At the RSA conference, I attended a panel discussion entitled “Changing User Behavior: The Science of Awareness.” The panel focused on explaining the failure of traditional awareness efforts, and made suggestions about what improved solutions might look like. During the panel, surrounded by a room full of security professionals, it hit me: we are technologists trying to figure out how to solve a communication problem. Maybe security’s “people problem” is relying on the wrong people to solve this challenge. Are People The Problem? Our industry is quick to put the blame on “users” when security problems occur. Whether it is the takeover of CNN and the AP’s twitter feeds, or a hack of Target’s HVAC contractor leading to their breach, people are[…]

How do you buy groceries? Do you buy based on brand, what you know? Do you consider the price? Or do you have someone else handle it for you? Making An Investment While routine, groceries aren’t expensive. When we consider larger investments, however, the calculus changes. Most hesitate a bit when buying a new computer or tablet. We’d want to make sure the system meets our requirements and we’re not paying too much. Since they are a commodity item, you can shop around without difficulty. Buying a car or a house requires more time to be spent in the due diligence process. At some point it becomes less about “buying” and more about “making an investment”. Smart entrepreneurs consider their exit.[…]

Around this time of year, many of us are filing–or procrastinating about filing–our taxes. So you finally get around to filing your taxes, and your return is rejected because someone has already filed for that social security number. Uh-oh! What now? You know you haven’t filed your taxes already, and you’ve double checked your social security number to make sure you typed it in right. Then you find out your worst fear is true: someone else has already filed a tax return using your social security number – otherwise known as IRS Tax Return Fraud. Immediate Actions To Take There are three things you need to do as soon as you can: First, file a police report for identity theft.[…]

Water is critical to life. Many sources suggest drinking more water can lead to better health. And yet I’m sure you heard the story of the woman who died as a result of drinking too much water during a radio station contest in 2007. Water intoxication results when our water intake and water losses are grossly different. The levels of electrolytes in our system can get out of balance, causing basic functions of our body to cease operating. Too much of a good thing–even water–can be bad. Minimum Effective Dose A minimum effective dose or MED, as described in effective dosage of pharmaceuticals, is the smallest dose that will produce an effective outcome. Think of acetaminophen, the main ingredient in[…]

While the headlines are dominated with tales about recent breaches at Target, Neiman Marcus, and others, those businesses will survive. What about smaller companies? Turns out that just last year, two separate title and escrow companies have had to shut their doors after suffering cyber attacks. Leaked emails from a small regional bank resulted a successful theft of money from a client. And thieves are using the access that small accounting and financial management firms have to individual and corporate bank accounts to steal hundreds of thousands of dollars. What do these incidents all have in common? They are all financial industry firms. And they are all relatively small. Most of them neglected to provide even the minimum viable security[…]

As a small business owner, I often find myself having some of my most productive time on Friday afternoons. My clients have gone home for the weekend, my staff members are wrapping up their week’s work and completing their timesheets. I’ve got a few hours of time to myself to get things done. Dinner time rolls around and I’m inevitably the last one out of the office, shutting off the lights and locking the door behind me. What a lot of people don’t realize is that even once they’ve turned out those lights and locked that door, strangers might still be coming into their place of business. Network Connections Are Like Doors Just like a door, a network connection can[…]