Madison, WI Requires “Unique Locking Devices” On Gas Pumps Due To Skimmers

I can’t say that I like a lot of government involvement and additional regulations, but I appreciate that they are trying to stop the issue. It’s far too easy for folks to install skimmers and while this doesn’t solve the issue or counter skimmer overlays, it does take a step to help. Locally here in Florida, I have seen attendants at more than one Speedway station checking the pumps daily and putting on tamper seals. I have told them I appreciated the effort.

 

 

 

My 2016 Unemployment Diaries Recap – Day 1 to Day 5. More to follow

Please note, this is a reposting of some previous entries made in 2016 when my position was eliminated and I found myself unexpectedly unemployed. This is being reposted here simply for the purpose of preservation as I am not maintaining the old site much. In any case, enjoy if you feel like reading it:

 

January 6 at 9:48am · For the first time in a long time, i am now unemployed


January 7 at 10:11am · So, 24 hours later I still feel a huge amount of relief…

Oh, and catching up on Mr. Robot. I’m going to catch up on Mr. Robot darnit!

And maybe do some fishing.

God is good and has a plan so I’m not scared!

 


January 8 at 9:49am · Day 3 of unemployment

There is a significant chance that will have to actually get out of my PJs today. It’s unfortunate, but I have 2 interviews scheduled. One has a very relaxed dress code, but that might be pushing it a bit.

I will now go peer out of the blinds, make a condescending sneer and retreat to my quiet domicile for a while longer.

Stay tuned for more updates later.


January 9 at 12:07pm · Day 4 of unemployment

Fishing evaded me again due to forgetting to set my alarm to go off on Saturday. I will avenge that error soon!

Until a bit later.


January 10 at 1:34pm – Day 5 of unemployment

After the shower, I actually put on clothes so I could go to church. Our church is pretty casual, but 3-day worn Arizona Cardinals pajama pants may have been pushing a bit, even there.

We are about to relinquish the pursuit to be the last family in the country to see the new Star Wars movie. We had some left over Fandango cards from Christmas that we were able to use. I was beginning to think we wouldn’t get to see it until it was released on DVD…

…while crouched in the neighbors bushes looking at their TV through their window. Not saying money is tight, but, well, ya know without a job and all, some adjustments have to made…

I have changed my focus on the war with the mouse living in the grill from simple eradication, to a potential source of meat. Things are about to get primal in the Kron lanai. Speaking of which, if you know anyone interested in purchasing mouse pelts to use for warmth this winter, let me know. I will accept pre-orders and shipping is possible.

I’ll keep you all informed of my progress. Until then, have a great day!

Roxana Police Department is done cleaning up after ransomware attacks

I swear, small town police departments can’t wait to get hit by ransomware. I keep seeing it over and over again. In this case, “the work of sophisticated hackers who seek out vulnerabilities in digital networks, enter computer systems and encrypt important data…” (a.k.a. a piece of malware sent in a phishing email) was inconvenient rather than crippling. Based on the article and the lack of desire to share any info, along with the sensationalizing of the attack above, I’d say they are pretty embarrassed about it.

Ransomware recovery time is longer and more expensive than most think

Here are some pretty ugly numbers and a look in to why I am so obsessed with helping people avoid infection. The sad part is, you can protect yourself pretty well with basic “security 101” stuff like  segmenting the network, “least privilege” access, weapons-grade backups and quality awareness training/simulated phishing. You don’t need to burn money to protect yourself.

  • 85 percent of those infected had systems forced offline for at least a week
  • 1/3rd of cases resulted in data being inaccessible for a month or more
  • 15 percent found that their data was completely unrecoverable
  • 63 percent of orgs have no official ransomware policy in place
  • About 50 percent of victims paid more than £3000 ($3700) in ransom
  • SMBs usually paid  between £500 ($621) and £1500 ($1864)

Those are pretty ugly numbers folks. My company has a free Ransomware Hostage Rescue Manual that can help prepare for this, as well as a free ransomware simulator you can use to check your endpoint protection settings and capabilities. Please, for the love of all that is good in the world, do something to prepare for ransomware attacks. No matter the size of your company, you need to be ready. Not to sound like a sales pitch, but the KnowBe4 platform starts at only about a buck per month/per user and gives you unlimited training and phishing with a really easy to use platform, so things that can make a big difference (and it really does!) aren’t even that expensive.

