BradEgeland.com - Blog - BradEgeland.com

Cybersecurity Tip - Expectation Versus Reality in Cybersecurity

5/28/2020

Expectation no. 1: Since computers and the Internet came into our lives, we got accustomed to believing that they are secure by default.

Reality: The technical infrastructure that’s so deeply embedded into our lives (hardware + software) has become so complicated that it’s impossible to avoid errors and security holes. Security is not a default, as much as we’d like it to be.

Expectation no. 2: Only software and hardware makers are responsible for cyber security.

Reality: As much as technology makers try to secure the products they sell, they can’t possibly cover all the angles that cybercriminals might use. Also, they can’t plan ahead for every conflict and particular situation that their product may be used in. What’s more, they have no control over the human interactions that can be leveraged to be used for compromising the products or the data they protect.

As a result, we, as users, need to understand that we are also responsible for our digital security. This is a process that we’re all involved in. The more effort we put into protecting ourselves, our data and devices, the safer we make the Internet and IT infrastructure as a whole.

Expectation no. 3: I want only one security product to handle all my online safety needs.

Reality: The complexity of cyber threats is just too big for a single product to handle, no matter how well engineered. As a result, using multiple layers of security has become crucial and need-to-have.

Great tips from Heimdal Security...

Using A Vulnerability Scanner In Your Risk Management

5/28/2020

Managing your system vulnerabilities is an essential part of your IT team’s job. It ensures that you update your systems and protect your organization from security breaches. However, to manage your vulnerabilities, you need to assess your systems through thorough and frequent scans. A vulnerability scanner checks your entire system for weaknesses, unauthorized file sharing, outdated software, and any other threats. Once you identify the errors in your system, you can take appropriate mitigation measures. Managing your vulnerabilities is, therefore, an essential part of risk management for any organization.

How Does a Vulnerability Scan Work?

Identifying Vulnerabilities

Once put to work, the vulnerability scanner scans your system for all devices, users, and software for open ports. The scanner then builds an inventory which it runs against a list of vulnerabilities. It’s essential to know that the vulnerability scan can slow your system. If you choose to run an intensive scan, it’s best to do it during after-office hours to avoid affecting the company’s work. However, this could mean that some employee devices could be excluded from the vulnerability scan. You can also reduce the intensity of the scan, but this could mean overlooking some problems.

Alternatively, you can utilize endpoint agents in each device to push data to the vulnerability management system every time the device connects. You can also use adaptive scanning, which detects changes in your network. If a device connects for the first time, the vulnerability scanner jumps into action and scans immediately instead of waiting for the next arranged scan.

Evaluating Risks

Prioritizing risk is essential to avoid overwhelming the IT team and your system. The system checks the list of vulnerabilities and presents the risk associated with each problem. The IT team uses the analysis to decide:

Which vulnerabilities are critical and have the most significant impact on the organization. However, it’s essential to understand the impact of each vulnerability.
How hackers can utilize the vulnerabilities to their advantage.
Whether the existing security system can handle the vulnerabilities.
Whether to act upon the vulnerability or to ignore it. Is it a false positive, or is it a real problem? Ignorance may be the only alternative if the cost of exploiting a vulnerability if too low, and the cost of fixing it is too high.

Handling Identified Vulnerabilities

There are different ways to handle the weaknesses in a system. Patching or updating specific systems is enough to handle some vulnerabilities. However, in some instances, mitigation is the only way to manage vulnerability. Mitigation measures include:

Abandoning a vulnerable system by ceasing all usage.
Adding extra security controls to make it harder to access the system and exploit data.

Types of Vulnerability Scans

Your organization needs different vulnerability scans to confirm the status of your security and ensure compliance. These scans are internal versus external and authorized versus unauthorized.

External Vulnerability Scans

The principle of vulnerability scans is to ‘attack’ an organization’s systems from the outside. An external vulnerability scan targets a system’s firewalls for open ports. It helps your organization identify weaknesses in your security and find ways to fix them. An external scan is essential because it helps your IT security think like hackers, but instead of exploiting the vulnerabilities, they fix them.

