secureemail

In this brief end of the year episode I talk about a recent phishing attack on a 3rd party vendor that was compromised via email in a very unique way. I reveal how it happened and why defense in depth in so important.

Talking Points:

• What is a lookalike domain?
• The importance of having a defensive domain strategy
• How bad guys used an operating system and email applications default behavior against the user

In this episode I sit down with Corwin Tobias, to take a deeper dive into maturing a Security Awareness program.  Corwin is the Information Security Awareness Ambassador for Blue Yonder.  I had the pleasure of working with Corwin when he was working on the Information Security Training Team for Spectrum Health.

Talking Points:

• How to quip your staff to identify key risks
• Does an employee know what to do when they make a mistake?
• A Human Firewall sounds good but doesn't always work in real life because cyber criminals adapt
• What are some things that people get wrong about Security Awareness? (Information Security Compliance fallacies)
• What departments does information security frustrate the most? Why is it important to identify them?
• Metrics are more granular than you think? It's not all about volume

In this episode I talk with Tim O'Connor about what companies don't understand about Security Awareness programs. Tim is the Manager of Knowledge Services for Cadre Information Security.

Talking Points:

• Security Awareness is  more than just Phishing awareness training
• What doesn't the business get about Security Education?
• Risk Assessments and Vulnerability Assessments are two different things
• The importance of Table Top exercises
• Brand Name Protection
• IT is NOT where the cybersecurity buck stops

Episode Sponsor:

This episode is sponsored by Cadre Information Security.  Cadre is a trust security partner based out of Cincinnati Ohio.  As always, parts of the sponsorship fee goes to Michigan charities.  In 2021 #RTWAB has raised over $3,000!

In this episode I had a chance to speak with Rob Bowker about using DMARC and other secure email tools to prevent domain spoofing.  Rob is the Director of Sales North America for EasyDMARC.

Talking Points:

• How to use DMARC reports to move from 'quarantine' to 'reject'
• What is process of applying a percentage when moving to quarantine
• How to get around DNS limitations for SPF records
• What is BIMI?
  • What are the pre-requirements for implementing it?
• How to use domain scanners and reputation checks

Episode Sponsor:

The sponsor for this episode is EasyDMARC. EasyDMARC is a phishing protection solution company based out of  Middleton, Delaware. As always part of the sponsorship fee goes towards helping charities in the West Michigan area!