Entries by Brad Johnson

Cybersecurity Awareness for Asset Management Organizations

Many Asset Management companies are relatively small firms but yet have a large risk profile that makes them a prime target for cybersecurity threats.  These companies, like all others, need to have basic blocking and tackling security measures in place to have a solid foundation to try and thwart and detect these threats: Periodic penetration […]

IoT Devices’ Security Challenges

IoT devices bring many of the same basic security challenges as we face with BYOD technologies. That is, you need to think about how they are deployed and configured, functionality and maintenance updates, encryption of data in transit and at rest, authentication and authorization, and general administration. They also bring some new challenges.   What adds […]

What’s new in phishing?

I was recently asked to comment on what’s new in phishing. In some sense, phishing attacks are always the same. They count on the fact that some (small) percentages of people will follow links or provide information to sources that haven’t been verified or shouldn’t be trusted. They also know that even though most IT […]

How enterprises can protect themselves against cyber-attacks

I was recently asked to comment on data security in relation to increasing threat of cyber attacks ahead of the upcoming 2020 election. How can enterprises adequately protect the data privacy of their products and services as well as their clients and employees?  My response is that there’s no silver bullet to prevent cyber attacks […]

Ransomware – should you pay or not?

You may have seen the recent news about cities and towns being held hostage to hackers infecting their data. With over 25 years of experience in cyber security, I’ve seen it all. To help guide you in managing a ransomware attack, I’ve outlined the steps you can take to minimize the impact on your organization […]

How significant is the tool sprawl problem?

Following up on my post earlier this month on Shadow IT, I wanted to discuss a related issue – “tool sprawl.” Tool sprawl describes an environment where the deployment and use of tools is not managed by a single IT group: applications, software, and tools are installed by end-users because they believe that waiting for […]

Four Tips for Dealing with Shadow IT

Simply stated, Shadow IT is what happens when people within an organization decide to deploy Information Technology systems and services without approval from the official IT group.  On the positive side, this can be the source of real innovation from within the company without the normal formal approval process that can be time consuming and […]

Three Security Predictions for 2019

I was recently asked my thoughts about cyber security trends for the 2019. Here are a few of my predictions: 1. Many security issues will still be caused by human error. Despite many technology advances, a significant number of issues are caused by people using bad judgement or organizations deploying hardware and services insecurely. The […]

Can Additional Legislation Improve IoT Security

I was recently asked if increased legislation could help improve IoT security, and how it will affect the IT department. Here’s my response: Legislation can absolutely help IoT security by ensuring that manufacturers follow common core principles, strategies and infrastructure. The Cybersecurity Improvement Act of 2017 is an example of how legislation can compel manufacturers […]