SSH Communications Founder Tatu Ylönen Speaks on IoT Security (Podcast)

SSH CommunicationsPreston and I had the rare honor of speaking with SSH Communications founder, Tatu Ylönen about IoT device security. For those of you who don’t know, Tatu Ylönen is the inventor and original programmer of the SSH protocol. There’s absolutely no one in the world more qualified to speak on security than Tatu.

Tatu YlönenHe single-handedly protected us all from plain text transmissions and essentially destroyed the old Telnet protocol for good. In this podcast, we discuss the importance of IoT security. IoT security has traditionally been ignored because the few devices that existed weren’t particularly vulnerable to hacking either because no one cared or no one had access to the hardware and software to do so. That’s no longer true. Everyone has access to exploitation tools and the time for focusing on a more secure IoT has arrived.

For IoT manufacturers, you should listen carefully to Tatu’s advice and insights. Some of these devices and networks carry high-value data, including possibly personal data and that needs to be protected.

Podcast details:

Length: 14:43 minutes. Format: MP3. Rating: G for all audiences.

A special thanks to Tatu Ylönen and to the Nadel Phelan agency for connecting us.

The New NIST Password Guidelines with Absolute’s Richard Henderson (Podcast)

AbsolutePreston and I discussed the new NIST password guidelines with our regular guest, Richard Henderson of Absolute. In this podcast, we cover the guidelines and what they might mean to you, especially if you’re a web application developer. If you’re not a developer, you might still have an opinion as a user. The new guidelines are a very positive step forward for government agencies and for private ones as well. Password security has been taken for granted for too long but can no longer be ignored. Security experts can spout all the best practices that they can think of but those best practices are only good if they’re put into practice.

We also discuss the costs that might arise from retrofitting current applications vs. tackling the problem from the beginning. Richard has some very important insights to consider when going forward with these guidelines.

Podcast details.

Length: 28:20 minutes. Format: MP3. Rating: G for all audiences.

What To Do in the First 48 Hours After a Breach with Absolute’s Richard Henderson (Podcast)

AbsoluteYou might remember Richard Henderson, Absolute’s Global Security Strategist from our March 21, 2017, podcast covering Enterprise Security Trends. Richard joins us again to discuss what to do after you discover a breach and why the first 48 hours are so important. You’ll also hear Preston and me disagree about first steps to take after you discover a breach.

In this podcast, Richard gives us an overview of how companies should handle breach announcements, responsibility for breaches, and his best advice for companies that have experienced a breach.

Podcast details:

Length: 20:31 minutes. Format: MP3. Rating: G for all audiences.

We’re hoping that Richard will continue to join us on a regular basis to discuss timely security topics that affect you and your business operations. If you have questions that you’d like to have us ask Richard or any of our guests, please use the Contact Form and let us know. We’re also open to new show topics and guests.

Data Protection and Security with Commvault’s Don Foster (Podcast)

CommVaultPreston and I had a good discussion with Commvault‘s Senior Director of Product Management, Don Foster. When most people, and possibly you, think of Commvault, you think backup and restore. But Commvault is much more than simple backup and restore activities; it covers the entire gamut of data protection for your business. Commvault is a common word for IT old-timers and newcomers alike since it’s been around for 30 years.

In this podcast, we cover data protection as it relates to backup, restore, business continuity, recovery, and more. Data protection is a company’s consistent defense against theft, data exfiltration, data loss, insider threats, ransomware, and disasters. Disaster recovery is another huge chunk of what Commvault does. We touch on every aspect of enterprise data protection in this podcast.

You have to remember that not all security topics deal with passwords, encryption, and policies–some of it has to do with the actual mechanics of protecting your data. Think disaster recovery.

Think about what Commvault offers you. We’ve all had backups and restores fail on us–even after multiple checks. What Commvault offers is the assurance that your data doesn’t have to be restored to its original backup point to be readable and usable, when the worst happens. Don explains this service further in the podcast. We also cover mobile data protection in the podcast. This one is a few minutes longer than our average podcast but I think you’ll agree that your time will be well spent by listening to it.

