6 October 2009 by Jeff Hayes.

The U.S. Department of Homeland Security, as part of its National Cyber Security Awareness Month, has created a list of fourteen things home users can do to bolster cyber security.

1. Use a suite of automatically updating security tools that includes anti-Spyware, firewall and anti-virus software.
2. Be sure your operating system and Web browser are set to automatically update.
3. Use long, complex passwords for both your computer and your wireless network that include numbers, symbols and letters, and change them every 90 days.
4. Maintain vigilance online and be skeptical about giving up personal information.
5. Turn off your computer when you are not using it.
6. Employ the same online safety behaviors when “surfing” on a mobile device.
7. Be on the lookout for signs of an infected computer including slower processing times, unwanted pop-up ads and increased spam.
8. Talk to your kids about good online safety and security habits, including protecting their personal information and their reputation.
9. Know what sites your children are visiting online, and check their social networking regularly.
10. Regularly back up your files either online or to an external hard drive (and store in a secure location).
11. Post cyber security tips on your favorite community Listserv.
12. Go to your favorite search engine and search by your name and other family members to see what is on the web about you.
13. Make sure your children know that they can come to you if something online makes them uncomfortable, including what others are posting about them, unwanted contacts, and questions they have about staying safe online.
14. Learn more at www.staysafeonline.org.

Good list? Yes.

What about business? The best checklist I have found for good cyber security for the average business is from the Payment Card Industry within its Data Security Standard:

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.

Simple? No. But is a great list to build a security plan upon.

Posted in Security Policy, Personal Security, Homeland Security | Print | No Comments »

27 April 2009 by Jeff Hayes.

The question of the day is: will the swine flu evolve into a real pandemic or is it just a SARS-like scare?

We have one group of people, including many nations’ public health commissions, that feel the borders should be shut, international travel to certain countries halted and/or all entrants from certain countries be scanned for fever prior too being allowed entrance. We have another group, including the current Obama administration, that is taking a wait and see approach.

One group is willing to hit us in the face and another willing to tell us they may hit us in the face sometime in the future on a date and time yet to be determined.

What’s the impact of the swine flu — any flu or disease – to a business man or woman? It can impact travel, shipping, sales, workers and personnel. If your business is travel and hospitality, and Mexico key to your business, the swine flu is not your friend. If you have a plant or facility in a tagged country/city/area, will may be delays in shipping? Will there be a significant number of employees or partners that cannot come to work to the point it will impact your products or services?

Politics aside, the business person needs to be prudent. Precautions need to be made to safeguard operations. I might postpone traveling to Mexico for a few weeks. I might survey employees and assess their recent or upcoming travel plans, as well as family members or close friends. I would definitely make sure I had a contingency plan in place to deal with mass infection.

Google is mapping the H1N1 Swine Flu cases in North America. The numbers are not overly high yet. We all get the flu on occasion. Is this one going to be any different? Who knows? But this one is worth following because of its impact on younger adults, generally a hardier section of society.

Panic is not in order; prudent behavior and extra precautions probably are.

Posted in Personal Security | Print | 1 Comment »

16 April 2009 by Jeff Hayes.

Kidnapping is not something many of us think about. However individuals from wealthier nations and multinational companies traveling in certain regions of the world should be aware of the possibility.

Having traveled to nearly 30 countries, most of my business trips and assignments have been to western nations where kidnapping risks for business travelers are lower. Trips within certain areas of Latin America, Southeast Asia and the Middle East have higher kidnapping risks.

Kidnappers are motivated by money. The most likely victims are those individuals that are or appear to be the wealthiest. For those people, it behoove their firm to take proactive measures, namely counter-surveillance techniques, along the lines of the U.S. Secret Service. If the financial potential is high, the criminals will do their due diligence with their own surveillance. Counter-surveillance is hard, time-consuming, and costly, but effective.

For the average business travelers to high-risk areas, they do not have the luxury of a security detachment. In all my trips, I have either traveled alone (75 percent of the time) or with one other person. What I have done in each case is to have a local contact provide me some intelligence on local travel conditions (starting at the airport), hotels, restaurants, and any tourist traps. I personally do not favor U.S.-based hotel chains in these nations or touristy places frequented by westerners. I am their for business first and foremost. And it is my preference that if I do have some spare time at the end of a trip, I will experience things dealing with the local culture and not the main tourist guide recommendations.

The U.S. State Department provides travel help, suggestions and advisories.  However, i personally do not give what they same much credence. They mean well but they are overly paranoid in their recommendations. They hope to avoid being sued for not warning people in advance – its CYA policy. The government will state, for example, not to travel to Lebanon (where I went earlier this year). Certainly there are areas that are not overly kind to Americans (Beqaa Valley or Southern Lebanon), but most of the nation is perfectly fine for business travelers. (In fact, I would not hesitate taking my family.)

Seeing soldiers on the streets with automatic weapon in some countries may be a concern for some; I tend to be more along the line of being somewhat comforted. Nevertheless, some good advise is if you are confronted with a hostage situation, it is better to not get in the car or van if you can avoid it. Being a hostage is way down on the list of things I want to experience. How to be a hostage is a different issue and beyond my pay grade.

Larger and more well-off firms should take the necessary precautions for their c-level executives and staff (as appropriate). Smaller and less well-off firms, should take prudent measures to personal safety. Given the lower risk, that may be all that is required.

Posted in Personal Security | Print | No Comments »