Coffee and Security
By Jesse Weeks
Coffee and SecurityApr 12, 2022
S1E46 - The Patches are Coming
Much ado about patching (as always this time of the month).
In this episode we cover an upcoming feature from Microsoft, go over what to expect today, and about why patch management is a thing for small businesses.
Tune in and listen until the end for a special offer for our listeners!
You can find our one-week intro to building better businesses course at https://59.consulting
S1E45 - Britches and Paradigm Shifts
In today's episode we talk all about britches.. ok data breaches, and a possible paradigm shift coming soon to cybersecurity that could prevent many data breaches from ever happening.
In the news
- Microsoft Data Breach
- Okta Data Breach
- Another Google Vulnerability
- Sophos Vulnerability
- SonicWALL Vulnerability
- Fortinet Vulnerabilty
And then
- Microsoft rolls out Defender for Business to existing Microsoft 365 Business Premium subscribers
- A possible paradigm shift away from C.I.A. to D.I.E. (yeah I know that spells die)
S1E44 - Ask Your IT Begins
This month, we're starting our "Ask your IT" series.
Each day, we're posting a short video clip to engage your IT department or outsourced provider in a conversation about reducing cyber risk. We start by posing a question every business leader should be asking their IT or cybersecurity team.
Warning though, you may not like what you hear.
Why are we doing this? What should businesses and IT teams be talking about when it comes to cyber risk? Tune in to find out!
Here are some links from today's episode:
- Firefox patches a critical vulnerability: https://thehackernews.com/2022/03/2-new-mozilla-firefox-0-day-bugs-under.html
- CISA adds another 95 flaws to it's actively exploited vulnerabilities list: https://thehackernews.com/2022/03/cisa-adds-another-95-flaws-to-its.html
- Microsoft accounts under siege in a recent campaign: https://thehackernews.com/2022/03/cisa-adds-another-95-flaws-to-its.html
Online free assessments in the Cyber Lab: https://insula.tech/cyberlab/
S1E43 - How Automation Saves Time and Money
How can businesses, especially IT and Cybersecurity businesses, save time and money by automating systems?
Tune in to this week's episode for some tips and specific examples that can start saving your business money today.
For complete show notes and additional info check out our site at https://insula.tech/tag/coffee-and-security
NEWS LINKS
- CISA's free services & tools site: https://www.cisa.gov/free-cybersecurity-services-and-tools
- More on the UpdraftPlus WordPress plugin: https://threatpost.com/severe-wordpress-plug-in-updraftplus-bug-threatens-backups/178528/
- More on the FlexBooker data leak: https://www.infosecurity-magazine.com/news/flexbooker-data-leak-millions/
FREE RESOURCES
- Bitwarden: https://bitwarden.com
- Wazuh: https://wazuh.com/
S1E42 - Building Practice Immunity with Good Cyber Hygiene
Good cyber hygiene helps healthcare practices prevent harm like good medical hygiene helps prevent harm to patients.
Practices that build up their immunity to cyber threats are 99% less likely to suffer cyber attacks. So tune in to learn how to get started.
Website: https://insula.tech/tag/coffee-and-security
S1E41 - Telehealth Allows Fast Practice Growth
When COVID struck, many physicians found themselves with far fewer patients on the schedule than before. Telehealth became a necessity. But based on the evidence we're seeing, it could be a huge business driver.
For show notes and links to stories, check out our blog at https://insula.tech/tag/coffee-and-security
S1E40 - Security Risk Assessment Primer
Has your business invested time in conducting a risk assessment in the past year?
Tune in to today's episode to find out why you should be doing these more frequently, learn what the most used attack vector for ransomware is and find out how these are related.
Show notes as always are at https://insula.tech/tag/coffee-and-security
S1E39 - SMB Cybersecurity - a Conversation with the CEO of Restech Solutions
Join me for a Conversation with a former colleague also turned business owner, David Levine of Restech Solutions, as we talk about small business cybersecurity. Some great topics here including what small business owners need to know about IT and cybersecurity when they first get started.
