20 min
CISA Outlines Bad Practices Every Organization Should Avoid The Human Element
-
- Technology
Ep 10: CISA Outlines Bad Practices Every Organization Should Avoid
The RSA Convention 2022 wrapped up in early June. At the convention, the US-CISA outlined 3 bad practices businesses (and people) should avoid to prevent data breaches. The truth is these bad practices continue to be a problem for everyone despite the warnings and ease of protection against them.
In no particular order, they are
* Use of unsupported or end-of-life software/hardware
* Use of known/fixed/default credentials
* Use of single-factor authentication for remote or admin access.
Article on Infosecurity Magazine
The Big 4 – Prevent Data Breaches & Ransomware Attacks
Transcription
0:00
People are the weakest link in any cybersecurity plan. We’re distracted, exhausted and often unmotivated. It’s time to change the approach used to protect our businesses, technology, identity and data. The human element has to be front and center in a war against data breaches and ransomware attacks, it’s time to educate.
0:52
Welcome to the human element podcast, visit our website at the human element dotnet for more content to help you strengthen your awareness of the people problem in cybersecurity. I am Scott Gombar. Owner and Washtech a client focused, security minded proactive IT service provider. Welcome to Episode 11 of the human element podcast. I’m Scott Gombar, your host, and today we’re going to talk about an article that came out on June 10, or a couple of weeks. Well, yeah, about two weeks past the article date. But the information an article is not really new. I just thought I’d take a moment to highlight how important it is. And this article is on info security dash magazine.com. The name of the website is just info security, but it’s info security dash magazine.com. And this is Sissa, which is the cybersecurity infrastructure and security agency in the United States. Outlines outlines bad practices Every organization should avoid. So I always talk about the Big Four in it. And that is not patching, or having a patch program, weak passwords, exposed remote desktop protocol. And then my favorite is phishing. And we talk about all these things, because these are the most common ways for attackers to get into an organization or even into a personal computer. This particular article and apparently, you know, the cysa is listing these as the three things that the three bad practices that are causing a lot of breaches, data breaches and ransomware attacks are usually go hand in hand data breaches and ransomware attack. So there are a few bad it practices that are dangerous for any organization, and particularly for organizations and critical industries like health care. So healthcare is a big target education, legal financial. Those are those are some of the bigger target and critical infrastructure. Those are usually the big targets. Now critical infrastructure is sort of a separate topic, because they have different systems than all the other ones health care, legal financial education usually have very similar technology in their environment. Whereas critical infrastructure, has some other things involved. A lot of IoT devices, not that the other not healthcare, definitely as IoT. But more so in the critical infrastructure, things that are sometimes vulnerable that they may not realize. But again, this article are the CISOs list of bad practices, and there’s three of them would prevent a lot of the issues that that are faced by critical infrastructure. At the RCA conference, 2022.
Ep 10: CISA Outlines Bad Practices Every Organization Should Avoid
The RSA Convention 2022 wrapped up in early June. At the convention, the US-CISA outlined 3 bad practices businesses (and people) should avoid to prevent data breaches. The truth is these bad practices continue to be a problem for everyone despite the warnings and ease of protection against them.
In no particular order, they are
* Use of unsupported or end-of-life software/hardware
* Use of known/fixed/default credentials
* Use of single-factor authentication for remote or admin access.
Article on Infosecurity Magazine
The Big 4 – Prevent Data Breaches & Ransomware Attacks
Transcription
0:00
People are the weakest link in any cybersecurity plan. We’re distracted, exhausted and often unmotivated. It’s time to change the approach used to protect our businesses, technology, identity and data. The human element has to be front and center in a war against data breaches and ransomware attacks, it’s time to educate.
0:52
Welcome to the human element podcast, visit our website at the human element dotnet for more content to help you strengthen your awareness of the people problem in cybersecurity. I am Scott Gombar. Owner and Washtech a client focused, security minded proactive IT service provider. Welcome to Episode 11 of the human element podcast. I’m Scott Gombar, your host, and today we’re going to talk about an article that came out on June 10, or a couple of weeks. Well, yeah, about two weeks past the article date. But the information an article is not really new. I just thought I’d take a moment to highlight how important it is. And this article is on info security dash magazine.com. The name of the website is just info security, but it’s info security dash magazine.com. And this is Sissa, which is the cybersecurity infrastructure and security agency in the United States. Outlines outlines bad practices Every organization should avoid. So I always talk about the Big Four in it. And that is not patching, or having a patch program, weak passwords, exposed remote desktop protocol. And then my favorite is phishing. And we talk about all these things, because these are the most common ways for attackers to get into an organization or even into a personal computer. This particular article and apparently, you know, the cysa is listing these as the three things that the three bad practices that are causing a lot of breaches, data breaches and ransomware attacks are usually go hand in hand data breaches and ransomware attack. So there are a few bad it practices that are dangerous for any organization, and particularly for organizations and critical industries like health care. So healthcare is a big target education, legal financial. Those are those are some of the bigger target and critical infrastructure. Those are usually the big targets. Now critical infrastructure is sort of a separate topic, because they have different systems than all the other ones health care, legal financial education usually have very similar technology in their environment. Whereas critical infrastructure, has some other things involved. A lot of IoT devices, not that the other not healthcare, definitely as IoT. But more so in the critical infrastructure, things that are sometimes vulnerable that they may not realize. But again, this article are the CISOs list of bad practices, and there’s three of them would prevent a lot of the issues that that are faced by critical infrastructure. At the RCA conference, 2022.
20 min
Top Podcasts In Technology