Ransomware v2.0 Recovery – Now, encrypted or deleted backups!

Warning!!! We have entered a new, even more malicious, era for ransomware that is hitting mid-market companies particularly hard. The two stories I share below are chilling… For the last five years or so, ransomware could be described as a [...]

Ransomware v2.0 Recovery – Now, encrypted or deleted backups!2019-03-20T15:00:40-07:00

Network Monitoring Operational Maturity Growth

I just read a press release about a new product, NetBeez, which performs active network monitoring from the user perspective. I suppose it has a narrow fit, but it seems to me that most modern day monitoring applications should be [...]

Network Monitoring Operational Maturity Growth2018-09-27T10:45:17-07:00

Imran Awan case shows lax security controls for Congressional IT staff

By Kevin McDonald Investigations into the conduct of the IT staff of the House of Representatives raised alarms. Kevin McDonald explains what we can learn from the case of Imran Awan. Those who operate with high-level system access, [...]

Imran Awan case shows lax security controls for Congressional IT staff2018-06-29T14:46:29-07:00

What are your unexpected risks from the Yahoo billion account breach?

The big cyber-security news today is the billion account breach at Yahoo!  Some experts are recommending the immediate closing of your Yahoo! account. I am not fully on board with that recommendation. If you have highly sensitive information in your Yahoo! account then I agree. If the account is used for some club activities or e-mail in Yahoogroups.com, etc. then at minimum you need to change your password.

At minimum, all Yahoo! users need to change their passwords today. If you have helper/challenge questions for your passwords those questions and answers need to be changed, too. If your Yahoo! login name, password and challenge questions & answers have been used on other websites you need to change those, too, immediately.

Here is the advice Alvaka has for you:

·         Beware that Yahoo! is a partner of AT&T so you may have exposure there, too. At minimum change the password or close the account and move your information elsewhere.

·         If you have employees who check their Yahoo account at work you need block Yahoo! at your firewall and filtering defenses you have.

Here are some good tips I saw posted by the CEO of KnowBe4 and I agree with them. He says:

What are your unexpected risks from the Yahoo billion account breach?2017-06-27T15:53:40-07:00

I’m a security monitor

Irvine, CA - I have become somewhat enamored by the LifeLock commercial titled, “Fix it.” In that commercial, bank robbers come storming into a bank breaking a display and yelling, “Everybody on the floor.” As everyone hits the floor a man in a security uniform remains standing and one of the customers whispers, “Do something!” He replies, “Oh, I’m not a security guard. I’m a security monitor. I only notify people if there is a robbery.” After a brief glance around he passively says, “There’s a robbery.” The commercial narrator then says, “Why monitor a problem if you don’t fix it?”

You can view that video here.

I’m a security monitor2017-06-28T10:31:02-07:00

Here is the reason your antivirus isn’t working anymore

Irvine, CA - Even the biggest of the antivirus software vendors are beginning to give up the fight against malware. The traditional ways of fighting just don’t work anymore. It is too reactive and labor intensive… not to mention just inherently flawed at this point. If you have been to our lunch and learns the past couple of years you know that at Alvaka Networks we down-play significantly the role and importance of firewalls and AV software. Sure you need them, but oftentimes users rely on those two tactics at the neglect of other often more important and effective solutions. If you want a comprehensive solution based upon tools you likely already own you should read this – What 12 Security Things Should I Focus on to Be Defensible in 2016? These are just as valid for 2017.

What is the breaking news on the demise of antivirus software as we know it? Well, it simply does not work well today and in the future. Here is a link to...

Here is the reason your antivirus isn’t working anymore2017-06-27T15:53:49-07:00

What 12 Security Things Should I Focus on to Be Defensible in 2016?

Here is a sneak-peek and what is likely my most important blog for the upcoming New Year.  This is just a partial teaser....

----------------------------------------------------------------------

Irvine, CA - I was recently asked by a roundtable of CEOs to advise them on network security.  They had a lot of questions and a lot of misinformation.  I was surprised as this was a group of technology company CEOs and what I quickly found out is that they did not know much more than my non-tech company CEO clients.  From that discussion they asked me to come back and present to them a short list of actions they should take in 2016 to better secure their systems.  Initially I wanted to present them with a list of 10 things they should focus upon.  For anyone that knows, it is easy to create a list of 100 things that should be done to secure a system. However, I decided in order to make the list actionable and not overwhelming I needed to focus on the 10 things I have seen in the past year or two that have caused the most real-life grief for our new and existing clients.  I wanted to keep the list to 10 items, but I had to fudge a bit and expand to 12 core items. Then I added three bonus items for those who are over-achievers and another three for those in regulated businesses like healthcare, financial services and Sarbanes-Oxley.

This list is not complete nor absolute.  It is a list I have created largely in order of my perceived importance based upon the real-life hacks, breaches and other maladies related to failures of network security to keep the bad guys out.  You will need to assess the requirements that are appropriate for your firm.  If you are looking for a good place to start, I offer up my suggestions below.

1.       You need to do a vulnerability assessment or security assessment.  It is impossible for you to know what actions you should take to properly secure your systems without first doing an assessment.  Assessments are common practice at many firms, yet completely ignored at others.  It is fairly easy for you to order a vulnerability assessment and the best part is that it takes very little time and participation from you and your IT staff.  The cost for this service ranges from a few thousand dollars for a very small firm to several tens-of-thousands or even hundreds of thousands of dollars for larger enterprises.  These should be done at least once per year just like your financial audit.

2.       Patching for Software Security Updates is perhaps one of the most overlooked and under-rated security measures you can implement to better secure your systems.  I maintain that good software patching measures are in some ways more important than your firewall.  A firewall is a formidable device that once it gets set-up has a number of ports opened up so that your firm can transact business.  That is where it gets weak.  Through these legitimately opened ports attackers will send nasty payloads that compromise your system, often without you knowing.  Imagine a hardened castle all buttoned up, but the draw bridge must be opened in order to conduct commerce.  Through that legitimately opened bridge come the sneak attacks, the scammers, crooks, mischievous and spies....

What 12 Security Things Should I Focus on to Be Defensible in 2016?2015-11-12T03:10:52-07:00

Interview with Oli on Effective IT Management

Our CEO, Oli Thordarson, shares how we provide effective Managed IT services here at Alvaka and explains the different tools that we use to keep our client's operations in check good running condition.

Interview with Oli on Effective IT Management2017-06-29T20:50:50-07:00