As always, you can find our show notes and news story links at the related post at https://insula.tech/tag/coffee-and-security
To get ahold of David @ Restech or check out his free content, head over to his website at https://restech.solutions
S1E38 - Security Operations
In 2022, threat actors and hackers are fine-tuning their attacks more than ever before. They are living in your network to collect and extract sensitive information, and then they are launching attacks.
It's time to fight hackers with hackers. Tune in to learn more about this cool topic
For show notes, check out our blog at https://insula.tech/tag/coffee-and-security
S1E37 - Defending the Internet Layer
This week on our defense in depth series, we go over the Internet layer and how you can protect your devices both managed and unmanaged from becoming infected or phoning home (if they already are).
Show notes as always at https://insula.tech/tag/coffee-and-security
S1E36 - Network Defense Layer
Today, some heavy recommendations from the government entity CISA and a look into the next layer of our defense in depth strategy -- the network layer.
For show notes, see https://insula.tech/tag/coffee-and-security
S1E35 - Start Building your Human Firewall
STOP blaming your people for your data breaches and do something about it. Build your human firewall today using modern authentication techniques and role-specific bite-sized trainings to keep your culture of cybersecurity alive.
Show notes as always at our blog: https://insula.tech/tag/coffee-and-security
S1E34 - Application Layer Defense
Our defense in depth series continues with layer 3, the application layer. Tune in to walk through this layer and important services to consider in your multi-layered cybersecurity defense strategy. Stay tuned throughout for important tips and tools to get you started.
For links and complete show notes, check out our blog at https://insula.tech/tag/coffee-and-security
Defensive Layers - Devices
Today, I talk about layer two of a multi-layered cybersecurity defense: devices. Stay tuned until the end to learn about a cool service you can offer your staff that may help retain them.
For show notes and to check out other episodes, here's our blog: https://insula.tech/tag/coffee-and-security
S1E32 - Layered Defense - Layer 1
Today I talk about layered defense for cybersecurity controls. The art of selecting the best controls that matter to your business all starts with an assessment. Tune in today as I go through the first layer of a modern cybersecurity defensive strategy.
Reminder: not all of these will work for your business. Know thyself.
Show notes at https://insula.tech/tag/coffee-and-security
Cryptominers!
Today's episode is all about cryptominers. Tune in to learn what these are and how to defend your business from them.
Show notes: https://insula.tech/tag/coffee-and-security
Special Video Edition:
-Watch on Spotify or YouTube at https://www.youtube.com/watch?v=2BtpmbO6SNo
2021 in review, Log4J back again, and why security tools on autopilot is a bad idea
Tune in to today's episode while I review 2021's biggest cybersecurity news, talk about the latest in the Apache Log4J vulnerability and a new patch, and discuss why the right tools and how they're used matters for your business.
For show notes and links discussed in the episode, here's our blog: https://insula.tech/tag/coffee-and-security
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
Show notes: https://insula.tech/tag/coffee-and-security
A Christmas wish and Small Business Healthcare Tips
Today: A Christmas wish, what we all hope for over the next few weeks, and Small Business Healthcare cybersecurity and compliance tips.
For show notes, check out https://insula.tech/tag/coffee-and-security
Secure Network Architecture & Administration - Part 2
Network security starts with secure network architecture. Today's modern threats need a more modern approach to network detection and response (NDR) that evolves with the way we work and the way threat actors attack. On today's episode we'll check in on some of the high level aspects of what small businesses need to do to identify, detect, and recover from attacks using the network layer.
Show Notes: https://insula.tech/tag/coffee-and-security
Network Security - Part 1
Network security is a specialty within cybersecurity. One layer in a multi-layered approach to ensuring your business is ready for today's threat landscape. Tune in today for part 1 of 2 while I tell stories from a former life about my experience with secure network architecture and administration.
