Posts by Dr Irving Hofman
Common Cybersecurity Pitfalls and Preventative Measures
Five Common Employee Cybersecurity Blunders Allowing Unauthorised Device Access Many people allow their friends and family to use their work devices at home. This seemingly harmless act can expose sensitive company data and introduce malware. Implementing strict security controls, such as password protection and two-factor authentication, alongside continuous security training, can mitigate this risk.…
Read MoreWhy Relying Solely on Microsoft 365 Backups is Not Enough: The Importance of Cloud Backups
Without supplementing Microsoft 365’s built-in backup options with cloud backups, your business is at risk of losing crucial data. Despite Microsoft’s backup capabilities, relying solely on them leaves your data vulnerable to hardware failures, human error, natural disasters, cyber-attacks, and other unexpected events. In the event of data loss, traditional recovery methods through Microsoft’s backup…
Read MoreWhy a Continuous Approach to Cybersecurity is Essential for Your Business
Gone are the days when a passive, “set and forget” attitude towards cybersecurity was enough to secure a business in the face of cyber threats. Today’s digital landscape is rapidly evolving, and cybercriminals are becoming increasingly sophisticated in their tactics. In the first half of 2022 alone, the world witnessed an alarming 236 million ransomware…
Read MoreStop using email allowlists!
While doing do so achieves this goal, it also creates a cybersecurity risk when the sender’s account is compromised. It exposes the receiver to malicious emails that would have been blocked had they not been added to an allowlist. Doing so, simply moves the onus of cybersecurity from the receiver to the sender. If genuine…
Read MoreManaged Detection and Response (MDR)
Systems such as antivirus, firewalls, and multi-factor authentication (MFA) are critical layers in protection, but unfortunately these are not bulletproof solutions. This is why one needs a layered approach to build a comprehensive security solution. The latest tool in the cybersecurity arsenal is Managed Detection and Response (MDR), which utilises advanced threat detection techniques…
Read MoreI might be wrong, but “trust” seems to be one of the most overused words in English language
Trust into a product to have “magic powers”, trust into self-driving cars to get you safely to your destination, trust into a company or a person. Our politicians seem to overuse this term on a daily basis, yet we all know the dangers of trusting the politicians. Trust by its very nature implies that you…
Read MoreThink you can’t get hacked because of two factor authentication? Think again!
You are probably familiar with phishing emails which try to trick you into revealing your credentials. Two factor or multi-factor authentication was touted as a means of protecting these credentials. Even if an attacker managed to get your username and password, they still couldn’t use it to access your account without the “second factor”. But…
Read MoreRYUK Ransomware – A First Hand Account
I’ve previously blogged about cryptoware and what you can do to protect your IT assets. Today I blog about a first hand account with the nastiest cryptoware of them all called RYUK. The perpetrators behind RYUK are active adversaries who combine advanced attack techniques with interactive, hands-on hacking to increase their rate of success. To…
Read MoreMicrosoft ditching periodic password change policy
Better late than never! Microsoft has finally removed enforced periodic password changes from their security baselines. My first blog post on this website back in 2017 was about exactly this. Time to Rethink Mandatory Password Changes Periodic password expiration is an obsolete idea that offers almost nothing in today’s security landscape. It’s great to see…
Read MoreTales of IT Security
My business is too small to be hacked Many people believe that because they are small they won’t be targeted by hackers or malware. The media headlines are dominated by major corporate data breaches and ransomware attacks. While you can argue that being small makes it unlikely you’ll be specifically targeted, that’s actually not the…
Read More