Stories by Robert C. Covington

President Trump, as part of his plan to roll back regulations put in place by President Obama, just signed legislation, passed by Congress, eliminating the prohibition against ISPs selling customer data without their written consent. This move has ignited a small firestorm of controversy. For businesses and enterprises however, this change is not as bad as it seems. Further, their privacy focus should be on search engines and social networks, which are much better at accumulating data.

Given the success of ransomware, we need to look deeper for solutions beyond those mentioned most frequently. Here are are few of these solutions.

In my work with new customers, I have yet to find a single one who has even a simple majority of workstations -- or endpoints as they are often known -- patched properly. Since much of the malware in existence takes advantage of known vulnerabilities, endpoint patch management is the front line of network security. This article will review the common excuses for poor patch practices, and offer specific suggestions for improvement.

Shadow IT brings many security issues, but since these systems are not on IT's radar, they do not get factored into overall risk management strategy. Here are some practical suggestions.

RSA recently published its inaugural and aptly named <a href="http://www.emc.com/collateral/ebook/rsa-cybersecurity-poverty-index-ebook.pdf">Cybersecurity Poverty Index</a>. This study is based on self-assessments by organizations who compared their current security implementations against the <a href="http://www.nist.gov/cyberframework/cybersecurity-framework-faqs.cfm">NIST Cybersecurity Framework</a>. According to the report, almost 66 percent rated themselves as inadequate in every category. With all of the recent breaches in the news, part of me is astounded at this finding. The other part is not surprised, given that this matches what I see in the field every day.