For show notes, check out our blog at https://insula.tech/tag/coffee-and-security
Update on the Critical Log4J vulnerability and December Patches
Zero-day critical vulnerability in Log4J causes massive concerns in security community while most others sleep like babies. At the end of last week (Dec 10th), this zero-day vulnerability was announced and given a critical 10 CVSS score by NIST based on its attributes. Tune in to hear about this vulnerability, upcoming patches for December, and more about running a vulnerability management program that works.
Show notes are here: https://insula.tech/tag/coffee-and-security
Defending Mobile Devices Part 2
In this two-part episode I break mobile device security down and we chat about what is needed, why it's needed, and what you can do to protect yourself. Part 2 includes more detail about what you can do to protect yourself and what types of threats are out there specifically attacking mobile devices.
Show notes at https://insula.tech/tag/coffee-and-security
Mobile Devices need Mobile Threat Protection
As threats continue to increase in the mobile smart phone market, so must the evolution of mobile threat protection. In today's episode, I talk a bit about what Mobile Threat Defense (MTD) is, how it's better than Mobile Device Management (MDM), and what is driving the need for this defense.
Show notes and links to news articles: https://insula.tech/tag/coffee-and-security
Five reasons your RMM may not be effective at patching Systems
RMM tools, used primarily by Managed IT Service Providers to remotely manage and monitor their customer's environments, may not be patching well. I've come up with the top five reasons why they fail and what can be done to make them more effective in today's Coffee and Security podcast episode.
Show notes and links to RMM resources: https://insula.tech/tag/coffee-and-security
A tale of two phish
A tale of two phish is a true story where I discuss two recent phishing attacks, details about what makes them risky, and how businesses can start to defend themselves against them.
Show notes at https://insula.tech/tag/coffee-and-security
Happy Thanksgiving! Are you ready for holiday cyberthreats?
Happy Thanksgiving! Cybersecurity is always a challenge for businesses and consumers alike; however, there are certain times each year when the threat increases: Holidays. Threat actors rarely take the holidays off. In fact, holidays are when we typically see an increase in cyber attacks because of a lack of available staff and increased susceptibility to some types of scams. My advice, stay frosty.. and check out some additional tips below.
Check out show notes and links at https://insula.tech/tag/coffee-and-security/
Securing SaaS
Ever wonder why so many Microsoft 365 and Google Workspace customers are phished or compromised even when these companies are huge? While it is true the service provider bears some security responsibility for the infrastructure, you may be surprised to know that you are still responsible for securing and monitoring security for your 'tenant' in their software as a service solution. Today, I talk about one of the largest SaaS solutions, Microsoft 365, and a couple of other big ones (Google Workspace and Salesforce) and what you should be considering when securing your tenant.
Show notes as always on https://insula.tech/tag/coffee-and-security
Ten Essential Skills for Cybersecurity Professionals
While reading the news today I wondered what are some essential skills that every cybersecurity professional needs to have to be successful. Listen to today's episode or read below to find out more.
For show notes and links, check out our blog at https://insula.tech/tag/coffee-and-security/
Tools of the week: Email Security & Ransomware Playbook
An email server at the FBI was recently hacked and used to send spam warnings. And, the Qualys Security Conference is gearing up for a start; but before it starts some recommendations on what to include in your ransomware playbook from their CTSO.
Listen in to here about these recent events and what your business can start doing today.
Show notes at our blog https://insula.tech/tag/coffee-and-security/
Incident Response Planning: Part 2
In part 2 of Incident Response (IR) planning, join me as I go through the next two important parts of a cybersecurity incident response plan: response and recovery.
Find out why you need to be looking for an IR firm now instead of waiting for the worst to happen.
Show notes as always can be found at our blog: https://insula.tech/tag/coffee-and-security/
Incident Response Planning: Part 1
In part 1 of Incident Response (IR) planning, join me as I go through the first two important parts of a cybersecurity incident response plan: prevention and detection. Find out why you need to be looking for an IR firm now instead of waiting for the worst to happen.
