
Prepare for Ransomware
Recently technical guidance was released for CIOs and CISOs on how to prepare for a ransomware attack. This guide was a joint effort of multiple Federal agencies to address the growing concern of ransomware. In, “How to protect your Networks from Ransomware,” they provide some suggestions for prevention and response. We have created a checklist below to help you based on their recommendations. You can review your current polices, procedures and plans to see if you are cover


Cybersecurity Policy Coverage
What topics need to be covered in cybersecurity policies? In this post I will cover the required cybersecurity policies from various cybersecurity standards and in future posts I will cover cybersecurity procedures and cybersecurity related supporting documents. The table below lists items or topics, that should be address either in an overall cybersecurity policy or in individual policies. This list is based on NIST standards including the Risk Management Framework, Cyberse

Who should setup access in the ERP (Financial Application)?
As an IT auditor for local governments, one of the most often asked questions I get during audits is this: “Who should setup user access in the financial application?” There is a debate concerning whether it should be IT or finance staff that creates accounts and is involved with setting up access. My answer, as with many professional questions is, “it depends”. Specifically, it depends upon other controls that might be in place. What I like to do with clients is walk the

Spread the Word on Cyber Safety
As you may know October is cybersecurity awareness month. Each week has a new theme and this week is about the importance of training our children to be cyber safe and about the various careers in cybersecurity. I have written several articles about careers in cybersecurity and the growing need for cybersecurity professionals. One thing that I have not blogged about is cyber safety training for children. It is not just about online predators or cyber bullies, it is about tra


Cybersecurity for Local Governments 2018
2018 update on cybersecurity for local governments. This year marks the rise of the new threat to Local Government from nation states and the new risks to local governments. Costs for suffering cyber-attacks can be crippling to local governments. In addition, 93% of incidents are directly related to the human vulnerability. Most importantly strengthening the human firewall is a must to reduce risk. A strong cybersecurity awareness program is necessary. One update since I d


Cybersecurity Policy for Local Governments
Here is a sample high-level cybersecurity policy for a city, district, or county. It is designed to be a high-level statement adopted by city council, supervisors, or board of directors and leave detailed policies and procedure at a lower level. The reason is detailed policy and procedure may need to change regularly and there is no reason to continuingly go back to council or board for detail changes. It is appropriate for department heads to accept the risks to their oper

Does Security Awareness Work?
According to the Verizon 2018 Data Breach Report, 93% of data breaches are linked to phishing or social engineering. With stats like that, you would think cybersecurity awareness would be a top priority for organizations. However, there have been some cybersecurity professionals who claim that awareness is not effective and won’t change individual behavior. I disagree with their pessimism, human behavior can be changed. In fact, advertisers pay millions of dollars for a su


Default Security Settings, What Needs to Change?
Today, news agencies and outlets are reporting Information Technology (IT) breaches and loss of protected data at alarming rates. The centerpiece of these breaches, after months of forensic analysis, has been a lack of following IT industry accepted security best practices. Should manufacturers of IT products, both software, and hardware, follow these industry best practices by releasing secure products? Manufacturers need to start designing security in their products from th


Cybersecurity Education Options
Join Rob and Don as they talk about cybersecurity degree programs that they have taken. Rob will talk about his experiences taking courses at Western Governors University. WGU offers a unique program that is performance based and different than traditional academic institutions. Don will talk about his experiences with American Military University. AMU has an online program that is similar to the traditional academic institutions. Today people have many options from micro


Hacking a Tesla
This is another demonstration of how people can hack into cars. However, just because it is possible does not mean it is practical. Look at the step you would need to accomplish to take control of the car. How to steal a Tesla? In this video, we demonstrate the ease with which the mobile app for car manufacturer Tesla can be hacked, enabling would-be cyber criminals to locate, unlock and steal a Tesla vehicle. #Hacking #Hacker #Auto #Car #OS #Cybercrime #Cybersecurity