IoT and Mobile Security with Zimperium CPO John Michelsen (Podcast)

ZimperiumIn this podcast, Preston, our guest John Michelsen, CPO of Zimperium, and I discuss mobile security and extrapolate what’s happening in that space to what’s happening, and about to happen, with IoT security. We touch on monitoring, general security, costs, and the bigger problem of security implementation on devices that until recently were used based on an “air of trust.”

April is our “Month of Preventing Surprises” and this podcast kicks off that topic for The SecurityNOW Show. How awkward would it be to move headlong into a large IoT implementation only to realize that someone has easily hacked your devices and siphoned off your data? Surprise!

Mobile security has come a long way in the past two years with the adoption of higher security measures from vendors and third parties, such as per-app VPN, two-factor authentication, and containerization. IoT vendors will have to step up and enable encryption, use multi-factor authentication, and wipe or brick devices that have been compromised or moved. The Internet of Things may very well be security’s biggest challenge yet, not only because of the sheer numbers of devices but also because of device diversity.

Preston, John, and I just touch the surface of these topics in this podcast but stay tuned for more from all three of us on IoT security.

Podcast details:

Length: 20:45 minutes. Format: MP3. Rating: G for all audiences.

Licensed CC BY (2017)

SecurityNOW’s Cybersecurity Tips of the Week – March 31, 2017

TipsPasswords, they used to say, are like toothbrushes–don’t share them and change them often. Indeed that rule is still true but security is more than just changing your passwords often and keeping them to yourself. Passwords, unfortunately, are our first line of defense in protecting our online accounts, our identities, and our transactions. Passwords should be as long and as complex as possible, which is why you should use a password manager such as LastPass. LastPass will generate a random, long, and complex password that you don’t have to remember because it remembers them for you. There’s only two things you have to remember when you use LastPass: logoff of LastPass before you leave your computer and the LastPass master password.

And since passwords aren’t your only defense in this cyber-connected and unsafe world, I’m providing a list of tips to help keep you safe and secure during your online excursions. Read and heed.

  1. Use the screen lock feature of your phones, tablets, and computers.
  2. Use a random non-guessable passcode for unlocking screens.
  3. Use a password manager.
  4. Use different passwords for each online account (saved in your password manager)
  5. Install all hardware and software updates as they’re presented.
  6. Only install apps from the app store and only those that have many good reviews.
  7. Turn off tracking from your apps.
  8. Use a VPN or your cellular network in public places.
  9. Keep phone conversations private.
  10. Perform online banking in private.
  11. Use two-factor authentication on social media and financial sites.
  12. Cover your device when entering passwords.

I know these are tips that you read and hear all the time but you need to remember them at all times. There is no trusted public environment and a secured WiFi connection is no guarantee of security. Anyone can setup a WiFi connection and supply a common password to it.

If you ever have questions about cybersecurity, use our contact page to ask your questions. We will reply.

Enterprise Security Trends with Absolute’s Richard Henderson (Podcast)

AbsolutePreston and I discussed security trends with Absolute‘s Global Security Strategist, Richard Henderson (@richsentme) on St. Patrick’s Day eve. Unfortunately, the whole thing took place via Skype rather than at Doolin’s. Hey, some people work for a living and can’t always get to the fun right away or even on the day after. 

Some of the topics covered by our broad swipe at enterprise security trends were two-factor authentication, advanced persistent threats, SSO, and insider threats. We also touched on Absolute’s strategy for protecting you, your applications, and your entire enterprise from security threats.

Richard is one of the best guests we’ve ever had on the show and we hope that he’ll return to discuss Absolute’s products in more depth and to discuss other timely security topics.

Podcast details:

Length: 23:46 minutes. Format: MP3. Rating: G for all audiences.

Remember, our podcasts are licensed CC BY.

March 2017 Week 1 in Review (Podcast)

CybersecurityPreston and I got together to talk about March 1-5 2017. It wasn’t a full week but it was the first week of March, so we’re calling it good on that front. We discussed our podcast with Morey Haber of BeyondTrust and the worst breaches of 2016; current scams including the malware package that you can purchase for $400, well, the equivalent of $400 in Bitcoin that is; the current lack of fidelity in our awesome Oklahoma state’s cybersecurity website; the cybersecurity crisis as described by Symantec CEO Greg Clark; the fact that 39 percent of North Americans have been affected by cybersecurity breaches, and a few other topics of interest.

