If you want something important to get done, give it to somebody who's always busy [Dilbert] (ScottWright)
posted Mon June 21st 2010 @ 6:35 AM

I heard the above tip in a time management course many years ago. This may sound counter-intuitive to many people, and you have to be careful about how you use this advice. It's not necessarily the people who always complain that they are busy you need to look for, it's the ones you know are always "doing something important". So, Dilbert's assessment below about the guy who takes on the work too readily is a little narrow-minded, but there can be some truth in it. Read More »

Keep 'em separated - surfing and online banking computers (ScottWright)
posted Wed June 9th 2010 @ 7:10 AM

I've written about this before, but I sense the focus of much discussion in the next year or so will be the risks of doing banking online - both for business and personal purposes. The growth in online banking fraud is still increasing, due in large part to malicious software infections from web surfing that later capture your user names, account numbers and passwords during online banking logins. Brian Krebs has raised another good point about separating web browsing from online banking activities, and has generated a lot of comments on his blog from people who have strong opinions about what kind of computers are safest for online banking - a point that seems somewhat irrelevant to me.
Read More »

Improve security efficiency through data classification (ScottWright)
posted Mon May 31st 2010 @ 10:44 AM

Management often only starts to take an interest in security when there is an incident or a scare that could have cost the organization money – or management it’s credibility. Unfortunately, by this time, it is hard to “fix” the problem in a meaningful and lasting way. By taking a pro-active approach to Data Classification – one of the earliest steps in any security program – fixing a specific security issue becomes much easier. Here’s why… Read More »

Quitfacebookday.com happens on May 31, 2010 - Should you quit, too? (ScottWright)
posted Thu May 20th 2010 @ 9:01 AM

It seems like maybe I talk too much about Facebook security. But it's a growing issue in the news these days. As you can see from the image next to this blog post on my website, one of the most searched terms in Google is now "How do I delete my Facebook account?" (In fact, as of today, if you type "Delete" into a Google search, the top suggestion is "Facebook account") So, I'm debating quitting Facebook on May 31 with the others who are disgusted with the site's disregard for privacy and security. (See http://www.quitfacebookday.com)

My reasons include:
Read More »

Think about the optics of collecting personal information [Dilbert] (ScottWright)
posted Sat May 15th 2010 @ 9:25 AM

No doubt, one of the most common situations in which you find yourself divulging personal information is when you are speaking to a customer service representative. But when you think about it, doesn't this interaction seem a bit "one-sided" in terms of who gets the value most of the time? Read More »

Greed and laziness make the masses vulnerable. [Dilbert] (ScottWright)
posted Thu May 13th 2010 @ 7:22 AM

Wally has a plan, but doesn't realize Identity Thieves could take advantage of his greed and laziness to cause him more damage than reward. While this example from Dilbert takes things to the extreme for Wally, it's a good illustration of how Identity Thieves can take advantage of peoples' laziness when it comes to security, and think ahead of the masses. Read More »

Figuratively, today’s Internal Audit teams must track and herd zoo animals. Security pros can help. (ScottWright)
posted Wed May 12th 2010 @ 9:03 AM

Recently, I was reviewing the Canadian Financial Administration Act (FAA) and Federal Accountability Act (FedAA, or sometimes also called the FAA) for an initiative I've taken on.  As a result I couldn't help but notice the wide range of challenges faced by internal audit teams. It struck me that many people don’t realize the range of responsibilities and activities that are usually taken on by their internal audit team, and how this critical governance function has an important relationship to security and privacy. And like zoo keepers who track and herd different types of zoo animals, some parts of an organization are easier to work with than others; and the challenges include more than just the simple things we might expect, like counting them and feeding them. Read More »

Your software probably needs to be updated 75 times a year - are you sure yours is up to date? (ScottWright)
posted Fri May 7th 2010 @ 7:10 AM

Many of the most important risks we face today are related to computers that are not properly protected against attacks. If you run Microsoft Windows or use Adobe Reader, you really need to make sure these software programs are updating themselves automatically, even if you aren't the one who knows how to make it happen. If you aren't prepared to check for and install software updates 75 times a year, on average, you need to make sure automatic updates are turned on for all the software you use.
Read More »

A few quick but important statistics about malware (stats provided by Trend) (ScottWright)
posted Tue April 27th 2010 @ 8:01 PM

I attended an interesting event yesterday that was hosted by Trend Micro, here in Ottawa. Talks were given by Jirka Danek (Government of Canada CTO), as well as Eva Chen (one of Trend's founders) and Raimund Genes (Trend CTO). While there was some great discussion around cloud security - a key focus of Trend's business model - there were some very memorable malware statistics from Raimund and Eva that I think are important for everyone to take special notice of. Read More »

Dire Warning: Beware the LIKE button, for you know not how the Open Graph is wired (ScottWright)
posted Mon April 26th 2010 @ 8:51 AM

When you click the LIKE button on any web page, you may be telling Facebook and 400 million of your closest friends where you are. How could telling others that you "LIKE" a web page cost you your privacy? Well, it turns out that Facebook has some pretty complicated wiring behind that button that stretches our trust farther than Elastigirl’s reach. This is a long post, but you should read it all if you use the Internet.
Read More »