8 Easy Tips for Better, More Secure Passwords

Posted by Scott Petry

Oct 11, 2016

Thumbnail Illustration for Authentic8 Cybersecurity Awareness Month Blog Post Illustration: 8 Easy Tips for Better, More Secure PasswordsSECURITY

We all know the Ben Franklin quote about two certainties in life being death and taxes. It’s time to add a third: passwords.

We can’t avoid passwords. The problem is, when using them, most of us can’t seem to avoid taking shortcuts either. Hackers count on it, which is why weak or unprotected passwords are still the #1 reason for most major data breaches. I’ve blogged about the reasons here.

No National Cyber Security Awareness Month should go by without pointing out methods to improve password security. I recommend you take the following simple steps sooner rather than later: 

Topics: Security

8 Easy Steps to Protect Yourself Online When Traveling

Posted by Gerd Meissner

Oct 4, 2016

Thumbnail Illustration for Authentic8 Cybersecurity Awareness Month Blog Post Illustration: Business Travel Online SecuritySECURITY

Consider this before taking your next trip: When traveling for business, you are more likely to get hacked than to get mugged, according to a recent report.

Are you among the rapidly growing group of professionals - like lawyers, IT professionals, financial advisors or executive search consultants - who stay connected with their job while on an extended weekend or a vacation trip?

Then you potentially put your organization at risk every time you fire up your notebook or tablet computer in an airport lounge, hotel room or beach restaurant.

Don’t be the one employee whose carelessness opens the door for online crooks. October is National Cybersecurity Awareness Month, so here's to cybersecurity awareness while traveling:

Topics: Security

How a Secure Browser Insulates the Enterprise from Third-Party Risks

Posted by Gerd Meissner

Sep 13, 2016

Illustration for blog post: How a Secure Browser Insulates the Enterprise from Third-Party Risks - Trusted Vendor MemeSECURITY

From enterprise-sized organizations down to one-person professional firms, critical business information is frequently handled by third-party service providers.

Suppliers and vendors are routinely given access to their customers’ most sensitive systems and data. And just as routinely, this results in massive data breaches.

How can your organization improve security to minimize the risk introduced by third-party suppliers?


Most companies learn about vulnerabilities when it’s too late - after a data breach. 37 percent of the U.S. companies who responded to a recent survey by Ponemon Institute believed their main third party vendors would not inform them in case of a serious data breach.

Companies are depending on IT consultants, accounting and payroll professionals, HR consultants, recruiters and other professional service providers to get the job done and to maintain a competitive edge.

Topics: Security

Ransomware in 2020: Still a Threat?

Posted by Gerd Meissner

Sep 6, 2016

Ransomware in 2020: Still a Threat? InfoSec Luminary Lineup IllustrationSECURITY

What’s your prediction, and why?

Yes, predicting the future of cyber crime may be a bit of a “fool’s errand” (Richard Caplan). But ransomware is not a new phenomenon, it’s been around since 1989, as Jake Olcott points out below.

In spite of such a long history of mayhem, ransomware is more prevalent than ever. So we asked information security industry thought leaders, analysts and observers to extrapolate, and received a wide range of responses for this installment of our "InfoSec Luminary Lineup" series of blog posts.

Topics: Security

Five Endpoint Security Resources Every IT Leader Should Know

Posted by Gerd Meissner

Aug 9, 2016


Endpoint security tops the priority list for many enterprise IT leaders this year, across a wide range of industries. One main reason: “2016 is shaping up as the year of ransomware - and the FBI isn’t helping” (Los Angeles Times).

Ransomware, distributed by criminals via automated phishing email campaigns and large-scale infections of web servers, infiltrates the networks of hospitals, law firms and energy utilities alike, encrypting stored data, and demanding payment to unlock the victim’s data.

Data breaches at major law firms and healthcare data providers have already reached record numbers in the first half of this year. In many cases, the organization’s use of regular, non-secure browsers - which fetch and process code from the web on the local computer, including malware - opened the door for outside attackers.

Topics: Security

No More Ransom? Activism Won’t Prevent Ransomware.