Podcast Details:

Length: 27:45 minutes. Format: MP3. Rating: G. License: CC BY.

Contact Commvault for more information.

IoT and Mobile Security with Zimperium CPO John Michelsen (Podcast)

ZimperiumIn this podcast, Preston, our guest John Michelsen, CPO of Zimperium, and I discuss mobile security and extrapolate what’s happening in that space to what’s happening, and about to happen, with IoT security. We touch on monitoring, general security, costs, and the bigger problem of security implementation on devices that until recently were used based on an “air of trust.”

April is our “Month of Preventing Surprises” and this podcast kicks off that topic for The SecurityNOW Show. How awkward would it be to move headlong into a large IoT implementation only to realize that someone has easily hacked your devices and siphoned off your data? Surprise!

Mobile security has come a long way in the past two years with the adoption of higher security measures from vendors and third parties, such as per-app VPN, two-factor authentication, and containerization. IoT vendors will have to step up and enable encryption, use multi-factor authentication, and wipe or brick devices that have been compromised or moved. The Internet of Things may very well be security’s biggest challenge yet, not only because of the sheer numbers of devices but also because of device diversity.

Preston, John, and I just touch the surface of these topics in this podcast but stay tuned for more from all three of us on IoT security.

Podcast details:

Length: 20:45 minutes. Format: MP3. Rating: G for all audiences.

Licensed CC BY (2017)

A SecurityNOW Less Than Private Privacy Discussion (Podcast)

Privacy PleasePreston and I decided to discuss the latest in privacy at Shiloh’s Restaurant in Broken Arrow a few days ago. As you’ll hear on the podcast, we perhaps needed more privacy. I apologize for the background noise but you can think of it as a lesson in security in that our conversation at times was obfuscated by surrounding conversations and music that didn’t seem to start playing until we hit the Record button. Such is life. We deal with our surroundings all the time, which makes me believe that our choice of venue for this podcast was the perfect setting to have a conversation on privacy. It works on many levels.

During our talk, Preston and I ponder the outcome of the Congressional decision to remove current privacy legislation and put it firmly in the hands of someone grossly unqualified to make such a decision. In any case, I think we need to join together in embracing privacy much like the EU has with GDPR, which we’ve discussed in another podcast.

Stay tuned for more commentary as the situation develops.

Podcast details:

Length: 19:26 minutes. Format: MP3. Rating: G for all audiences.

Seriously, please write your Congressman and your Senators about this. It’s too important to leave in unqualified hands.

SecurityNOW’s Cybersecurity Tips of the Week – March 31, 2017

TipsPasswords, they used to say, are like toothbrushes–don’t share them and change them often. Indeed that rule is still true but security is more than just changing your passwords often and keeping them to yourself. Passwords, unfortunately, are our first line of defense in protecting our online accounts, our identities, and our transactions. Passwords should be as long and as complex as possible, which is why you should use a password manager such as LastPass. LastPass will generate a random, long, and complex password that you don’t have to remember because it remembers them for you. There’s only two things you have to remember when you use LastPass: logoff of LastPass before you leave your computer and the LastPass master password.

And since passwords aren’t your only defense in this cyber-connected and unsafe world, I’m providing a list of tips to help keep you safe and secure during your online excursions. Read and heed.

  1. Use the screen lock feature of your phones, tablets, and computers.
  2. Use a random non-guessable passcode for unlocking screens.
  3. Use a password manager.
  4. Use different passwords for each online account (saved in your password manager)
  5. Install all hardware and software updates as they’re presented.
  6. Only install apps from the app store and only those that have many good reviews.
  7. Turn off tracking from your apps.
  8. Use a VPN or your cellular network in public places.
  9. Keep phone conversations private.
  10. Perform online banking in private.
  11. Use two-factor authentication on social media and financial sites.
  12. Cover your device when entering passwords.

I know these are tips that you read and hear all the time but you need to remember them at all times. There is no trusted public environment and a secured WiFi connection is no guarantee of security. Anyone can setup a WiFi connection and supply a common password to it.

If you ever have questions about cybersecurity, use our contact page to ask your questions. We will reply.