September 26, 2023
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things! |
Password hygiene from Marcus Hutchins
When I read a post from someone singing my song this clearly, I just want to quote him for you. Please allow me to share this LinkedIn post from Marcus Hutchins:
How many people have access to your home or office? 10? 20? 100? How many people have access to your breached LinkedIn password from 2016? About 5.3 billion. A password book might not be the most secure way to store passwords, but it's infinitely better than weak passwords and/or password reuse. Password managers are great, but they have trade-offs. It's easy for data-loss to wipe out local databases, cloud-based services can go the way of lastpass, and has anyone ever tried entirely reworking the computer habits of an elderly person? Everything is a trade-off between security, usability, and need. Grandma doesn't have the same threat model as a Fortune 500 company. Cybersecurity is understanding that.
Couldn't have said it better myself.
Loving on the NIST CSF
This past week I worked through an online course in GRC (because I'll never know everything there is to know about this subject) and was pleasantly surprised to learn that the instructor is an avowed "fanboi" of the NIST CSF. I'm not alone! LOL Since we've had a number of new subscribers in the past few weeks, I thought I'd run a recap of the CSF functions I wrote about earlier this year:
The new version of the CSF, v 2.0, will be released very soon, with a sixth function: Governance. I'll write lots about that one when it comes out!
Stay cyber safe this week!
Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.
Have a great week!
Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months
ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