20 Expert Tips For Building Security Into New Tech Products

End-to-end encryption, multifactor authentication, and code and database reviews should be paramount when starting. If you can implement those three factors into a product or service from the ground up, you’ll usually have a strong foundation for more refined security later. Products that start out less secure typically implement security haphazardly later. It’s a case of preparation—security should be important from day one.

~ Tom Roberto

 

See the full article here, on Forbes.

Ransomware Attacks: 20 Essential Considerations For Prep And Response

Establishing risk management processes is often overlooked. Having a workflow everyone—including members of the C-suite—is trained on helps limit the complexities of ransomware attacks. When you’re attacked, it’s all about time, limitation and response. Too often, the process takes too long, with not enough limits and either an overreaction or underreaction to the situation. This allows ransomware attacks to be far more successful.

~ Tom Roberto

 

See the full article here, on Forbes.

16 Effective Steps For Securing Corporate And Personal IoT Networks And Platforms

Many IoT platforms try to use their internet connections as a means of sharing connectivity with other devices or within their ecosystem. This tendency is riddled with ethical and logistical problems. IoT, by definition, is about the “thing” it’s performing, not the connection it inherently needs. Zero trust should be applied here, and the connection should be inaccessible.

~ Tom Roberto

 

See the full article here, on Forbes.

16 Strategies To Ensure A Phishing Exercise Has A Strong And Lasting Impact

Employee education is paramount. Curricula provides a fun and entertaining approach to employee security awareness and training. If you can get your employees to engage in such a program, you’ll decrease your risk of security issues by a significant factor. Too many of these programs “over-tech” and overcomplicate the process. Curricula is designed for everyone and is a secret in my arsenal.

~ Tom Roberto

 

See the full article here, on Forbes.

Tech Experts Share 13 Essential Facts About Biometric Tech Everyone Should Know

Adaptation is the problem with all biometric technologies. Everyone wants something better than a password, but giving companies access to any kind of fingerprint, retina scan or facial recognition feels creepy and prevents 100% adoption in enterprise environments. If people don’t use the product, it’s not useful in the end. Biometrics needs to fix its image with the general public, not CTOs.

~ Tom Roberto

 

See the full article here, on Forbes.

15 Smart Strategies For Ensuring A Successful Red Team Exercise

The most common and worst threats usually come from internal employees and their lack of knowledge or poor processes. Exercises that focus on social engineering and are internal to the business allow you to see where your threats occur and how you might be able to educate your team to avoid future problems. You’d be shocked at how easy it is to target a company from the inside out.

~ Tom Roberto

 

See the full article here, on Forbes.

14 Expert Tips For Choosing A Secure Messaging App

Look for open-source and end-to-end encryption. The most popular options are Signal and Wickr. I prefer Wickr because of the company’s mission statement and longevity in the space. Knowing that the source can be independently reviewed is massively important. It’s also important that the end-to-end encryption is designed in a way that makes use of keys, hashing and more advanced cryptography.

~ Tom Roberto

 

See the full article here, on Forbes.

11 Ways To Address Security From The Start Of Your Tech Project

When looking at a product, you should always be designing for set functionality, like an appliance. When the environment is static, it’s far easier to have strong security. Open-ended functionality, open architecture or long lists of variables end up crippling security protocols and create a breeding ground for hacks and potential security breaches. It’s not bad to be locked down and static.

~ Tom Roberto

 

See the full article here, on Forbes.

10 Cybersecurity Protocols Every Tech Professional Should Follow

We’re focused more on human nature than software patches. The biggest cybersecurity holes are created by employees and human beings rather than systems and encryption. We educate employees on social engineering and tactics used to exploit their human nature. By focusing attention on decision making, we find people are less likely to rely on computers to protect them from foolish human errors. They think.

~ Tom Roberto

 

See the full article here, on Forbes.

Assure Your Customers Their Data Is Secure With These Six Best Practices

Client data is the most precious thing we handle day-to-day. In recent months we’ve migrated to using stronger encryption and password requirements as well as updating all SSL certificates. We’ve also enabled multi-factor authentication on every service that offers this. Protecting data goes beyond access. We’ve started “whitewashing” confidential info so that it is anonymously stored.

~ Tom Roberto

 

See the full article here, on Forbes.