Doug Bedell — June 3, 2020, 3:26 pm

Haircuts, Normalcy During COVID-19’s Time


Here’s a stand-in for all of us males, primarily, during the time of COVID-19. We need haircuts, but they’re not easy to come by. Not necessarily a security issue, true. But staying at home without a haircut gets wearing, right?

“This COVID thing has created a big challenge for me,” writes Mike Rothman on Securosis.com. “I usually wear my hair pretty short, trimmed with a clipper on the sides, and styled up top. But for a couple of months, seeing my stylist wasn’t an option. So my hair has grown. And grown. And grown. As it gets longer, it elevates. It’s like a bird’s nest elevation. You know, like losing your keys in their elevation. I could probably fit a Smart Car in there if I don’t get it cut at some point soon.

“If I’m going to grow my hair out, I want to have Michael Douglas’s hair. His hair is incredible, especially during his Black Rain period. The way his hair flowed as he was riding the motorcycle through Tokyo in that movie. It was awesome, but that is not to be. My destiny is to have big bird nest hair…”

Identifying with this guy? That’s not surprising.

Doug Bedell — June 1, 2020, 3:43 pm

Give Passwords Primacy to Avoid Web Security Breaches


Here’s a tutorial on the importance, in security terms, of changing your password should your website be breached. It’s on the techxplore site, but has been called to our attention by tech whiz Bruce Schneier.

Believe it or not, the study advises that most computer users don’t change their passwords if their site is breached.

“‘In our study, writes Daniel Tkacik, of Carnegie Mellon University, only one in three people who had accounts on breached domains changed their passwords, says CyLab’s Sruti Bhagavatula, a Ph.D. student in the School of Computer Science. ‘Only 13 percent of people with accounts on these domains changed their password within three months of the breach announcement.'”

“Many may find these findings alarming, given the frequency of corporate data breaches in recent years. In January 2019, for example, a collection of over 700 million email addresses alongside passwords, referred to as ‘Collection #1’ had been distributed on a popular hacking forum.”

Oh gee, you may be thinking, that couldn’t happen to me. But it depends on how preoccupied you may be when the occasion arises. Give primacy to your passwords when you’re working on the web.

Doug Bedell — May 29, 2020, 12:18 pm

Security Marketing Without Tradeshows

A timely question indeed, from SecurityInfoWatch: With in-person trade shows all but shelved, “how can security industry manufacturers launch new products?”

Think: How do customers want to receive information from you, not how many customers you have. Do livestream broadcasting “via YouTube or a similar platform” and promote your offerings through email marketing. Help customers stay informed about your industry.

In other words, use your computer screen as an increasingly active, pertinent window on your marketing world.

Doug Bedell — May 27, 2020, 11:32 am

TSA: Self Check-Ins May Be Coming at Airports


Whether or not the post-virus era produces a pickup in air travel, the Transportation Security Administration is considering a passenger self-screening system for airports, like self-checkouts at grocery stores, In Homeland Security reports.

“Specifically, DHS is looking for a streamlined solution that screens passengers and their belongings together, in a single step, replacing the two-step process that exist at airports today.

“Another requirement: Passengers will be be notified directly if they trip the alarm for some reason — say, forgetting to take off your belt — and then be able to self-resolve without a TSA officer’s intervention to “reduce instances where a pat-down/secondary screening procedure would be necessary.”

“Of course, security is the top priority. In order to be successful, the solution must be able to “detect weapons and organic threat items hidden on passengers without the same level of Transportation Security Officer (TSO) engagement normally present in the screening process,” according to the RFI.”

So flying high, knowing you’re self-checked in, is now a possibility.

Doug Bedell — May 25, 2020, 12:00 pm

Switching to a Home Office? Don’t Forget Security


In this era of the Covid-19 virus, workplaces are changing – from office buildings to home offices. In many instances, that’s likely to last when the pandemic ends.

On the IT Security Guru blog, the home office prospect is viewed in a U.S.-Europe perspective, with the trend appearing stronger in Europe. But half the U.S. working people climbed aboard too.

Yet the security implications of the potential shift did not appear foremost. “Organisations everywhere are facing unprecedented challenges as millions of people are working from home,” said Brad Brooks, CEO and president of OneLogin. “Passwords pose an even greater risk in this WFH environment and – as our study supports – are the weakest link in exposing businesses’ customers and data to bad actors.

“In Britain, a whopping 36% of those surveyed admitted to having never updated their WiFi password from the default password provided, compared to 34% in France, 21% in Germany and just 7% in the US.”

So, if there’s to be a seismic shift in workplaces, its security grounding needs priority attention.

