Information Security News

Home/Information Security News

SPF. DMARC. DKIM. Oh My!

2019-11-19T23:28:24+00:00

We spend a lot of time making sure we have policies in place to protect our institution from reputational risks associated with technology, and even more time is spent on training, auditing, and compliance to manage those risks. But rarely do we consider what goes on outside of the physical or virtual perimeter of our networks. Consider this: what would you say if I told you that there is a 79.7% likelihood that a third party is either actively sending email as if it came from your domain without your knowledge, or has in the past? Don’t get all bristly; [...]

SPF. DMARC. DKIM. Oh My!2019-11-19T23:28:24+00:00

Securing IoT

2019-07-18T15:18:45+00:00

A tongue-in-cheek, but realistic scenario for IoT compromise Your customers are complaining.  And they make a valid point that your Internet banking application is unavailable inside your very own bank branch walls, because you don’t offer free Wi-Fi in your 150-year-old stone building with no cell signal.  Well shucks, that makes a lot of sense, doesn’t it? Now the employees are complaining that they can’t listen to Pandora while churning out millions of dollars in mortgage documentation all day long.  That seems fair, after all employee happiness and retention – especially a concern for younger generations – should be at [...]

Securing IoT2019-07-18T15:18:45+00:00

Why Do I Need a Tarp?

2019-07-18T14:14:56+00:00

Full disclosure, I was a Firefighter. And we love water. A few years after getting my Firefighter 1 certification I found myself on a quarter section of blackened earth, with a shovel and a six-foot wall of fire extending a few hundred yards in either direction moving away from me at a rather quick pace thanks to those hot summer Kansas winds. A pond, a loafing shed, and a pump house lay beyond. As we tried to improve the chances of survival for the shed and the pump house, there were two things running through my mind as we tried [...]

Why Do I Need a Tarp?2019-07-18T14:14:56+00:00

The Low-Down on Multi-Factor Authentication

2019-02-22T21:57:57+00:00

The Low-Down on Multi-Factor Authentication Multi-Factor Authentication, Strong Authentication, 2FA, MFA, Token-Based, Out-of-Band Authentication; what does it all mean?  Many more people are familiar with these terms than just a few years ago.  But, not all multi-factor authentication (MFA) types are created equal.   MFA solutions are designed to protect their users’ accounts in the event of credential theft.  With more advances in software technology and features, comes more vulnerabilities and potential ways for attackers to gain your password.  However, just how effective are the various MFA types?  Many MFA solutions have recently flooded the market, and that raises the question: [...]

The Low-Down on Multi-Factor Authentication2019-02-22T21:57:57+00:00

I’ll Tell You What You Need to Know

2019-02-22T18:10:39+00:00

I’ll Tell You What You Need to Know While walking past the president’s office, he sees and summons you into his office and asks if you can fix the printer on the back wall.  After astutely seeing the printer’s status panel is indicating “Out of paper,” you load paper and voila, it prints.  “Hey, you’re pretty good at this technology stuff.  Our last exam said we had to appoint an Information Security Officer that isn’t part of the IT Department.  That will be you.”  The president gets the Board of Directors to formalize the role and title, and before you [...]

I’ll Tell You What You Need to Know2019-02-22T18:10:39+00:00

Windows Update Management Tips

2019-07-12T15:19:46+00:00

Windows Update Management Tips Windows Updates…  Believe it or not, they’ve been around since the days of Windows 98.  They are often despised by end users and IT support staff because they may interrupt the workday, delay leaving at the end of the day, or they may break functionality.  Along the way, Microsoft has improved the deployment and installation process with functions such as Windows Server Update Services (WSUS).  Despite usually minor inconveniences, Windows Updates are vital to the security of your computer, your network, and your data, and should not be ignored. How does an admin know what updates [...]

Windows Update Management Tips2019-07-12T15:19:46+00:00

VPN

2019-02-22T18:17:31+00:00

Virtual Private Networks: Should you be using one? A VPN, or Virtual Private Network, allows you to create an encrypted connection to another network over the Internet.  Most users are familiar with them for connecting back to their institution’s network for remote access.  While this is one reason to use a VPN, it’s far from the only reason to use one.  In today’s environments, eaves-dropping, public Wi-Fi, and location tracking (just to name a few) pose significant issues that often result in unwanted privacy invasions or data theft. One method of helping to prevent this is using a VPN.  In [...]

VPN2019-02-22T18:17:31+00:00

GDPR is coming… but what does it mean, and why should I care?

2019-07-12T15:18:47+00:00

GDPR is coming… but what does it mean, and why should I care? If your organization hasn’t heard these four letters by now, it may not be time to panic - but it is time to learn what they mean and if they could impact organization.  Below is a brief overview intended to get you familiar with this new international regulation and hopefully answer some of the basic questions. What is the GDPR?  General Data Protection Regulation - A new set of rules (regulations) established by the European Union (EU) to give its citizens more control over their personal data. [...]

GDPR is coming… but what does it mean, and why should I care?2019-07-12T15:18:47+00:00

50 Shades of Administration – Managing Domain Admin Privileges

2019-10-22T20:50:32+00:00

50 Shades of Administration During our work, both our auditors and engineers have noticed a common issue our clients large and small have – overly permissive administration accounts.  Many times, we see all IT users given a Domain Admin account, from the greenest helpdesk tech, to the person overseeing the network.  Microsoft’s Active Directory has a couple of different ways to grant rights to a user, group, or organizational unit, allowing the target the ability to perform certain tasks without giving them the keys to the kingdom.  Here are just a couple simple examples. In the Springfield.local domain, Lisa Simpson [...]

50 Shades of Administration – Managing Domain Admin Privileges2019-10-22T20:50:32+00:00

New Easy Password Standards? Not so Fast!

2019-02-22T18:24:48+00:00

Passwords… it's no secret; most of us are really bad at creating and maintaining passwords. In fact, 81% of hacking related breaches leveraged either stolen or weak passwords. But unfortunately, passwords won't go away any time soon. Almost every resource, application, web site, and the like requires some form of username and password. Because of this, it's no surprise that almost all of us struggle to follow recommended password standards by many security experts. At the same time, attackers and their tools are becoming more and more sophisticated, enabling them to more easily steal, decrypt and/or brute force passwords, which [...]

New Easy Password Standards? Not so Fast!2019-02-22T18:24:48+00:00