I’ve been demonstrating hacking in my presentations, and in response to many requests, the video is now available of the hacking session. Watch the hacking demonstration video below.

Read More [...]

One of the biggest problems with passwords is that secure ones seem hard to remember, need to be changed often, and should be phrases with numbers and symbols instead of just single words that can be found in a dictionary. Many organizations have a culture where the IT department has been instructed to allow users to keep insecure passwords. Rather than fight this battle, consider using two factor authentication: something the user has plus something they know. For example, www.phonefactor.net uses

Read More [...]

One of the biggest challenges many companies face is having users that work off-site and need to connect to the Internet. The users may be at a construction site, performing an accounting audit at a customer site, working from a hotel or conference center, or be in some other location. The temptation is to allow the users to connect through a WiFi hotspot or even plug into someone else’s network. The dangers are huge if the remote network infects your user’s computer or if your user gets accused of infecting the remote network.

Read More [...]

When I ask IT professionals why their users have blank passwords or use words like “password” for their password, the IT professional explains “my boss told me I had to leave it that way!”

The same goes for restricting Instant Messenger, or blocking web streaming sites that allow users to watch video and eat up the organization’s precious bandwidth. Then there are the issues of employees bringing in personal notebooks and connecting them to the network without any prior anti-virus checking.

Read More [...]

An IT professional discovered an unauthorized computer on the network!  “I know all our computer names and I knew this one did not belong.  I immediately called our consultants thinking we were being compromised. They said the computer was in our office.  I searched through the office and found that one of the (employees) brought in a (outside representative) into the office and set her up in one of our offices. She was allowed to plug her laptop in to our network and proceeded to access the internet.”   I frequently come across offices that freely offer for visitors to “plug in to the network” to check e-mail or access the Internet. Same with offering visitors wireless access.  The people offering access to complete strangers obviously have no idea of the danger.

Read More [...]

I purchased my Amazon Kindle months ago and love it! Am an avid reader and used to carry lots of books with me. Now, all my books are in the Kindle e-book reader! It is amazing. I don’t need books filling up my house anymore either - just sent several huge boxes of books to the Salvation Army yesterday. Not only that, I want users to read my new book “The Secure CEO - How to Protect Your Computer System, Your Company and Your Job” on the Kindle, so I formatted my book in HTML and uploaded the book to Amazon last night. Sure enough, this afternoon…

Read More [...]

Do you outsource IT? As I performed a recent IT Vital Systems Review at “Company A” - one of your peers - I was appalled.  The CEO and executives have relied for years on an outsourced firm that has offices nationwide. On the day of the review to the company, their representative showed up sloppily dressed and thirty minutes late. The anti-virus package reported 6 viruses and some patches were more than six years out of date.

Read More [...]

Have you ever had a virus infect your company IT network and someone say to you, “Wow. I don’t understand how that got through our firewall!” When that happens, there’s a good chance that someone brought the virus in from the outside by physically carrying a laptop or some form of removable media into the office right past the firewall. This allowed the infection to go “around” instead of “through” the firewall.

Read More [...]

A common theme you will notice in my new book “The Secure CEO” for protecting your network is the concept of Central Management. What’s that? Well, ask any IT professional, and they’ll tell you that one of the worst things in our career is when we have to change something on all the company’s computers. It doesn’t matter if you have five computers, 50 computers, 500 computers, or more, that’s way too much work to visit each computer, phone, or PDA, individually. We want to be able to manage things centrally.

Read More [...]

Quite simply, full-disc encryption means everything on your drive is safe and secure from being accessed by unauthorized people. Many people say they don’t use full-disk encryption tools because they think it’s expensive. Well, it’s not expensive at all. I have full-disk encryption that came included for free with my laptop. Some people also believe that security is very difficult to configure. No. Enabling full-disk encryption only adds about 45 seconds to your computer’s setup once the IT professional knows the procedure. It’s very easy.

Read More [...]