Skip to main content

Posts

This Month's Best Read

Humans: The Achilles' Heel of Cybersecurity. Better Passwords For Your Data Care.

When I’m not researching and writing about cybersecurity, I have a normal day job working in the development department for a nonprofit organization where, just yesterday, I found three cybersecurity alerts in my Outlook email. “You must change your password…”; “We had a phishing incident…”; “Our IT company has initiated MFA…”. It was a lovely way to begin my morning. I was puzzled that someone in our mid-sized company was tricked into clicking a malicious email link. How could this happen? Doesn’t everyone realize what phishing emails look like? The improper English; fake links, the sense of urgency? Apparently, not… H umans are still the weakest link in any data care plan. I sometimes feel that costly cybersecurity tools are more about protecting companies from their own employees than external threats. Businesses should elevate employee education, awareness, and periodic trainings to strengthen data care and minimize human error. I have some inexpensive ideas I often share with busi...
Recent posts

Vulnerability Management: Identifying Security Weaknesses For Small Business

I was having a meeting with a cybersecurity representative and we were discussing helpful data care tools for small business owners. We talked about options for firewall protection, EDR and MDR, and cloud-storage--the usual stuff. I told him many small businesses look for budget-friendly options, and sometimes the cost of data care can be prohibitive to the little guy. The rep then suggested "Vulnerability Management", and with a curious look on my face, h e explained:​ " Vulnerability Management is a proactive approach to identifying, assessing, and addressing potential security weaknesses in your IT environment.  It's the continuous process of discovering, prioritizing, and mitigating vulnerabilities to enhance your overall cybersecurity. "  I then suggested he never use that explanation again, especially   when talking to a business owner. Tech-jargon lures no one. We business people who aren't tech-savvy instead love analogies. So, after digging into the...

Get To Know KEV: Known Exploited Vulnerabilities

The Known Exploited Vulnerabilities Catalog (KEV) might sound like tech jargon, but it's similar to a public service announcement for small businesses like yours.  Think of it as the Most Wanted List for bugs in popular software that hackers are actively exploiting due to weaknesses in the code.  The US government keeps this list updated to warn people about known vulnerabilities.  This list is often popular with IT Departments or people who just like to stay informed about cybersecurity and data care. Why should it be important for you?  These known vulnerabilities are like unlocked back doors that hackers currently use.  By checking the KEV and fixing weaknesses in their software and systems, the good guys are putting padlocks on those back doors, making it much harder for hackers to break in and harm your business. It's a simple step you can take to protect your valuable information and your customers' trust. Remember, you don't need to be a tech expert to us...

AI and Cybersecurity: A Powerhouse Duo for Small Businesses

Small businesses face complex and expensive cybersecurity challenges, but AI is being used to simplify defenses, making cybersecurity protection more affordable for small companies.  Read on to discover how embracing AI can work to secure your digital assets and improve your data care. Cybersecurity can feel like a complex beast, especially for small businesses.  Between technical jargon and ever-evolving threats, it's tough to know where to start.  But there is good news: Artificial intelligence (AI) is entering the scene, offering powerful tools to simplify and strengthen your efforts. Think of AI as a super-smart security guard.  It's constantly scanning, analyzing, and learning, keeping you one step ahead of the bad guys. Here's how AI can be your cybersecurity hero:

Endpoint Detection & Response (EDR): The Updated Safeguarding of Your Business

When it comes to cybersecurity, most small business owners are familiar with basic defenses like antivirus software and firewalls.  But there's another layer of defense that often goes overlooked: Endpoint Detection & Response (EDR), a tool designed to learn behavior and respond to threats directly.   

Why Your Business Should Adopt A Cybersecurity Framework

It’s a sunny morning in the office, and you’re not thinking about cybersecurity. In fact, why would you? There are deals to close, emails to respond to, and projects to complete. The vibe of the office feels normal, but outside this calm, there’s a digital world looming, its shadows shaped by clouds of threats, risks, and—if you look close enough—opportunities. You’ve heard about cybersecurity, of course. The term is thrown around with the same limited understanding as “cloud” or “AI.” Until it lands on your doorstep. Maybe there was an email that looked a little off, or that strange message a client called about regarding an account issue, that no one in your office seemingly sent him. You’re not sure what to make of it all, but a knot of worry begins to tighten in the background.

Three Cybersecurity Tools For Small Business Owners

While routinely finding myself explaining the differences between the three basic tools of business data care ( Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), and eXtended Detection and Response (XDR) ), I find I'm always looking for new ways to explain it to people. In this article, I'll talk about my top three favorite cyber tools for small businesses and how they serve as the foundation of a good security profile. I'll also touch on the role of larger, pricier tools in making cybersecurity more accessible for budget-conscious entrepreneurs. Farewell to Traditional Antivirus Solutions Traditional antivirus software is just not enough anymore. Not on a business network anyway. In today's fast-evolving cybersecurity landscape, the reliance on traditional antivirus solutions within business networks is proving inadequate.

China Actively Preparing Cyber Threats: US Grapples with Balancing Security and Privacy Concerns

I recently watched the January 2024 House hearing entitled "The CCP Cyber Threat to the American Homeland and National Security". It highlighted the growing concern over China's aggressive cyber activities that have plagued our technical infrastructure for decades.   U.S. Cyber Command Commander General Paul Nakasone, FBI Director Christopher Wray, National Cyber Director Harry Coker, CISA Director Jen Easterly, and Rep. Mike Gallagher (R-WI). I was locked into what Jen Easterly, the Director for the Cybersecurity and Infrastructure Security Agency (CISA) was saying throughout the hearing.  She emerged as a key voice, emphasizing the need for a shift in perspective against China and their active pursuit of cyber threats toward the U.S.

Just When You Thought It Was Safe, CyberJerks Are Phishing Again

Since late last year, I've been reading about something called "authentication in the middle," and it's starting to get more attention. Cybercriminals have been intercepting login information in real time, even when a person uses multi-factor authentication (MFA) to log into a website. Is nothing sacred anymore?!  This MFA interception is different from other types of interception, like when somebody hacks the Wi-Fi at the coffee shop and grabs your banking information while you're trying to pay your online bill, sipping a cappuccino.

Cyber Compliance for Small Business: Navigating the Maze

In 2018, I experienced the shock of a cyber breach.  Logging into my Facebook account, I was met with a scene of utter confusion.  That confusion quickly turned into anger.  My Friend list had ballooned from a modest 22 to a staggering 600 contacts,  all seemingly from South America and most associated with the sex trade.  My original friends and family were nowhere to be found, and my personal history had vanished. Facebook had been breached and I was caught in that net.  This stark realization of my vulnerability in the digital world left a lasting impact. That incident, like many others before or since, exposed vulnerabilities and spurred the development of crucial industry standards and regulations that continue to shape how we navigate the digital world today.  This article dives into the world of cyber compliance, explaining the most common regulations for small businesses, right down to the mom-and-pop shops, and boutique firms.  I'll brea...