Author Archives: Steve Addison

PDF documents are no longer the security panacea we thought they were. And security awareness training needs to catch up with this. For years, IT and security professionals have been advising people to distribute documents in PDF format rather than … Continue reading →

Banning social network use DOESN’T prevent it being used for social engineering attacks. An excellent article in Dark Reading describes how a security consulting company carried out an (authorized) social engineering attack on a client using information gleaned from Facebook. … Continue reading →

Most of us are familiar with URL shortening websites such as bit.ly, tinyurl.com, and is.gd. It’s one of the technologies that’s fuelling the explosive growth of social networks such as Twitter – after all, 140 characters isn’t a lot of … Continue reading →

Following my post about McAfee’s 12 Scams of Christmas, here’s some safe shopping advice from the FBI. Good source material for a seasonal security awareness message to your staff.

Along the same lines as my recent post on photocopiers and information security, a friend of mine tells me that, in his organization: … we have a major issue with people leaving scanned expenses on a shared drive. It’s great … Continue reading →

An article in a recent issue of Business Week highlighted security issues with software produced by Adobe – especially Adobe Reader which is widely used in small and large organizations. The article quotes Kapersky researcher Roel Schouwenberg saying “Adobe at … Continue reading →

The Washington Post talks about a recent FBI warning that hackers are increasingly attacking law firms and PR companies using spear-phishing emails. These emails – previously used against military and defense targets – contain hyperlinks or file attachments which launch … Continue reading →

Plenty of people are blogging, tweeting and quoting this article from McAfee posted on CNET, and justifiably so – it’s well-timed and contains pertinent information. If you’re involved in an ongoing process of security awareness training, consider including these topics … Continue reading →

Are you covering the security risks of photocopiers (and multi-function machines) in your security awareness training? A recent news report from WINK-TV in Fort Myers, FL, has reminded us that the humble photocopier can be a security threat. Or perhaps … Continue reading →

The Washington Post is reporting that the American Realty company lost $195,000 when an employee clicked on a link in an email that purported to be from the IRS. The link then installed a Trojan Horse which stole passwords that … Continue reading →