Patrick Domingues

With so much attention focused on securing networks and preventing phishing and avoiding ransomware attacks, the physical side of security sometimes goes overlooked. Even in the modern-day work environment where seemingly everything has an internet connection, we still must remain vigilant against physical threats to our security!

KEEP THINGS ORGANIZED.

It’s a lot easier to misplace sensitive documents and keycards/badges if your desk/office is a mess.

RESPECT PRIVILEGED ACCESS.

Keep your systems and devices locked when not in use. When accessing secured areas of our building, be sure no unauthorized persons sneak in behind you or are allowed to enter with you.

ALWAYS FOLLOW POLICY.

It’s your responsibility to know and understand our organization’s security policies. If you’re not sure of something or need more information, please ask!

KNOW HOW TO PROPERLY DISPOSE OF SENSITIVE MATERIALS.

Social engineers never hesitate to dive through dumpsters in search of valuable info. Shred … Read the rest

For the longest time, security experts have recommended long, complex, and sometimes random, passwords. Unfortunately, those guidelines create a dilemma for individuals and organizations alike. Of course, the more complexity you add to a password, the harder it is to crack. But a more complex password also means it’s harder to remember. Complexity often fosters frustration, which in turn promotes laziness and tempts people to use the same password for multiple accounts. But there is hope! The National Institute of Standards and Technology (NIST) released a special publication of updated best practices for creating passwords. 

Ditch the complexity.

Passwords that feature a bunch of random characters and capitalization no longer get the stamp of approval. Instead, passphrases that feature simplicity, now top the list of recommendations.

For example, the previous guidelines recommended developing a passphrase like, “The dog wants to play fetch.”

• Use a mixture of upper and lowercase letters:

Social engineering is a tactic used by attackers that takes advantage of people’s emotions in order to access sensitive or confidential information. It is very important to know who we are talking to and why the person needs the data. Always remain calm, do not respond immediately, and talk to your manager or the security team if something happens.

Phishing

Phishing attacks are messages that look legitimate, but are actually scams to access your account or device. Pay attention to who forwards the message, if the subject is relevant, if the message text has syntax and semantic errors. Most important: always think before you click! And do not download any unexpected file.

Vishing & Smishing

Scams also happen via telephone (vishing) or text (smishing). If you receive a call, make sure you know the person, and wait for a face-to-face meeting to talk about confidential information. If you receive a … Read the rest

Not many people bring to light and discuss that there is a difference between paranoia and preparedness in cybersecurity. Due to many breaches and the various headlines we tend to promote 24/7 security awareness, although it is a simple understanding that scammers are everywhere and target everyone, this can cause paranoia. 

Prepare for security threats without paranoia:

Paranoia: Never using a public WiFi network.

Preparedness: Always using a Virtual Private Network (VPN).

VPNs encrypt your internet connection making it difficult for cybercriminals to intercept and steal your data. Never connect to public WiFi without a VPN, and even then, avoid accessing highly sensitive information.

Paranoia: Refusing to install apps on your smart device.

Preparedness: Researching and downloading apps from trusted sources.

Malicious apps are an ongoing security issue with app stores. Do your research before installing anything and carefully review permissions and security settings after installing. Routinely uninstall apps you … Read the rest

Parenting is hard enough even before considering the challenges of online security. In this article I will give you five tips to help you with those challenges. Obviously, every household has different needs, so view these as a generic starting point, and make adjustments as necessary!

Establish a culture of trust.

Create a safe space where honesty won’t be punished and where kids feel comfortable sharing their experiences. If they witness cyberbullying or inappropriate behavior online, or accidentally share something they shouldn’t have, we want to make sure they’ll speak up before it’s too late. Establishing a culture of trust is the best way to gain and maintain a healthy digital presence in your household, and it needs to start at a young age.

Explain the risks of social media and online behavior.

Just like in real life, children should be taught that their online actions come with consequences. Posting … Read the rest

IN THE BEGINNING…

Passwords have been around since ancient times, back when you needed to know the correct word to pass or enter an area, and have evolved over the course of history to meet specific demands. The military developed a challenge and response system that required not just a password, but also a counter-password. For example, the challenge would be Mango, and the response to Mango would be Peach. This form of authentication verified both sides.

The first computer password was born out of necessity in 1961 at MIT for use with their CTSS—one of the first time-sharing systems, which is a computing resource used by multiple individuals. Since there were multiple people who had private sets of files, it made sense that each person should be given their own login and password. The rest, as they say, is history.

PASSWORDS AREN’T DEAD

To this day, the debate over … Read the rest