Pro Tip: Sending Secrets via Signal
20th April 2020
How do you send a secret key or password to another team member? You can’t just hand someone a sticky note! That’s why we recommend downloading and using the Signal app. Signal has end-to-end encryption and has been vetted by some of the top security minds. We use Signal when sharing passwords, birthdates, files containing confidential materials and…
-- READ MORE
Fast and Easy Video Conferencing Comes With a Price
10th April 2020
Back when I was a kid, my grandfather would never talk about money on the phone. Even face-to-face, if he had to say the word out loud, he would whisper it, as if speaking normally would somehow invite a visit from nefarious forces. I can’t really blame him. He was a first generation American whose Jewish parents had…
-- READ MORE
G Suite Access Control Audit Tip
29th March 2020
Here’s a G Suite tip that will save you lots of time figuring out who your administrators are. From the admin console go to Reports > Users > Account Activity. Admin Status will tell you who is a “Super Admin,” “Admin” or “None.” Hey Google, “Can you make this easier to find?”
-- READ MORE
Are You Treating Your Cybersecurity Like a Rental Car?
19th March 2020
My wife and I took our two kids down to Sarasota, Florida a few weeks ago, to visit my parents. There was a fair amount of rental car logistics involved (don’t ask), and when it came time to pick up the car, I brought along my dad. I signed the papers, grabbed the keys and…
-- READ MORE
Why the Corp.com Sale Matters to You
24th February 2020
The Corp.com website is being sold (likely price: $1.7 million). Why should you care? Because many companies use corp.com as their second level domain for their Active Directory. As explained in this helpful article, it means that, “[W]hoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being…
-- READ MORE
Every Company Needs a Jessica
20th February 2020
Where I live, you’re not allowed to park on the street overnight. Unless, that is, you apply for and receive an official town parking pass. So I called my town hall to learn more. Who answered the phone? Jessica. (Not her real name.) Who processes the parking applications? Jessica. Who is also responsible for block…
-- READ MORE
Should I become a Virtual CISO? What I wish I had read 30 months ago
12th February 2020
This article is written as advice for aspiring Virtual CISOs (vCISO). This is the third part in a series. If you haven’t read the 18-month and 25-month ones, you should. They’re here: https://fractionalciso.com/18-months-in-what-ive-learned-starting-a-cybersecurity-company/ https://fractionalciso.com/25-months-in-what-ive-learned-starting-a-cybersecurity-company/ Know, like, trust, buy These magic words: “know, like, trust, buy” are the key to success in the Virtual CISO business….
-- READ MORE
Just Okay Is Not Okay
16th January 2020
These days, I don’t watch much live TV. The exception is sports. And with football playoffs in full swing, I’ve seen a fair number of commercials along the way. One that has stood out involves a surgeon: “How’s doctor so-and-so?”, asks the patient. “Oh, he’s okay,” says the nurse. The ad goes on to say…
-- READ MORE
Don’t Click That Link!
19th December 2019
Anyone who says there is no difference between boys and girls, has never coached youth basketball. I coach at our local YMCA — 3rd/4th graders with my son; 1st/2nd graders with my daughter. And let me tell you, I’m not even sure these two populations are of the same species. Here’s a prime example… When…
-- READ MORE
Disney+ Account Compromise
5th December 2019
There are many Disney Plus accounts available for sale by fraudsters. Attackers use Credential Stuffing and Password Spraying attacks to gain access to these accounts. CNBC has more details on the compromises. What are Credential Stuffing and Password Spraying Attacks? Credential Stuffing is when attackers take known email addresses and passwords from one site compromise…
-- READ MORE