May 2023
May 2023 Gatekeepers: The guardians of dataEnsuring confidential information remains confidential requires an overlap of three key areas: people, processes, and technology. In fact, those elements represent the foundation of a framework that has existed since the 1960s — a model designed to help organizations assess and improve performance. The idea behind the framework is that all three overlapping components must be aligned and properly balanced for an organization to achieve and maintain a successful workflow. Not long after it was introduced, the framework was adopted by the security community. To this day, it is one of the most widely used for information technology management as well as workforce management. It’s
April 2023
April 2023 Internet of Hackable ThingsThe Internet of Things, or IoT, refers to the broad range of internet-connected devices that offer many different services and functionality. From consumer products, like digital assistants and remotely accessible security cameras, to smart hospitals and manufacturing plants, the potential advantages of the IoT are nearly limitless. But there’s also an opportunity cost associated with this connected world.
March 2023
March 2023 Security Awareness and CultureThe concept of awareness refers to someone’s perception and knowledge of any given situation. Awareness serves many different purposes and is often applied to multiple use cases. We must develop a security minded culture.
February 2023
February 2023 Understanding the insider threatInformation security presents an ongoing challenge for every organization in every industry. Meeting that challenge requires sound strategies and processes to help navigate the sprawling landscape of threats that put data, systems, and people at risk.
May 2021
May 2021 Newsletter - Incident ResponseMay 2021 Security Awareness Newsletter – Fundamentals of Security Awareness - Just like Just like finding success in fields like sports, we need to understand its fundamentals first, we also need to know fundamentals of security awareness to protect us from online frauds. These include identifying possible scammers, creating strong password, reporting incidents, identifying phishing attempts and following the policies. Please review the newsletter for more details.
March 2021
March 2021 Newsletter - Incident ResponseMarch 2021 Security Awareness Newsletter – Fundamentals of Security Awareness - Just like Just like finding success in fields like sports, we need to understand its fundamentals first, we also need to know fundamentals of security awareness to protect us from online frauds. These include identifying possible scammers, creating strong password, reporting incidents, identifying phishing attempts and following the policies. Please review the newsletter for more details.
January 2021
January 2021 Newsletter - Incident ResponseApril 2020 Security Awareness Newsletter – Identity Theft and Data Breaches - Even if you’re the most security aware person on the planet, massive data breaches can still compromise your confidential data, and result in identity theft. This month’s edition details not only how to prevent those breaches at work, but also the measures that must be taken immediately to ensure a quick recovery in your personal life, should your data fall into the wrong hands.
April 2020
April 2020 Newsletter - Incident ResponseApril 2020 Security Awareness Newsletter – Identity Theft and Data Breaches - Even if you’re the most security aware person on the planet, massive data breaches can still compromise your confidential data, and result in identity theft. This month’s edition details not only how to prevent those breaches at work, but also the measures that must be taken immediately to ensure a quick recovery in your personal life, should your data fall into the wrong hands.
February 2020
February 2020 Newsletter Internet of ThingsFebruary 2019 Security Awareness Newsletter – The Internet of Things – Blurb and Scavenger Hunt Questions The Internet of Things, or IoT, provides unprecedented interconnectivity between humans and devices. From consumer appliances to smart factories and Industry 4.0, the modern landscape of data flow improves our lives. But it also increases security risks. In this issue, we address those risks and how they impact individuals and organizations alike.
January 2020
January 2020 Newsletter The Art of the ConWhile the technical side of cybersecurity, such as firewalls and threat detection services, helps contain various attacks, it’s the human side that poses the most risk. Social engineers know how to manipulate emotions and use them against the victim. Cons and scams work because humans will always have vulnerabilities that cannot be patched by a software update. This edition ends the year by showcasing real-world examples of social engineering attacks and how they can be prevented.
December 2019
December 2019 Newsletter Passwords and AccessWhile the technical side of cybersecurity, such as firewalls and threat detection services, helps contain various attacks, it’s the human side that poses the most risk. Social engineers know how to manipulate emotions and use them against the victim. Cons and scams work because humans will always have vulnerabilities that cannot be patched by a software update. This edition ends the year by showcasing real-world examples of social engineering attacks and how they can be prevented.
