by Brian Focht | Feb 10, 2023 | Cybersecurity Tools, Products, & Services, Data Privacy & Protection, Improving Your Cybersecurity
4 Basic Concepts. 15 minutes. That’s it.
That’s all the time you need to understand how encryption works in the modern ecosystem. It’s an important tool for protecting data, it’s required by countless laws, regulations, rules, and contracts. But do you really know how it works?
If you don’t understand how encryption works, how can you possibly be expected to know what level of encryption you need? Or even what level of encryption is even desirable?
In this episode of the Fearless Paranoia podcast, we guide you through what you need to know about encryption. There are a lot of terms and jargon thrown around in cybersecurity, and one of the most commonly used is encryption. You’ll hear advertising of RSA or AES encryption, promotion of transitioning from 128-bit to 256-bit, and entire campaigns about how the newest system relies on (random 5-letter acronym) instead of 256-bit encryption.
Yet very few people actually stop to talk about what those things mean. We will give you a baseline understanding of encryption so that you can make informed decisions about what kind of encryption you need.
In this episode, we discuss:
- The three essential components of any encryption system;
- The difference between symmetric and asymmetric encryption, including when you’re most likely to encounter each one;
- The common misunderstanding that encryption and “hashing” are the same thing; and
- What it means when someone describes a 128-bit vs. 256-bit encryption algorithm.
For more information, resources, and a transcript of this episode, check out the original post.
by Brian Focht | Jan 13, 2023 | Improving Your Cybersecurity, Policies & Procedures, Small Business Cybersecurity
Zero Trust is one of the most popular phrases thrown about by cybersecurity professionals and – more importantly – thrown into cybersecurity sales pitches these days. It’s obviously important, and it’s obviously something you want. But what is it? Is it really something you need?
And, critically, how much does it cost?
In this episode of the Fearless Paranoia podcast, we talk about what zero trust cybersecurity really is. We separate the reality from the storytelling and marketing pitches. We break down the three key elements of a zero-trust cybersecurity environment, and provide helpful ways to implement nearly the entirety of the zero-trust framework with little-to-no actual cost.
For more information, a transcript of this episode, and helpful resources, check out the original post.
by Brian Focht | Jan 6, 2023 | Improving Your Cybersecurity, Policies & Procedures, Recovering from a Data Breach
There are a lot of ways to measure the impact – and relative success – of a cybersecurity program. There are tests you can run to determine how effectively your employees are adopting defenses to phishing emails. There are table-top exercises to determine your ability to defend against an attack. There are even ways to compare the costs of your cybersecurity against others in your industry.
But the best way to measure the effectiveness of your cybersecurity is in your cyber resilience – how quickly, effectively, and completely you recover from an attack.
In this episode of the Fearless Paranoia podcast, we discuss what it means to have cyber resilience, including what it means to be resilient, and how you can focus your planning and procedures to make sure that resilience is a primary goal. Remember, even the best cybersecurity can’t guarantee to keep out every potential threat. Are you ready in case today is the day your cybersecurity fails?
For more information, resources, and a transcript of this episode, check out the original post.
by Brian Focht | Dec 23, 2022 | Improving Your Cybersecurity, Policies & Procedures
The best way to make sure that you and your business are protected from cyberattacks is to employ a broad-focus cybersecurity strategy. In order to do so, you need to have a basic understanding of the threats your business faces from cybercriminals, hacktivists, and other malicious actors. One of the most commonly used weapon in the cybercriminals’ arsenal is the DDoS (or Distributed Denial of Service) attack.
The DDoS attack is a tool of disruption, and they are commonly used by cybercriminals and hackers at all levels – from the disassociated loner in his basement to those working for or on behalf of nation states and international conglomerates. Understanding the nature of the disruption, the resources it takes to maintain the disruption, and the services available to limit or eliminate the devices causing the disruption will help to protect you and your business. Do you have the right policies, procedures, systems, applications, and vendors in-place to neutralize a DDoS attack against you?
In this episode of the Fearless Paranoia podcast, we discuss DDoS attacks, including what they are, how they work, and how you can design your cybersecurity systems to limit your risk of being a victim and improve your resiliency if an attack occurs.
For more information, resources, and a transcript of this episode, check out the original post.
by Brian Focht | Dec 16, 2022 | Improving Your Cybersecurity, Policies & Procedures
The more access users have to your company’s data, the more vulnerable that data is in the event of a data breach. A malicious actor gaining access to one of your employee’s credentials gives them access to everything that employee is allowed to see. That’s why you need to restrict the access that users have to only what they need to perform their jobs.
We’re talking about implementing something called “least privilege.” Effectively, it means that users are granted the lowest level of access they can be given while still having access to the data they need to do their jobs. Nobody has admin privileges over their own workstation. Rank-and-file employees don’t have access to payroll data. Nobody has access to the password information for the entire business.
Yes, implementing least privilege will reduce your flexibility in certain situations. But requiring users to seek permission from a supervisor or manager when they need temporary higher-level access – a step that should add mere minutes to a task – is a small price to pay for how much more secure your business data will be.
For more information, resources, and a transcript of this episode, check out the original post.
by Brian Focht | Dec 2, 2022 | Cybersecurity News & Updates, Improving Your Cybersecurity
So, right from the start, let’s clarify – this is about the Uber hack that occurred (or was discovered/publicized) in September of 2022. In fact, it was a rather unique breach of an oft-breached company. The hacker who breached Uber appears to have used very basic phishing techniques to initially gain access, and then took advantage of – well, I guess you could say the need people have for human communication – to get a remarkable level of access within the company.
It appears that he didn’t steal anything, didn’t seek to make any money. In fact, he documented the breach and then told the world about it.
So how did this person manage to exploit the internal systems of a company that should have some remarkable security – given how much personal information they have on millions and millions of people? We discuss that and more in today’s episode:
For more information, resources, and a transcript of this episode, check out the original post.
