Category: Security

Information Security

FIDO Alliance – Better Multi-Factor Authentication

A day doesn’t go by without an information security incident in news about a large website being hacked and user 1000’s (if not millions) of accounts being compromised.  The recent discovery of over 1 billion passwords in the hands of cybercriminals is a perfect case… Continue reading

Small Business IT Security Nightmares

Every year there are dozens of reports and studies on the state of cyber security in businesses large and small. They almost always are notable in that they are a call to action that seems to be left unanswered. Sadly, we, the information security practitioners… Continue reading

How to Recover Your Website from Malware Infection Part II

If you have determined that your website is in fact infected it is best to take it down and restore it from a known clean backup. Yes, I assume much that you have a backup but in Part I of this post I spoke a… Continue reading

How to Keep Your Website from Malware Infection Part I

A recent run in with an infected website inspired me to expand upon the methods to prevent this from happening to others. Truth be told – no software is without security vulnerabilities, bugs and 0-day attacks. Unfortunately, most websites are a particularly juicy target for… Continue reading

End User Security Training

End user security training is vital element of any organizations information security efforts. Unfortunately, in todays sputtering protracted economic recovery, consolidated IT departments and ever stretched budgets – it is rare. Most often I’ve seen lip service to the issue and very little action. The… Continue reading

Physical Security

Working in information security I’ve seen my share of flagrant violations of best industry practices. One that I shutter to see is a dearth of physical security. Physical security is one of the most basic steps any organization should take to ensure the security of… Continue reading

Social Media Security

Social Networking allows us so many positives but brings with it key risks we must address in the modern enterprise. Social media can be a great place to connect with new customers, expand our brand presence and even drive sales. At the same time it… Continue reading

What’s Your Social Media Security Plan

The world of social media is often a double edged sword: It can be tremendously powerful tool for business but also a very risky and dangerous place in terms of information security. According to security firm Sophos malware and spam rose 70 percent on social… Continue reading

Free Vs. Commercially Supported Anti-Virus

We consistently get the question from small business owners & others: “Why should I pay for anti-virus/anti-malware if I can get it for free?”  Well now!  Free, how can you beat that?!?  In simple non-technical terms it boils down to how effective your anti-malware suite… Continue reading

Why no Administrator? – Least Privilege!

Consistently I encounter new clients who have had their IT systems set up in less than optimal security configurations. One troubling issues is the prevalence (in the small/medium business space) of general office users having local (or even Domain) Administrator account. The administrator account in Windows allows you to generally manage the machine in terms of its configuration and installed software. At first glance this would sound like a great idea. Shouldn’t every user in a company be able to add programs or change settings as they see fit? The problem is that the risks of such a configuration FAR outweigh any benefits. Here is just a few of the supernumerary reasons why NOT to give administrator to anyone other than trained IT professionals. Continue reading