November 2019
November 2019 Newsletter Malware, Phishing, and Other Lurking ThreatsSecurity threats come from everywhere. Detecting those threats before they cause damage is paramount to an organization’s success. Even though some threat detections require technical skills, the ultimate threat detection is you--the human firewall. This month’s newsletter addresses the who, what, and why of enterprise threat detection and highlights two major threats: BEC and ransomware
October 2019
October 2019 Newsletter Living the Human Firewall LifeDefending DataBeing a human firewall is more than just not clicking on obvious phishing links; it’s a lifestyle choice that improves overall security no matter where you go or what you do. This issue examines the five traits that human firewalls exhibit in their personal and professional lives, as well as seven tools that every human firewall can keep in their metaphorical utility belt. We spend a bit more time looking at the importance of incident reporting and the types of security events that you need to report.
September 2019
September 2019 Newsletter Defending DataCybercrime is something that impacts everyone, both professionally and personally. At work, a data breach could permanently damage an organization’s reputation and result in lawsuits and fines. On an individual level, when our sensitive info ends up in the wrong hands, it could lead to identify theft and additional cyber-attacks. This month’s newsletter identifies how data breaches happen, their impact on us personally, and what we can do to prevent cybercrime at work, at home, and on the go.
August 2019
August 2019 Newsletter Defending DataWe live in a connected world where sensitive data has effectively become currency. As such, understanding how to protect that information has become an imperative part of our daily routines. This month’s newsletter covers the importance of data classification, then dives into what cybercriminals do with stolen data, and wraps up with compliance regulations and their impact on our lives both professionally and personally.
July 2019
July 2019 Newsletter Creating a Security Forward CultureCulture traditionally refers to the shared customs, arts, and other characteristics of specific groups of people. Similarly, the security awareness culture of an organization refers to the shared human effort of information security. Creating a culture of security aware individuals requires the participation of every employee, from executives to the front desk. In this month’s newsletter, we examine the steps that everyone can take to improve culture and put security first in the workplace.
June 2019
Good Device HygieneLike automobiles, buildings, and our own bodies, devices require a bit of maintenance. Ignoring simple actions, such as updating apps and deleting/organizing files, not only leads to degraded performance, it also invites security risks. In this edition, we focus on those risks and highlight how they can be avoided both at work and at home.
May 2019
Taking Security PersonallyTo build a culture of strong human firewalls, it’s important to prioritize not just organizational security, but personal security as well. That’s why this month’s newsletter takes on a personal focus by covering how to protect your family online, how to secure home networks, and what it means to properly maintain mobile devices. When security receives precedence in all facets of life, both organizations and individuals improve their resistance to cybercrime.
April 2019
Privacy, PII, & ID TheftHow do you prevent data breaches at work? What do you do if your personal data is involved in a breach? Is it possible to maintain privacy in a constantly connected world so immersed in technology? In this issue, we address these questions and uncover solutions for maintaining security at work, at home, and on the go. It begins with a field guide to PII, continues with five steps for preventing identity theft, and ends by identifying the most common causes of data breaches—all while highlighting the non-technical, human side of protecting data!
March 2019
The Simple Side of SecuritySecurity doesn’t require a robust understanding of networks and computers. Most of it comes down to non-technical actions and using common sense! In this edition, we jump into the simple side of security with a quick overview of what it means to use non-technical security awareness, and why it’s important to separate your professional life from your private life (such as with BYOD, or bring your own device). We wrap things up in the physical world by highlighting a few real-life examples of physical security events.
February 2019
Guide to Security AwarenessComprehensive Guide to Security Awareness: Kick the year off with a comprehensive overview of how to prioritize security awareness in your life, both personally and professionally. This guide digs into the specifics of what it means to be a strong human firewall, and why we place so much value on things like strong password practices and following policy.
January 2019
Current State of MobileToday, mobile refers to a massive web of connected devices (the Internet of Things, or IoT). It isn’t about simply having access while on-the-go. It’s about having control of nearly everything from the convenience of a smart device that fits in your pocket or straps to your wrist. Unfortunately, lost in this world of smart connections is the prioritization of security. New technology rarely comes stocked with features that improve resistance to cybercrime. Quite the opposite, in fact.
December 2018
Getting PhishedFrom advance-fee scams to spoofed email addresses, phishing has long been the go-to attack in the social engineer’s playbook. In this month’s issue, we cover why phishing works via a real-life example, and highlight the obvious signs of an attack with a phishing identification checklist.
