Tuesday, September 30, 2025

Security culture at work

When someone says that a business needs to have a security culture, it can be a challenge to understand what that is, but it is quite simple. A business must be security aware and that means everyone not just the IT department. Without a security culture many staff/management will ignore, complain about, and even bypass the technical security controls that get in their way.

A security culture starts from the highest level of management as they are the ones that are going to be setting the examples and providing the guidelines and policies that the rest of the business will be following. If senior management doesn’t have a security culture it is going to be extremely difficult to have it within a business.

If IT is trying to assist with developing a security culture it might help a bit, but it is still going to be a challenge without senior management buy in. IT can assist with the implementation of security training, such as awareness training but if senior management isn’t taking it themselves and setting guidelines about it, it doesn’t help the security culture within the company.

One of the biggest things that needs to be done is for senior management to develop polices that are enforceable with regards to the various security things that an individual needs to do to make sure that they are being secure when they are using company assets or even within the company property. These policies also need to be followed by the senior management otherwise they aren’t going to work.

So many senior managers think they are doing the right thing themselves, but so often they are proven that they are not aware that what they are doing is putting themselves and the business at risk. Seniors manage may have some security awareness, but given the speed of how the world is changing, they need to keep up with it. It is amazing how often we have heard that someone has left their laptop in their car, in their garage and they think it’s safe, but it really isn’t because garages can be broken into and devices that are in the car could be stolen. We have also been told that all laptop users turn off their laptops each night only to see that they just close the laptop and take it from location to location, is it locked, maybe not. The other thing with laptops is why are they sitting in the office overnight, turned on and logged on and not secured as this is another security risk. 

Senior management needs to set guidelines and policies that are enforcement so that employees understand that there is a cost for not following the policies. At first, it can be a warning of violating the policy, the second time could be some unpaid time away from the office and then depending on the policy that is being violated it could result in being terminated.

Overall, security is about having the people within the business that will support and follow the various policies and guidelines. For security to work well, it is only as secure as the weakest user and everyone needs to understand that.

 

Posted by at No comments:
Labels: ,

Tuesday, September 2, 2025

Death by Power Point


How many of us have gone to a meeting or conference and suddenly, a power point presentation starts to be shown. There are so many people that try and put everyone on the slides instead of just those few key points.

Something that is very important to think about when you are preparing a power point presentation is how much information you should be putting on a slide. The less is more rules apply here because the less words you can put on a slide the better. Keep the slides to only the key points and not every word you are going to be saying during the presentation.

Here is an example of an about me done in two different ways and think about what would look better on a slide:

About Me

-          Small business co-owner

-          Project Manager

-          Bookkeeper

-          Enjoys crafting as a hobby

About Me

-          Small business co-owner of Konecny Consulting Inc

-          Project Management and have my CAPM, which is Certified Associate Project Manager

-          Enjoy crafting as a hobby and I enjoy doing a lot of the needle arts, such as knitting, cross stitch and others

As you can see, I have shown two different about me slides that I might use when I am giving a presentation myself. There is only one that I would use, and it would be the first one because those are the key talking points and I can add all the extra details when I am speaking. Besides keeping the words to a minimum, I would also try and keep the font that I am using very simple and easy to read.

When you are preparing a presentation, you must think about the background colour of your slides as well as the colour of the words on the screen. The lighter the background the better and try and stick with darker colours for the words. Do not try and put light colour words on a light background because that is extremely hard to read. Also, something else that you need to think about is all of those gif’s and flashing things that you add to your presentation. These can affect people in so many ways. Keep any gif as a quick thing and don’t leave it up on the screen for very long because you could be risking the health of someone else. Causing an attendee to collapse doesn't help your message.

After you have finished preparing your presentation, put it up onto your screen but then stand back from where you normally sit and see what the presentation looks like. Do you have to add more pages because of your talking points, or do you need to increase the size of your font so that people at the back of the room can see what you are trying to say.

Power point or any slide presentation system can be a useful tool but using it wisely is important. The keep it simple rule applies and if you are trying to show a screen shot on a slide, make sure that you aren’t showing the entire screen just what is key to what you are talking about.

Example:

To reboot your computer, go to the window button, click on it and then select the power button which is on the right of the window.

Trying to read that from a distance would be a real change especially if you have that at the top of the slide and the rest of the slide is blank. So, remember any presentation tool can be useful if used wisely and make sure you have done a spell check of the entire presentation before you give it as you wouldn’t want to be embarrassed because of some silly spelling errors. The last point I want to make is once you have completed your presentation have someone else look at it and see what they think because they might spot errors that you haven’t. 

Posted by at No comments:
Labels: ,

Wednesday, February 19, 2025

Helping to keep yourselves safe on the interent

Here is an idea that you can share with your business, friends, and/or family to help keep everyone as safe as possible.

