Deploy MAC filters, obscure identifier feedback, employ replay-resistant authentication: Cyber security techno-advice can be as difficult to unwrap as the excess packaging around children’s toys. (How many metal staples does it really take to secure Barbie’s head?) Two of the fundamental principles underlying cyber security — integrity and availability — are especially familiar to manufacturers who […]

Cybersecurity incidents are ringing out the old year with the early December announcements of compromised users accounts: 500 million for Marriott/Starwood Preferred Guest (SPG), 100 million for Quora (a “self-organizing” question-and-answer forum), and 52 million for Google+. Next year I intend to distance myself a bit from the sharing economy by managing more closely what […]

Thanksgiving comes early this year—and with it, the dilemma of whether to queue up for Black Friday deals in person or online (although Colorado “Scrooges” might be queuing up for first tracks down already snowy slopes). Since the 1960s, the day after Thanksgiving has marked when retailers go from being “in the red” to “in […]

Double double toil and trouble, fire burn and cauldron bubble . . . –Macbeth (Act IV, Scene 1) Those three Shakespearean witches chanted a series of familiar things—eye of newt, toe of frog, wool of bat, tongue of dog—but stirred them into a surprising context: a not-so-appetizing stew. Halloween is all about changing what we […]

Do you have a dirty cyber secret? I suspect most of us do. Not the kind of secret sin-of-commission-or-intention like Ashley Madison subscribers (what a mother lode for gossip columnists, divorce lawyers, and hopeful heirs!) but, rather, the secret sin-of-omission in our cyber security hygiene practices. These are just some of the omissions, the secrets, […]

Good news for small and midsized businesses that despair over complicated guidelines and costly solutions to managing information risk! Earlier this month, the President signed the NIST Cybersecurity Small Business Act into law. Sponsors of the S. 770 legislation include Colorado Senator Cory Gardner and others who have worked on its passage since 2017. The […]

Colorado’s new privacy legislation—the toughest in the nation—goes into effect September 1, 2018. The law is remarkable for both its broad definition of personally identifying information (PII), whether in hard copy and electronic form, and its broad application to any size business and government agency. Colorado’s attorney general participated in crafting the bill and is […]

Are you still looking for that silver bullet, that one-stop solution to risk management and compliance with the seeming Hydra of security regulations: DFARS, FARS, ITAR, HIPAA, state-level privacy laws, and so on? Will the mysterious masked answer ride in on “A fiery horse with the speed of light, a cloud of dust and a […]

Businesses face a persistent dilemma: how to leverage social media and other online marketing (AKA potential client dating) tools without becoming an obvious target for a malicious actor? How do you attract the attention you want but block the kind you don’t? From the perspective of playing hard to forget, businesses should maintain a respectable […]

When I came up with this title I thought it just sounded like a funny and alliterative lead-in to talking about cyber parasites that one can pick up while traveling. It turns out there really are human bot flies that pass their larvae through mosquitoes to human hosts. In a disturbing parallel to the way […]