How a desire for control can hurt your security performance

Lately we have seen a lot of focus on security in social media - professionals, companies, organizations trying to increase security awareness. A lot of the information out there is about "control" and "compliance". The downside of a risk management regime based on strict rules, controls and compliance measures has been demonstrated again and again … Continue reading How a desire for control can hurt your security performance

How to manage risk and security when outsourcing development

Are you planning to offer a SaaS product, perhaps combined with a mobile app or two? Many companies operating in this space will outsource development, often because they don't have the right in-house capacity or competence. In many cases the outsourcing adventure ends in tears. Let's first look at some common pitfalls before diving into … Continue reading How to manage risk and security when outsourcing development

Do you consider security when buying a SaaS subscription?

tl;dr;  SaaS apps often have poor security. Before deciding to use one do a quick security review. Read privacy statements, ask for security docs, and test authentication practices, crypto and console.log information leaks before deciding if you want to trust the app or not. This post gives you a handy checklist to breeze through your … Continue reading Do you consider security when buying a SaaS subscription?

How to build emergency preparedness for cybersecurity incidents

Business continuity and emergency preparedness have become familiar concepts for many businesses - and having such risk management practices in place is expected in many industries. In spite of this, apart from software companies, inclusion of cybersecurity and preparing for handling of serious cyber attacks and security incidents is far from mature. Many businesses have … Continue reading How to build emergency preparedness for cybersecurity incidents

Packaging a Node app for Docker – from Windows

Container technologies are becoming a cornerstone of development and deployment in many software houses - including where I have my day job. Lately I've been creating a small web app with lots of vulnerabilities to use for security awareness training for developers (giving them target practice for typical web vulnerabilities). So I started thinking about … Continue reading Packaging a Node app for Docker – from Windows

How to recognize a customized spear-phishing email

Phishing is still the most common initial attack vector. Mass mailed spam is now taking cues from targeted campaigns, improving conversion rates through personalization and the use of seemingly authoritative content. Scammers are getting better at targeting. Sharpen your defenses today - including your awareness training!Here are some indicators that can help identify phishing: Sender: … Continue reading How to recognize a customized spear-phishing email