What are your unexpected risks from the Yahoo billion account breach?

The big cyber-security news today is the billion account breach at Yahoo!  Some experts are recommending the immediate closing of your Yahoo! account. I am not fully on board with that recommendation. If you have highly sensitive information in your Yahoo! account then I agree. If the account is used for some club activities or e-mail in Yahoogroups.com, etc. then at minimum you need to change your password.

At minimum, all Yahoo! users need to change their passwords today. If you have helper/challenge questions for your passwords those questions and answers need to be changed, too. If your Yahoo! login name, password and challenge questions & answers have been used on other websites you need to change those, too, immediately.

Here is the advice Alvaka has for you:

·         Beware that Yahoo! is a partner of AT&T so you may have exposure there, too. At minimum change the password or close the account and move your information elsewhere.

·         If you have employees who check their Yahoo account at work you need block Yahoo! at your firewall and filtering defenses you have.

Here are some good tips I saw posted by the CEO of KnowBe4 and I agree with them. He says:

What are your unexpected risks from the Yahoo billion account breach?2017-06-27T15:53:40+00:00

Tips on Renewing Warranties on IT, Server and Software

Here is a good blog on whether or not you should renew your warranties on firewalls, servers, routers, software, etc. It is written by a friend of mine, Ken Zimmerman, at Trivalent Group out of Grand Rapids, Michigan.  He provides [...]

Tips on Renewing Warranties on IT, Server and Software2016-03-08T19:12:28+00:00

I Am a Non-Technical Executive… What Seven Things Should I Be Asking My IT Guys About IT Security?

Irvine, CA - Overseeing IT and security is a daunting task, even if you are an IT professional. If you are an executive to whom IT reports, then the task becomes near impossible. The list of following questions is designed to empower you to have a meaningful discussion with your IT team so you can be an informed and responsible manager pursuing your due diligence role in protecting the assets of your firm. If you are an IT professional, these are questions you should be prepared to answer.

1.       Q. When did we last do a risk assessment? Please share that document with me. I would particularly like to see the Risk Assessment Table.

A.      Make sure your IT team is periodically assessing the risks to your IT systems.  They should be recommending upgrades and new solutions for you from time-to-time, and you should be listening.  They need to be able to express the threat in operational and economic terms in order to justify the expenditure.  If your team can’t give you a clear and coherent answer on when and how they last did this, send them off with a task and a deadline.

2.       Q. When did we last do a Vulnerability Scan? What were the results of that scan? I would like to see the report.  Who did the remediation? When is our next scan planned?...

I Am a Non-Technical Executive… What Seven Things Should I Be Asking My IT Guys About IT Security?2017-11-13T07:21:50+00:00