Avast blog: How to make a successful transition to a hybrid work schedule

Posted on May 17, 2022 by dstrom

Employers should migrate to a hybrid environment only after building a solid foundation to support remote workers. As Covid-19 pandemic restrictions have eased, employers are adjusting their work-from-home policies. Some companies, including Airbnb, have doubled down and made substantial commitments to remote working. Others, like Google, have begun to shift to more in-person and hybrid office policies. This range just among the two tech giants is an example of the different possibilities being considered by other employers. According to a 2017 Gallup poll, 43% of U.S. employees worked remotely all or some of the time.

Part of the reason for this difference has to do with how all of us have adjusted to working in the face of the pandemic. I explain more in this post for Avast’s blog.

Network World: Lessons learned from the Atlassian network outage

Posted on May 5, 2022 by dstrom

Last month, software tools vendor Atlassian suffered a major network outage that lasted two weeks and affected more than 400 of their over 200,000 customers. It is rare that a vendor who has been hit with such a massive and public outage takes the effort to thoughtfully piece together what happened and why, and also provide a roadmap that others can learn from as well.

In a post on their blog last week, they describe their existing IT infrastructure in careful detail, point out the deficiencies in their disaster recovery program, how to fix its shortcomings to prevent future outages, and describe timelines, workflows and ways they intend to improve their processes. I wrote an op/ed for Network World that gleans the four takeaways for network and IT managers.

Avast blog: Top MFA myths busted

Posted on May 5, 2022 by dstrom

Today is World Password Day. Ideally, every day you should take some time to improve your password collection, and the best way to do that is to use MFA. But for all of its utility, MFA still has its resistors. If you need some ammunition to fight for its acceptance across your company, we’ll bust a few MFA myths in my latest post for Avast and hopefully help you convince folks to get onboard.

Avast blog: The U.S. government wants to expand the use of social media for visa vetting

Posted on May 3, 2022 by dstrom

For the past several years, millions of foreign visitors and potential immigrants entering the US have divulged the contents of their social media accounts to the US Department of Homeland Security (DHS). This requirement is part of the Visa Lifecycle Vetting Initiative (VLVI) that began in 2014 and has been expanded in 2019.

Avast blog: Obama on strengthening our democracy and reforming social media

Posted on April 26, 2022 by dstrom

Last week, Barack Obama delivered a keynote address at an event, “Challenges to Democracy in the Digital Information Realm”, co-hosted by The Stanford Cyber Policy Center and the Obama Foundation. He discussed the role of government in online technologies, the relationship between democracy and tech companies, and the role of digital media to elevate authoritarian rulers. He touched on the point that we all now occupy entirely different media realities that are fed directly into our “personal information bubbles” of our smartphones.

You can read my post for Avast’s blog here to see what else he had to say to this audience and what he recommends we do to fix social media to make it better for democracy.

Avast blog: The latest changes to US state data privacy laws

Posted on April 25, 2022 by dstrom

New laws passed in Utah and Virginia provide consumers with the right to access and delete some of their personal data and opt out of data collection under certain circumstances. In this blog post for Avast, I examine the differences among the various states that have enacted data privacy laws.

CSOonline: How to choose the best VPN for security and privacy

Posted on April 21, 2022 by dstrom

Enterprise choices for virtual private networks (VPNs) used to be so simple. You had to choose between two protocols and a small number of suppliers. Those days are gone. Thanks to the pandemic, we have more remote workers than ever, and they need more sophisticated protection. And as the war in Ukraine continues, more people are turning to VPNs to get around blocks imposed by Russia and other authoritarian governments,

A VPN is still useful and perhaps essential to a modern mostly remote workplace. In this post for CSO, I describe these scenarios, what security researchers have found about how VPNs leak data or have other privacy issues, and what you should look for if you intend to deploy them across your enterprise.

Avast blog: Introducing important changes to credit card data security standards

Posted on April 19, 2022 by dstrom

The Payment Card Industry Data Security Standards (PCI DSS) organization has made a series of updates to its standards with its latest version 4.0. It contains several important improvements, perhaps the most important change is the expansion of encryption and MFA requirements to protect all accounts that have access to cardholder data. I describe these developments in my post for Avast’s blog here.

Avast blog: Yandex is causing serious data privacy concerns for mobile users

Posted on April 8, 2022 by dstrom

Yandex — Company news Private data could be collected from thousands of Android and iOS apps,according to security researchers. The issue revolves around Yandex, the leading search engine in Russia, and how this data might be available to Russia state agencies. In addition to being a search portal, Yandex also makes an SDK called AppMetrica, which does app usage analytics and marketing and is similar to Google’s Firebase. The SDK has been incorporated into more than 52,000 different apps, including games and messaging apps.

In this post for Avast’s blog, I provide details about the problems with this SDK and things to watch out for when you download your next app.

Avast blog: Understanding how cybercrime group FIN7 has evolved into a major ransomware player

Posted on April 8, 2022 by dstrom

Malware group FIN7 is once again on the move, leveraging software supply chains, remote program execution methods, and stolen credentials to deliver ransomware to enterprise networks. The group goes by several different names and is adept at using various backdoor tools to worm their way into corporate networks. You can see the various malware programs that have been attributed to FIN7 over the past two years in the diagram below from Mandiant.

You can read more about their exploits in my latest blog for Avast here.

Web Informant

David Strom's musings on technology

Category Archives: Published work