Key security strategies for data breach prevention

If we have learned anything over the last few years about data breaches, it is that they are likely to happen.  However, data breach frequency can be reduced and its impact minimized with some key strategies.

Both response and prevention efforts are greatly impacted by organizational culture.  Organizational culture is formed over years as certain values and behaviors are reinforced or discouraged through a series of successes and failures.  Security is seen as important and vital to organizational success in positive security cultures while it is ignored or even discouraged in negative security cultures.

You can reinforce an existing security culture or bolster a lagging one with some of the same strategies.  The first strategy is to make the topic of security a common one.  Discuss risks in meetings and common decision-making situations.  Ensure that managers and knowledge workers are on the same page with risk, knowing how much risk is acceptable and how their decisions affect risk.  Employees also need to understand what it is they are trying to protect, such as customer information, trade secrets, or strategic business information.

Security awareness training can provide the skills and knowledge necessary to prevent data breaches and respond to those that happen.  It is also a crucial component of a security culture.  Security awareness training should be consistent and enacted for employees at all levels of the organization so that they can accurately recognize threats and understand their role in the response effort.  Since a large percentage of attacks target the human element in organizations, this training can equip employees with the skills to avoid such attacks.  Awareness training prepares employees for their role in incident response by teaching them about incident indicators and how to properly report an incident.

Incident response planning is also necessary to ensure that the response is performed correctly and in a timely manner.  An effective response can greatly minimize damages to both the organization and its customers.  Incident response plans should be regularly reviewed and updated, and those involved should participate in drills and exercises so that the response activities come naturally to them.

Leading all these efforts is a Chief Security Officer (CSO) or Chief Information Security Officer (CISO).  This individual should have the authority to interface at the highest levels of the organization to ensure that preparation and protections are placed appropriately throughout the organization.  Responsibility for security lies not only in IT but in the entire organization, from senior management to the factory floor; remote office workers to branch office managers; and from interns to HR.  They will also need a budget to perform these activities.

Choose your CSO or CISO wisely because they will be a driving force behind security initiatives.  They will need to be an effective communicator and leader with good vision and planning skills.  In a recent Modern Workplace webinar on cyber intelligence and data breaches, Vanessa Pegueros, DocuSign CISO, said that the CISO should have breach experience.  Breach situations are often high-stress, but the lessons learned are invaluable for a security leader.

Put the right strategies in place to bring about cultural change, increase awareness, refine and communicate incident response plans.  Then, equip a CSO or CISO with the authority, responsibility, and budget to make it all happen.

Special thanks to Microsoft Office, the sponsor of this article.  As always, all thoughts and opinions are my own.

FashionLens – A virtual dressing room for Microsoft HoloLens

You probably remember Microsoft’s announcement for their augmented reality hardware called HoloLens which occurred around the announcement of Windows 10.  For those of you who did not see their popular promotional video, look below.

Microsoft has requested ideas for uses of their HoloLens hardware so I submitted an idea called FashionLens which I am also posting here on my blog.

Try on clothing virtually!

There would be two modes to this functionality. First the program needs to get detailed body measurements and then you could choose products from participating stores and try them on yourself with holoLens and see it from your own point of view.

The second mode I would call “mirror mode”. Here, the user would choose to create a mannequin or avatar of themselves and the clothes would be placed on the personal avatar. The user could walk around the avatar and look at it from different angles or command the avatar to sit down or position it in different poses my moving it around with their hands.

There are a number of features that would be common to both modes. Users would be able to adjust how the garment hangs on themselves, tuck shirts or blouses in, wear pants at their preferred level on their hips, or leave buttons undone. Users would also be able to try items out with those from their own wardrobe. Speaking of the wardrobe, users would be able to scan the barcode on their own clothing or search through a database to add clothing to their wardrobe so that they can mix and match new items with those they already own.

Users would also be able to take pictures of themselves in the virtual clothing that could then be submitted to participating stores to be potentially included with product information or they could easily share the pictures on social media to receive feedback from others before making a purchase.

