Talking with Telus About Security

Last week, Telus invited me to to an information security talk at Reasearch House, one of North America’s largest data-collection facitilities.

I said yes, without fully understanding what I was walking into; check this out:

Sooo, basically I sit in this comfortable chair, on the good side of one-way-glass, and straight-up get to stare and people-watch, while they talk about my favourite topic?  Yesssss.

These are senior-level Security and IT decision makers, from 6 large Canadian organizations, that I know you know.

Security is a difficult discussion for companies to have publicly, because when you point out your vulnerabilities, it opens the door to potential attacks.

That’s why I’ve blurred out their names and faces (learn how to edit a photo you’re posting online here)

These are the kind of guys who protect the company’s information, and yours.  They’re not a help desk, and every phone call they receive is a, “it’s the end of the world” call. Maybe bring them doughnuts sometimes.

Today’s topic was BYOD – Bring Your Own Device.  

Example: your personal cel phone, (not supplied by your employer),
is allowed to send and receive corporate email,
and connect to the corporate network

AKA: Bring Your Own Disaster

EMPLOYEES

BYOD is a bigger deal than you may realize.  Thousands of devices, that are probably less-than-secure, connecting to the corporate network and WiFi.  That’s now at least 3 more operating systems to accommodate, manage, and secure. Even worse, now confidential company information is walking around in someone’s pocket, going to the bar, you have a lock on your phone, right.

Mobiles are not immune to malware and virus’.  One click on something stupid in social media land, and the virus comes in through your phone, out to the company network, and off it goes spreading bad news.

(One day, you’ll connect through a VPN. We’ll get into VPNs here soon)

EMPLOYERS

Maybe re-visit your employee-exit policies and procedures.  I feel this might be a hole that needs plugging.

Even if you are parting on friendly terms, you still must immediately address the large amount of sensitive information on their personal device(s), and what those devices have access to.

I talked about this in my Autonet.ca article, “Toyota Secure Website Hacked”:

“If he was fired Thursday, and he used his passwords to enter the site at midnight, that would make it seven hours during which his credentials weren’t changed. That is not best practice for employee termination; account access should be immediately disabled upon notification of termination.”

And to terminated employees: don’t be offended when they do this, it’s best. You don’t want the responsibility of owning that information, especially on a mobile device.

If you take only one thing from this post:

Much of your company’s security comes down to you, the end user / employee / weakest link.  I know practicing good security can be annoying and slow things down, but there’s more resting on your shoulders than you may realize.

And thanks for having me Telus, this was so neat.

 

99% Quality

I wouldn’t, but if you do: pay cash, and never stick one into a computer you rely on.

 

 

A Homemade Drone Looks Like This

Drone or UAV – Unmanned Ariel Vehicle

Recognize the blank CD cases top and bottom?  No camera on board, yet.

What I really want is a Parrot AR Drone 2.0.  An on-board camera recording in 720p, 30fps, and I fly it using my iPhone, come ON.  Look at photos it takes here.

Watch professionals Team Blacksheep fly their drone through New York City, and even buzz the Statue of LIberty.  And the video’s ending is awesome.

Drones will be commonplace, in our lifetime.

I’ll leave you with a video from 2 years ago, when I saw a drone off my balcony.

 

 

 

I Invented Someone, Meet SmashCan Jimmy

He works for Smarten Up, Internet.

He’s ready for action, has all the major accounts:

I even got him into the newspaper last week, click here, right column, first paragraph:

“… until the eye comes to rest on “SmashCan Jimmy’s Dealership of Amazingness” stamped in now-faded gold lettering…”

Now he owns a car dealership.  I should update his bio.

We chuckled when Google couldn’t find his face. Like how I keep anthropomorphizing him?

The purpose of SmashCan Jimmy: I send him out

to click on scams, visit sketchy streaming sites hosted overseas,

enter contests with his work email,

his password will be password, he’s the worst.

He’ll be wide open and vulnerable to attack, get attacked, then we’ll see what happens.


(note: all the above will happen only on my old white laptop, never my work computer, never would I do this with my personal accounts and name. Be careful where you click out there).