Imagen: 10 Things You Need to Know About Cyber Security

I recently read (most of) a white paper put out from Imagen about Cyber Security (- it was 36 pages, give me a break!) There was a lot of great information in, which I will paraphrase below. If you care to read the white paper, you can find it here!

  1. Know Your Enemy – there are 5 potential threats both in and outside of your organization.
    • Casual Hacker – someone who is curious about your system and may cause minimal disruptions.
    • Hacktivist – an activist campaigner has become more and more common lately with the political turmoil around the world. These generally have an agenda and are centered around a perceived injustice.
    • Organised Crime – these are groups whose sole purpose is to steal information and sell it.
    • Nation states – remember the Sony hack? Many believe that this attack was made by the country of North Korea in retaliation for the movie The Interview.
    • Internal threats – past or present employees have access to company’s information and can take advantage of that access.

There are a number of ways to prepare and prevent these kind of attacks. Prepare and plan; keep websites, software and anti-malware programs up-to-date; educate your team on how to recognise scams; use secure Internet connections whenever possible.

2. Be an informed decision-maker – be sure that you or someone in the organization is responsible for preventing and preparing for a potential cyber attack. This should be someone with not only knowledge but the ability to make financial decisions to protect the company.

3. Use security tools – in this industry we love tools and toys so this one completely makes sense! Use up-to-date technology to protect your assets, even down to the rushes you create. Be sure that connections are secure while information is being passed back and forth and that content such as scripts, calls sheets and contact details are all protected as well.

4. Secure your smartphone – we can do almost everything from our smartphones including shooting an entire movie! This is the most common unsecure place that information can easily get stolen. Using a longer passcode, installing anti-malware, enable whole disk encryption and find my phone are just a few options to help keep it safe.

5. Beware of free WiFi – this easily opens up your phone and computer to hackers who are more than happy to steal your information – and it’s quite easy to do. This can even occur from a hotel wifi so ask questions and know what wifi service you are connecting to. Stay off of banking sites and social media while connected to free wifi, these make stealing your identity much easier. If possible pay for a VPN service.

6. Understand the content lifecycle – live events have a higher value when they are being aired or right after but quickly lose their value. A primetime drama production has different value and risk at different parts of the process. It’s important to consider the project and the risks at different stages and act accordingly.

7. Know the law of the land – we all travel – a lot. It’s important to remember that laws change and security levels change depending where we are. Removing sensitive material from electronic devices before traveling is probably the easiest and also one of the best safeguards. It may also be a good idea to encrypt things if they are being exchanged from one country to another.

8. Know your friends – a good hacker will know how to get a username or password out of a potential victim and responsible organizations will never contact you and ask for personal information. Spam filters are set up on email services for a reason – use them!

9. Dispose responsibly – when you return rental equipment, make sure you wipe all personal information from it. There are free tools that can be downloaded that will securely erase your data, remember pressing delete doesn’t always completely remove something from the computer.

10. Be prepared by planning – it you expect it and plan for it, then you can minimize the damage when it happens.

There’s a lot of great information and examples in Imagen’s guide. This brief synopsis was meant to make you think and consider your security. For a full account and detailed suggestions, read the full version here!

 

 

 

 

Apple Security Issues… What’s up with that?

By now all Apple users have heard and (hopefully) upgraded to 10.13.1 to avoid the security issues present in 10.13. So what heck actually happened and what did Apple have to say. Let’s take a look:

Many of us got a notification on the morning of Wednesday November 29th that we needed to do an update immediately that related to security on our computer. I’ve been a Mac user for a long time now (10+ years) and I don’t remember seeing an update like that before! Like a good Apple user, I complied… immediately. And like any Apple user, I took to Google (yeah, not Safari 😁) to figure out exactly what was going on!

The discovery was posted to Twitter (my inner customer service rep shutters at the thought of this kind of bug being reported via social media) and the frenzy began!

Screen Shot 2017-12-04 at 2.49.59 PM

So basically that meant that anyone can log into a Mac by entering “root” as the username without a password. The first time you try to login, it won’t work. But if you try it again, you will be granted access.

According to Apple, “The user account named ”root” is a superuser with read and write privileges to more areas of the system, including files in other macOS user accounts. The root user is disabled by default. If you can log in to your Mac with an administrator account, you can enable the root user, then log in as the root user to complete your task.”

So as you can see allowing just anyone access to a “superuser” account is kinda bad!

To Apple’s credit the response was swift. Within hours they had a fix and within 24 hours they were pushing it to all their users. And I’ll give them credit… they messed up BUT their response was perfect. They corrected it and owned up to the mistake.

Screen Shot 2017-12-04 at 3.37.42 PM

Here’s the support notes for the security flaw.

Maybe now they can work on fixing iOS 11… 😳

blog bio-01