 

Don’t Panic: Simple ways to deal with a risk gone wrong

NOTE: This is a repost of something I initially posted to LinkedIn. I will be consolidating a number of older posts to my blog in the near future. Enjoy.

Have you ever seen someone make a bad decision in traffic, perhaps not paying attention while changing lanes or something similar, avoid an accident, then make up for it by driving like an idiot afterword? Often times this involves speeding up, weaving in and out of traffic and other less-than-careful maneuvers.

I see this happen a lot in my commute in the Florida traffic and often wonder why we as humans, after escaping or recovering from potential disaster, seem to recover by exhibiting even more risky behavior. Full disclosure here, I have been in these shoes myself and looked back at things wonder what I was thinking.

In my IT career I have seen this same phenomenon happen in incident response situations. A mistake is made during the response, and the individual overcompensates and makes poor decisions moving forward. The more the rope unravels, the worse things get.

Ransomware and CEO Fraud (aka Business Email Compromise or BEC) are certainly key concerns in today’s risk landscape. While preventing the incidents through user training is a core competency of my company and a proven method of defense, sometimes a person will accidentally click on the wrong thing. If this does happen, it is important to remain calm and not make the mistake of overcompensating. So what can you do to keep calm in these situations?

First, have a plan. If you make a plan when you are calm, it can keep you from missing steps or overlooking simple things. This plan should identify the risks and include preventative measures, like Security Awareness Training for phishing attacks, and actions in case things do happen.

Second is to have a plan for when you don’t have a plan. There will be times when the unexpected happens and you have not planned for it. The plan can be as simple as reminding yourself to calm down and assess the situation rationally, but should be written down somewhere as part of the process prior to the moment of panic.

Third, communicate clearly with others using as many facts as you can and make it clear when there are assumptions on the table. Your credibility is key to allowing leadership and your team to make correct decisions. It’s OK to mention theories, but make sure the audience knows it is just a theory until it can be proved. Don’t be the source of panic, but instead the voice of reason. This will help your entire team function better and keep you from recovering from one mistake just to make another one.

Keep these things in mind and you can keep cruising moving along in the fast lane.

 

 

 

Do You Know What Your Cyber Insurance Really Covers?

This is just a reminder to be aware of what is and isn’t covered by your cyber insurance. I highly recommend that you speak with an agent and do a review of the coverages BEFORE it hits the fan. I recently learned that while notification can be the most expensive part of a breach, it’s often not covered by default in the policy. To add to that, cyber insurance is still in its infancy, so coverage is rarely standardized. Don’t blame the insurance companies for this as it’s a very new type of risk, it’s your job to know, with their help, what you are paying for.

 

Take for example the P.F. Chang’s breach. The $1.7 million cost of defense against customer lawsuits were covered, but the roughly $2 million in fees and fines imposed by credit card issuers to pay for notifications to cardholders, reissuance of credit cards, and other costs was not. It really pays to know what coverage you have.

 

 

 

 

 

American Senior Communities Falls For A W2 Scam. 17,000 Employees Affected

The scam happened in mid-January, but they didn’t realize it until employees started having trouble filing returns in mid-February. This is the third Central Indiana employer in less than a month to fall for W2 scams. Monarch Beverage Co. and Scotty’s Brewhouse also fell for it, with the employee at Monarch having done the same thing last year.

Really Monarch? Twice by the same employee?

Sometimes I just want to shake people until they get it and put training and procedures in place to stop this sort of thing. It’s really not that hard or expensive to implement.

W2 scams are no joke and really mess with the employees. Please be careful when handling this sort of info.

 

 

 

 

Spora Ransomware Chat Logs posted

This is an interesting read if you want to see what happens with the Spora ransomware chat help. Looks like no chance to negotiate price, but you can get some time.

 

https://newsfromthelab.files.wordpress.com/2017/02/bitcoin-friction-is-ransomwares-only-constraint-f-secure-socs-2017-supplemental-appendix.pdf