Have you taken the #LayerUP pledge? It’s an ingenious way to get people’s attention on a topic that might be considered frivolous, but which could result in some rather costly consequences if not followed – and that topic is Password Compliance. In enterprises, getting all of the employees to adopt password best practices on a consistent basis can be very difficult – especially since its human nature to use repetitive patterns or familiar phrases as passwords. Why? Because password requirements are everywhere, and the demand from IT departments to make them lengthier and more complex continue to grow and well, let’s be honest, the more passwords you have, the more likely you are to forget them.
I have written about the security implications of using sleep with encrypted drives in the past and have offered both short term and longer term solutions that would allow users to use sleep under some conditions and not risk (too much) a data breach. Today I am writing to offer another, common sense, alternative: Just don’t use sleep because you don’t really need it.
One of many common denominators that modern corporations face regardless of size, industry vertical and revenue is technical vulnerability. Without reiterating the monetary impact and disruption to business that IT attack’s result in, taking a proactive and engaged approach is your best defense. The reality of the starting point is that Canadian small and medium businesses are faced with obstacles right off the bat such as:
Being a security professional can be tough it you don’t have the right tools. And some of the tools in your arsenal are native encryption solutions, like BitLocker, which provide a strong first step in data security. But with your IT environment growing ever more complex – having multiple devices, operating systems, and strapped resources – it’s time to start managing your environment the smartest way.
Another day, another breach. In a relatively unsurprising start to 2017, healthcare breaches are on track to reach new heights (or is it depths?). In what has become a somewhat satirical annual tradition, analysts forecast upcoming breach trends for the notoriously hard hit healthcare industry, and title each year with a fitting name. In 2015, it kicked off with the Year of the Healthcare Breach. In 2016, it was the Rise of Ransomware. So as I was reading about yet another breach in April, a question came to mind, what will “Year of the” be for 2017?
Have you ever called a contact center within a company because you had an issue, and felt like you were being “hurried” off the phone? If you’ve had that experience, there’s a reason for you feeling that way. Which is that the contact center that you were calling is actually trying to “hurry” you off the phone. Let me give you the inside scoop as to why you are being “hurried” to hang up from a contact center.
I’m passionate when it comes to coaching and developing a Tech Support team. Because when you make a sincere effort to coach and develop Tech Support agents, it results in a more engaged agent who delivers world class support. One who will go above and beyond not because they feel they have to, but because their efforts are validated by those that they report to and by the customers they assist. This is important because a Tech Support team talks to customers more often than any other part of an organization such as WinMagic which makes what they do very crucial to the success of that organization. I use a number of tools to make sure my coaching is effective as possible.
Have you heard of the great migration of Modern IT to the Cloud? It’s not new, revolutionary or innovative, and many enterprises are doing it. But what we are seeing is, regardless of industry, migrating to a cloud solution is occurring for a myriad of different reasons – from strategic reasons, to the flexibility, productivity and cost-savings gained by moving workloads and storage from on-site to the Cloud.
It has been a while since I have written about UEFI, Secure Boot and their impact on Full Disk Encryption (FDE) pre-boot authentication (PBA) so it’s time for an update on what is new in this area, but first here is a recap because this is a bit of an arcane technical subject. UEFI stands for “Unified Extensible Firmware Interface”. The UEFI specification defines a standard model for the interface between personal-computer operating systems and platform firmware. It provides a standard environment for booting an operating system and running pre-boot applications such as the PBA for FDE. It replaces the traditional legacy BIOS interface that was used with Windows 7 and older systems. Now that Windows 10 is being widely adopted I expect to see UEFI used on almost all new machines.
I reflect today on two online article headlines that recently captured my attention – “Legal firms prime target for cybercriminals warn experts” and “500 law firms targeted by scammers”. I wonder how an industry that has been historically known as the stalwarts of client privilege and protection has come into the crosshairs of cybercriminals.
I was on the phone the other day with a member of the education community asking – at large – “what are our steps to ‘becoming secure’?” All of a sudden, panic struck me. Did I lock my front door? Does my Gmail password contain a child, pet or street name? Do I use the same 4 digit PIN on my iPhone as I do on my MasterCard? That’s where my head’s at – and I’m just one person.
Last week, I once again had the pleasure and privilege of attending the RSA Conference in San Francisco. I heard estimates of a record breaking 40,000 attendees. It didn’t seem much busier than previous years but as another participant pointed out to me, that might be because it was better organized, with pre-registration for the sessions, this year. This year I focused my sessions on the Cloud.
Just imagine that day one at WinMagic started with the arrival of an innocuous letter from yet another company who had “lost” my personal data. How ironic!
I’ve known about WinMagic for two decades, most of that time I considered them a deadly competitor – in the data protection space, my company, SafeBoot and WinMagic were two of the “big four” leaders – yet despite vying for the same customers WinMagic and SafeBoot had a cordial relationship, in fact I must confess I was always envious of their ability to launch new features way faster than I could, and in exchange, in the early days the WinMagic team were envious of my sales reach.
The RSA Conference began in 1991 as a forum for cryptographers to gather and share the latest industry knowledge. In 1997 – just 6 years later – WinMagic launched into the data security market – offering software full disk encryption. Since then, similar to the RSA Conference agenda, WinMagic has continued to push the art of security forward, bringing encryption and intelligent key management to new markets and new heights. As we celebrate our 20th year anniversary, we have the same mindset we had when we started out – to protect data no matter where it resides. However now, more so than ever, data has become the lifeblood of the modern world – from banking to education – it’s everywhere. And the surface area of data has expanded across a wide variety of devices, platforms and operating systems, making it more and more difficult to secure.
Data Privacy Day is a reminder that the privacy of data – corporate and personal – increases in importance year after year. And it’s amazing that this year, on January 28th, Data Privacy Day turns 10. You may recall another interesting announcement that occurred in January 2007 – the introduction of the Apple iPhone. Perhaps this was sheer coincidence, or maybe this was the foresight to know that the dawn of rapid data collection and sharing by individuals was about to create an evolution of data security challenges we’d never witnessed before.
Today’s IT leaders have to ensure that desktops, laptops, and tablets are secure, which is not any easy feat when they all run on different operating systems – and that is just the beginning. As most organizations move to the cloud, there is a new set of security considerations to tackle. An organization needs to ensure that every confidential piece of data is protected no matter where it resides.
‘Tis the season to be jolly! We wanted to share the 5 best seasonal posts about security to help everyone stay safe because this is, unfortunately, also the season where Cyber criminals take advantage of unsuspecting people. So let’s make data protection a priority, and end this year on a high note.
The EU General Data Protection Regulation was adopted in April 2016 and will, after two-years of transition, be applied starting May 2018. As we head fast into 2017, it would be easy to start thinking that there is still over a year left before your company must be compliant, but how much have you done to get ready in the last eight months? Probably in all reality, not as much as you would like.
Today is Black Friday. Many retail stores in North American have customers lining up outside for hours to get the best deals. In 2015, 74.2 million people shopped on this day for your great deals! And around 30% of annual retail sales happen during the Black Friday through Boxing Day season, according to the National Retail Federation. With all this excitement of dropping prices and advertising to invite consumers to your stores, you are also potentially inviting cyber criminals that have been waiting for an opportunity to get information on your consumer data.