What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

March 21, 2023

Good morning, everyone!

This week’s critical vulnerabilities:
  • Outlook for Windows has a critical vulnerability being exploited. Update now. (does not affect Office 365 nor Outlook in the web browser)
  • Microsoft released another 70+ fixes in its latest Patch Tuesday

Patch All the Things!



Remove Unnecessary Software

This is a standard security practice, included in most every security standard I've ever read, and yet few people or organizations actually follow this practice. Let's talk about what this is, and why it's important.

You can't secure it if you don't know it's there. If your employees (or family members) have local administrative privileges on their computers, they can install software (and malware, but that's a topic for another time). There are two reasons this could be problematic:

1. Missing updates Remember that LastPass Breach ? More recent information has indicated that the bad guys took advantage of a vulnerability in Plex, a streaming app, installed on the senior engineer's computer. Having auto-update turned on for Windows and MacOS is not going to auto-update third-party applications on your computer (and even the endpoint management tool on your network can't update software it doesn't know about). You need to keep a software inventory, check periodically to make sure everything is up to date, and remove unnecessary software. (If you need a refresher, read How do I Patch my Things?)

2. Leaking data Ever heard of Grammarly? Ever used it? Do you know how it works? It's a plug-in you can install on your computer or mobile device that will make suggestions to improve your grammar as you type. How does this work? Everything you type is live-streamed to a Grammarly server and analyzed for suggested improvements. Read that sentence again. Everything you type is live-streamed to a Grammarly server ... If your employees have installed Grammarly on a work device, are they sending sensitive corporate and/or customer data offsite without your knowledge? If a family member has installed Grammarly on your home computer, is everyone in the family unknowingly sending private data offsite?

These are just two examples of the many, many software applications that may be installed on work or personal devices. They may seem innocuous, and aren't inherently bad, but they can provide backdoors to your network and to your data.

So, go take inventory and delete the software you don't need. Have a good week!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy