Online Shopping Hazards with guest WWPass VP of Strategy Perry Chaffee

Perry Chaffee of WWPassPerry Chaffee, WWPass VP of Strategy, and I turn our attention toward online shopping because it is the holiday shopping season and security is a big concern, or should be, for anyone making online purchases. You don’t want your shopping experience to be tainted with unusual charges, identity theft, or account compromise of any kind. For these reasons, you need to be aware of your shopping experience and your security.

Here are a few guidelines that Perry and I talk about during the podcast:

  1. Use a strong password.
  2. Use a password manager.
  3. Use a credit card rather than a debit card for purchases.
  4. Enable two-factor authentication for better security.
  5. Before entering passwords or credit card information, look for the https in your browser’s URL.
  6. Close your browser after shopping on a site and reopen it for your next purchase.
  7. Be sure that the site you’re on is the one you want to use.
  8. Never give anyone your password over the phone.
  9. Be VERY careful of links embedded in emails as they can look very similar to real sites.
  10. Be aware of your surroundings and don’t speak your credit card information out loud in public places.

WWPassThis is not a sponsored podcast but WWPass is a commercial security solution for individuals and businesses to help keep all your online transactions and shopping experiences secure.

Length: 18:02 minutes. Format: MP3. Rating: G

Please contact us for sponsorships, sponsored posts, and videocasts.

Copyright 2017 The SecurityNOW Podcast Show. License: CC BY.

Absolute’s Global Security Strategist Richard Henderson discusses 2018’s Security Threats

Richard HendersonRecurring guest Richard Henderson (Global Security Strategist for Absolute) and I discuss what we think are the greatest threats to security in 2018. We ponder ransomware, standard threats, cryptocurrencies, and other advanced persistent threats.  Richard and I agree that 2018 will be another significant security threat year. One thing to note is that while attackers are more persistent, there are some threats that are actually waning such as certain types of ransomware, viruses, and malware that’s easily stopped by smarter browsers, host-based firewalls, and operating system security. That said, we don’t expect attacks to decrease in 2018.

As always, our podcasts are licensed CC BY and are rated G for all audiences and venues.

Length: 29:07 minutes. Format: MP3. Rating: G.

Please contact us for sponsorships, sponsored posts, and videocasts.

ClearSky Data CTO and Co-founder Laz Vekiarides Discusses a New Approach to Cloud Storage

Laz VekiaridesLaz Vekiarides, CTO and Co-founder of ClearSky Data and I discuss a new approach to cloud storage–which deprecates the old 3-2-1 rule of making backups. Every year businesses consume more and more expensive disk space to copy, re-copy, and store data as backups, as disaster recovery, and for archival purposes. Preventing that waste is the main thrust of ClearSky Data’s primary storage, cloud backup, and disaster recovery solutions. The service is elastic and uses a “pay-as-you-use” philosophy.

Laz explains why this solution is more economical for your business and also makes your business more resilient to failure. We discuss a paradigm shift in backup methodology and the importance of business continuity.

Podcast details:

Length: 21:36 minutes. Format: MP3. Rating: G for all audiences.

ClearSky allows enterprises to access all data wherever it’s needed, on-prem or in the cloud, without ever needing to replicate the data. That’s right, no more making copies. The ClearSky service is fully elastic; pay for only what you use and scale up or down on-demand.

Copyright 2017 The SecurityNOW Podcast Show. License: CC BY.

A Ransomware Discussion with Absolute’s Richard Henderson (Podcast)

RansomwareRichard Henderson, The Global Security Strategist for Absolute, and I spoke about the global Ransomware threat, its prevention, and what to do if you’re victimized by an attack. Richard and I disagree a bit on what you should do if you’re a Ransomware victim. I say that you should never pay. He says that there are circumstances where it makes more sense to pay the ransom.

I write the introductory column for ADMIN magazine and in the most recent issue (Number 40), I wrote about this very topic. I titled it, “Feeding Seagulls is Wrong.” It is a light-hearted look at feeding seagulls, which I compare to ransomware writers. To me, paying ransomware writers is like feeding seagulls: You’re down a bag of Cheetos (Some amount of Bitcoin) and the seagulls (Ransomware writers) are never satisfied.

Listen to the podcast. Read my column. Make a decision. And feel free to tweet me @kenhess to start a discussion.

Podcast details:

Length: 24:11 minutes. Format: MP3. Rating: G for all audiences.

Copyright 2017 The SecurityNOW Podcast Show. CC BY.

“Manage Access, Not Keys” with Tatu Ylönen (Podcast)

SSH CommunicationsGreetings SSH fans. Preston and I had the pleasure of speaking with SSH Communications Security founder Tatu Ylönen about keyless access and how system administrators and system security professionals should “manage access, not keys” when using the SSH protocol.

Preston and I debate the security of a decision to use passwordless and keyless access. During the call, we asked how to implement keyless access and what the deployment looks like to a system administrator. Preston and I are both system administrators, so we are definitely interested in the ins-and-outs of deployment.

Tatu YlönenAs always, Tatu is very engaging and extremely knowledgeable about the topic of security, SSH, and access management.

Podcast details:

Length: 15:52 minutes. Format: MP3. Rating: G for all audiences.

Copyright 2017 SecurityNOW. License: CC BY.

Cybersecurity Law with Heidi L. Shadid, Attorney at Law (Video)

Eller & DetrichHeidi Shadid of the Eller & Detrich Law Firm and I sat down for an interview that covered several aspects of Cybersecurity Law. We discussed how to engage her firm, what to do after a hack or breach, and what your responsibilities are for reporting a breach. Ms. Shadid is an Attorney with the Eller & Detrich Law Firm in Tulsa, Oklahoma and includes Cybersecurity Law in her practice.

Her practice encompasses the following specialties:

Core areas of practice and experience

  • General Civil Litigation
  • Business Litigation
  • Construction Litigation
  • Employment Disputes
  • Cybersecurity Risk Management

Bar admissions

  • Oklahoma, 2010
  • Missouri, 2009
  • Kansas, 2009
  • U.S. District Court, Northern, Eastern & Western Districts of Oklahoma
  • U.S. District Court, District of Kansas
  • U.S. District Court, Western District of Missouri
  • U.S. District Court, District of Colorado
  • U.S. Court of Appeals, Tenth Circuit

Copyright 2017 SecurityNOW – License: CC BY

Protecting Your Cyberlife

By Preston Smith

How significant are foreign hacks and cyber threats to the average person?

Does the thought of foreign hackers enter our daily lives?

Does anyone stop and think, “Wow, right now there are possibly thousands of entities trying to break into my cyberlife.”?

Don’t make the mistake of thinking it’s just the work side of your cyberlife that they’re trying to gain access to. There may be more information from an organization, but if they can get even a little bit of your personal information, they’re going to try and get it!
Most of the time it isn’t even people who are testing and trying out ways to get into information. Often, it’s just a bot trying any IP addresses that it can reach. If a bot hits an IP address and receives an open request for a login, that response forwards onto the next bot that attempts to guess login credentials. Then that bot keeps trying, following whatever “might” be a logical limit (if the owner or admin bothered to set that option) on login attempts, so as not to lock out the account until it gains access.

A bot doesn’t care about how quickly it can access an account.; it can be very patient, especially since few, if anyone, checks access to accounts or, heaven forbid, to regularly change passwords! Of course, once a bot successfully logs in, it probably gives notification to the organization (or to the country) that started the bot so that the attacker can infiltrate and either place Stealth viruses or another bot to collect information, onto compromised systems.
The really challenging bots are some that have learned to hide on our systems. They collect everything about us that we put into a computer that we think is safe. Again, this is something that can happen on your home computer as well as on your work computer.

I don’t want to make us all psychotic about using our cyber devices. But I do want us to realize that international and foreign hackers are not just on the government’s doorstep! They’re at your door if you have any device with an IP address! Instead of freaking out about it and shutting everything off, let’s apply logic and strategy and make security a habit, not a chore. Use password managers so they can help us track how often to change passwords and to not use duplicate passwords anywhere.

Update software and firmware on everything. Don’t delay installing the latest updates as they usually include important security patches! Also, since firmware doesn’t seem to let us know when there’s a new version available, put together a calendar reminder to check your firmware on a regular basis!

Always have at least one (or even more) of the well-known antivirus software applications running on any device that it can be installed! Check that you have set your settings at a secure mode. Don’t ever accept the default settings from a program or an application. Read the options carefully, find what you would be comfortable with, and then set it one level higher (more restrictive) than you want.

Remember, it’s too easy to forget how much the bad guys want to get into your cyberlife! Think about things like “Does this device connect to the Internet?” “Does it have a login?” And here is the difficult question that really requires thought, “If someone gained access to this device, what information could they get or how much access would they have to my cyberlife?”

We must realize that our comfortable and exciting cyberlife is not the safest of environments. All it takes to feel more comfortable with our cyber choices is to be sure that we take complete control and know our risks and our protections.