Entries by Paul Hill

Anthem Breach Exposes Kids and Families

The Anthem breach continues to generate news. Just yesterday, NBC News reported that “millions of American children had their social security numbers, date of birth and health care ID numbers numbers stolen in the recent data breach at health insurance giant, Anthem Inc.” All this despite Anthem reporting that they doubled their investment in security […]

Common Errors SMBs Make When it Comes to Passwords

Passwords continue to be a key topic of conversation among small-business owners. While we have talked in recent blog posts about ways to make passwords stronger, I’d like to discuss some of the common errors SMBs make when it comes to the passwords they pick to protect their data. Small businesses are less likely to […]

How Enterprises Can Protect Themselves from a Big Data Breach

In the past year there have been a number of well publicized large scale data breaches of large enterprises.  Most recently the Sony breach has been dominating the news. There are articles that say in 2007, Sony’s executive director of information security said that he wasn’t willing to put up a lot of money to […]

Defending Big Data

SC Magazine’s Stephen Lawton recently interviewed me for the publication’s latest eBook Defending Big Data, looking at the big business of Big Data. During our conversation, I talked about how Big Data can create big problems for CISOs, because it is a major target for cyber criminals seeking to steal proprietary information, intellectual property and […]

#1 Issue Companies Face with Cloud Computing and Data Security

For companies purchasing cloud services, the number one priority should be how to evaluate the risk of using a particular vendor. Many companies don’t have a solid process for determining how to evaluate a third party cloud vendor for risks nor how to assess the likelihood of a breach at a third party.  Too often, […]

Will security problems kill the cloud as we know it?

The cloud is here to stay. The industry continues to strive for understanding of the myriad of security concerns and develop methodologies for evaluating the risks. Existing, mature, security frameworks continue to provide a strong basis for evaluating the risk but there are a small number of additional issues that should be evaluated when performing […]

What Happens When You Click on a Bad Link

When you click on link to open a web page you are inviting the server on the other end of the connection to make queries of your machine and executing code on your machine. While it is true that not every web page makes queries about your machine or downloads code to your machine the […]

Five Tips to Avoid the Pitfalls Mobile Developers Commonly Fall Into When Pushing out a Customer-Facing Mobile App

Developers of mobile applications must address all of the security concerns that traditional application developers do, and they must also handle additional concerns. The most popular mobile device platforms use modern operating systems that were designed with security in mind from the initial stages.  However, developers still need to understand the unique threats and issues […]

Getting Your Employees to Buy into Your BYOD Security Policy

Getting your employees to buy into your BYOD security policy can be challenging. I was recently asked by Sue Poremba, Business News Daily, what pieces of advice I could share with employers to get employees to follow the company’s BYOD security policies. In addition to the tips includes in Sue’s article, I’d like to share […]

Managing Identity in the Cloud

Issues arise with managing identity in the cloud when IT administrators fail to follow tried and true best practices The task of managing a single enterprise network gets tougher when companies add cloud networks and services to its arsenal of identifying, provisioning and tracking end users and their devices. In addition to maintaining all authorizations […]