Avast blog: An elections security progress report

Twelve Tuesdays from today, the US national elections will take place, and infosec professionals are doing their best to adapt to changing circumstances brought on by both the pandemic and the tense cyber-politics surrounding them. More states are expanding mail-in voting and planning the necessary infrastructure to distribute and process  paper ballots. State elections officials are also deploying better security measures, banding together to form the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). Membership in the  information sharing and analysis center has grown considerably since the 2018 election.

In this blog post for Avast, I review what is going on with election security since we last covered the topic during the March primaries. There have been numerous events in the past week that have brought new context to the intersection of technology and our elections. And I also mention several presentations given at Black Hat and DEFCON that bring us up to date on what is happening with election security.

Network Solutions blog: Mastering Email Security with DMARC, SPF and DKIM

We all know that phishing and email spam are the biggest opportunity for hackers to enter our networks.  If a single user clicks on some malicious email attachment, it can compromise an entire enterprise with ransomware, cryptojacking, data leakages or privilege escalation exploits. Over the years a number of security protocols have been invented to try to reduce these opportunities. This is especially needed today, as more of us are working from home and need all the email protection we can muster. In my latest post for Network Solutions blog, I discuss the trio of email protective technologies that can be deployed to make your email more secure.

Avast blog: What to do about the BootHole vulnerability

Late last month, security researchers discovered a major vulnerability in the software that controls how PCs boot their operating systems. This is one of those issues that sounds scarier than it is. Fixing it will be a major process, especially for Linux system administrators and corporate IT organizations with a mixture of different PC vintages and manufacturers. The problem has been named BootHole, and it could affect up to a billion computers.

If you are running Linux, do your homework before rebooting or upgrading so you don’t make things worse. If you are running Windows, you’re better off waiting for Microsoft to issue a fix.  In the meantime, use basic security hygiene to avoid unwanted access to your machine.

You can read more about this issue in my post on Avast’s blog here.


If you are unemployed, start rebuilding your personal brand

I am very fortunate: I have worked for myself for decades and have a great collection of clients that keep me busy with plenty of freelance writing assignments. But because our economy is in rough shape, there are lots of folks who are out of work right now. This made me think back to the time in 2006 when I got fired from my last full-time gig, running the editorial operations of the various Tom’s Hardware websites.

It wasn’t the first time I went to work and was told to pack up my things and leave that same day. It is a horrible feeling: you think you are worthless, that you will never work again. That you have failed. I was scared that I wouldn’t be able to make my mortgage payments. I had moved across the country to take that job, and now what was I going to do?

Unlike the astronauts, failure is an option. I wrote about this many years ago, where I described some of my numerous failures in my career, such as my books that didn’t sell or websites that weren’t successful at attracting interest.

I thought of this because I am reading an interesting book by Lauren Herring, Take Control Over Your Job Search. It is all about helping you to find a new job — not that I need to or want to make changes to my current situation mind you. I am very happy with being a full-time freelancer, and thankful that I can work for such great clients. But if you are less fortunate, or if you know someone who has gotten stuck with unemployment, this book might be worth picking up. Lauren is the CEO of a coaching/recruitment firm here in St. Louis.

Sure, there are a lot of job-search books out there. This book has some intersections with three sources: that seminal job searching book What Color is Your Parachute, Elisabeth Kubler-Ross‘ stages of grief and the mindfulness work by Jon Kabat-Zinn. But what I found interesting in Herring’s book is that she addresses the biggest issue of today’s unemployed: your emotional state of mind. Yes, you can fill out all of the Parachute’s exercises and have a sparkling resume. You can meditate daily and figure out whether you are in denial or still bargaining with your newfound unemployment. But if you approach your virtual interviews with a lack of confidence, or too much confidence, or can’t even leave your house without a boatload of fear, you won’t get anywhere. “The ability to notice, understand, and process your emotions is more critical to success and happiness today more than ever before,” she writes.

Herring describes how to respond to ten different emotions (that’s the multi-step Kubler-Ross stuff) of grief, anger, and frustration with ways to respond to them and Parachute-style exercises to get you to discover your own state of mind and ways that you can move through the paralysis towards more positive outcomes (a la mindfulness). Along the way you will be using a group of what she calls your “super team” of supporters to help you role play and arrive at better outcomes and write journal entries of your reactions. “The goal of this book is to replicate the live experience of working with a career coach as best as possible,” she writes.

Take fear, for example.To fight it, she cites several case studies of the jobless that she or her company has coached. “Potential employers can sense your fear about your job search,” which as you might imagine doesn’t bode well to get callbacks or offers. And if you find yourself taking rejection personally and feeling resentful, you need to reset these feelings. For example, you should do some research and find out if you have your facts straight.