Subject: Keeping your work and personal data safe 

All our systems are increasingly under attack from growing hordes of bad actors (whom actively use automation to probe Everywhere/Everything).  There are some things we can all do to keep our data and identities safe from abuse, loss, and/or exposure.

A) Make sure that you are routinely restarting all your systems (phones, computers, tablets, etc.) at least once a week, so that the background patching can finish.  All patches require that the running software is stopped for the newer software to take its place. While some software can do this while we work, several key security sensitive parts can't do that without a full restart/reboot.

B) Make sure your Security Awareness training is complete, to help you keep clear of the ever-evolving scams facing us all, whether though work or personal communications, whether targeting the business or you personally. 

Your IT team is working all the time to make sure your systems and processes are as secure as they can get them. It is a never-ending game as the bad actors figure new ways to get at us and try to catch us in those slip ups in getting the safe things done in a timely manner. Please remember that just putting your device to sleep or closing your laptop is not restarting/rebooting your system.

As for all automation you may have setup, "Fire and Forget" is fine, provided you never actually forget. Check the automation regularly to ensure they are working. 

Posted by at No comments:
Labels: ,

Friday, July 26, 2024

Tech versus non-tech terms

There are times that when you are listening to a group of people have a discussion you may think that they are talking a foreign language, but they are speaking English, just that they are using terms that don’t seem to make sense in the conversation. In some of these cases, it isn’t the word or term that they are using, it’s how it is understood by everyone that is part of the conversation. I do know that a lot of technical people have what seems to be a secret language that they speak, and it can be very confusion for those that are not directly related to a particular expertise.

I have decided to try and decode some of the words that I have been hearing and how they can be misunderstood by those around us. Now let’s have some fun and see how one acronym or term can mean a lot of different things, and it all depends on who is listening to the conversation.

DC

  • Direct current
  • District of Columbia
  • Domain controller
  • Data centre

Backup

  • Extra help or support
  • Copy of a file
  • A situation in which something is not moving
  • Music that accompanies the main singer or tune

SAN

  • Storage Area Network
  • SANS institute

Farm

  • A plot of land that grows crops and livestock
  • A group of computer systems in one or more cabinets.

These are just four examples of how a word or acronym can have more than one meaning and when you are in a conversation with a bunch of people it can be very confusing to listen to a conversation. One important thing to remember is when you are writing an email, or a document, and you use any of these terms it is important to ensure that everyone that may read the email or document understands the correct meaning of the term. Be careful of prejudging what "Everyone" knows.

It is very important to know the audience that you are writing something because even if they are in a different area of Technology, they may have an entirely different meaning for the same term. So, a term can have a lot of different meanings, and understanding how to communicate to the various people in an organization is very important. It is the translating infosec into regular IT and IT into regular business terms that is vital for good communication.

Posted by at No comments:
Labels: , ,

Thursday, July 18, 2024

Rebooting and why I should do it

For many, having to reboot/restarting our computers seems to be such an issue. Why can’t I just leave it turned on for days at a time and even connected to the company for hours and days without anyone complaining.

Here are some of the reasons why we all need to reboot/restart our computers/device:

  • A full shut-down restart/reboot is required for completing many of the security patches needed to keep your (personal, corporate, and family) data and reputation safe.
  • A restart refreshes your system of the many "temporary" processes that have done their job, but haven't fully release system resources

We have been working with a client and when we talk to them about getting the end users to reboot/restart their devices it seems to be such a challenge. Of course, there are so many reasons why someone cannot reboot their system on a timely basis:

  • I have files open that I need to keep open because I am working on the files (these files are open for hours even when the person isn’t working).
  • My system takes too long to reboot when I do a restart (maybe the issue is you haven’t done restarts lately and there are too many things that need to be updated).
  • I just don’t have time to do a restart (why not restart your computer at the end of the day, and it will ready when you get back the next business day).

There are so many reasons why someone will tell you that they cannot reboot/restart their system, and a lot of those reasons are that they just can’t be bothered or there isn’t a reason for them to reboot. In some cases, the reason someone isn’t rebooting/restarting their device in a timely manner is because there is no policy in place that says that all devices must be restarted with x number of days. When a business doesn’t have a policy as to how often machines need to be rebooted/restarted, that doesn’t help at all.

For a business to be successful and secure, they need to understand the importance of restarting/rebooting each machine is vital. Some users think that either putting their device into hibernation mood/sleep or a system crash means that a computer has rebooted, has completed the task. What people don’t understand is a crash doesn’t mean a total system restart, and putting a computer into hibernation is not a restart.  For a device to work effectively, they need to have regular, total reboot/restarts. It doesn’t matter if it is a computer or tablet, they all need that bit of time when they can turn off and restart to clear all the stuff that has been bothering/hindering them.

