About tlgadmin

This author has not yet filled in any details.
So far tlgadmin has created 190 blog entries.

Should I buy cyber insurance?

A friend of mine asked me if he should buy cyber insurance for his business. Whether your need is for a self-hosted/owned, cloud or hybrid infrastructure this is not an easy answer. As I thought about it, I decided this is probably a topic of interest to many financial managers at small to mid-size enterprises. How should you decide this question and who can you seek for legitimate counsel that is qualified to answer this question without having a conflict of interest? I decided I am possibly one of the most qualified people, more so than the insurance broker, and I have no direct interest in the purchase. So here goes….

First some background, my friend owns and operates one of the more notable civil engineering firms in southern California. It is not a huge firm, but it does have about 50 highly skilled and compensated engineering professionals. The firm is well established and I am sure it has a good valuation to protect. I know some of their clients and they are big important entities. If something happen that causes a loss for his clients the ramifications can be really big. This all sets the stage for a serious consideration of additional insurance for cyber losses. Let me point out I am not a lawyer and none of this is intended to be legal advice. This is my analysis based upon my anecdotal experiences of hacks and losses at dozens of other firms over the years. It is also based upon my cyber insurance decision.

First some other disclosures. I decided to make sure that Alvaka Networks has cyber insurance coverage as well as professional liability insurance. The decision to add cyber insurance has been relatively recent in the past few years. Why? Because of the environments we work within, the clients we have, and the highly regulated spaces that many of my clients operate within. We have also recently raised our Professional liability coverage level, but that was mainly driven by the requirements of a large client and over the past few years our clients seem to be getting larger and larger.

So why should my friend buy this additional cyber insurance...?

Should I buy cyber insurance? 2017-06-27T15:54:45+00:00

Here is a good article on 5 ways CIOs and IT leaders can do more with less

mrc's Cup of Joe discusses 5 ways CIOs and IT leaders can do more with less Summary: CIOs and IT leaders face a daunting task. Gone are the days of simply supporting the business. These days, the expectations placed on [...]

Here is a good article on 5 ways CIOs and IT leaders can do more with less 2017-06-27T15:54:54+00:00

The coming of the Strategic Service Provider

Orange County, CA - Robert Faletra, CEO of The Channel Company, which publishes CRN, said the evolution toward the Strategic Service Provider model marks the fourth major shift in channel nomenclature since the publication's founding in 1982. When the channel was born its constituents were known as Resellers, a business model CRN declared essentially dead in 1990 in favor of VARs (value-added resellers). VARs evolved into Solution Providers, a term that incorporates both Managed Service Providers (MSPs) and Cloud Service Providers (CSPs). And now CRN heralds the dawn of the Strategic Service Provider era.”

That is what Steven Burke wrote recently in a story titled, The New Channel Model: Rise Of The Strategic Service Provider.

What is the “channel” and who is CRN? The channel is a term coined long ago by the folks at computer industry publication CRN back in the early 1980s when they were known as Computer Reseller News. The channel, as it is known, is the group of players that brings to you, the end-user, all the PCs, servers, monitors, Microsoft Windows, Adobe products, network cables, printers, scanners, et al that you buy constantly. The channel is your computer dealer and the...

The coming of the Strategic Service Provider 2016-06-15T23:27:37+00:00

LinkedIn data breach, if you are a user take two minutes to read this

If you use LinkedIn take two minutes to read their posting Notice of Data Breach You may have heard reports recently about a security issue involving LinkedIn. We would like to make sure you have the facts about what happened, [...]

LinkedIn data breach, if you are a user take two minutes to read this 2017-06-27T15:55:10+00:00

Ransomware and Phishing Awareness Training for your end-users

If you don’t treat network security as important, don’t expect your users to treat security as important.Irvine, CA - Ransomware and phishing threats are the most prevalent cyber-risk problem facing your organization today. Securing your system is a layered approach, [...]

Ransomware and Phishing Awareness Training for your end-users 2016-05-23T21:01:21+00:00

CryptXXX is ransomware that also steals your passwords and your Bitcoins

Most of my recent blogs are about ransomware. That is because ransomware is the most prevalent cyber threat today facing individuals, small and large businesses, governments and not-for-profits. No one is safe from this scourge.

Today I must tell you about a new one. Like Jigsaw, this new one called CryptXXX, is a game changer. Jigsaw was different from prior strains in that it immediately starts to delete your files just to show you that it means business. CryptXXX is different in that it introduces two new problems other than encrypting all your files and then demanding payment. Up until now ransomware has not actually breached your system and exfiltrated data. Sure you had a security incident, but it was not identified as a breach in the classic sense. Now with CryptXXX not only is your data held hostage, but now the culprits steal two new things from you. CryptXXX steals login names and passwords which puts all your systems, local and in the cloud, and any websites you frequent at risk. CryptXXX also steals your Bitcoins if you have any. The stealing of the Bitcoins is a particular insult because....

CryptXXX is ransomware that also steals your passwords and your Bitcoins 2016-05-18T21:08:54+00:00

What the heck *&#@ did you say about custom software development?

Here is a guest article from Tim Martin of Action Point (www.action-point.com ). I asked for permission to run his blog because it is a very important message. The only thing missing is his unique Irish accent. Tim writes:

What the *&#@ did you just say?

This was the reaction I got from a potential client after our initial meeting to discuss their need for a customized software.  Two days later we signed a contract and they have become one of our most valued clients.


It’s about time for a little straight talk around here…

As the head of business development in the US for Action Point I’ve never been accused of being indirect or subtle. In the technology industry in general but especially when dealing with custom software companies, straight talk is a rare commodity. So what did I say to the client?...

What the heck *&#@ did you say about custom software development? 2016-03-28T15:00:00+00:00

What is it like to upgrade to Windows 10?

I finally got around to upgrading my Lenovo notebook from Windows 8.1 to Windows 10. I can tell you in short it was a relatively fast and easy upgrade. My Lenovo is fairly quick and I have all solid state drive storage so that probably helped make things go fast.

Here is how my upgrade went:

  • I did the pre-download option of Windows 10 so all the files were already on my system when I started the upgrade.
  • Once launched the Lenovo ran for about five minutes with a green screen of...

What is it like to upgrade to Windows 10? 2017-09-18T00:32:06+00:00

What is Phishing, aka Social Engineering, and How Do I Avoid It?

I recently warned of a very large recent upsurge in ransomware.  Now I must warn you to beware of new successful social engineering exploits.  What is social engineering?

Wikipedia has a good definition:

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

In other words, phishing, the internet term for social engineering scams is simply a way to trick you into doing something so that you reveal vital information like bank account info, tax return info or send money unwittingly to a devious person.

Let me tell you about social engineering exploits in three recent real world examples.  In the first case, City of Hope in Duarte, CA (City of Hope employees fall victim to phishing attack) had three employees targeted by a phishing scam. They unwittingly revealed protected health information (PHI) which by law must be kept confidential. In the other two cases, the loss of data was much more vast. Both Seagate Technologies (Seagate Phish Exposes All Employee W-2’s) and Snapchat (Snapchat falls hook, line & sinker in phishing attack: Employee data leaked after CEO email scam) had an employee get tricked into providing W2 information on all past and current...

What is Phishing, aka Social Engineering, and How Do I Avoid It? 2017-09-18T00:27:31+00:00
Load More Posts