Categories
Networking Security

VPN remote access

Working from home is the new reality under the threat of COVID-19. While large enterprises have had remote access capabilities for years, most small businesses haven’t addressed this need. Given that 34% of Americans work at a small business, it’s likely that millions of Americans aren’t able to work remotely. If you’re a small business…

Categories
Security

Should I worry about information security?

Most of my long-term clients have made information security an integral part of their computing. We spend significant time on improving the security of their systems. When I visit a new client, I know what to expect. There are almost always significant deficiencies in security controls. 20% of my new clients have adware/malware that they…

Categories
Security

Mitigate spoofed email

You’ve probably noticed that fraudsters spoof email addresses in their phishing attacks and other scams. They are probably spoofing your company’s email addresses too, sending messages to your customers and employees. While spoofed email using your domain name can’t be eliminated entirely, it can be reduced and/or marked as spam. You can also increase the…

Categories
macOS macOS Server Security

YubiKey smart card login with Open Directory

  Yubico sells Mac-compatible USB authentication keys for two-factor authentication. Its YubiKeys support a slew of authentication mechanisms. I just started working with their FIPS-validated key for one of my clients. Yubico’s FIPS keys appear to be functionally equivalent to their YubiKey 4 series. (Yubico is currently selling the 5 series for those customers without a need…

Categories
Mac hardware Networking Security

Frequently encountered issues with Macs

  While my regular clients hire MacMaven for IT and information security work, I often get calls from new clients with computing problems. An analogy could be made with plumbing. A plumber’s big jobs involve installation of pipes, sinks, showers, etc. Oftentimes a plumber is called to deal with a clogged toilet. These are the…

Categories
Security

CISO vs Director of Information Security

Companies that require information security leadership typically hire someone in a CISO or Director of Information Security position. You might be wondering what the differences are between these security top dog roles. At their core, they have the same responsibility – to protect a firm’s data and systems. However, what a recruiter or job ad…

Categories
iCloud iOS devices macOS Security

Messages in iCloud considerations

  In the latest versions of iOS 11 and macOS High Sierra, you now have the option of storing your iMessages in iCloud. There are two benefits. First, your messages are synced across your devices. When you delete a conversation on one device, the conversation is deleted on all your devices. Second, your older messages…

Categories
Security

Don’t store passwords or other sensitive data in the Contacts app

In light of the recent Facebook data harvesting incident, I took a closer look at developer access to the Contacts app in macOS and iOS. The first time you open a third-party application that wants access access to your contact info, you’ll get a prompt asking for your permission. It’s bad enough that the app…

Categories
Security

Should I know my employees’ passwords?

If you’re a business owner or manager, you might feel that it’s your duty to maintain a list of your employees’ passwords. After all, you might need access to their documents or email when they are out of the office. Even worse, an employee could resign without notice. So knowing their passwords seems the logical…

Categories
Security

Meltdown and Spectre vulnerabilities

  It’s now more important than ever to keep your Macs and iOS devices fully updated. Apple has addressed the Meltdown vulnerability in High Sierra 10.13.2. A supplemental update to 10.13.2 addressed the Spectre vulnerability in Safari and Webkit. Apple has also released Safari 11.0.2 for Sierra and El Capitan. Note that Apple has not…