As always, show notes and links found here: https://insula.tech/tag/coffee-and-security/ (when I have my coffee)
Protecting the Internet of Things
The Internet of things, or IoT, is a generic label given to the multitude of devices that can be networked to make our lives better. This includes devices like smart speakers, thermometers, connected appliances, and security cameras. With every device that we connect to our networks, it's essential that we understand the risks and work to protect our personal or business information from cyber threats.
As always, read more on our blog at https://insula.tech/tag/coffee-and-security/
Cyber Incidents in Hospitals is on the Rise
Cybersecurity incidents in hospitals is on the rise. On today's episode, we'll talk about a few recent examples in the news, what hospitals and medical offices can do to avoid being in the headlines, and why as a consumer you should be more angry about this.
Show notes as always on our blog at https://insula.tech/tag/coffee-and-security/
Code Review Could Save Your Business
Hear about a couple of recent events in the news and how cybersecurity code review could have prevented them.
As always, you can listen here and then feel free to read about it or get the links we discuss on our blog at https://insula.tech/tag/coffee-and-security/
Building your human firewall
Today, let's talk about building up your business's human firewall by implementing a culture of cybersecurity. What does it take? listen to find out!
Show notes as always can be found on our blog at https://insula.tech/tag/coffee-and-security/
What the Smish?
What is smishing and what is a simple thing you can do about it? Find out on today's episode.
Show notes and links discussed in each episode can be found on our blog here: https://insula.tech/tag/coffee-and-security/
The evolution of antivirus
What was antivirus originally built for? Why isn't that effective any more? What should I be considering? Find out on today's episode of Coffee and Security.
Show notes and more can be found here on our blog: https://insula.tech/tag/coffee-and-security/
All about a password
Tune in to today's episode to hear the most common passwords still used in the US, find out what Sweden did earlier this year that made the news regarding passwords, and hear tips about how you can upgrade your password game.
For written show notes and links referenced in the show, check out our blog here: https://insula.tech/tag/coffee-and-security/
What is good cyber hygiene?
Tune in to discuss what 'Good' cyber hygiene means and why it's important to businesses that they implement as many of these best practices as possible to prevent data breach in their organization.
Show notes and additional information can be found here: Coffee and Security Archives » Insula Technologies
Roundtable: Should my business consider paying a ransomware demand?
This is an interesting topic. At face value, you may immediately say 'yes' or 'no'; but when you get down into the weeds about what can happen if you do or don't and ethical, legal, and other implications it's not such an easy answer. Tune in to today's special roundtable discussion (it's a long one) to find out what your business needs to know about ransomware and whether or not you may end up having to pay a threat actor's demands.
For show notes and links to free resources, check out our related blog post at Coffee and Security Archives » Insula Technologies.
Your Email Security Needs a little TLC
Find out why you need to STOP blaming Joe for your ransomware attacks, why you need to get a Sarah, and what you need to protect yourself from today's email threats in today's episode.
Show notes and additional links can be found at our blog Coffee and Security
Two-Factor Authentication: Preventing Ransomware
Today in the news: a major step forward for Exchange servers, vmware patches a critical bug, and why you should update your Apple device now.
And the tip: What is two-factor authentication? Why does it help? Who needs it? The answer to these questions and more on today's episode of Coffee and Security.
For the full news stories and tips, check out our blog post here: insula.tech
What is Ransomware? And, news of the day.
What is ransomware? how has it evolved? how do I protect my business from this threat? Tune in for a quick tip on what this threat is in this episode.
News of the day: phishing attempts getting harder to distinguish every day. A couple examples of using the popular Zix secure email service to send encrypted phishing attacks.
Read more at our blog here.
IT Support vs. Security. What's the difference?
What does IT support do? What about security teams? How are they alike and how can you find out which services you need? If you have these questions, tune in to this episode while I explore this topic out loud. If you prefer reading, check out our blog post post on the topic here.