iBoss blog: Implementing Better Email Authentication Systems

To provide better spam and phishing protection, a number of ways to improve on email message authentication have been available for years, and are being steadily implemented. However, it is a difficult path to make these methods work. Part of the problem is because there are multiple standards and sadly, you need to understand how these different standards interact and complement each other. Ultimately, you are going to need to deploy all of them.

You can read my latest blog for iBoss here to find out more.

Advertisements

Protecting your Windows endpoints with VIPRE Endpoint Security Cloud

VIPRE offers a nice package for small and medium-sized businesses that is easy to use and manage with a wide array of protective features.

We tested VIPRE on a series of different Windows clients during September 2017. It supports all versions of Windows desktop since v7 and servers since v2008R2. It currently protects more than six million endpoints and finds more than a million daily malware infections. VIPRE also sells an on-premises endpoint solution that also includes patch management features.

Pricing starts from $30/yr/seat with significant volume discounts. VIPRE offers free phone based US support during business hours.

 

Software shouldn’t waste my time

One of my favorite tech execs here in St. Louis is Bryan Doerr, who runs a company called Observable Networks that recently was acquired by Cisco. (Here is his presentation of how the company got started.) One of the things he is frequently saying is that if a piece of software asks for your attention to understand a security alert, we don’t want to waste your time. (He phrases it a bit differently.) I think that is a fine maxim to remember, both for user interface designers and for most of us that use computers in our daily lives.

As a product reviewer, I often find time-wasting moments. Certainly with security products, they seem to be designed tis way on purpose: the more alerts the better! That way a vendor can justify its higher price tag. That way is doomed.

Instead, only put something on the screen that you really need to know. At that moment in time. For your particular role. For the particular device. Let’s break this apart.

The precise moment of time is critical. If I am bringing up your software in the morning, there are things that I have to know at the start of my day. For example, when I bring up my calendar, am I about to miss an important meeting? Or even an unimportant meeting? Get that info to me first and fast. Is there something that happened during the night that I should jump on? Very few pieces of software care about this sort of timing of its own usage, which is too bad.

Part of this timing element is also how you deal with bugs and what happens when they occur. Yes, all software has bugs. But do you tell your user what a particular bug means? Sometimes you do, sometimes you put up some random error message that just annoys your users.

Roles are also critical. A database administrator has a lot different focus from a “normal” user. Screens should be designed differently for these different roles. And the level of granularity is also important: if you have just two or three roles, that is usually not enough. If you have 17, that is probably too many. Access roles are usually the last thing to be baked into software, and it shows: by then the engineers are already tired about their code and don’t want to mess around with things. Like anything else with software engineering, do this from writing your first line of code if you want success.

Finally, there is understanding the type of device that is looking at your data. As more of us use mobile devices, we want less info on the screen so we can read it without squinting at tiny type. In the past, this was usually called responsive design, meaning that a web interface designer would build an app to respond to the size of the screen, and automatically rearrange stuff so that it would make sense, whether it was viewed on a big sized desktop monitor or a tiny phone. If your website or app isn’t responsive, you need to fix this post-haste. It is 2017 people.

iBoss blog: What Is WAP Billing and How Can It Be Exploited?

An old scam to separate people from their money has been gaining more popularity. It uses a cellphone protocol called WAP billing to steal your money. You have a hint from its name that it has something to do with wireless network protocols, but the idea is to save folks some time when they want to pay for something online by having the charges go directly on the user’s phone bill. I explain the exploit and how it is being used in my latest blog post for iBoss here. One infection point is a “battery optimizer” app that conceals the WAP billing trojan.

HPE blog: What developers can learn from the best museum designers about UX

Inspiration on how to improve user experience can come from many places. Here’s how some top museum high-tech exhibits explain data, using interesting visualizations or a combination of senses. I look at examples from the St. Louis City Museum, the Springfield Ill Lincoln Museum and the Chopin Museum in Warsaw (shown here) for examples.

You can read my article in HPE’s Enterprise.Nxt blog here.

iBoss blog: Understanding the Differences Between Anonymity and Privacy

Balancing anonymity and privacy isn’t an either/or situation. There are many shades of gray, and it is more of an art than science. Making sure your users understand the distinction between the two terms and setting their appropriate expectations of both should be a critical part of any job managing IT security.

Most users when they say they want anonymity really are saying that they don’t want anyone, whether it is the government or an IT department — to keep track of their web searches and conversations.

However,controlling our privacy is complex: Take a look at the typical controls offered by Twitter. (See the screencap at right.) How can any normal person figure these out?  This post for the iBoss blog discusses these and other issues.

FIR B2B podcast #81: GETTING REAL ABOUT SOCIAL MEDIA’S VALUE

This week we discuss several aspects of social media: how to use and abuse analytic tools, whether your CEO should have social media accounts, and understanding the differences between using social media as a “narrowcast” one-way medium vs. having actual interactions and conversations across various networks. We cite two different studies.

Domo and CEO.com released their annual CEO social media survey earlier this summer. They found that 40 of the Fortune 500 CEOs have a Facebook page, down from 57 two years ago. We don’t think the drop is necessarily a thing. Every corporate executive should have a solid account and profile on LinkedIn – and we suggest that CMOs should take some time to review those accounts to ensure that they reflect well on both the individual and the corporation – but engaging on social media creates an obligation to continue that engagement, and not all CEOs are comfortable with that idea.

We also examine a Forrester report from earlier this year. (PDF here) on how to measure social programs. The authors point out that many marketers say they haven’t been able to show the impact of social at all, and that it can be hard to pin down its actual impact. Marketers mistakenly expect social metrics to parallel digital performance channels rather than augment these channels help guide their efforts and add color or feedback at the appropriate places. If you expect social media to deliver an immediate boost to sales, you’re probably barking up the wrong tree.

Listen to our 16 min. podcast here.
https://firpodcastnetwork.com/?powerpress_embed=8024-podcast&powerpress_player=mediaelement-audio