So what do you think?  Check out other ideas at Microsoft’s Hololens site or vote for this idea here:


Become a Windows 10 Power User with Keyboard Shortcuts

Shortcuts, as the name implies, are key combinations that you can press with your keyboard to perform semi-complex actions.  These shortcuts can save you many clicks and a lot of time.  Windows 10 utilizes many of the shortcuts that were present in previous operating systems such as Ctrl + C to copy, Windows Key + M to minimize all windows, Alt + Tab to toggle between open windows, Windows Key + L to lock the screen, and Ctrl + A to select all.  Here are some of the new shortcuts you might want to learn to be a Windows 10 power user.

Windows key + A: Launch the Action Center (System and Application notifications)
Windows key + C: Issue voice commands to Cortana (Similar to Siri on IOS)
Windows key + I: Launch settings
Windows key + S: Search using Cortana
Windows key + Tab: Open Task View
Windows Key + Left: Align the current application border with the left side of the screen
Windows Key + Right: Align the current application border with the right side of the screen
Windows Key + Up: Align the current application border with the top of the screen
Windows Key + Down: Align the current application border with the bottom of the screen

What you need to know about Windows 10 Security and Privacy

Microsoft officially launched its successor to Windows 8.1, Windows 10, on July 29, 2015, and millions have already downloaded this free upgrade or utilized Microsoft’s queued digital delivery system. Windows 10 offers users many new features including a new browser and integrated Cortana search which essentially means that your operating system is integrated with the cloud. However, don’t let all these features and launch celebrations distract you from its security, which is somewhat in the fine print.

By default, Windows 10 collects information from your microphone, location, camera, handwriting, and searches. According to Microsoft’s privacy statement, this information is used to provide services. For example, Cortana uses location, speech, handwriting and searches to provide intelligent information to you. The information is also used to send product and service information, distribute security notices and display advertisements. Information is shared with Microsoft affiliates, subsidiaries and vendors. This is a common practice for many companies and Microsoft explicitly states that they do not collect information from email, chat, video calls, voice mails, and personal files for advertisement targeting. However, unlike the web, your operating system is resident on your machine, potentially collecting information even when you are not actively using the computer.

The good news is that the default tracking can be disabled by editing Windows 10 and the Edge browser privacy settings. Microphone, location, and camera settings can be managed by clicking start and then going to settings and finally privacy. This will open the privacy menu. Search privacy is managed by opening the Edge browser then going to advanced settings under settings. After viewing advanced settings, you will see a privacy section where you can turn off the Cortana search assistance called “Have Cortana Assist Me in Microsoft Edge.” You can also manage some settings online by opting out of ads based on browsing history and interests here.

As a side note, Windows 8 integrated Microsoft online accounts with local accounts which allow Microsoft to combine data gathered from multiple computers linked to a Microsoft account and online activities together. This is also present in Windows 10, but you still have the option to use a local account rather than a Microsoft account. Using a local account will disable some application downloads and synchronization features, but it will limit the data collected to that machine so that it is not integrated with usage on other platforms or the Microsoft online community. This also prevents someone who compromises your online account from remotely accessing your computer using that account or vice versa.

Windows 10 includes a feature called Wi-Fi Sense. This feature allows your contacts to connect to your wireless network, and it has received a lot of negative press after its release. However, initial concerns raised were premature or exaggerated. Wi-Fi sense is not turned on for all your contacts automatically. Contacts are not granted access to your network unless access has been assigned and this is only available after you make a wireless network available for sharing. This feature makes it easier to allow friends to connect to your network without providing the wireless password to them, and the feature can be disabled if and when it is not needed.

What about the good features?

Windows 10 also comes packed with new security features. It has Device Guard to protect against unsigned applications, support for biometric authentication through Windows Hello, new security features in Microsoft’s Edge browser and a suite of parental controls.

Device Guard blocks unsigned applications from running on the machine. This helps prevent malicious programs and infected program files from executing malicious code on your computer. For a program to run, the software company must sign the installer file with a key that only they have. Windows checks this key to verify that the file originated from the software company and not some other third party such as a hacker and allows the installation if the key is verified.

Second, Windows 10 now supports multiple ways to log into your computer including face, eye, and fingerprint authentication through a feature called Windows Hello. The software is built into the operating system, and users just need to attach biometric devices that are Windows Biometric Framework supported to use the feature. Third party support has existed for biometric authentication for quite some time, but Microsoft’s adoption allows for enterprises to integrate biometrics into their identity management systems through native Microsoft technologies.

