Richard Henderson, The Global Security Strategist for Absolute, and I spoke about the global Ransomware threat, its prevention, and what to do if you’re victimized by an attack. Richard and I disagree a bit on what you should do if you’re a Ransomware victim. I say that you should never pay. He says that there are circumstances where it makes more sense to pay the ransom.
I write the introductory column for ADMIN magazine and in the most recent issue (Number 40), I wrote about this very topic. I titled it, “Feeding Seagulls is Wrong.” It is a light-hearted look at feeding seagulls, which I compare to ransomware writers. To me, paying ransomware writers is like feeding seagulls: You’re down a bag of Cheetos (Some amount of Bitcoin) and the seagulls (Ransomware writers) are never satisfied.
Listen to the podcast. Read my column. Make a decision. And feel free to tweet me @kenhess to start a discussion.
Length: 24:11 minutes. Format: MP3. Rating: G for all audiences.
Copyright 2017 The SecurityNOW Podcast Show. CC BY.
Greetings SSH fans. Preston and I had the pleasure of speaking with SSH Communications Security founder Tatu Ylönen about keyless access and how system administrators and system security professionals should “manage access, not keys” when using the SSH protocol.
Preston and I debate the security of a decision to use passwordless and keyless access. During the call, we asked how to implement keyless access and what the deployment looks like to a system administrator. Preston and I are both system administrators, so we are definitely interested in the ins-and-outs of deployment.
As always, Tatu is very engaging and extremely knowledgeable about the topic of security, SSH, and access management.
Length: 15:52 minutes. Format: MP3. Rating: G for all audiences.
Preston and I had the pleasure of speaking with, Dr. Jerald “Jerry” Dawkins, the CEO and founder of True Digital Security, the premier local security company here in Tulsa, Oklahoma. For this one, I stayed behind the scenes (literally) and Preston took the solo spotlight for this rare interview with Dr. Dawkins. This podcast is actually the audio extract from the video (Coming soon) we captured during the interview. True Digital Security is headquartered in Tulsa but has offices in Tulsa and Oklahoma City and cover clients globally.
Jerry and Preston discuss passwords, compliance issues, security pain points, and how to engage True Digital Security for your corporate security needs. This is a special focus on a growing company of security experts who are ready to help you navigate HIPAA, PCI, FFIEC, NERC CIP, and your other corporate security requirements and needs.
I think you’ll agree that after listening to this interview that Dr. Dawkins and his team knows security. You’ll also agree that this discussion is far too short. We hope to have Jerry and other True Digital Security folks on the show in the future so that you can get to know the whole team.
Length: 22:12 minutes. Format: MP3. Rating: G for all audiences.
The old saying goes, “Give a man a fish and he feasts for a day; teach him to phish and he becomes a rich cybercriminal who retires at 30.” OK, so maybe it doesn’t go exactly like that, but I think you get the idea that phishing is bad for the majority of us who aren’t making a profit from other people’s pains. Phishing is the act of sending out email messages that look legitimate but whose only purpose is to get your banking, credit card, social media, or other online credentials in order to steal money from you.
Markus Jakobssen, a researcher at Agari, gives us his perspective on this trend that can cost larger companies millions of dollars. Markus tells us why phishing scams are so successful and what we can do to protect ourselves from this criminal trespass into our personal accounts and online identities. If you’ve been the victim of a phishing attack, you know how expensive it can be in trying to repair the damage that a single email message can have. Listen carefully to the podcast to find out what you can do to fight against this growing threat.
Length: 17:54 minutes. Format: MP3. Rating: G for all audiences.
If you have an idea for a podcast or someone who’d like to be on the show, use the Contact Form and we’ll be glad to discuss.
Preston and I visited our favorite Tuesday landing for this May overview where we briefly discuss what to do after you discover a breach, a compromise, a hack, or a ransomware infection on your network. My advice is “Don’t Panic.” Preston has more, and probably better, advice. One of the things you need to do is know what’s on your network, know what’s supposed to be on your network, and to establish a security baseline.
A security baseline is a starting point from which you will judge your systems from now on. Scan everything with anti-malware scanners. Clean up any infections. Plug security holes. Update your systems. And that is your baseline–a clean, uninfected, uncompromised network. It will be easier in the future to discover breaches if you know what’s going on now and keep track along the way. This short podcast is a topic of a longer, more in-depth future podcast.
Length: 6:42. Format: MP3. Rating: G for all audiences.
All podcasts are Safe for Work and school and are licensed CC BY.
Preston and I got together to talk about March 1-5 2017. It wasn’t a full week but it was the first week of March, so we’re calling it good on that front. We discussed our podcast with Morey Haber of BeyondTrust and the worst breaches of 2016; current scams including the malware package that you can purchase for $400, well, the equivalent of $400 in Bitcoin that is; the current lack of fidelity in our awesome Oklahoma state’s cybersecurity website; the cybersecurity crisis as described by Symantec CEO Greg Clark; the fact that 39 percent of North Americans have been affected by cybersecurity breaches, and a few other topics of interest.
We also included some practical takeaways for you to use in meeting your own cybersecurity needs. Keeping yourself safe is more than just having a fancy password; it also means that you need to be vigilant in checking your surroundings when typing PINs, entering passwords into your phone or personal computer, and protecting your credit card information.
Complacency and negligence are the two biggest vulnerabilities in security. There’s this “air of trust” and there really shouldn’t be. You don’t have to be fully paranoid but a little paranoia and a lot of vigilance will help keep you safe–not only in the online world but also in the real world. For physical security, you should always be aware of your surroundings. Lock your doors, lock your windows, and have your key ready when you get to your door.
Length: 17:36 minutes. Format: MP3. Rating: G for all audiences.
Thanks for reading and for listening. Please give us feedback and any topics of interest or companies you’d like to hear about.
In our podcast, we cover the worst breaches plus additional content related to how to protect yourself from such breaches. Morey also mentions how BeyondTrust’s products can help protect you and your data.
Length: 21:30 minutes. Format: MP3. Rating: G for all audiences.