“ End-to-end encryption, multifactor authentication, and code and database reviews should be paramount when starting. If you can implement those three factors into a product or service from the ground up, you’ll usually have a strong foundation for more refined security later. Products that start out less secure typically implement security haphazardly later. It’s a […]
“ Establishing risk management processes is often overlooked. Having a workflow everyone—including members of the C-suite—is trained on helps limit the complexities of ransomware attacks. When you’re attacked, it’s all about time, limitation and response. Too often, the process takes too long, with not enough limits and either an overreaction or underreaction to the situation. […]
“ Many IoT platforms try to use their internet connections as a means of sharing connectivity with other devices or within their ecosystem. This tendency is riddled with ethical and logistical problems. IoT, by definition, is about the “thing” it’s performing, not the connection it inherently needs. Zero trust should be applied here, and the […]
“ Employee education is paramount. Curricula provides a fun and entertaining approach to employee security awareness and training. If you can get your employees to engage in such a program, you’ll decrease your risk of security issues by a significant factor. Too many of these programs “over-tech” and overcomplicate the process. Curricula is designed for […]
“ Adaptation is the problem with all biometric technologies. Everyone wants something better than a password, but giving companies access to any kind of fingerprint, retina scan or facial recognition feels creepy and prevents 100% adoption in enterprise environments. If people don’t use the product, it’s not useful in the end. Biometrics needs to fix […]
“ The most common and worst threats usually come from internal employees and their lack of knowledge or poor processes. Exercises that focus on social engineering and are internal to the business allow you to see where your threats occur and how you might be able to educate your team to avoid future problems. You’d […]
“ Look for open-source and end-to-end encryption. The most popular options are Signal and Wickr. I prefer Wickr because of the company’s mission statement and longevity in the space. Knowing that the source can be independently reviewed is massively important. It’s also important that the end-to-end encryption is designed in a way that makes use […]
“ When looking at a product, you should always be designing for set functionality, like an appliance. When the environment is static, it’s far easier to have strong security. Open-ended functionality, open architecture or long lists of variables end up crippling security protocols and create a breeding ground for hacks and potential security breaches. It’s […]
“ We’re focused more on human nature than software patches. The biggest cybersecurity holes are created by employees and human beings rather than systems and encryption. We educate employees on social engineering and tactics used to exploit their human nature. By focusing attention on decision making, we find people are less likely to rely on computers to […]
“ Client data is the most precious thing we handle day-to-day. In recent months we’ve migrated to using stronger encryption and password requirements as well as updating all SSL certificates. We’ve also enabled multi-factor authentication on every service that offers this. Protecting data goes beyond access. We’ve started “whitewashing” confidential info so that it is […]
