I’ve been demonstrating hacking in my presentations, and in response to many requests, the video is now available of the hacking session. Watch the hacking demonstration video below.

Read More [...]

One of the biggest problems with passwords is that secure ones seem hard to remember, need to be changed often, and should be phrases with numbers and symbols instead of just single words that can be found in a dictionary. Many organizations have a culture where the IT department has been instructed to allow users to keep insecure passwords. Rather than fight this battle, consider using two factor authentication: something the user has plus something they know. For example, www.phonefactor.net uses

Read More [...]

One of the biggest challenges many companies face is having users that work off-site and need to connect to the Internet. The users may be at a construction site, performing an accounting audit at a customer site, working from a hotel or conference center, or be in some other location. The temptation is to allow the users to connect through a WiFi hotspot or even plug into someone else’s network. The dangers are huge if the remote network infects your user’s computer or if your user gets accused of infecting the remote network.

Read More [...]

When I ask IT professionals why their users have blank passwords or use words like “password” for their password, the IT professional explains “my boss told me I had to leave it that way!”

The same goes for restricting Instant Messenger, or blocking web streaming sites that allow users to watch video and eat up the organization’s precious bandwidth. Then there are the issues of employees bringing in personal notebooks and connecting them to the network without any prior anti-virus checking.

Read More [...]

An IT professional discovered an unauthorized computer on the network!  “I know all our computer names and I knew this one did not belong.  I immediately called our consultants thinking we were being compromised. They said the computer was in our office.  I searched through the office and found that one of the (employees) brought in a (outside representative) into the office and set her up in one of our offices. She was allowed to plug her laptop in to our network and proceeded to access the internet.”   I frequently come across offices that freely offer for visitors to “plug in to the network” to check e-mail or access the Internet. Same with offering visitors wireless access.  The people offering access to complete strangers obviously have no idea of the danger.

Read More [...]

Have you ever had a virus infect your company IT network and someone say to you, “Wow. I don’t understand how that got through our firewall!” When that happens, there’s a good chance that someone brought the virus in from the outside by physically carrying a laptop or some form of removable media into the office right past the firewall. This allowed the infection to go “around” instead of “through” the firewall.

Read More [...]

Quite simply, full-disc encryption means everything on your drive is safe and secure from being accessed by unauthorized people. Many people say they don’t use full-disk encryption tools because they think it’s expensive. Well, it’s not expensive at all. I have full-disk encryption that came included for free with my laptop. Some people also believe that security is very difficult to configure. No. Enabling full-disk encryption only adds about 45 seconds to your computer’s setup once the IT professional knows the procedure. It’s very easy.

Read More [...]

Realize that of all the professional relationships that can make or break your business, your relationship with your IT support staff is one of the most critical. In fact, it’s just as critical as is your relationship with your CPA, your banker, and even your attorney. When your IT staff feels supported and acknowledged, and when they’re armed with the proper technology, they can single-handedly keep your company from losing data, losing work time, and losing customer confidence.

Read More [...]

In 2006, the FBI partnered with 313 companies who agreed to be in a study about IT security. The companies came from various sectors, such as medical, education, transportation, manufacturing, and many more. Combined, these companies lost over $52 million due to various types of security breaches, including viruses, theft of proprietary information, network abuse, and data sabotage. That’s $167,000 plus per company! You certainly don’t want to be part of that loss.

Read More [...]