Subscribe to RSS - cyber security

cyber security

How to assess your company’s cybersecurity risk

 - 
Wednesday, July 31, 2019

It finally happened. Temps reached into the 100s in Dallas as Cyber:Secured Forum helped some security professionals stay cool inside The Westin Dallas Park Central while learning actionable takeaways and best practices related to maintaining and improving cybersecurity of security systems and solutions. While I gather my thoughts to bring you a detailed rendition of the past two days, now would be a great time to do a cybersecurity risk assessment on your system. 

Here are my “4 Preliminaries” (4Ps) to help you get started on your assessment:

  1. Perspective. Make a list of all information stored on your computer, online, in different apps and in the cloud, for example, work documents, apps, music, passwords, pictures, videos of your family, banking and credit card credentials, etc. Physically seeing how much precious data you have should be a wakeup call to protect it against cyber threats and attacks.
  2. Passwords. Make a list of all online accounts and their login credentials. 
  3. Peruse. Look through the list and carefully think about the value of each type of stored data. If it would be detrimental if anyone gained access or a particular piece or data or online account was lost, deleted or leaked online, put a star by it or highlight it. 
  4. Posture. Take a position of defense against cyberattacks, cybercriminals and cyberthreats. To start, make sure all the passwords on your list are strong to prevent access to your data. Each account needs a DIFFERENT, robust password consisting of at least 12 or more of the following: upper- and lower-case letters, and numbers and symbols in various combinations and locations within the password. 

Once you’ve completed the 4Ps, google the phrase “cybersecurity risk assessment checklist.” This tool is available for free from different organizations and businesses. Choose the checklist that resonates most closely with your business, or take bits and pieces of a variety of checklists to create a custom list. Then, using the information you’ve already gathered from the 4Ps, get started answering the questions. You’ll be well on your way to learning exactly where your company is postured for cybersecurity as well as areas that need improvement. 

 

Data forensics: time is of the essence

 - 
07/03/2019

AUSTIN, Texas—Huge volumes — think terabytes, petabytes, exabytes, zettabytes, yottabytes and up into the quintillion bytes — of complex, digital data is constantly being generated and scattered into different physical and virtual locations such as online social networks, the cloud and personal network-attached storage units.

Americans’ trust issues, or lack thereof, with IoT devices and other security-related issues

 - 
Wednesday, May 1, 2019

The last blog I wrote, “What your connected smart home IoT devices are really doing,” highlighted the fact that there are no security standards for IoT manufacturers to follow when creating networked devices. This should cause concern or at least pause for people using such devices, especially in their homes. But, just how aware are consumers about potential risks and do people actually trust the devices they use every day? 

ASecureLife conducted a survey of 300 Americans nationwide to determine how much participants trust the technology they use regularly in their homes as well as people’s biggest concerns related to smart home technology, home security and online privacy. The survey found:

1. A quarter of Americans are NOT concerned with being monitored online by criminals. This nonchalant attitude resulted in 23 percent of American households having someone victimized by cybercriminals in 2018, according to GALLUP

Additionally, in 2017, the FBI’s Internet Crime Complaint Center received more than 300,000 complaints, totaling more than $1.4 billion in monetary losses for victims. 

2. Americans are more concerned about being monitored online by the government than by businesses.

3. Two-thirds of Americans believe their smart devices are recording them. While it’s time consuming, and to be honest, boring, thoroughly read a company’s terms and conditions so you know what personal information that company is collecting from you, and how they’re using it.

Tip: Adjust the settings on your smart equipment to maximize your privacy. For example, turn off Amazon Echo’s “Drop In” setting to prevent the it from automatically syncing and conversing with other Echo devices. 

4. About one in five parents would let Alexa entertain their kids while they’re away. WOW! Parents are actually trusting their children’s safety and security to the virtual world!? (We’ll be discussing this later on in this blog post! Read on!) 

5. Seventy-five (75) percent of Americans believe smart homes can be easily hacked, but 33 percent have and use some type of smart home technology. This indicates that consumers are indeed buying these gadgets. In fact, a joint-consumer survey conducted by Coldwell Banker Real Estate and CNET found 47 percent of Millennials, aged 18 to 34 years, have and use smart home products. 