Internal Vulnerability Scans

An internal scan happens within the organization. It exposes internal threats such as weak passwords, poor controls, inadequate security checks, or any employees that may have malicious reasons to attack your company’s security. An internal scan helps you manage data and regulate access to different systems depending on their importance to your organization. It also helps you establish policies for security inside the company and ensure that only company devices have access to your systems.

Authorized Vulnerability Scans

Authorized or credentialed scans require logging in with a particular set of credentials. They probe the operating system and software installed in devices, which may not be accessible outside the network.

Unauthorized Vulnerability Scans

Unauthorized scans probe the network to identify open ports. The scanners then try to identify the operating system, the software, and the information that is available without further authentication.

The Benefits of Vulnerability Scanning

Any gaps in your security systems, data, and employees leave you open to attacks. A vulnerability scan gives you a chance to protect your computer system from breaches.
Vulnerability scans indirectly help you remain compliant with regulations. Laws such as HIPAA, NIST, and PCI DSS require your business to take all measures to protect private data. Performing frequent scans improves your chances of detecting and patching weaknesses.
Hackers also utilize vulnerability tools for scanning your computer systems for weaknesses. Having a vulnerability scanner helps you seal any security weaknesses before hackers utilize them.

Bottom Line

Vulnerability scans expose the susceptibilities in your computer systems and help you fix weak spots and mitigate risks. They’re essential to help you establish controls and security systems that protect your data from malicious hackers.

Is Your Project Management Career Struggling Due to COVID19

5/28/2020

Unemployment is high. You may be working from home for the first time ever. Frustrated? Struggling? Suffering anxiety over whether you'll still have a job in a couple of months - or maybe you've even been laid off recently during these unprecedented times.

For project managers looking to solidify their careers or find that next great gig, there has never been a better time than now to put that Project Management Professional (PMP) certification after your name and get moving forward. And you probably have more time now than ever to get it done.

But wait. You don't need to take the next 6 months to study and prep and drive yourself crazy. What if I told you you could be prepped, ready and certified all in the same week and guaranteed to pass with no more prepping or training needed? Would you do it? Well, I'm telling you that you can do it in one week with Cheetah Learning and you are guaranteed to pass. And do it all virtually, from home.

5 Days and all from home? No way!?

Cheetah Learning - the #1 provider of Project Manager Professional (PMP) preparation and certification training - touts a 98% success rate in getting their students certified and says they can do it in 4 days of prep, you take the test on Friday of that week and you're done... fully trained and guaranteed to pass that Friday test.

Are you skeptical? You shouldn't be... it is true and I want to explain that process to you...

When you register for Cheetah, Exam Prep, they will help them complete PMI’s eligibility action and once approved, BEFORE your Cheetah class starts you schedule your PMP exam for the Friday the week of your Cheetah class.

Cheetah has been teaching the class this way since 2001 and the first week Cheetah taught it was the week of 9/11. Of course Cheetah did not know it would be the week of 911 when they started on Monday that week. Cheetah has also been teaching the exact same program as a virtual live course since 2015 which is how they are teaching it now with COVID-19.

Curious students can do Cheetah’s free webinar - 5 quick steps to become PMP certified and take a free baseline exam. If you would like to learn more about how Cheetah has helped tens of thousands of students from thousands of organizations from around the globe become PMP certified after only four days of prep over the past 20 years - the link is on the front page of Cheetah Learning’s website. Cheetah was the first to do an accelerated PMP exam prep program and has the longest running program for one simple reason - it works.

Hurry - here are the next 4 classes being offered virtually online from Cheetah. Sign up now...

Virtual, UTC -6 Timezone
Jul 20-23, 2020
REGISTER

Virtual, UTC -6 Timezone
Aug 17-20, 2020
REGISTER

Virtual, UTC -6 Timezone
Sep 21-24, 2020
REGISTER

Virtual, UTC -6 Timezone
Oct 26-29, 2020
REGISTER

And use code 'BRAD20' for a 20% discount on your virtual classroom prep..

