SecurityGuy

A recent investigation by the Office of the Privacy Commissioner of Canada into Home Depot of Canada Inc. has found that Home Depot failed to obtain customer consent before sharing personal data with Meta.

Happy New Year! Have you made your New Year’s resolutions yet? Here are 5 resolutions to keep you, your family, and your business safer in 2023.

For more details on some of my resolutions, you might wish to watch the following:

MFA: https://youtu.be/ITi2Oz9P1LI

Passwords: https://youtu.be/Hkk9kU6jdw0

Just Don't click: https://youtu.be/F6qOZZOdSD0

RAID and Backups: https://youtu.be/Wjq4xfumR-g

Pop quiz: What do IoT devices, phones, tablets, and web applications have in common?

Privacy discussions often revolve around the use and abuse of personal information by governments and corporations. While global surveillance is a serious concern, and some corporations abuse the information entrusted to them, the fact remains that most Internet users happily hand over their private information and allow companies to use it in exchange for “free” services.  

Here is the video I mentioned. Are you using a free email service for your business? You shouldn't, and here's why:  https://youtu.be/-MN0stElSVs

In this episode of SecurityGuy, I discussed Mastodon and the fediverse with Jerry Bell, a Chief Information Security Officer and the administrator of infosec.exchange.

In today's episode of SecurityGuy, I speak with my friend and colleague, the co-founder and CEO of Saf.ai, Ahmed Masud about saf.ai's flagship product Resiliate, which applies cutting-edge AI to protect data against unauthorized access and changes, data corruption, and data exfiltration.

Among other things, Resiliate provides cost-effective defence and rapid recovery from ransomware attacks.

While speaking at the 2004 RSA Conference, Bill Gates predicted the demise of passwords saying, "they just don't meet the challenge for anything you really want to secure." In 2011, IBM predicted that within five years, "you will never need a password again." The death of passwords has been predicted by many people. We’re still waiting...

Many businesses make serious mistakes that place their data at unnecessary risk. These mistakes often stem from a fundamental misunderstanding of storage technologies.

Redundant Array of Independent Disks, more commonly referred to by the acronym RAID, is an approach to data storage virtualization that combines multiple physical disk drives into one or more logical storage volumes. Depending on the RAID scheme, it could increase overall capacity, performance, and reliability. Or not.

Over the past few days, we’ve learned that the LastPass breach disclosed in August 2022 was much worse than previously reported. Here’s my take on the situation, what you need to know, and what to do about it.

In 1905, George Santayana wrote, “Those who cannot remember the past are condemned to repeat it.” Variations of his words have been attributed to several famous people, but as far as some software developers are concerned, the underlying message has fallen on deaf ears.

When I teach security architecture, I’m often asked if the choice of programming language matters. From a security perspective, the answer is yes. But it’s a bit more complicated than that.

Today I’m going to talk about a growing problem in cybersecurity and IT in general: alert fatigue.

As a cybersecurity consultant, I work with a lot of small businesses. Please stop using free email services like Gmail and outlook.com for your business.

In security architecture, we often talk about defence in depth. But in practical terms, what does it really mean?

Most of the time this channel is focused on cybersecurity, but today I’m going to switch gears a bit and discuss the importance of physical security as it applies to information technology.

You can see some of the devices I mention in this video at https://hak5.org.

Today I’m wrapping up a look at cybersecurity frameworks with the Government of Canada’s ITSG-33.

Another popular security framework is the Cyber Security Framework published by the US National Institute of Standards and Technology. You’ll usually hear it referred to by the acronyms NIST CSF.

SOC 2 is a voluntary compliance standard developed by the American Institute of Certified Professional Accountants that specifies how organizations should manage customer data. If your company provides cloud services, including software as a service, chances are your customers have asked for a SOC 2 report.

ISO/IEC 27001 is an international standard for Information Security Management Systems. Like many ISO standards, it’s a bit more complicated than it needs to be, and it’s not as flexible as other standards, but it remains one of the most popular.

