Here we are, time for another episode of the UNSECURITY Podcast.
I came across another interesting article this week, “15 Cybersecurity Pitfalls and Fixes for SMBs“. I have a heart for underserved markets, and small to mid-sized businesses (SMBs) are certainly an underserved (or poorly served) market.
NOTE: The other underserved markets I’m especially interested in are state/local government, education (higher education & K12), and individual consumers.
This is a perfect time to talk about SMB information security. As we come out of COVID (Lord, I hope we are!), more and more SMBs are getting back on their feet. As they start on this next (or first) chapter of their SMB journey, it’s imperative they take information security seriously and do things right. The last thing anyone (except for attackers) wants is to start building/rebuilding a business with limited resources only to lose everything from an attack.
Looking forward to dissecting this with Brad on this episode!
Let’s get right to it, show notes for episode 126 of the UNSECURITY Podcast…
SHOW NOTES – Episode 126 – Wednesday April 7th, 2021
[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 126, and the date is April 7th, 2021. Joining me is my good friend, great guy, and infosec expert Brad Nigh. Welcome Brad!
Another good show today. We’re gonna talk about this article I came across the other day. The title of the article is “15 Cybersecurity Pitfalls and Fixes for SMBs”.
This article features a roundtable discussion between Timur Kovalev, CTO of Untangle, Erich Kron from KnowBe4 and Greg Murphy, CEO of Order. They give their take on what SMBs think about information security, the common mistakes they make, and how to do thinks better.
As you know, we have no shortage of information security “experts” in our industry. Let’s see if we agree, disagree, and/or have something to add to this discussion.
- Think they’re too small to be a target.
- Haven’t made a thorough asset inventory assessment.
- No network segmentation.
- Ignore fundamentals.
- Haven’t done a business risk evaluation.
- Insecure digital assets.
- Don’t know what “normal” activity looks like.
- No 2FA.
- Misconfigured cloud servers/confusion about move to the cloud.
- User security training.
- Haven’t evaluated their threat to the supply chain.
- Lack of business continuity plan.
- Aren’t thinking strategically about asset allocation and budgeting.
- Failing to backup.
- Lax patching.
NOTE: This is not our list, this is the list from the article.
If you had to pick your 15 most common information security mistakes made by SMBs, what would you pick? This will be a good discussion!
As of 9:15AM on 4/5/2021, the number of registered students in the FRSecure CISSP Mentor Program is 5,618!
Three interesting news articles this week:
- 533 MILLION Facebook Users Personal Data Leaked That Includes Mark Zuckerberg’s Cell Phone Number – https://gbhackers.com/533-million-facebook-users-personal-data-leaked/
- Facebook says leak of 533m accounts is old news. But my date of birth, name, etc haven’t changed in years, Zuck – https://www.theregister.com/2021/04/05/facebook_data_dump/
- Ransom Gangs Emailing Victim Customers for Leverage – https://krebsonsecurity.com/
Wrapping Up – Shout Outs
Good talk. Thank you Brad, and thank you listeners!
Who’s getting shout outs this week?
Closing – Thank you to all our listeners! Send things to us by email at firstname.lastname@example.org. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure. That’s it. Talk to you all again next week!
…and we’re done.