5 Steps to Better Workplace Communication

5/24/2020

Good communication in your small business improves employee productivity, keeps everyone working towards the same goals, and reduces office drama and misunderstandings. Take these five steps to improve communication with your employees.

Communications in the workplace can be mind numbing... or it can mean everything. Of course the water cooler fodder can be the mind numbing part – as can be the overly comfortable and overly friendly employee who has a tendency to stop in your office several times a day to just sit down and chat. They’re good workers, so you’re not about to fire them, but they stop in at the most inopportune times bringing your current productivity level to a halt. Ugh.

Read the full text...

Cancer and the Real World Project Manager

5/23/2020

Cancer and the Real World Project Manager. We learned in March that our 10 yr old son has Leukemia so our family's "normal" has dramatically changed. Thankfully he's being treated by great doctors and nurses at a foundation here in Las Vegas - Cure 4 the Kids. They are phenomenal. Right now, buy any or all of my books and I will give 80% to Cure 4 the Kids - let's all fight this together. Click on this link to purchase one or all three that are currently for sale. Or buy 100 of each for everyone in your organization! Thank you!!

The 80% is not to pay my child’s expenses. He’s covered. It’s for the clinic, the research and whatever. It all helps. For example, the medication my son needs next he can’t have - had 3 severe reactions to it last week. And that’s the chemo med that has made childhood leukemia so curable. So we are going to have to go down a different somewhat unknown road. Thanks for all your help!

10 Tips for Growing Your Small Business

5/23/2020

Use code BRAD20 for 20% off

As your business grows and matures, it's easy to lose sight of the practices that worked when you started your business. Here are ten guidelines to help you stay on track while you grow your business.

As you maintain and grow your small business, it’s important to keep continued focus on some of the solid practices that helped get you to where you are today. This list is intended to help you do that because it’s easy to start to look too far ahead and forget that the way you were doing business wasn’t broken in the first place...

Read the full article...

Cybercrime is Affecting How We Should Manage Projects

5/22/2020

We need to be aware of the criminal world around us in terms of digital security. Do we need a digital security team in our organization? Probably. Do we need to hire an expert? Possibly, though many are growing their own talent while they can still stay a bit ahead of the game.

If you aren't handling significantly sensitive data at the moment, then I recommend growing your own security talent from within, utilizing the skilled resources you already have who are already familiar with your business processes and client needs. Start it off as a project with a project manager and team. The end solution can be the creation of a two to three member internal cybersecurity team and department.

Whatever you do, complete inaction isn't the answer. While you cannot know what cybersecurity threats lie ahead, you can and should be proactive.

What about your organization? Are you currently taking specific measures to prevent data breaches on the projects you manage and the customer and internal data you handle? Have you experienced a significant cybersecurity incident? Please share and discuss.

5 Things Your CEO Should Know About Cybersecurity

5/22/2020

I’m pretty sure by now that executives in organizations – especially organizations with some sensitive data to secure – are paying at least some cursory attention to cyber security and cyber crime. If not, then they need a wake up call and then a swift call to action in order to ensure that they don’t lose grounds and future lawsuits over a cyber attack that could have possibly been avoided or at least mitigated.

Consider these five things that your CEO should know about cyber crime and cyber security and make them happen sooner rather than later...

You can grow security from within. You don’t have to pay someone a million dollars to oversee your cyber security. You likely don’t even need to hire from outside first…you can probably build a knowledgeable and workable group from individuals within your current tech groups. Certification isn’t a must. Education and on the job work is important. It involves networking, research and then incorporating some proactive (and possibly reactive) measures to get started. But start somewhere. And for most organizations, starting from within is good enough and definitely better than nothing. The paralysis of analysis won’t serve you well. Tomorrow may be too late…read on.

