I just came a across an article that I wanted to discuss. The article is titled “10 security mistakes that will get you fired” written by Roger A. Grimes. I have know too many sysadmins and IT security specialists that have committed at least one or more of these huge mistakes. I’ll cover the highlights here with a link below as well.
Mistake #1 Killing Business Functionality
Although network security is job one to a IT professional, it is not to the company you are working for. Closing down critical business information systems while trying to remediate an intrusion can find you in hot water with management. Just assume management will believe the loss of business systems will outweigh the cost ridding the system from the bad guy.s Continue reading →
What is PCI-DSS? It stands for Payment Card Industry Data Security Standard. PCI-DSS applies to all business that accepts credit card information, stores credit card information , or any information about the cardholder. Yes, even Mom and Pop operations fall under PCI-DSS regulations.
What is good to know that there are 4 different levels that can apply to you. Almost everyone stats off at level 4 if you process less than 20,000 transactions per year. The more transactions your company does, the higher your level will rise. At bare minimum as a level 4 merchant or company, you must complete a Self Assessment Questionnaire, and may have to pass a can of your network by a A.S.V. (Approved Scanning Vendor) Continue reading →
With Facebook’s recent announcement that they will allow video ads to automatically play in your news feed, three things are clear. The first is that the entire Internet just took an enormous step backwards into the 1990s (think GeoCities and webpages with music). The second is that most of us will either surf with our speakers turned off, or at least keep our fingers poised over the mute button. And the third is that bandwidth consumption is going to climb, no, skyrocket as more and more sites follow suit.
Since advertising seems to be the only reliable way to make money on the Internet, we should have seen this coming, but I for stopped going to CNN when they started playing their news videos automatically and and at full volume; so this is a trend that bothers me. And when you pay for bandwidth consumption because you are on a metered connection or mobile device, it’s not just the websites that are going to make money from advertising! But what can you do about it? Quite a bit, actually! Continue reading →
The Internet is a world of information and opportunity. Every business knows that. What not all businesses realize is that the Internet can be a nasty piece of work with cybercriminals all too happy to pounce on unprotected networks. Monitoring, managing and securing a business network is a must today. Product manager, Calin Ghibu explains why the latest version of GFI WebMonitor is the next generation of web security software for businesses and what’s so special about this release. Continue reading →
A common theme across all of these is clear… cloud services are being compromised. Does this mean you should not trust cloud services? Pull all your data back down to local storage and cancel your Internet connection? Go off the grid and return to the trees? Of course not! Cloud services are a major component of our connected lives, and it is not at all true that they are inherently unsafe or vulnerable. They are, however, accessible from literally anywhere in the world, so most people should take more precautions with their data than they may be accustomed to. Continue reading →
It sometimes seems as if we’re abdicating more and more of the control over our everyday lives and handing it over to computers. Machines are analyzing the data and making many of the decisions that used to be the province of human beings. In some cases, this has had very positive results; in others, not so much.
JP Morgan, Home Depot,Target, Kaiser Health,Adobe All Big Data Breaches
My day job is a partner of GFI Software, Each day I speak to IT admins form very small to very large companies in North America, My focus is on Patch Management, Network Vulnerability Scanning,Windows Event Log Management, Securing network endpoints, W3C log management, as well as web security and email security. Continue reading →
Last month, we got a bit of a break as Microsoft issued only four security bulletins and unlike the July and August patches, none of the September patches resulted in widespread problems (those with long memories might recall that the company wasn’t so lucky the previous year, when the September 2013 patches caused numerous reports of problems.
October is traditionally the month for fans of horror stories, so we’re crossing our fingers and hoping this month’s updates won’t bring any Halloween-like surprises. We have a medium-sized slate of patches: nine in all, three of which have been given a severity rating of critical; all of those are remote code execution issues – as are the vast majority of critical patches. One is rated moderate, and the remaining five are classified as important. Continue reading →
Nobody wants to be the Internet Police. We’re probably all very happy with unrestricted Internet access, and it’s none of our business what other people do online.
That all changes in a business environment. Since the company’s PCs are company assets, the company pays for bandwidth, and there are all sorts of threats out there even for users who are doing the right things, companies need Internet monitoring and filtering. It has nothing to do with policing the Internet but it has everything to do with safeguarding your network, assets, investment and reputation. Continue reading →
Most companies these days provide Internet access to their employees. Most employees consider Internet access like coffee service – something that they take for granted. While this is a great thing for both employers and employees to have, when that Internet access is completely unrestricted, bad things can happen with alarming frequency. Companies’ IT or security teams need to implement technical protections to block harmful websites, or employees can quickly find their workstations compromised by malware. Let’s first discuss why you would want to block harmful websites, and then how. Continue reading →