What Security Advice Will Your Family Ignore?

This Thanksgiving we wish you lots of luck convincing your family members to use a password manager. Would getting them to switch political allegiances be easier?


This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Jeff Hudesman, head of information security, DailyPay.

Thanks to this week’s podcast sponsor Tenable

Effective vulnerability prioritization helps you answer three questions: Where should we prioritize based on risk? Which vulnerabilities are likeliest to be exploited? What should we fix first? Tenable gives you the accurate and actionable data you need to answer these questions and better secure your business. Learn more: tenable.com/predictive-prioritization.

Got feedback? Join the conversation on LinkedIn.

On this week’s episode

Why is everybody talking about this now?

Rich Malewicz, CIO, Livingston County, started a thread of common threats and scams we should warn family and friends about over the holidays. Lots of great advice. We discuss our favorites, whether we turn into family tech support, and if you had one cyber holiday wish for every family member, what would it be?

Hey, you’re a CISO, what’s your take on this?

When is the right time and WRONG time to start red teaming? (the process of letting ethical hackers loose on your business to test your defenses, your blue team.) What exactly is it you’re testing? Are you testing your network’s resiliency or your business’ resiliency?

“What’s Worse?!”

Three options in this “What’s Worse?!” scenario.

The great CISO challenge

We have repeatedly touted on the podcast the benefits of multi-factor authentication or MFA. Our guest implemented an MFA solution at his company. We talk about the challenges, criteria, and roll out like? And did they see any visible evidence of security improvements?

This image has an empty alt attribute; its file name is Cloud_Security_Tip_Teal_ColorLogo.png

Casey from accounting is getting frustrated, waiting for client files being held up by the firewall. Jordan is trying to join a video conference that needs a plugin, but the firewall won’t let it through. So they call the IT manager who then disables it.

This happens a lot. Maybe not in large companies, but small law firms, medical clinics, or small businesses that might use an old-school administrator who will either turn off the firewall or opt out of using one altogether, believing in the power of a cheap antivirus product to keep things safe.

Larger facilities with underfunded IT departments might simply choose the cheapest solution possible. When firewall rules become overwhelming to IT and end-users alike, the pressure once again, to disable it, just to get work done, can be huge.

If these companies were physically isolated, this might be a relatively small issue. But they are all in some way connected to every other company that uses digital data. So, turning off the firewall now becomes everybody’s problem.

Check out lots more cloud security tips sponsored by OpenVPN, provider of next-gen secure and scalable communication software. OpenVPN Access Server keeps your company’s data safe with end-to-end encryption, secure remote access, and extension for your centralized UTM.

What do you think of this pitch?

There is lots of disagreement over whether this pitch is any good.

David Spark
David Spark is the founder of CISO Series where he produces and co-hosts many of the shows. Spark is a veteran tech journalist having appeared in dozens of media outlets for almost three decades.