November 2018
Incident ResponseHow much damage can a security incident cause in one minute? How much damage can that same security incident cause if left unreported for one hour? Is that 60 times the potential damage? Or what about one day or even a week or longer?
October 2018
Identification and AuthenticationPasswords have been around for centuries… ever since humans felt the need to password-protect something (the right to enter or pass, for example). Fast-forward to today and the need for strong identification and authentication is more important than ever.
September 2018
The Human Side of SecurityThere is no shortage of technical solutions for defending organizations against cyber threats. A quick internet search yields many options for threat detection, threat prevention, and a variety of other services aimed at keeping data secure. But security, at its core, is a people process.
August 2018
The Rule of ThreeThe number three surrounds us. We find it in mathematics and science. Only three primary colors are needed to mix most other colors (red, yellow, blue). The three-act structure is the predominant model used in screenwriting (the setup, the confrontation, the resolution).
July 2018
All about Social MediaThe social media explosion over the last several years has created a cultural phenomenon where seemingly everything is documented. From dating apps to neighborhood watch groups, information has never been more accessible, nor has its life cycle been so infinite. What happens on the internet, stays on the internet.
June 2018
The Cybercrime IssueLast year, cybersecurity took center stage not just in boardrooms, but in the media. It’s not just a C-level concern, but something that affects every one of us, at both professional and personal levels. And if the first few months of 2018 are any indication, it’s not slowing down.
May 2018
Protecting Sensitive DataIt seems like data breaches are always in the news. What can you do to protect the University's data as well as your own? Check out this month's newsletter to learn how to protect your data and privacy when storing, transferring, and even hot to safely destroy the data once it has reached its end of life.
April 2018
The Threat ConnectionCybercriminals target organizations of all shapes and sizes. But we also must contend with insider threats, whether they be accidental or malicious. Ensuring that sensitive information stays safe throughout its lifecycle means assessing our vulnerabilities both internally and externally.
March 2018
Getting Comfy with ComplianceWhether you have to follow compliance mandates for work or not, across the globe we are all affected by their rules and regulations. Consider the amount of data you must provide for general services like utilities and health care. Have you ever wondered who has access to that data, or how it’s being protected?
February 2018
Creating a Security CultureEvery organization has a unique culture—a shared behavior that shapes the way employees and business partners interact with each other. One of the most important parts of that culture is security awareness.
January 2018
Personal, Professional, and Mobile Non-Technical SecurityThe potential to have your data or the University's data compromised is real and can happen easier than you think! Someone trying to get access to the data may be able to without even getting to your computer. Check out this months newsletter to see how data can be stolen, and how you can prevent it.
December 2017
Privacy vs SecurityDo you know the difference between privacy and security? Understanding how these two concepts work together, and how they differ, is key to improving our overall defense.
November 2017
Social Engineering and PhishingCybersecurity is a human process that social engineers attempt to exploit in many different ways. From phishing to tailgating to dumpster diving, we need to be aware of the threats we face in all three domains (cyber, physical, people).
October 2017
Being Smart About Smart DevicesImagine a world where your refrigerator orders groceries on your behalf, which are then delivered by computer-controlled drones or driverless vehicles.
September 2017
The Front DoorIt’s often said that passwords are the first line of defense when it comes to information security. But is that still the case? And what does the future hold for identification and authentication? Are biometrics any better?
August 2017
MalwareHow much is your computer worth? What about your smartphone? Your identity? Everything has a price and cybercriminals are looking to profit.
July 2017
See Something? Say Something!Security incidents are going to happen, sometimes because of mistakes and sometimes because of things beyond our control.
June 2017
Safely Sailing the Cyber SeasMost of us never think about how much work goes into the way we communicate. When we do consider the greatness of the networks that connect us, we should treat them with respectful caution; respect for the power that flows through the cables, caution for interacting with the people who want to do us wrong.
May 2017
The Top Ten Security PracticesKnowledge is power. And, in this case, that power enables us to protect ourselves, our organizations, our families, and our friends. Check out our collection of top ten lists and see how they can be applied to your everyday life at work, at home, and on the go. Remember that each and every one of us has it in ourselves to be a strong human firewall and combat cybercrime.