We also included some practical takeaways for you to use in meeting your own cybersecurity needs. Keeping yourself safe is more than just having a fancy password; it also means that you need to be vigilant in checking your surroundings when typing PINs, entering passwords into your phone or personal computer, and protecting your credit card information.

Complacency and negligence are the two biggest vulnerabilities in security. There’s this “air of trust” and there really shouldn’t be. You don’t have to be fully paranoid but a little paranoia and a lot of vigilance will help keep you safe–not only in the online world but also in the real world. For physical security, you should always be aware of your surroundings. Lock your doors, lock your windows, and have your key ready when you get to your door.

Podcast details:

Length: 17:36 minutes. Format: MP3. Rating: G for all audiences.

Thanks for reading and for listening. Please give us feedback and any topics of interest or companies you’d like to hear about.

Week of February 20 – Current CyberSecurity Events Discussion

SHA1Preston and I cover the current cybersecurity threats, news, and issues from the week of February 20. We’re at the very cool and accommodating RoseRock Cafe here in Tulsa, where we enjoy a delicious lunch in a relaxed atmosphere surrounded by good books and lively background conversation.

Today’s show was fueled by chicken nuggets, fried pickles, and Diet Dr. Pepper. The lunch of champion podcasters everywhere.

We cover Google’s recent unraveling of the SHA1 hash, the CloudFlare compromise, Facebook impersonation, Skype hacks, Steam hacks, two-factor authentication, and the Google Chrome font malware attack.

Podcast Details:

Length: 18:02 minutes. Format: MP3. Rating: G for all audiences.

We produce all of our podcasts in a format and style that’s very safe for work, safe for school, and safe for younger listeners. You’ll never have to fear that something inappropriate is going to pop out of us or our guests. Have confidence that our podcasts are 100 percent safe, foul language free, innuendo free, and are perfect for the classroom or for other public consumption. All of our content is CC BY licensed.

Interview with Preston Smith (Podcast)

PasswordFebruary 1st is a special day for Preston and me, here at SecurityNOW. I interviewed Preston! That’s right. We returned to the very cool Rose Rock Cafe over on Mingo Road to have the famous Baconator burger and to record Preston’s first SecurityNOW interview, where he’s the interviewee. Find out about Preston’s background and what he thinks the biggest security issues are. Preston also gives you some tips on how to protect yourself in this world of growing cybersecurity threats.

The interview is short and sweet, just like Preston, but you’ll learn a lot from it. Preston discusses good passwords, bad passwords, LastPass, two-factor authentication, and some physical security tips as well. There’s a lot packed into this 15-minutes, so take good notes, there will be a test at the end.*

February is a very special month too. February is SecurityNOW’s month of best practices. We’re going to produce several podcasts that give you real-world advice on how to protect yourself from the bad guys without having to change your entire life. We try to help you make security easy yet effective.

Podcast details:

Length: 15:22 minutes. Format: MP3. Rating: G for all audiences. Background soundtrack: Rose Rock Cafe.

*Not really.

 

2017 Cybersecurity Resolutions (Podcast)

ResolutionsAs promised on our 2017 Topics List, January is for cybersecurity resolutions. This podcast features Preston and me discussing a short list of cybersecurity awareness topics for personal and for business use. Staying secure in everything you do is very important. We can’t stress too much the importance of using very strong passwords, doing some regular housekeeping, being smart about opening email attachments, and protecting yourself from cyberstalkers who want to compromise your accounts and your identities.

RoseRock Cafe & BakeryWe decided to try something different today and record our podcast at a little cafe that’s inside our favorite bookstore; The RoseRock Cafe* on South Mingo Road. The recommended choice is the Reuben sandwich on marbled rye bread, which is excellent, by the way.

The only problem with recording in public is that you’re subjected to random sounds, like the phone in the background that seems to ring and ring and ring. I know that the bookstore is staffed well enough that someone could have picked up. But that’s why we chose the cafe setting because we wanted those ambient sounds. Plus, there’s something ironic about discussing a security topic in a public place.

Podcast details:

Length: 10:29 minutes. Format: MP3. Rating: G for all audiences.

This short podcast has a lot of good information in it about how to protect yourself. Over the coming weeks and months, Preston and I will return to public places to discuss cybersecurity and maybe even conduct a few impromptu interviews along the way.

#SecurityNOW #SecurityResolutions2017

*RoseRock Cafe & Bakery is not a SecurityNOW show sponsor, but they were kind enough to allow us to record our show there.