One of the more interesting aspects is shaping your personal brand, which is something that I have written about several times, and part of some of my own career coaching presentations. Your brand needs to come through in all your digital elements: LinkedIn profile, your resume and so forth. “This is one of the most uplifting tactics your can do during your job search,” she writes, and a good way to counter some of the negative emotions you are experiencing. Being clear on your brand is a great way to define your next job, and to ensure that your performance once you get that job will measure up to the expectations of you and your manager too. It is great advice for folks who have jobs and want to move ahead too.

One missing element from this book is some specific strategies in these times when we are working from home. While some of her methods can be easily modified and she does mention things like virtual interviews, I think the topic deserves its own special chapter. Perhaps she’ll include this on her website as a supplement.

Avast blog: How to use multi-factor authentication for safer apps

Multi-factor authentication (MFA) means using something else besides your password to gain access to your account. There are many ways to do this – some, such as texting a one-time PIN to your phone are less secure than others, such as using a $25 Google Titan security key (shown here) or the free Authy/Twilio smartphone app. The idea is that if your password is compromised (such as a reused one that has been already leaked in another breach), your account is still secure because you have this additional secret to gain access. Is MFA slightly inconvenient and does it require some additional effort to log in? Typically, yes.

After the Twitter hacks of last month, I took some time to review my own security settings, and found them lacking. This just shows you that security is a journey, and you have to spend the time to make it better.

I go into more details about how to best use MFA to make your social media accounts better protected, and you can read my blog post for Avast here for the step-by-step instructions.

Network Solutions blog: Cost-effective ways to improve your network bandwidth

As more of us work from home, we need to ensure more consistent and better bandwidth connections. By better bandwidth, we mean one or more of three cost-effective methods that can be used to boost your Wifi signal, reduce network latency, and improve your wireless throughput. To figure out which method or methods will work the best for you, there are some simple tests you can perform before you go shopping for new gear, including a new home router or a better Internet provider connection plan. You should periodically test your network bandwidth and throughput to ensure that you don’t have any bottlenecks, and don’t be afraid to change your provider to get something better.

You can read my blog for Network Solutions here.

Avast blog: Why Emotet remains an active threat

One of the longest-running and more lethal malware strains has once again returned on the scene. Called Emotet, it started out life as a simple banking Trojan when it was created back in 2014 by a hacking group that goes by various names, including TA542, Mealybug and MUMMY SPIDER. What made Emotet interesting was its well-crafted obfuscation methods. Proofpoint posted this timeline:

Over the years, it has had some very clever lures, such as sending spam emails containing either a URL or an attachment, and purport to be sending a document in reply to existing email threads.

You can read more on Avast’s blog here.

Network Solutions blog: Tools and tips for best practices for WFH network printing

Now that more of us are working from home (WFH), one of the key technologies that can cause problems is surprisingly our networked printers. Hackers target these devices frequently, which is why many IT departments have taken steps to prevent home laptops from connecting to them. In my latest blog post for Network Solutions, I suggest several strategies to help you understand the potential threats and be able to print from home securely, including what IT managers can do to manage them better and what users can do to avoid common security issues.

Network Solutions blog: How to Secure Mobile Devices from Common Vulnerabilities

The biggest cyber threat isn’t sitting on your desk: it is in your pocket or purse and, of course, we mean your smartphone. Our phones have become the prime hacking target, due to a combination of circumstances, some under our control and some not. These mobile malware efforts aren’t new. Sophos has been tracking them for more than a decade (see this timeline from 2016). There are numerous examples of attacks, including fake anti-virus, botnets, and hidden or misleading mobile apps. If you want the quick version, there is this blog post for Network Solutions. It includes several practical suggestions on how you can improve your mobile device security.

You can also download my ebook that goes into more specific details about these various approaches to mobile device security.

Avast blog: Your guide to safe and secure online dating

Recently, information from five different dating sites have leaked millions of their users’ private data. The sites cover users from the USA, Korea and Japan. On top of this, a variety of other niche dating apps (such as CougarD and 3Somes) had data breaches of their own that exposed hundreds of thousands of users’ profiles in May, including photos and audio recordings. This latter event occurred thanks to a misconfigured and open Amazon S3 storage bucket. Thankfully, the owner of the account quickly moved to secure it properly when they heard from security researchers. We haven’t heard much about dating site breaches since private data from some 30M Ashley Madison users were posted online in 2015.

In this time of the pandemic when more of us are doing everything we can online, dating remains a security sinkhole. This is because by its very nature, online dating means we eventually have to reveal a lot of personal information to our potential dating partners. How we do this is critical for maintaining both information security and personal safety. In this post for Avast’s blog I provide a bunch of pointers on how to do this properly and provide my own recommendations.