Doug Bedell — May 23, 2020, 11:58 am

Weathering a Global Business Crisis: ‘We Should Be Very Excited About the New Future’


Start rethinking the security business like all fields during this period when the economy is likely to be in a sustained COVID-19 nosedive. The rebound “will be a transformational event that should lead to global business restructuring” says Steve Lasky on Security Infowatch.

Lasky reports that hedge fund manager Ray Dalio in a TED Talk recently “made it clear he thinks the United States is headed towards a modern economic depression, sustained double-digit unemployment and a more than 10% decline in the overall economy as a result of the ongoing COVID-19 pandemic. Dalio, however, is quick to share that he believes that this global economic tsunami will be ‘relatively brief’ and will be a transformational event that should lead to global business restructuring.”

“Dalio’s contention is that this crisis will force global business to rethink how it approaches all aspect of its organizations and that this “restructuring”, which could last as long as three to five years, will create new and previously untapped opportunities and innovation related to digitization, data and human thinking…I think we should be very excited about the new future.”

If this scenario unfolds, let’s indeed hope it has an upbeat outcome.

Doug Bedell — May 20, 2020, 5:33 pm

Hackers Turn Wearable Fitness Devices Into a Security Threat


Security Infowatch
provides a warning about a security threat to business networks from wearable fitness devices. “In truth, the potential risks of these devices go far beyond the privacy intrusion they represent for the everyday consumer. They also present a major source of vulnerability for business and corporate networks.”

“The threat that wearable fitness devices present to business networks stems from a number of factors. This is why, in August 2018, the Pentagon banned the use of fitness trackers, each of which possesses geolocation features, on military bases due to their exposure to data leaks. They had recognized that this security problem is presented not just by a fitness tracker, but by its whole ecosystem.

“The most basic element of this risk is that the design of these devices typically prioritizes easy connectivity over security. The connection between a wearable fitness device and an employee’s smartphone is relatively secure – because most devices make use of end-to-end encryption – but the same cannot be said for the insecure cloud storage that these data are then stored on.”

And so it goes. Single-minded hackers can be dastardly opponents of busy users of electronic devices, desktop or wearable ones.

Doug Bedell — May 18, 2020, 12:52 pm

A Warning for the Fall, and the White House


Nothing else matters if we can’t get the U.S. aligned – starting with the White House – to effectively cope with a rebound of the coronavirus this fall. In Homeland Security advises that Dr. Rick Bright was removed as head of the Biomedical Advanced Research and Development Authority “after sounding the alarm at the Department of Health and Human Services. Bright alleged he became a target of criticism when he urged early efforts to invest in vaccine development and stock up on supplies.”

“‘Our window of opportunity is closing,’ Bright says in his prepared testimony posted on the House committee website. ‘If we fail to develop a national coordinated response, based in science, I fear the pandemic will get far worse and be prolonged, causing unprecedented illness and fatalities.’

“Bright’s testimony follows this week’s warning by Dr. Anthony Fauci, the government’s top infectious disease expert, that a rushed lifting of store-closing and stay-at-home restrictions could ‘turn back the clock,’ seeding more suffering and death and complicating efforts to get the economy rolling again.”

What could be more troubling to national security than recurring reports like this?

Doug Bedell — May 15, 2020, 2:11 pm

Homeland Security’s Science and Technology Unit Takes on the Virus


The U.S. Department of Homeland Security is providing a helpful web page on the Estimated Natural Decay of SARS-CoV-2, the virus that causes COVID-19. You select a surface, enter the temperature and relative humidity and you get the estimated half-life of the virus.

Homeland Security’s Science and Technology branch is “partnering with CWMD (Countering Weapons of Mass Destruction Office) to develop a tool that is easily accessible could be used by Occupational Safety and Health (OSH) professionals to support risk assessment, cleaning and disinfection in accordance with guidance provided by CDC and EPA including Guidance for Cleaning and Disinfecting: Public Spaces, Workplaces, Businesses, Schools, and Homes.”

Doug Bedell — May 13, 2020, 12:20 pm

Crisis Leadership: Creating an Incident Action Plan


New threats, such as protecting against the coronavirus, require an effective incident action plan, advises Dr. Randall Hanifen, at American Military University.

“As leaders during this challenging time of social distancing and coronavirus,” Dr. Hanifen writes, “we must properly manage two main areas in our organizations. Those areas are planning and communication…

“Some organizations have altered their policies, some have written directives and some have built out their IAPs. While Incident Command System (ICS) purists will only want an Incident Action Plan, it may be good to have a balance of policies, written directives and IAPs. The advantage to an IAP is that all of the information is in one place and can be updated daily.”

Read on about the components of an effective IAP, not least of which is heads-up communication.