April 2017
The CIA TriadWe are surrounded by the number three. When arming cyber-aware citizens on the third rock from the sun, we rely on three security triads: The CIA Triad, Domains Triad, and Many Lives Triad lay the foundation of what it means to be secure in every aspect of the ongoing battle against cybercrime.
March 2017
Become a Human FirewallWhether you know it or not, YOU are a human firewall. That is not up for debate. It’s just a matter of how good you are at being one. As a human firewall you have a lot of responsibilities. The good news is that those responsibilities don’t require strong technical or computer skills.
February 2017
Cybercrime UpdateCyber threats are not going away. Most experts think the Security of Things will get worse before it gets better. Tech companies will continue to release products rife with security flaws, errors or misconfigurations. Cybercriminals will continue to discover new ways to find and steal data and to compromise organizations.
January 2017
Common Sense SecurityNo piece of information security technology, like biometrics (fingerprint scanners, facial recognition, etc.), is totally secure. There is always a way to enter, bypass, fool or otherwise render security ineffective. At the same time, we can’t just sit around and wait for it to improve, just like we can’t sit around waiting for tech companies to enhance security features, or for governments to regulate tech companies.
December 2016
What is PII?PII stands for Personally Identifiable Information. But what info is considered PII? And what info isn’t considered PII? Those can be tough questions to answer. PII is any data that can be used to specifically identify an individual. But that’s rather vague and can be confusing. In this issue we will clear up these questions and more.
November 2016
Horrors of MalwareMalware is any malicious software, script or code installed on a computer that alters its function in some manner without permission. It might be malicious or it might not be. Malware comes in all shapes and sizes and can go undetected for long periods of time.
October 2016
Safe SurfingFrom our homes to our mobile devices to our computers at work, we are connected, we are surfing. If we’re not doing it safely, we can easily drown in a sea of malware, spyware, viruses and even identity theft.
September 2016
Insider Threats and Data BreachesE-commerce has taken over the way we do business, which means there’s a lot of sensitive information being exchanged. This opens more doors for criminals. Instead of going after goods and services, they can target our data (and yours) without even leaving home. The worst thing any of us can do is assume we’re not a target.
August 2016
Mobile in the CloudBecause of mobile devices and the cloud, we live in a world of constant access. Which means we need to be constantly vigilant to avoid scammers. Do you know what to do if you lose your smartphone? Do you know what data Google collects on you?
July 2016
The CIA TriadThe CIA Triad is one part Confidentiality, one part Integrity and one part Availability. As a whole, it is the single most crucial element to protecting sensitive data. Failure at any one level can lead to failure at every level. It’s our duty to not only keep data private, but also make sure it is consistently accurate and accessible for authorized users.
June 2016
Living a Healthy CyberlifeMaintaining a healthy life-style is a challenge even for the best of us. Our busy lives make it difficult to eat right, exercise regularly and get enough sleep. But, when we make a habit out of all of those things, it comes a bit more naturally. In this issue we want to help you achieve a healthy cyberlife by practicing good security habits on a regular basis.
May 2016
Spam, Scams & Hacking You on Social MediaYour email, LinkedIn, Facebook, (all social media) and even your text messages can pose potential security threats. With a little security awareness you can learn to identify and avoid such threats by using simple common sense and easy to follow security practices.
April 2016
Personal & Home Network SecurityThe path to great security awareness doesn’t begin and end at work, you must also be vigilant at home and in your personal lives. In this issue we discuss the steps you can take to protect your home network and PII (personally identifiable information), and what steps can be taken to avoid ransomware.
March 2016
The Secrets of Data ClassificationData classification is essential to our everyday lives, both at work and at home. In general, data can be classified into one of four sensitivity levels: public, internal use, regulated and confidential or top secret. Do you know the sensitivity levels of the data you handle at work? How do you handle your personal data at home?
February 2016
The Three Domains of SecurityPeople remember things best in groups of three. In this issue, we are exploring in depth the Three Domains Triad, which consists of the Cyber, Physical, and Human domains. Each domain has its own unique security risks that a security savvy person must be aware of and prepared for.
January 2016
Security Awareness Top 10If you could only have one food for the rest of your life, what would it be? What are your three top wishes? What are your Top-10 best security behavior and practices at work and at home? In this issue, we even take Top-10s further, by introducing the Top-10 of Security Top-10s!