It is important that we understand that our devices, either a computer or tablet, need a bit of time when they can turn off and refresh. So, yes, it is important that we remember that our devices need a bit of time to sleep, even if it is just for a couple of minutes. It helps them recharge and know that they are ready to go and meet your needs again.


Posted by at No comments:
Labels: , ,

Thursday, June 27, 2024

The risk of inactive/off-line systems

 The risk of inactive/off-line systems if just turned on and used

In our fast-paced world with cyber warfare going on, from nation states jockeying for the secrets of other nations with zero day hacks, to the many criminals looking for every way to get value out of everyone they can, software is constantly being patched to try and keep ahead. With so many people and businesses not patching, even old bugs are being probed all the time, and getting attacked. Using unpatched systems is a huge risk, sometimes even if just a few weeks, or sometimes days, out of date.

There are many reasons why a system might be unused for a while. They aren't just sitting there for no reason, but generally in one of the following paths

  • Primary user on extended vacation or other extended leave.
  • Pending deployment, with an active plan to do so.
  • In reserve, with not active plan, other than to be available if needed. Perhaps on an eventual path to be decommissioned.
  • On the way to being decommissioned and disposed.

If there is any intention of bringing a system into active use with little warning, they must be kept up to date, otherwise they represent a security risk as breachable/hackable defects are found but not patched. These machines would need to be regularly (every week or two) brought online and the full patch process run (Not just the few obvious ones, but the whole patch management process). This does not mean for all the system in reserve inventory, just enough for quick deployments (loaner or replacement) and the next ones are brought up to ready from extended off-line status.

Or

Any system that has been off-line for an extended time, is a huge safety risk to us if it is just deployed, until it has been through a few restarts, with time in between for the patch process to see what is needed and deployed. After the OS has gotten its patches, open the primary apps, and go to their ‘Help’ ‘About’ menu to check for any updates there. Browsers and email clients are a big target and the front lines of many cyberattacks.

If a system is on the path to likely being decommissioned, but we are just keeping it around "Just in case" then pull it out of any active monitoring systems it might be a part of, as those usually have a licensing cost you can free up, and they usually alarm/bug someone when they haven’t “called home”. Essentially some effort to ‘Mothballing’ the device, just like the Navy does with their ships, Air-forces often do with planes, or even clothes kept in the attic for that ‘maybe some day we might need this again’

There is a very active cyberwar going on, nation states juggling for control to avoid bullets, through all the criminals trying to get at what every they can grab. This has been accelerating at a rapid pace, and we can not rest on "it won't hit us" as we are all being actively probed all the time.

To be safe or as safe as possible, it is important that you keep your systems (both personal and business) as up to date as possible before and when actively using them.

Posted by at No comments:
Labels: , , ,

Thursday, June 13, 2024

A messy computer desktop is a slow computer

How many icons do you have on your desktop? Is it just a few icons (like 15 or so) or it is so populated you cannot see your background?

The reason we ask is that each of the icons takes a finite amount of time to load and display. The further away the information that each icon represents, the longer it will take to update/load the icon. It may be just milliseconds per icon, but that does add up. This applies to folders on your desktop as well. We've seen systems with thousands of files in folders on their desktop, but after moving them to a regular documents folder off the Desktop, they noticed how responsive their system got.

Recently I was able to see a desktop on a monitor, and you couldn’t see very much of the background because of all the different icons that were there. This person was also complaining that his computer was no good because it just took way too long to start up.

Here are some questions that I asked this person about their computer.

  • How often do you reboot your computer?
  • Are all these icons on your desktop necessary?

Now these are the answers that I got.

  • I don’t reboot my system very often because it just takes way too long to start up again.
  • All of these icons are necessary so that I can do my job, and he immediately pulls up a photo that has nothing to do with work.

What is very important to understand is that a lot of the icons on the desktop were for files that he felt he needed to access quickly. Of course, these files were located on a server and not on his computer, so each took longer to load. I tried to explain to him that having all these file icons on his desktop was a major reason why his system took so long to startup. When you have icons on your desktop, what happens when the system starts up is it must look up each of these files so that it can draw it on the desktop. The more files you have on your desktop, the longer it is going to take for your system to start up and refreshes during the day. If you need access to these files quickly, it is better to have them in a folder elsewhere and then just the link to the folder on the desktop. Then the only time the files will be searched for is when you open the folder.

So, the best thing you can do to ensure that your computer starts up at a reasonable speed is to limit the number of icons that you have on your desktop, especially icons that are to remote files. Shortcuts can be useful but remember that they can also impact how you work. The convenience of all these icons has it's cost in time.

 

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)