Posted by Gerd Meissner

Aug 1, 2016

Illustration: Thumbnail No More Ransom (screenshot)SECURITY, NEWS

The European Cybercrime Centre (EC3) of Europol, the European law enforcement agency, is driving a new public/private initiative that, according to the Washington Post, “may offer a glimmer of hope for victims” of ransomware.

No More Ransom, is the campaign’s motto. As nice as that would be, I think the slogan and the site promote a false sense of security.

I’d call it feel-good activism. Here’s why:

Silo Underscores Integral Role in Enterprise Web Security

Posted by Gerd Meissner

Jul 26, 2016


New Enhancements Integrate With IT Infrastructure and Enable Seamless Access

(MOUNTAIN VIEW, CA -- Jul 26, 2016) - Authentic8, maker of Silo, the cloud-based secure browser for business, introduced today new enterprise capabilities for its flagship product aimed at seamless deployment within the enterprise and added convenience for end users.

Silo now includes synchronization with Microsoft Active Directory (AD) services, integration with Identity Provider (IDP) solutions for federated authentication, and enhancements to the Silo Access Portal to streamline secure access to the web.

By synchronizing Silo with AD, an organization's traditional methods of managing users, enabling application access and defining policies can be used as the basis for deploying and managing Silo for secure access to the web.

For organizations that rely on federated authentication systems, such as Microsoft ADFS or other commercial identity provider (IDP) services that are based on the standard Security Assertion Markup Language (SAML), Silo deploys without requiring users to perform further authentication steps. Once the user is registered on the network, use of Silo is seamless.

Topics: Corporate News

Malware Targeting Energy Utilities                        Avoids AV Products

Posted by Scott Petry

Jul 14, 2016

Illustration: Thumbnail: Critical Infrastructure: Malware Targeting Energy Utilities Avoids 400 Windows-based AV ProductsSECURITY, NEWS

…and so should we.

At least that’s my take after looking into various reports about a particularly aggressive malware that is targeting specifically energy utilities that operate Windows-based Industrial Control Systems (ICS).

So far, malware of the “Furtim” variety - as analyzed in-depth by IT security vendor Sentinel One - has breached the security perimeters of at least one European energy provider. Add this to the long list of (often web-borne) attacks against ICS that are covered in Booz Allen Hamilton’s recent Industrial Cybersecurity Threat Briefing.

In my recent post Industrial Control Systems Under Attack, I commented on the documented threats that critical infrastructure providers have been exposed to recently, in many cases due to their continued use of regular browsers.

So you could say I’ve thinking about how ill-prepared utilities are to deal with that kind of threat. But the new findings regarding Furtim (Latin, meaning “Stealth”) - and what they could mean for the U.S. utility sector - are prompting me to follow up with a postscript.

Topics: Security

Personal Email at Work - the "Hillary Factor"

Posted by Scott Petry

Jul 7, 2016

Illustration: Personal Email at Work - the Hillary Factor (blog post)Security, Policy

Hillary Clinton’s personal email workarounds during her term as Secretary of State have received much scrutiny in Washington and in the media.

All the political rhetoric aside, a question remains:

Why was she allowed to run her own email server? How could an employee dictate email security policy to IT?

Ready for the answer? Special treatment isn’t reserved only for senior politicians. Personal email workarounds could come back to haunt your organization, too.

Topics: Security, Policy

Industrial Control Systems Under Attack: Secure Browser, Anybody?

Posted by Scott Petry

Jun 28, 2016

Illustration: Blog Post Industrial Control Systems Under Attack - Secure Browser, Anybody?SECURITY, NEWS

The primary threats against Industrial Control Systems (ICS), the computing infrastructure at the heart of utilities and manufacturing plants, come from secret agent style espionage like you see in the movies, right? Wrong.


Remember the “Stuxnet” attack that sent the centrifuges in Iran’s Uranium enrichment plant into a self-destructive spin? In that attack, a USB stick was used to cross the security “air gap” of that unconnected computer, and drop malicious software on the (Windows-based) Siemens control units.

Now, attackers targeting critical infrastructure don’t even need to drop a USB stick in the parking lot. They can simply rely on employees opening a phishing email, or visiting a compromised website. That’s all it takes for a motivated outsider to wreak havoc, steal data or lock down critical ICS processes with ransomware.

Topics: News, Security