Don’t wait for tomorrow what you can do today. As I just said, tomorrow may be too late. We should learn well from others’ mistakes and oversights. In the past year or so there have been a plethora of learning opportunities…just go back and search CNN on hacking and identity theft if you’re memory isn’t too good or you happened to have not checked the news in over a year. Your CEO would be smart to take action today. And if you are the CEO reading this, know that you’ve been warned daily in the news. If you doubt how vulnerable your organization is, just attend a security conference like Black Hat or fork out a few thousand dollars to send a couple of individuals to the next digital security conference. Everything can be hacked…don’t let your organization be next.

It does take money, not just time. You have to fund security, not just put someone “on it.” Joe in the cubical in the next room is a techie, but he’s not your security man, despite what I said above about staffing from within. Joe can help you get started with some research, but you’ll need to spend some money – even if it’s just getting more “Joes.” You don’t have to pay high end to protect your organization…because you’ll never be able to fully protect your organization no matter how much you spend. If someone wants your data bad enough, they can and will get it. But you need to do what you can to protect it. If you’ve shown enough due diligence and still get infiltrated, you’ll likely not lose the lawsuits to come.

It should be considered a key element in risk management in every project initiative going forward. Your organization has projects. And risks. Consider cyber theft and cyber security a risk and proactive measure for all projects. Build it into your project management processes and methodology and educate your PMO director and project managers on the importance of risk management and cyber security. If you’re not paying much attention to it, then assume they are paying even less to it.

Staff a CSO…now. The time is now for a Chief Security Officer…if your organization is large enough to afford one. And you can contact me first. But seriously, your CEO should be considering a high level security officer if you don’t already have one. Lots of big box companies were hit last year with credit card number theft, millions of government worker identities were infiltrated, and many marriages and other relationships…and lives…were ruined by recent data breaches. Wake up call…pay attention to cyber crime and cyber security now and spend money now to build your security organization. It may mean the difference between survival and disposal. Don’t be a fool – every thing can be hacked. And I believe we are only seeing the tip of a very big iceberg right now.

Summary / call for input

Security and cyber crime are big…right now. Today is the time to act – before your organization has a breach. So many times we fail to act…we are so used to just reacting. Reacting is often too late and you’ve already lost thousands or millions of dollars and possibly future customers and sales and profitability. Lesser organizations go down for the count from cyber attacks and never recover…costing hundreds or thousands of jobs in the process.

What our CEOs need to know is that this is an issue right now. That’s why there are conferences like Black Hat USA, Black Hat Europe, DefCon, and others. There seems to be almost daily feeds on Facebook and CNN about the latest data breaches by attack groups, foreign entities infiltrating USA databases and ransom ware acquiring access to very sensitive identity and financial data. The time is now to do something about it and it starts with the education of our CEOs.

What are your thoughts? Are you involved in data security? Are you frustrated by your organization’s lack of interest in cyber crime and cyber security? What measures have you taken to make the need more visible?

Want to Increase Your Traffic and Sales? Try this...

5/22/2020

Do you want experienced, expert content for you blog or site like this for free?

https://www.batimes.com/articles/your-excellence-inspires-me.html
https://www.batimes.com/articles/poor-requirements-can-triple-the-length-of-the-project.html
https://www.batimes.com/articles/10-characteristics-of-an-awesome-business-analyst.html
https://www.projecttimes.com/articles/work-with-people-not-projects.html
https://www.projecttimes.com/articles/is-the-pmo-necessary-for-project-success.html

There are several options I will work out with you...

- Free placement in high-profile PM tool feature article with your product description, screenshots and links and marketed to 1.5 million+ potential readers - this upcoming feature will look something like this very popular feature I did on 5 PM related tools and services previously

http://www.bradegeland.com/blog/looking-to-improve-project-performance-check-out-these-pm-tools-and-services-for-better-results

1 free expert article for your site with short agreement and content marketed to 1.5 million+ potential readers - 1 free month of expert articles for your site with agreement and content marketed to 1.5 million+ potential readers
Free banner ads in my future, current and past articles plus daily promotion to 1.5 million+ potential readers
Free ads on two pages of my site
Free selection as app/service provider of the month and selection marketed to 1.5 million+ potential readers

And all of this comes from the “#1 Provider of Project Management Content in the World.” I have a great online reputation, following and influenced readership. Let’s talk about working together. Contact me or email me asap to get included in the next PM related feature article!

