While the headlines are dominated with tales about recent breaches at Target, Neiman Marcus, and others, those businesses will survive. What about smaller companies? Turns out that just last year, two separate title and escrow companies have had to shut their doors after suffering cyber attacks. Leaked emails from a small regional bank resulted a successful theft of money from a client. And thieves are using the access that small accounting and financial management firms have to individual and corporate bank accounts to steal hundreds of thousands of dollars. What do these incidents all have in common? They are all financial industry firms. And they are all relatively small. Most of them neglected to provide even the minimum viable security[…]

As a small business owner, I often find myself having some of my most productive time on Friday afternoons. My clients have gone home for the weekend, my staff members are wrapping up their week’s work and completing their timesheets. I’ve got a few hours of time to myself to get things done. Dinner time rolls around and I’m inevitably the last one out of the office, shutting off the lights and locking the door behind me. What a lot of people don’t realize is that even once they’ve turned out those lights and locked that door, strangers might still be coming into their place of business. Network Connections Are Like Doors Just like a door, a network connection can[…]

Some people said it was the biggest startup to come out of Stanford since Google. After securing some seed funding from professors, and then raising $25 million in a party round, Clinkle was destined for greatness among startups. Clinkle was designed to become the payment service all of us could use to manage credit cards, banks, and cash from our smartphones. And yet, I’m guessing the majority of this blog’s readers have never heard of them. Why could that be? The rise comes before… Launched in 2011, Clinkle got a lot of hype. Big names like Richard Branson and Peter Thiel, and organizations like Intuit and Intel were among the investors. They were clearly excited about something. But Clinkle has[…]

Recently, an article came to my attention about social networks being gamed in order to hurt the reputations of competitors and enemies. With all the talk these days of search engine optimization, social media experts, and the “internet of things” we are looking to connect our information to as many people, and in as many ways, as possible. Have you considered the ways this might hurt you instead? We are beginning to get a handle, as a society, on the minimum viable security that every organization needs in order to stay in business and not be destroyed by the constant noise of attacks facing us on the Internet. But what happens when instead of facing a distributed denial of service[…]

I went to a casino recently with some friends, and watched play at the roulette table for a while. It was really interesting, to see the mindsets of the different people playing. Some were consistent with their play, playing corner bets, where you place your bet on a corner between four numbers. Some others were betting small amounts on individual numbers which held importance to them. Others bet the “safer” bets of red/black, even/odd, or high/low. What interested me were the people who were wildly inconsistent with their bets. They’d increase their bets after losing a few times in a row, because they must be “due”. The bettors reasoned with themselves that since their number hasn’t come up yet, it[…]

“What can it hurt for us to perform our own security self-assessment?”  is a question that many organizations ask themselves.  After all, they have competent IT staff, and the staff must know something about information security to keep things running.  So, why doesn’t it make sense to do your own self-assessment? Familiarity The first reason to seek an outsider to do a security assessment is they lack familiarity with your organization.  Just as you gloss over misspellings and mistakes in your own writing, you can gloss over assessment topics because you believe that you’re familiar with them.  Sometimes an outside assessment reveals the folks in that department are doing things differently than you expect.  An un-biased third party can help[…]