Up Times
by Bryley · August 2023
What Bryley’s Learned About Minimizing Ransomware
How to Fight Back Against the Thieves
Turn on syncing? the browser asked.
“Syncing” tells the browser to allow stored credentials to be available across a person’s devices. And, why not? Sounds convenient.
Well, maybe the browser account password was phished. Or maybe the browser password had been reused from some other, previously compromised account. Whatever the exact reason, syncing turned out to be a problem when the personal browser account got hacked.
And the real problem was that a work login was found by the criminals among the passwords stored by the browser – and these work credentials were used to steal company data and lock the company systems with ransomware.
It’s easy to say the person shouldn’t have had a work login in a personal account. True enough, but what’s the reason someone would be doing that anyway? What things could the business management have done to have prevented this scenario from unfolding? [6 min. read]
Making Hybrid Work
A Security-First Culture for Your Hybrid Workers
When workers are remote they pose a greater risk to your organization’s data because home networks are less secure and employees do not as closely follow security protocols, per Ponemon Institute’s Data Exposure Report.
In a hybrid work environment, where employees work from wherever, it’s critical to prioritize security. And communicating security’s importance to your employees – and their adoption of good practices – is crucial. It was a lot easier to have everyone in the office connected directly to a server without relying on the convenience of the internet – but with hybrid privilege comes hybrid responsibility … [5 min. read]
Business Continuity Mixtape – Bryley-curated stories from around the internet:
CISA Cybersecurity Goals — Because cybersecurity options can be overwhelming, CISA (the US government’s Cybersecurity and Infrastructure Security Agency) has been tasked with making cybersecurity goals more achievable for businesses through prioritization.
CISA posits if every organization incorporates fundamental cybersecurity practices … they can materially reduce the risk of intrusions … our goal at CISA is to make it easier for every organization to prioritize the most important cybersecurity practices. We also want to be sure they are clear, easy-to-understand …
CISA has identified its four most important measures your organization can take … [6 min. read] cisa.gov
Will you still need me? — Grace Hopper, who trained at Northampton’s Smith College and worked at Harvard, sowed the seeds of the language that became COBOL (Common Business-Oriented Language) sixty-four years ago. COBOL remains an important part of programming, especially in the banking and insurance industries. It is set apart from the computing languages that came before by its use of English – so its functions were more readily understood by business people … [5 min. read] allthatsinteresting.com
North Korea’s cyber strategy — Cambridge, Mass’ Recorded Future has analyzed 273 cyberattacks attributed to North Korean state-sponsored threat actors … the regime primarily engages in cyber espionage [71.5% of its cyberattacks] and financial theft activities. While it has the capability to conduct disruptive or destructive cyberattacks, it rarely does so … North Korea’s largest targets are media companies, financial services, defense contractors and non-profits … [20 min. read] recordedfuture.com
The right tools to deal with pressured deadlines — One of the most intriguing bits of cybersecurity advice from the recent Forbes Technology Council was from Cambridge, Mass’ Mike Pappas from Modulate. Mike advises that many cybersecurity training programs just focus on “here are all the things you absolutely cannot do,” but most vulnerabilities come … from folks trying to take shortcuts to meet deadlines. He recommends fellow business-leaders look hard to make sure the team has what they need to get projects completed successfully … [7 min. read] forbes.com
NAIIO — Did you know the US has a National Artificial Intelligence Initiative Office? It’s tasked with figuring out how to ensure continued US leadership in AI research and development, lead the world in the development and use of trustworthy AI in the public and private sectors, and prepare the present and future US workforce for the integration of AI systems across all sectors of the economy and society.
The cybersecurity risks (or as the NAIIO calls it, achieving “trustworthy AI”) alone seems tough. As Vox points out there are challenges with AI-generated content (like generating pathogens) and the potential for superhuman hacking by hostile nations and terrorists. Let’s hope it gets sorted … [5 min. read] ai.gov
Note: The Mixtape section is Bryley’s curated list of external stories. Bryley does not take credit for the content of these stories, nor does it endorse or imply an affiliation with the authors or publications in which they appear.
Monthly Help for Your Business’ Continuity
Up Times by Bryley arrives monthly in your email box. It’s a New England-based resource, in continuous publication since 2000.
Subscribe free, below. Unsubscribe any time via the link at the bottom of each newsletter.
And be assured: in more than twenty years, Bryley’s subscriber list has not been shared with any third-party and will not be in the future. Bryley’s Privacy Policy can be found here.
Sign up for Up Times to have tech news and tips delivered monthly via email