Medium Sized Business Blog - All Comments

re: Register now for SQLBits XI

Waqas M — Mon, 11 Feb 2013 12:22:05 GMT

Nice post

re: Reasons to be cheerful in 2013 for SMBs

TK MAHATO — Fri, 28 Dec 2012 11:12:10 GMT

thnx

re: Two-Factor Authentication

Eric Vanderburg — Thu, 20 Dec 2012 19:20:40 GMT

I am all for 2FA and I wholly agree that it is important for protecting data like that stored on Dropbox but it must be implemented in a way that makes it easy for the user. Many users have enough trouble remembering their password alone. Show them the benefit of increased security and make it easy for them and they will make the change.

re: Guest Blog by Alex Mitchell: Flexibility – being competitive anywhere anytime

Alfred Brock — Tue, 18 Dec 2012 19:15:42 GMT

I believe that even though it will prove to be more productive, in some scenarios, to accomodate many different access methods to data and services online - that - the most profitable forms of business will remain those with clearly defined methods of access arranged along lines of reasonable timing. Anytime, anywhere can swiftly degrade into anything.

re: 10 Steps to Leadership Success

Caio Vilas Boas — Thu, 22 Nov 2012 00:09:27 GMT

Very good tips Steven Woodgate. Bookmarked this article :)

re: 10 Steps to Leadership Success

Caio Vilas Boas — Wed, 21 Nov 2012 23:41:58 GMT

Very good tips Steven Woodgate. Bookmarked this article :)

re: Teaching Employees New Security Tricks

Mark D. Albin — Fri, 16 Nov 2012 06:22:40 GMT

Good computer security policy information. End user training is often neglected, thanks for sharing the video too.

re: Human the weak link

Stu Sjouwerman — Thu, 25 Oct 2012 12:18:09 GMT

Could not be more right! That is why Kevin Mitnick and I sat down for 8 months and created Kevin Mitnick Security Awareness Training that makes sure the end user understands about spam, phishing, spear phishing, social engineering and malware. It's been very well received:

www.knowbe4.com/.../kevin-mitnick-security-awareness-training

Warm regards,

Stu

re: What is best? Free or paid-for Security Tools

Andrew Barratt — Thu, 18 Oct 2012 09:22:16 GMT

Some of the most commonly used security tools have a free offering. If you look at Metasploit, Nessus both can be used freely and both have a "pro" offering. Becomes a good way to build a business case for paying for them. The MS suite of freebies is another good example of a vendor contributing to the community because it is the right thing to do. The generosity with free tools quite often leads to the consideration of the "Enterprise" editions when ready. Free != rubbish, Paid != Good.

Assess your requirements and match them with tools that are appropriate to your budget and available skills.

re: Don’t ‘DUCK’ BYOD Culture, Embrace It

Ed Macnair, CEO, SaaSID (www.saasid.com) — Tue, 16 Oct 2012 15:12:21 GMT

One of the issues with BYOD strategies is that the rate of smartphone launches usually outpaces the development of security measures. As a result, there is a risk of company and customer information being stored on smartphones that are not secured to on-premise standards. Another issue with accessing corporate information on mobile devices is that CISOs lose visibility of what data is actually being accessed and stored on the smartphone. This is similar to the old risks posed by USB sticks, except that it’s worse, because smartphones and tablets provide the ability to send emails and texts and upload information and images to social networks.

In reality, IT teams are fighting a losing battle in trying to secure devices. The MDM solutions that are currently available really only provide secured partitions. The other issue is that individuals are generally unwilling, quite rightly, to have their employer install monitoring software on their devices. The place to manage, secure and audit information accessed by smartphones or tablets is at the access point: the browser.

By managing access to browser-based apps and auditing activity, IT teams can safely support new devices as they are introduced to the enterprise, without losing visibility of data handling or compromising compliance.