One Take Away from Black Hat 2016: Designer Ransomware!


We had an amazing week at Black Hat 2016.  One topic that was on attendees’ minds— besides hacking Jeeps and chip-and-pin technology — was ransomware. A security analysis firm now warns us that ransomware has become more clickable because the thieves are localizing the phish mail. You should watch the video below for the full […]

Continue Reading →

The Best Ransomware Defense: Limiting File Access


If ransomware lands on your machine, but can’t find your files, are you really infected? This isn’t a philosophical thought experiment, I promise.  Let me explain. Keeping data off your endpoints A common paradigm in IT for many years has been to keep user data on network drives–departmental shares, home folders, etc. Not only do network […]

Continue Reading →

What is the Minimum Acceptable Risk Standards for Exchanges (MAR-E)?


Under the Affordable Care Act (ACA) of 2010, there are now online marketplaces to buy health insurance. These are essentially websites that allow consumers to shop around for an insurance policy by comparing plans from different private providers. Result: US consumers can purchase health insurance using the same technology that allows them to buy books, […]

Continue Reading →

SQL Server Best Practices, Part I: Configuration


This is a multi-part series on SQL Server best practices. Read part II here. Am I the only one who finds the Microsoft SQL server best practice guides to be a little painful to trawl through? Somehow, I doubt it. After being frustrated reading numerous technical guides, best practice guides, TechNet articles, and blog posts […]

Continue Reading →

5 Big Data Minds You Should Follow on Twitter


We’ve reached the point in big data’s innovation cycle where many of the barriers have been broken down and we are seeing some mind-blowing results—solutions that actually work and make businesses, and lives, substantially better. These brilliant minds are in the trenches, building self-repairing nano-circuits and tackling diseases. So, here’s my pick of 5 big data […]

Continue Reading →

TechFails – IOSS 15


When technology doesn’t work when it should, is it a tech fail? Or perhaps because humans are creating the technology, fails should be more accurately called a human fail? In this episode, we discuss various types of “fails”, including the latest popular Pokémon Go, why we can’t vote online and the biggest fail of all, […]

Continue Reading →

Hospitals (and Other Covered Entities) Will Be Randomly Selected for HIPAA Audits in 2016


With July coming to an end and the year more than half over, it’s a good time to look at where we stand breach-wise. Your intuition may be telling you that 2016 has been a bad year with hacking attacks reported daily. You intuition is right. The Identity Theft Resource Center is my go-to resource […]

Continue Reading →

Resources for a Junior Sysadmin Straight Out of College


To prepare for your first job as a Junior Sysadmin, we have a few tips that will make you stand out: Read The Sysadmin Guide A detailed, plain-English guide to dealing with the aspects of being a Sysadmin that aren’t covered in a manual. Before Graduation… Take advantage of these free tools for students: Microsoft […]

Continue Reading →

21 Free Tools Every SysAdmin Should Know


Knowing the right tool to the right job is something that can save you hours of extra work and tedium. We’ve compiled a list of of some of the best general purpose sysadmin tools for troubleshooting, testing, communicating and fixing the systems that you need to keep running. WireShark Wireshark is the world’s foremost […]

Continue Reading →

Understanding Canada: Ontario’s New Medical Breach Notification Provision (and Other Canadian Data Privacy Facts)


Remember Canada’s profusion of data privacy laws? The Personal Information Protection and Electronic Documents Act (PIPEDA) is the law that covers all commercial organizations across Canada. Canadian federal government agencies, though, are under a different law known as the Privacy Act. But then there are overriding laws at the provincial level. If a Canadian province […]

Continue Reading →

Email security in the wake of #DNCLeaks


Back in December, our #1 prediction for 2016 was that the U.S. Presidential campaign would be impacted by a cyber attack. And here we are. Watching the fallout from #DNCLeaks it’s evident just how devastating email breaches can be. For many organizations email is the most sensitive asset they have, yet monitoring for anomalous access […]

Continue Reading →