Staying Ahead of Business Risks

5/22/2020

The Equifax data breach led to the exposure of the personally identifiable information of 143 million people. This is just a tip of the iceberg when speaking of the threats that businesses face daily. While the company has managed to remain afloat despite the reputational and financial loss brought about by the breach, it would be tough for small business to rise from such a monumental blow. Sadly, such risks are the norm in the modern-day business world.

From fighting market changes to trying to eliminate the threat that competitors pose, modern day businesses need to be ready to co-exist with these threats. Since risk is ever dynamic, with new dangers arising each day, it only makes sense to try and be steps ahead of these threats.

Here is how to create a business that is threat-ready:

The Value of Data in Risk Management

The data your company collects is quite invaluable in risk management. This can include data obtained from vendors, customers, employees, and even investors. When used correctly, not only can it provide some insights on what risks your business is up against, but it can also portray the best path for eliminating threats. By addressing all the places your data transfers between parties or when it is touched by internal employees you can ensure its safety by accounting for each avenue and scoring the weight of the threat by leveraging a risk assessment matrix.

Ideally, you will need to invest in state-of-the-art data analytics and storage tools. This will help draw quality insights from the data. The tools might include security tools, quality control programs, and even vendor management systems. Ideally, working with this group of tools for data analysis should help improve waste management, customer services, profit margins, and cyber-security.

On the flip side, mission-critical data will also need to be protected. In the wrong hands, such data can not only be used for identity theft but also bring down your business. As such, you should use access control measures and data security tools to reduce the exposure of both production data and intellectual property.

Limit Human Error

Sadly, human error might easily maim your data protection goals, among other risk management strategies. The fact that an employee might access business data using unsecured Wi-Fi networks or even make errors in risk management presentations can lead to the downfall of your business.

Employees need to be aware that the nitty-gritty details of their daily operations have a ripple effect on the entire business’ risk posture. For instance, customer service representatives should know that losing a single customer due to poor communication can lead to losing more customers. The trick is to build a culture of risk management in your organization.

How to Build a Risk-Focused Culture

It will never be enough to create documents on your proposed risk management policies and call it a day. Risk management trickles down to everyone working on their operational activities with risks at the back of their mind. While building a risk-focused culture is the first step towards being ahead of business threats, it isn’t easy.

It calls for business leaders to include risk analysis in their decision-making process. Employees also need to understand the role they play in fighting threats. For instance, employees should be intuitive enough to differentiate phishing emails from regular emails. However, it takes time to build this type of culture.

Risk Management Should Be Organization-Wide

In some cases, there might be a disparity of opinions between the leaders of risk management, and the people who implement the policies. For instance, your business executives might think that a virus is your biggest security threat, whereas the IT team knows that there might be zero-day threats in your system. While the managers might refuse to invest in patch management, this disparity can lead to the IT workforce being resistant to the proposed strategic changes.

Ideally, the risk management decision needs to involve the entire organization. When employees feel that their opinion counts in the risk management process, they will commit to improving the success rate of the strategies. On the flip side, employees will also identify threats that risk manager might never have identified through only brainstorming. In case an issue arises from the decisions made, employees should always feel free to approach the managers.

Be Flexible With Your Plans

Risk landscapes change with time. As a result, focusing on a rigid plan might lower the chances of mitigating risks. Since business boundaries also fade as it grows, your risk treatment plans also need to be scalable enough to adapt to business changes.

Instead of being risk-averse to evade new risks, you should always look to update your risk treatment plans. Something as simple as having board meetings after every two weeks or month to address your current risk management posture might be enough. In case you identify any significant gaps, you can always launch a committee to investigate and address the issue.

Risk management goes beyond crafting detailed policies for treating risks. The entire workforce needs to be on the same page on your decisions. Once everyone understands the role they play in mitigating business threats, it becomes easier to fortify your business against them.

Author Bio

Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity's success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more at ReciprocityLabs.com.