Today we’re talking about cybersecurity frameworks.

We recently discussed SPF and DKIM. Today I’m completing the email authentication hat trick with DMARC. A lot of companies don’t realize that their emails are ending up in the recipient’s spam folder because they haven’t correctly configured SPF, DKIM, and DMARC.

Yesterday I discussed about how SPF, the Sender Policy Framework, helps reduce spam and email impersonation, and helps get legitimate email delivered. Today I’m going to talk about another way email can be authenticated at the domain level, DomainKeys Identified Mail or DKIM for short.

Reducing spam, phishing, and email impersonation have never been more important. If you get your email configuration right, you can help in this fight. But if you don’t, you may inadvertently route legitimate emails that you or your organization send directly into quarantines and spam folders. Today I’m going to talk about one of the tools at our disposal, the Sender Policy Framework.

Today I’m responding to a frequent question from people who would like to enter or progress in a cybersecurity career: Should I learn to write code?

Two days ago, I introduced the basics of machine learning, and yesterday I outlined how social media sites can use and abuse machine learning. Today I’d like to specifically address election manipulation.

Yesterday we talked about machine learning basics, and today we’ll discuss the use of machine learning in social media.

Every time you turn around there’s yet another company talking about machine learning. In some cases, it’s pure hype. But for some applications, machine learning is the way of the future, and along with it come significant privacy, security, and policy implications.

Today on the fifth day of Vlogmas, here are my top 5 personal cybersecurity tips.

Today I’m going to be short and to the point. There’s a lot of debate about the origin of this quote, but I like it: “Insanity is doing the same thing over and over again and expecting different results.” Stop the insanity. If you’re not using multi-factor authentication, commonly referred to as MFA, you need to start now.

One of the questions I’m frequently asked is why the state of cybersecurity seems to get worse every year instead of better. There are, of course, many contributing factors. One of the fundamental problems is that we, as humans, are collectively terrible risk managers.

Information theft and ransomware are two of the most widespread cybersecurity problems we face today. Individuals and organizations of all sizes are suffering significant losses. I’ve talked about the technical issues before, but today, I’m going to focus on the basics everyone needs to know to protect themselves, their families, and their business.

Welcome to Vlogmas 2022! Like many of my YouTube colleagues, I will be participating this year and posting a new video for your enjoyment every day in the month of December. 

Have you seen a Facebook ad for a cool product at a price that looks too good to be true? Chances are that it is, and here's how one of the latest scams works.

I get a lot of questions from people interested in becoming a cybersecurity professional. In this week’s episode, I discuss roles and certifications in the cybersecurity field.

In this week's episode of SecurityGuy, I discuss one of the things that drives me nuts. Phishing is a huge problem, and HTML email is a major facilitator. Why haven't we fixed that yet?

So long, and thanks for all the passwords! In this week's episode of SecurityGuy I'm discussing what happens to your digital data when you die, and what we could be doing about it.

In this week's episode of SecurityGuy, we're discussing VPN from a consumer perspective. Vendors continue to make misleading claims. Do you need a VPN service? Join me and find out.

This week's episode of SecurityGuy is about new Canadian Bill C-11:

An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts.

Security and privacy go hand-in-hand, so on today’s episode, we’re going to explore whether your privacy is really worth less than the price of a decent coffee.

Protect yourself, your family, and your small business against malware including viruses, spyware, and ransomware. In this episode of SecurityGuy, I discuss common types of malware, how to avoid them, and most importantly, how to protect your data.

Disclosures:  

• As noted in the episode, this is not sponsored.  
• My only relationship with Microsoft (Windows Defender) is as a paying customer. 
• My only relationship with Blackberry Cylance is as a paying customer.

Hello, and welcome to my new podcast!

Before we can get into a variety of cybersecurity topics, we need to cover the basics. What is cybersecurity? How do we choose what kind of security controls we need? What is a control anyway? I look forward to your comment, questions, and suggestions.