Securing a Password Manager

A young man became aware that there was a large safe in the local pool hall. Of course something that big and on such display drew a lot of attention, and attention became speculation which in turn turned to greed. The owner had opened the safe once in their presence and it was full of … Continued

Handling the Threat of Internal Breaches

Every time you listen to the news, read a newspaper, or scan online news, you learn of another security breach that involves consumer’s personal information. Consumers assume that breaches occur by direct attack from external entities or by clever individuals who break into networks from outside the company or via the Internet. That scenario is … Continued

10 Security Tips for the US Government

The recent Office of Personnel Management (OPM) hack reveals that the US Government needs to significantly “up” its security game. Upping the game means that government security staff needs to impose greater restrictions on information access. But, one should ask, “Why were these secret documents so easily accessible to intruders?” And why wasn’t the information … Continued

Single Sign On: Questions to Ask

Grandpa always said, “Never try anything new. Wait and see if it kills someone first”. Recently, I’ve been involved in bringing several Single Sign On projects to fruition, and his words have been hovering in the back on my mind constantly. Part of me says, “It’s a bad idea to have just one username and … Continued

How to Get Notified of Changes to Important Active Directory Groups

As an Active Directory administrator you’re probably familiar with important groups like Domain Admins, Schema Admins and Enterprise Admins. When an account is a member of one or more of these groups that account has some major power in your AD environment. Just like the old saying goes, “With great power comes great responsibility”, members … Continued

Phishing Attack Catches Another Organization Off Guard

Saint Agnes Health Care, Inc. announced that an attacker successfully phished an employee and obtained personally identifiable information of approximately 25,000 patients. The information included names, dates of birth, gender, medical record number, insurance information, and limited clinical information. In addition, Social Security numbers were obtained for 4 of the patients. Based on their news … Continued