Browsed by
Tag: Security

Photo Credit: freeimages.com/Cory LaFLamme
Some Thoughts on Encryption

Some Thoughts on Encryption

The controversy regarding Apple’s resistance to decrypt an iPhone that was utilized by terrorists has created a national conversation about the role of encryption in modern society. This is a tricky topic that has been a long time in the making. Watching the cable news last week has seen political leaders, pundits, talking bobble heads and technical evangelists weighing in on the debate. Now, we have a court issuing its first decision that may influence the outcome of the disagreement between Apple and the FBI.

I deplore what the terrorists did in San Bernardino. There is no justification for their actions or any other person who engages or supports the attacking of civilians. I wish the government to use all legal means to bring any co-conspirators to justice and use their available tools to penetrate these evil networks.

Read More Read More

Photo Credit: freeimages.com/Montse Morcate
Exercising Caution on the Phone

Exercising Caution on the Phone

We received a call at the house last night that was strange and a little disturbing.  The caller said they were with our bank and needed to confirm our identity before speaking to us about an important matter.  They reported to be with our bank, and they had that information correct.  However, they wanted to confirm our identity by using our Social Security NumberI laughed and said no.  The person told me this was important financial information, and that it was critical that we speak about it.  They said that they could not discuss it with me, unless I confirm my identity.

Again, I told them that I would not give them that information to some random person that called me on the phone.  I asked why I should trust them.  Would they give that information out to someone who called them?  No answer other than they have important information to discuss with me, but they need to confirm my identity first.

This was getting very odd.  I asked why a bank would expect their customers to share such information when “the bank” made the call in the age of identity theft?  It was not as if I called the bank and had knowledge of whom I was speaking to.  They said it was the bank’s standard practice.

Wow – I told them that I was not going to do this.  They said they were done arguing with me. Okay…great!  I asked if they would send me a certified letter with what matter was soo important since we had reached an impasse.  I got a noncommittal okay and a hang-up.

Is this a new vishing scam to try to get personal identification?  It has to be one of the oddest phone calls I have had in a very long time.  With all the identity theft going on these days, I am very cautious as to what information that I give out on the phone or anywhere else for that matter.

Photo Credit: freeimages.com
Cloud Providers Should be Upset

Cloud Providers Should be Upset

Today, I was just speaking with a colleague about one of the “victims” of the NSA data “scandal.”  It is the cloud providers.  All of these cloud-based providers have got to be ‘just thrilled’ with the negative publicity online services are currently receiving with this concern over privacy and government monitoring.

I will be honest; it is made me even a little more cautious about my review and selection of cloud and SaaS providers because I too am concerned about where my data resides and who can access it.  I will not just allow corporate or my personal information to go anywhere that I do not know who can gain access to it.  Do I have anything to hide?  Of course not.  However, that does not negate my duty to my company and family to ensure that our privacy is respected.

If I was a cloud service provider, I would feel more than a little uncomfortable in the current situation, and I think the cloud industry will be set back a little by this affair.  After all, it is raised the ugly specter of “is my information secure” in the cloud or other online environment. That will take a little while for people to regain their comfort level.  On the upside, encryption should be making some nice gains as more companies look to encrypt their cloud environments for added security.

Photo Credit: freeimages.com
Continuing on…The Internet Never Forgets

Continuing on…The Internet Never Forgets

The other day I was ranting about privacy in the digital age. The public does not fully comprehend the potential positive or negative impact of cloud services on their lives; how the information they choose to share and store inside of those systems lives and dies; or how a data breach will affect their personal privacy. However, that is only part of the equation since it deals with a failure inside of one of these commercial entities. And let’s be honest about the situation here; these entities rarely screw up so the breach is usually in the form on an outside attack against them. Frankly, with how few breaches occur each year, I see it as a testament to their dedication and professionalism in treating their customers’ information with respect and a security-focused mindset.

More often than not, we do it to ourselves. We expose our own information to public scrutiny without hackers or bugs in the code. We breach our privacy by posting “dumb” things online. Usually in an agitated state, or inebriated one, but rarely with a clear mindset. It is so easy with modern smartphone technology and computers/tablets everywhere to post any and every thought online in a mere moment. Much like the words we speak, something posted online can never be really retracted.

Having an argument with a family member, friend, or coworker? Seriously think about the consequences before you lash out in a quick twitter or Facebook post. In a lapse of good judgment, let us say you do actually post something that is highly critical of a coworker, management, the company, or releases confidential information, what should the company do about it? Is it unreasonable to expect serious disciplinary action?

It is no secret that employers will check on-line profiles of potential candidates, and it is not uncommon for them to complete other reviews on a periodic basis and around promotions to make sure, employees are living up to all company guidelines and expectations. Do you really want to promote someone who does not represent the values of the organization with their highly questionable digital activity? Yes, people will invariably say that personal life and professional life are distinct and should not affect each other. I think that is a Utopian view that is not reality, and everyone should presume that their bosses are reading most of their on-line social media communications. No, I do not think that management is reading employees’ Twitter and Facebook feeds regularly. Who has the time? But would you really want to risk your next promotion on it? This is an area that some serious common sense needs to be exercised by everyone.

People need to present their public social media life in the way they would like their managers to see and experience it. Remember by lashing out in a discourteous/unprofessional manner at people or topics on-line, they may be hurting their career to a far greater degree than they even begin to realize.