With the ever-evolving cyberspace landscape, our reliance on information is at an all-time high. Along with that reliance, comes an increasing focus on our devices. We can all relate to the common, daily scene of people so deeply entrenched in a mobile device chat session that they are almost oblivious to the outside world. This security awareness tip focuses on the boundary outside of that device and how situational awareness can affect security. Securing the physical boundary outside of that computer, laptop, or mobile device can often pay big dividends and thwart attacks. Below is a checklist of physical security awareness items you can add to your toolbox:
Cloud services. You may or may not think about them, but they are no longer a talk of the future. Some of you probably listen to Rhapsody and Rdio, which are cloud-based streaming music services. Others perhaps use a cloud-based compression service Onavo to shrink your smartphone data and your monthly bill. Storage (Dropbox), email, social media, banking, location-based services (GPS), just to name some, all at your fingertips. For small and mid-size businesses, there’s a wide range of cloud services including productivity, finance, and accounting. For many companies and organizations, cloud adoption is on top of their priority list.
Before we continue to ride the cloud at lightning speed, shall we pause a moment to reflect on the risks? After all, there are many things that can threaten our data and services. To learn more about the current threat landscape, watch a rich and compelling on-demand webcast by Patrick Gray, principal security strategist at Cisco. Here are some specific concerns and action to take.
Social networking sites like Facebook are great tools for connecting with friends and keeping up-to-date with the good and bad things that are going on in your social circles. Unfortunately, the kind and amount of personal information that makes for great social networking can be used by people with bad intentions to cause real, physical harm. Sound far-fetched? After a referee made a controversial call in a baseball game, someone with his same name received threats meant for the ref. Today’s security awareness tip is about profile management: developing habits that help you to stay in control of the information that’s available about you online, to keep you safe in the real world.
For Cyber Security Awareness Month I’d like to address patching; more specifically, verifying patches in your environment. Patching is a big part of any security policy. It’s also very important to verify that the patches and updates deployed have actually been installed. Whether you have one host or thousands, using a tool to scan your environment to verify those patches can save a lot of time and serve as a check on your patch processes.
There are some very good vulnerability scanners out there that can help locate and identify vulnerabilities and missing patches, but many are complex and expensive. I’d like to talk about two free and simple tools you can use to check that systems in your environments have secure configurations and are running up-to-date software.
Read More »
Web-based threats have never been higher and are expected to keep growing. Remember the days when viruses were spread via floppy disks, then email, then USB flash drives, and then instant messenger applications? While most of those risks still exist today, they are overshadowed by the enormous risk that casual web browsing has become. Some of the most common threats include technical problems like “cross-site scripting” and “cross-site request forgery” that cause browsers to behave in unexpected ways, often without any indication of a problem. “Phishing” and silent unintended downloads called “drive-by downloads” are also serious threats that can leave an unsuspecting user with malware that steals banking and personal information.
It’s also true that many of us have multiple web browsers installed on our computers. If not, they are easy to install. The most common choices seem to be Internet Explorer, Firefox, Safari, Chrome, and Opera. We can take advantage of this fact to create a very simple but effective security advantage.