. Dawkins and his team knows security. You’ll also agree that this discussion is far too short. We hope to have Jerry and other True Digital Security folks on the show in the future so that you can get to know the whole team.
Length: 22:12 minutes. Format: MP3. Rating: G for all audiences.
Preston and I visited our favorite Tuesday landing for this May overview where we briefly discuss what to do after you discover a breach, a compromise, a hack, or a ransomware infection on your network. My advice is “Don’t Panic.” Preston has more, and probably better, advice. One of the things you need to do is know what’s on your network, know what’s supposed to be on your network, and to establish a security baseline.
A security baseline is a starting point from which you will judge your systems from now on. Scan everything with anti-malware scanners. Clean up any infections. Plug security holes. Update your systems. And that is your baseline–a clean, uninfected, uncompromised network. It will be easier in the future to discover breaches if you know what’s going on now and keep track along the way. This short podcast is a topic of a longer, more in-depth future podcast.
Length: 6:42. Format: MP3. Rating: G for all audiences.
All podcasts are Safe for Work and school and are licensed CC BY.
Preston and I had the rare honor of speaking with SSH Communications founder, Tatu Ylönen about IoT device security. For those of you who don’t know, Tatu Ylönen is the inventor and original programmer of the SSH protocol. There’s absolutely no one in the world more qualified to speak on security than Tatu.
He single-handedly protected us all from plain text transmissions and essentially destroyed the old Telnet protocol for good. In this podcast, we discuss the importance of IoT security. IoT security has traditionally been ignored because the few devices that existed weren’t particularly vulnerable to hacking either because no one cared or no one had access to the hardware and software to do so. That’s no longer true. Everyone has access to exploitation tools and the time for focusing on a more secure IoT has arrived.
For IoT manufacturers, you should listen carefully to Tatu’s advice and insights. Some of these devices and networks carry high-value data, including possibly personal data and that needs to be protected.
Length: 14:43 minutes. Format: MP3. Rating: G for all audiences.
A special thanks to Tatu Ylönen and to the Nadel Phelan agency for connecting us.
You might remember Richard Henderson, Absolute’s Global Security Strategist from our March 21, 2017, podcast covering Enterprise Security Trends. Richard joins us again to discuss what to do after you discover a breach and why the first 48 hours are so important. You’ll also hear Preston and me disagree about first steps to take after you discover a breach.
In this podcast, Richard gives us an overview of how companies should handle breach announcements, responsibility for breaches, and his best advice for companies that have experienced a breach.
Length: 20:31 minutes. Format: MP3. Rating: G for all audiences.
We’re hoping that Richard will continue to join us on a regular basis to discuss timely security topics that affect you and your business operations. If you have questions that you’d like to have us ask Richard or any of our guests, please use the Contact Form and let us know. We’re also open to new show topics and guests.
In this podcast, Preston, our guest John Michelsen, CPO of Zimperium, and I discuss mobile security and extrapolate what’s happening in that space to what’s happening, and about to happen, with IoT security. We touch on monitoring, general security, costs, and the bigger problem of security implementation on devices that until recently were used based on an “air of trust.”
April is our “Month of Preventing Surprises” and this podcast kicks off that topic for The SecurityNOW Show. How awkward would it be to move headlong into a large IoT implementation only to realize that someone has easily hacked your devices and siphoned off your data? Surprise!
Mobile security has come a long way in the past two years with the adoption of higher security measures from vendors and third parties, such as per-app VPN, two-factor authentication, and containerization. IoT vendors will have to step up and enable encryption, use multi-factor authentication, and wipe or brick devices that have been compromised or moved. The Internet of Things may very well be security’s biggest challenge yet, not only because of the sheer numbers of devices but also because of device diversity.
Preston, John, and I just touch the surface of these topics in this podcast but stay tuned for more from all three of us on IoT security.
Length: 20:45 minutes. Format: MP3. Rating: G for all audiences.