Think security’s too technical to teach to everybody? Think again.
That misperception leads to a plague of problems, from USB-introduced viruses, to spending a fortune on fixing products after they’ve shipped. In this, the first in a series on teaching security to the nontechnical, I start with converting the security heathens. Read it and weep.
Most businesses (93%!!!) have retention policies that dictate when and how to burn shit up. (Burn/delete/pulverize/whatever-ize.) Most businesses TOTALLY IGNORE THOSE POLICIES!! We made a nifty infographic to show how blasé we are about these matters. Check out the infographic on HPIO, then read the HPIO story about how to actually, you know, STOP IGNORING YOUR POLICIES!!!
They spill out of milk cartons in unlocked storage rooms! They molder in storage facilities secured only by Yale locks! They get horizontally stripped into packing material that helpfully displays your customers’ names, SSNs, and dates of birth! It’s 2:34 a.m. Do you know where your business’s paper documents are?! Here we have horror stories and tips on how to secure all that carbon-based matter until it returns to the pulp from which it crawled forth. Read it on HP I/O. We also made a nifty infographic to show how blasé we are following policies about these matters. Check out the infographic!
If Anonymous, LulzSec et al. can pwn security vendors, who can protect us? Here’s help on how to rate security vendors on the sitting-duck scale.
In this two-part look at how to vet security vendors, my first article—In God We Trust, but Security Vendors Need to Sign the Papers—focuses on assessing a vendor. This is done at arm’s length by simple online research as well as by holding security vendors accountable for not living up to various agreed-upon levels of service, similar to what’s being done increasingly by the industries Veracode notes.
The second article, In God We Trust, but It’s Nice to Do a Physical Walk-Through on Security Vendors, features input from Infosec professionals on what to watch for if you can conduct an on-site visit to a security vendor.
Well of course we’re sharing too much on social media. The cat’s out of the bag, and it’s being served with a nice cat demi-glace. Herein, some suggestions from the infosec crowd on how to keep your and/or your organization’s little privacy kittens from being sadly easy to find and to use as phishing bait. Read the story at HP Input/Output.
As if we weren’t already a drifting, confused mob of smartphone-jabbing zombies already, Google has presented a new way to baffle business customers. Read the story on #Naked Security. #social networks #spam #security
The cone of silence over WikiLeaks’ thousands of sources—many of whose lives are at risk if identified—has been shattered, all thanks to the most mundane, all-too-human security screwup imaginable. To wit: WikiLeaks founder Julian Assange wrote down the password on a piece of paper. Let us hope that this carelessness, this breathtaking lapse in security hygiene, leads to no loss of life. Read the story on Naked Security.
Mobile development’s the way to move. Nor will you starve if you’re picking up Java or Objective C. Check out the full story on the new Software Quality Connection site—is lovely, ya? Ya!
Windows 7’s DirectAccess is a win for users: convenient network access, no virtual private network needed. But it’s a stickier prospect vis-a-vis security and administration. For this IT Expert Voice article, I got input from LOPSA, an early Windows 7 user and Sophos’ Chester Wisniewski. Check out the full article here.