What is Required for CMMC Level 1 Compliance?
Over the last couple of years we have talked a lot about what is required for CMMC Level 2 certification, but a lot more companies will need to be CMMC Level 1 certified. What is required for this?
The Risk-Reward Tradeoffs of GPT AI
Everyone is using AI and tools like ChatGPT have become super popular virtually overnight. But have you considered the risks associated with using these tools, have you created policies for your employees, do you understand how your vendors may be adding risk to your business and are you managing that risk? Learn more here.
What is the Shared Responsibility Model and How Does it Affect Me?
The shared responsibility model is the way that cloud service providers reduce their risk if something bad happens. For the most part, unless you have an unusual contract with your cloud service provider, if something bad happens, it is your problem. If you have not planned for this, you could be in deep yogurt. Learn…
The Risk of BYOD – Non-Managed Devices
Many companies allow, encourage and/or require employees to use personally owned devices. While it seems that, at least in the short term, this is a money saving and morale boosting move, in the long term, it may be an existential threat to the company. In this post we are going to use one company who…
DoD’s New Instruction on Labelling Controlled Technical Information
Most defense contractors have been complaining about the lack of specificity of how to protect controlled technical information or CTI. DoD has just released instructions clarifying the rules around protecting CTI. Learn more here.
In Honor of Valentine’s Day – Romance Scams
The FBI says that 19,000 people reported losing over $700 million to romance scams last year. Learn more about these scams by watching or listening. Links mentioned in the video are: FBI National Cybersecurity Alliance Pig Butchering Scams
Technical Debt
Are you managing your technical debt? Do you even understand what technical debt is? Does your management and Board (if there is one) understand that unaddressed technical debt is like a bottle of nitroglycerin just waiting to be jarred in the wrong way. And we just saw a massive example (as in their technical debt…
Draft Kings Attack Recommendations
Some users of the sports betting site Draft Kings discovered that they were locked out of their betting account and, more importantly, their bank accounts were drained. Learn how this happened and what you can do to minimize this risk. Note that this is attack is not limited to Draft Kings or sports book sites….
Compliance | Legal | User tips
Dark Patterns and the Law
Dark patterns are techniques that web site operators, typically, use to make it more difficult to choose one option than another. For example, try to close your Amazon account or your Facebook account. It used to be that you had to call Amazon and they would try and talk you out of it. Now you…
Managing Insider Threat
Cyber insider threat is a significant issue. It comes in multiple flavors – accidental and malicious and can be caused by IT or by general users. While relatively rare compared to ransomware, it is more common than you might think. Learn about the problem here. Audio Video