Microsoft’s built in browser, Edge, helps prevent websites from tampering with your machine or stealing credentials through new security controls. Edge is equipped with an even better version of SmartScreen phishing detection that checks the reputation of sites you visit while Passport encrypts saved passwords. The browser also supports W3C content security policy and strict transport security standards. Furthermore, the browser is remarkably fast with all these controls under the hood.

Lastly, Windows levels the parental controls playing field with Mac OS and even adds a few new features through Family Features. These features allow parents to better control the programs their children run and the content they view online. Parental controls include time limits on logins, block or allow rules for applications and games, web filtering and activity logging.

In the end, I think Windows 10 is a good step forward in both features and security, but it can be enhanced by turning off a few features, especially if you are not using those features. Remember that Windows 10 is still new so there will most likely be many updates as these features are put under the strain of attacks and normal workloads.

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. For more on these topics, visit Dell’s thought leadership site PowerMore. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.

My thoughts on Xbox One

I watched the XBOX One launch video today on my XBOX 360 console dashboard.  It is impressive in some ways but I am really disappointed that they are going to charge you if you buy a used game.  I only buy used games so this made me quite upset.  Actually, I got so angry at Microsoft that I cancelled my Xbox live subscription so it will end in January and I will not renew it.  They will only be hurting themselves.  A minority but still significant portion of people who buy new games count on being able to sell them when they have finished playing the games.  They use the money they get from the sale to buy more games.  Those that buy the used games when they are still relatively new might still buy the game new if it was not available used but many of the other used buyers like me would not buy the game new.  I get about $10 of fun out of the average game so I will not pay more than that for it.  Some games like Civilization, Dragon Age, Sacred or Kingdom Under Fire were worth a lot more to me but then there were games that I bought and then only played once or twice.  Maybe they will realize the economics of the situation when they finally start selling the system and as games age.  Maybe that will cause them to reverse their policy but that will take a while.

The media components of the Xbox are cool but many of the new TVs or blu ray players have social networking, video on demand, chat and audio streaming built right into them and those who do not have that can get a Roku or an Apple TV.  I would rather get an Apple TV for $100 than pay several hundred for an Xbox One.

I didn’t see anything on it but is it going to output in 4k resolution?  I am looking forward to the 4k technology.  If I was designing a game system I would make sure it had 4k video and 7.1 surround sound and make it very social for gamers. Make it easy to take pictures and videos of games and to post those to social networks.  Let gamers update their social networks with gamer stats and live updates from games and create parental controls to keep kids safe.


June 19, 2013 update: Microsoft backs down on DRM.

Windows 7 and the Microsoft Strategic Commander

Microsoft released one of the greatest gaming controllers with the Strategic Commander back in 2001.  The controller fits perfectly in your left hand so that your right hand can still use a mouse.  It has six programmable buttons and three shift keys for 24 possible combinations.  Beside the buttons is zoom bar that allows you to zoom in and out.  The entire unit swivels on a base so that you can change orientation in a game.  A toggle switch on the side allows you to change modes.  Three modes can be programmed giving you 72 possible programmable buttons.  Using their sidewinders software you can assign complex actions to the buttons such as shift and 1 or a series of steps like shift + 1 and then alt + C.  You might wonder how this could be useful so let me explain. 

You are playing a real time strategy game and you want to built a barracks to produce units.  Normally you would click on a free worker and then select build structure and then select the barracks.  There are key combinations to perform each of these tasks but most of us do not memorize all of them.  Some gamers might memorize the last one which in this case I will assume to be the letter B.  With the strategic commander you can do all that with the press of one button.  Program a button to execute Shift + A to select an available worker then S for build structure and then B for the barracks.  It is easy to see how this controller can improve your gameplay. 

The strategic commander can also be used for regular windows tasks.  The programming works in the same way.  You can set a button to open your favorite programs or copy, paste, delete.  Photoshop users can program macros into the buttons to perform edits quickly.  The device is really amazing. 

You’re probably wondering why you’ve never heard of it if it’s so great.  Well, Microsoft discontinued the device in 2003 citing poor sales as the reason.  Still, enthusiasts created drivers for Windows XP and then Vista and now Windows 7.  For Windows 7 you can use a driver called ATK0110 ACPI Utility (Download for Vista works on Windows 7) and software called Strategic Engine to program it.

So for those of you with strategic commanders, dust them and use them again.  If you don’t have one an ebay search will still turn up results.