6. Women are typically more concerned with home security than financial security, and the opposite is true for men. Participants were asked if they fear a home invasion more than identity theft: 53 percent of women participants said “yes,” compared to 44 percent of men.

Participants were also asked which of the following they would rather do: stop locking your doors or change all your passwords to “1234.” Men’s responses were split evenly, while 59 percent of women preferred to change their passwords to this all-to-common numerical sequence. 

7. Americans aged 55 and older are more protective of their financial security than their home security; the opposite is true for younger people. Participants over age 54 were asked if they feared home invasion more than identity theft to which 70 percent answered “no.” However, participants under age 34 were more likely to fear home invasion. 

While all the findings were eye-opening, for me personally, the one that haunted me pretty deeply was the one about Alexa “babysitting” kids. It’s one thing for parents to allow their children to use Alexa under their supervision, but to allow minors to access Alexa while they are away can be extremely dangerous, in my opinion and based on the news we see every day concerning criminals hacking into security systems, devices recording home-based conversations, apps giving away data to advertisers, and the list goes on and on. 

Question for you parents out there: Would you allow your children to access Alexa when you aren’t at home? Why or why not? 

 

Robots: the next big thing? They'll be at PSA-TEC

 - 
Wednesday, April 13, 2016

PSA-TEC will have some new attendees this year: Robots.

There will be drones and ground-based robots at PSA Security’s annual education and training event PSA-TEC, which will takes place May 8-13 in Westminster, Colo.

Bill Bozeman, PSA Security CEO, believes security robotics is the next big opportunity—and challenge—for the security industry.

“We’ll have three sessions [related to robotics] at TEC,” Bozeman said. He noted that PSA Security led the industry on the cybersecurity front, holding its Cyber Security Congress early in 2015.

“We like to start the conversation at TEC about what the future will look like [in terms of technology],” he said.

In the days leading up to PSA-TEC, Bozeman will be attending a drone conference in New Orleans, where he’ll get a close look at aerial, ground and marine-based drones.

Bozeman said that he expects Security Robotics to be the next committee created by PSA Security.

PSA currently has five committees, relatively recently created, that explore topics of interest to security integrators. The committees are tasked with sharing information at PSA-TEC, through the PSA website and elsewhere, coming up “playbooks” for integrators and developing best practices and standards to save integrators time, money and resources.

The five committees are: Project Management Committee, Sales & Marketing Committee, Technical Committee, Leadership Committee, and the  Cyber Committee.

It seemed like everyone was talking about cybersecurity at ISC West. I had a chance to speak to Andrew Lanning, co-founder of integration firm IST, and chairman of the PSA Security Cyber Committee, at the show. Lanning’s group plans to share its preliminary cybersecurity playbook with integrators at PSA-TEC in May.

Lanning’s group is looking at processes and products with the goal of helping integrators, from the super IT-savvy integrators, to those who are just starting to educate themselves about IT best practices and cybersecurity, he said.

Anthony Berticelli, PSA director of education, oversees all of the committees. “There will be nine committee-led session at TEC,” Berticelli said. “There will be peer-to-peer sessions and roundtable sessions and several of the sessions will overlap [committee jurisdiction],” he said. 

PSA-TEC is open to everyone in the security industry. One does not have to be a PSA member to attend PSA-TEC. Here’s a link to information about the conference.

 

Specifically Speaking: Roger Hutchins, principal, GHD

Specifically Speaking: Roger Hutchins, principal, GHD
 - 
09/09/2014

Specifically Speaking features Q-and-A with a different security consultant every month. In July, we spoke to Roger Hutchins, principal at Washington, D.C.-based GHD.

Vivint creates CSO position, hires federal cyber expert Joe Albaugh

New Vivint CSO Albaugh was security chief at DOT, FAA
 - 
07/30/2014

PROVO, Utah—Joe Albaugh, who today joined Vivint in the newly created position of chief security officer, brings significant cyber expertise, having previously served as chief information security officer at the U.S. Department of Transportation and also at the Federal Aviation Administration.

ADT exec weighs in on cyber security

 - 
06/17/2014

BOCA RATON, Fla.— ADT sponsored America’s Small Business Summit, hosted by the U.S. Chamber of Commerce, which ran from June 11–13.