By Eric Jacksch
SecurityGuyJan 27, 2023
Home Depot: Hammers, nails, and breaching our privacy – again!
A recent investigation by the Office of the Privacy Commissioner of Canada into Home Depot of Canada Inc. has found that Home Depot failed to obtain customer consent before sharing personal data with Meta.
Vlogmas Day 31: New Year’s Resolutions
Happy New Year! Have you made your New Year’s resolutions yet? Here are 5 resolutions to keep you, your family, and your business safer in 2023.
For more details on some of my resolutions, you might wish to watch the following:
Just Don't click: https://youtu.be/F6qOZZOdSD0
RAID and Backups: https://youtu.be/Wjq4xfumR-g
Vlogmas Day 30: EnerGuide for security?
Pop quiz: What do IoT devices, phones, tablets, and web applications have in common?
Do you “like” your privacy?
Privacy discussions often revolve around the use and abuse of personal information by governments and corporations. While global surveillance is a serious concern, and some corporations abuse the information entrusted to them, the fact remains that most Internet users happily hand over their private information and allow companies to use it in exchange for “free” services.
Here is the video I mentioned. Are you using a free email service for your business? You shouldn't, and here's why: https://youtu.be/-MN0stElSVs
Vlogmas 2022 Day 28: Interview with Jerry Bell on Mastodon
In this episode of SecurityGuy, I discussed Mastodon and the fediverse with Jerry Bell, a Chief Information Security Officer and the administrator of infosec.exchange.
Vlogmas 2022 Day 27: Interview with Ahmed Masud, CEO of saf.ai
In today's episode of SecurityGuy, I speak with my friend and colleague, the co-founder and CEO of Saf.ai, Ahmed Masud about saf.ai's flagship product Resiliate, which applies cutting-edge AI to protect data against unauthorized access and changes, data corruption, and data exfiltration.
Among other things, Resiliate provides cost-effective defence and rapid recovery from ransomware attacks.
Vlogmas 2022 Day 26: I hate passwords!
While speaking at the 2004 RSA Conference, Bill Gates predicted the demise of passwords saying, "they just don't meet the challenge for anything you really want to secure." In 2011, IBM predicted that within five years, "you will never need a password again." The death of passwords has been predicted by many people. We’re still waiting...
Vlogmas 2022 Day 25: RAID is not a backup
Many businesses make serious mistakes that place their data at unnecessary risk. These mistakes often stem from a fundamental misunderstanding of storage technologies.
Redundant Array of Independent Disks, more commonly referred to by the acronym RAID, is an approach to data storage virtualization that combines multiple physical disk drives into one or more logical storage volumes. Depending on the RAID scheme, it could increase overall capacity, performance, and reliability. Or not.
Vlogmas 2022 Day 24: LastPass Breach
Over the past few days, we’ve learned that the LastPass breach disclosed in August 2022 was much worse than previously reported. Here’s my take on the situation, what you need to know, and what to do about it.
Vlogmas 2022 Day 23: Negligent Software?
In 1905, George Santayana wrote, “Those who cannot remember the past are condemned to repeat it.” Variations of his words have been attributed to several famous people, but as far as some software developers are concerned, the underlying message has fallen on deaf ears.
Vlogmas 2022 Day 22: Does your choice of programming language matter?
When I teach security architecture, I’m often asked if the choice of programming language matters. From a security perspective, the answer is yes. But it’s a bit more complicated than that.
Vlogmas 2022 Day 21: Alert fatigue
Today I’m going to talk about a growing problem in cybersecurity and IT in general: alert fatigue.
Vlogmas 2022 Day 20: Stop using free email for your business
As a cybersecurity consultant, I work with a lot of small businesses. Please stop using free email services like Gmail and outlook.com for your business.
Vlogmas 2022 Day 19: Practical defence in depth
In security architecture, we often talk about defence in depth. But in practical terms, what does it really mean?
Vlogmas 2022 Day 18: Physical security matters
Most of the time this channel is focused on cybersecurity, but today I’m going to switch gears a bit and discuss the importance of physical security as it applies to information technology.
You can see some of the devices I mention in this video at https://hak5.org.
Vlogmas 2022 Day 17: ITSG-33
Today I’m wrapping up a look at cybersecurity frameworks with the Government of Canada’s ITSG-33.
Vlogmas 2022 Day 16: NIST CSF
Another popular security framework is the Cyber Security Framework published by the US National Institute of Standards and Technology. You’ll usually hear it referred to by the acronyms NIST CSF.
Vlogmas 2022 Day 15: SOC 2
SOC 2 is a voluntary compliance standard developed by the American Institute of Certified Professional Accountants that specifies how organizations should manage customer data. If your company provides cloud services, including software as a service, chances are your customers have asked for a SOC 2 report.
Vlogmas 2022 Day 14: ISO/IEC 27001
ISO/IEC 27001 is an international standard for Information Security Management Systems. Like many ISO standards, it’s a bit more complicated than it needs to be, and it’s not as flexible as other standards, but it remains one of the most popular.
Vlogmas 2022 Day 13: Cybersecurity frameworks
Today we’re talking about cybersecurity frameworks.
Vlogmas 2022 Day 12: DMARC
We recently discussed SPF and DKIM. Today I’m completing the email authentication hat trick with DMARC. A lot of companies don’t realize that their emails are ending up in the recipient’s spam folder because they haven’t correctly configured SPF, DKIM, and DMARC.
