Security minded; inside and out

An interesting incident occurred with one of my friend’s clients.

They made the executive decision to create websites, for internal use, with no security.

None.

Zero.

No logins. No auditing. No IP restrictions. No encryption.

The result was as you’d expect.

One of the websites was accessing sensitive HR data including social security numbers, tax information, dependent info, payroll info, etc. Long story short, due to the lack of controls and security, the company’s current and past information was leaked online.

The lesson here is this is not hacking. This is poor security and poor internal controls to protect sensitive data. So while not all breaches can be prevented, there are minimum standards you and your team should set and adhere to in order to prevent expensive breaches like this one.

Flash News

Password Resets are EZ!

They’re out there and they’re active!

You don’t know everything about “the cyber”

Help wanted! Not you…

Here we go again…

Start with the basics, stick with the fundamentals, adapt to new technologies

Security minded; inside and out

AW Sh*t – Act 2

AWS? You mean “AW Sh*t?”

Use [all] the tools available to you

Security minded; inside and out