Tech Notes!

Ransomware – Are you protected?

May 15, 2017

With the recent publicity of ransomware, you cannot assume that your personal home computers are immune to attacks from variants of ransomware. This communication will be brief to address this dangerous threat.

Take the following precautions:

§  Make sure your computer is backed up and includes system and data.

§  For Windows users, make sure you have the latest patches installed. If your operating system is ‘end-of-life’, upgrade right away.        Reports of the successful attacks are pointing to old unsupported and un-patched Windows OS still being used.

§  Make sure endpoint protections are up-to-date, current signatures.

§  Configure your OS to block unsigned software updates.

 

Robert Asante, MBA, CISSP, CISA, HCISPP

President/CEO

www.FinallyPCDS.org

rasante@finallypcds.org

Success or Accomplishment?

February 4, 2017

As a privacy and information security professional, Due Care and Due Diligence are expected morals. To simplify things, I often use common everyday conversations to help explain why it is important to do something about the things you care about the most. Here is one of those conversations.

Success and Accomplishment, the tale of two villages that are millions of miles apart but a hand reach away. A good friend of mine discussed this a month ago and offered to share with me some materials to read and learn more. I would like to share what I have learned so far. Here are some questions to get us started:

1.     How far is the Village of Success from the Village of Accomplishment?

2.     Do you know successful individuals who have not accomplished a task?

3.     Are all accomplished individuals successful and is the opposite true?

4.     What is the yardstick to measure Success and Accomplishment?

5.     Who decides whether you have accomplished or you are successful?

6.     What is your interpretation of Success and Accomplishment and are they enough for the world around you?

Our parents told us to be successful. We tell our children to be successful as well; the tradition goes on. In my experience, my father talked more about accomplishment than success. My mom on the other hand, had a list of what we should become when we grow up; that was her perceived successful parenting and successful offspring.  The fact is that we seldom hear from our parents and our mentors and we certainly don’t spur our children on to pursue accomplishment but rather success, even when we think they have to accomplish to be successful. Accomplishment is seen as hard labor and not attractive, so we preach a lukewarm doctrine on accomplishment but a hot message on success. But are they actually different?

As you can see, I have not given my opinion or definition of the two and I will not, at least not in this discussion. So formulate your own interpretation as you follow the discussion. While someone may say Success is defined as faithful execution of assigned tasks, the other will say no, that is accomplishment. “In a village in Africa, a man had two sons and 5 daughters. He loved his last born so much that he kept him home while the older son and the daughters worked with rudimentary tools to till the land. Their hard work kept the family alive for many years, even during severe famine and droughts. In his will, he placed his younger son in charge of the family subsistence farm so when he passed, the younger brother employed more hired hands that took the farm from subsistence to commercial farming. The family became rich overnight. Like many families, distribution of wealth from the farm became contentious and the younger brother made an executive decision to retire his older brother from the farm. He acquired a piece of land in a nearby village for his brother to start his own subsistence farming with his family while he and his sisters enjoy the proceeds from the family’s commercial farm”. In this story, who accomplished and who was successful? If I were you, I would not hurry to pronounce judgement as you have not spoken to either the younger or the older brother.

 

I know accomplished individuals who have not been successful. If you were to speak with some of the most impressive coaches of NFL who have not won or gone to Super Bowl, they will tell you I hope I am successful before I retire. Harry Truman was the 33rd president of the United States but his financial struggles led to the passage of the “Former Presidents Act in 1958”. He was a president so no one will argue his accomplishment, but was he successful if he cannot meet his basic financial obligations?

If your interpretation is that your accomplishment gives you gratification then you do not need to be awarded insignia for you to know you have been successful, but if you think your accomplishment must be followed by rewards and immunities, then accomplishment is not success. As you can see, you do not need anyone to define the two, form your own interpretation.

Our discussion above is no different from Privacy, Compliance & Data Security. While there are basic industry controls to deal with Privacy, Compliance & Data Security risks, each business must ask the question, “have we done what is required of us and do we care enough to investigate potential vulnerabilities through privacy and security assessments or audits? As a nation, we have seen a wave of continuous Cyber threats in all areas of our functional government and businesses, yet the solution has not been deployed with the basic question; what have we not protected that could be exploited against us? I have often said, Firewalls, Application Security including Software Development and Secure Coding practices, DLPs (Email, Network and Removable Devices), IDS, Authentication Systems including 2-factor Authentication solutions, Employee Training, Segregation of Duties, Rotation of Duties, Dual Controls, and many others  are not enough if security assessments have not been conducted in all areas of the operation. The very fact that a disgruntled employee with privileged access can compromise a system or aid in such efforts should keep businesses watching and security controls evolving.

Accomplishing implementation of security controls does not make the organization risk free; it only sends a message that Due Care and Due Diligence were completed. If that is your company’s security goal or manifesto, then you have achieved it. But if your company desires successful implementation of security controls, then it is chasing after the wind or an exercise of futility. There is no successful implementation of security; it is an ever evolving evolution of vulnerabilities, threats, and controls. First meet your professional moral obligation by implementing the controls listed above as Privacy, Compliance & Data Security professional and then monitor, assess, train and fix routinely. In Privacy and Security, Success is unnatural and far-fetch, an arrogance that leads to breach and Cyber-attacks. 

Robert Asante, MBA, CISSP, CISA, HCISPP

President/CEO

www.FinallyPCDS.org

rasante@finallypcds.org