Vlogmas 2022 Day 11: Understanding DKIM
Yesterday I discussed about how SPF, the Sender Policy Framework, helps reduce spam and email impersonation, and helps get legitimate email delivered. Today I’m going to talk about another way email can be authenticated at the domain level, DomainKeys Identified Mail or DKIM for short.
Vlogmas 2022 Day 10: Understanding SPF
Reducing spam, phishing, and email impersonation have never been more important. If you get your email configuration right, you can help in this fight. But if you don’t, you may inadvertently route legitimate emails that you or your organization send directly into quarantines and spam folders. Today I’m going to talk about one of the tools at our disposal, the Sender Policy Framework.
Vlogmas 2022 Day 9: Should security pros learn to code?
Today I’m responding to a frequent question from people who would like to enter or progress in a cybersecurity career: Should I learn to write code?
Vlogmas 2022 Day 8: Election manipulation
Two days ago, I introduced the basics of machine learning, and yesterday I outlined how social media sites can use and abuse machine learning. Today I’d like to specifically address election manipulation.
Vlogmas 2022 Day 7: ML and social media
Yesterday we talked about machine learning basics, and today we’ll discuss the use of machine learning in social media.
Vlogmas 2022 Day 6: Machine learning
Every time you turn around there’s yet another company talking about machine learning. In some cases, it’s pure hype. But for some applications, machine learning is the way of the future, and along with it come significant privacy, security, and policy implications.
Vlogmas 2022 Day 5: Top 5 personal cybersecurity tips
Today on the fifth day of Vlogmas, here are my top 5 personal cybersecurity tips.
Vlogmas 2022 Day 4: Multi-factor authentication
Today I’m going to be short and to the point. There’s a lot of debate about the origin of this quote, but I like it: “Insanity is doing the same thing over and over again and expecting different results.” Stop the insanity. If you’re not using multi-factor authentication, commonly referred to as MFA, you need to start now.
Vlogmas 2022 Day 3: We suck at risk management
One of the questions I’m frequently asked is why the state of cybersecurity seems to get worse every year instead of better. There are, of course, many contributing factors. One of the fundamental problems is that we, as humans, are collectively terrible risk managers.
Vlogmas 2022 Day 2: Just Don't Click
Information theft and ransomware are two of the most widespread cybersecurity problems we face today. Individuals and organizations of all sizes are suffering significant losses. I’ve talked about the technical issues before, but today, I’m going to focus on the basics everyone needs to know to protect themselves, their families, and their business.
Vlogmas 2022 Day 1: Bait and Switch
Welcome to Vlogmas 2022! Like many of my YouTube colleagues, I will be participating this year and posting a new video for your enjoyment every day in the month of December.
Have you seen a Facebook ad for a cool product at a price that looks too good to be true? Chances are that it is, and here's how one of the latest scams works.
Secure Portable Media
Protecting data on USB memory sticks and portable USB drives might make the difference between losing some hardware and the expense and embarrassment of a data breach. In this week's episode of SecurityGuy, I discuss a few different options as well as the products I use to protect client data on a day-to-day basis.
This is not a sponsored video, and there are no affiliate links. I only suggest products that I use myself and recommend to my consulting clients. A sincere thank you to Apricorn (https://apricorn.com/) for sending over their newest products so I could show them to you instead of the older ones that have been bouncing around in my bag for a few years.
So you want to work in cybersecurity?
I get a lot of questions from people interested in becoming a cybersecurity professional. In this week’s episode, I discuss roles and certifications in the cybersecurity field.
Phishing and the evils of HTML email
In this week's episode of SecurityGuy, I discuss one of the things that drives me nuts. Phishing is a huge problem, and HTML email is a major facilitator. Why haven't we fixed that yet?
Digital Data Beyond Death
So long, and thanks for all the passwords! In this week's episode of SecurityGuy I'm discussing what happens to your digital data when you die, and what we could be doing about it.
Truth, Lies, and VPN
In this week's episode of SecurityGuy, we're discussing VPN from a consumer perspective. Vendors continue to make misleading claims. Do you need a VPN service? Join me and find out.
Ten common small business mistakes and how to avoid them
In this week's episode of SecurityGuy, I discuss ten common cybersecurity mistakes that small business owners make, and how to avoid them.
This episode is not sponsored. The products I mention are based on my experience with them and the value they provide to my customers:
Bill C-11 (Canada)
This week's episode of SecurityGuy is about new Canadian Bill C-11:
An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts.
Multi-Factor Authentication (MFA)
This week's episode of SecurityGuy is about Multi-Factor Authentication (MFA). Why do we need it? How should it work? What choices do developers have? And which MFA solution is best?
While I recommend Yubico's YubiKey products (https://www.yubico.com/), this video is not sponsored, nor do I have any relationship with the companies mentioned other than as their customer.
Is our privacy worth less than a good cup of coffee?
Security and privacy go hand-in-hand, so on today’s episode, we’re going to explore whether your privacy is really worth less than the price of a decent coffee.
Protect yourself, your family, and your small business against malware including viruses, spyware, and ransomware. In this episode of SecurityGuy, I discuss common types of malware, how to avoid them, and most importantly, how to protect your data.
Disclosures:As noted in the episode, this is not sponsored. My only relationship with Microsoft (Windows Defender) is as a paying customer. My only relationship with Blackberry Cylance is as a paying customer.
Hello, and welcome to my new podcast!
Before we can get into a variety of cybersecurity topics, we need to cover the basics. What is cybersecurity? How do we choose what kind of security controls we need? What is a control anyway? I look forward to your comment, questions, and suggestions.