fbpx

Episode 39: Paul Konikowski on Investing in Cybersecurity & Culture

Highlights From This Episode…

  • Bring up security early in the process. IT is often treated as an afterthought in AV.
  • Assess the impact of each device being comprised. 
  • Consider access for each device. Who? How? Why?  Least resource or least route?
  • Consider if network connectivity is really needed for each device.
  • Perform role-playing to get better perspective of what a malicious actor could do.
  • Assess if users can accidentally cause a security breach, such as plugging in unknown USB sticks.
  • VLAN headers can be spoofed and should not be considered a security mechanism.
  • Close unused ports on all devices.
  • Enable device logging and monitor the logs for suspicious activity.
  • Consider messaging direction per device and disable a device’s ability to send or receive messages if not needed.
  • Being able to demonstrate internal security practices may reduce liability should an incident arise. *This is not legal advice ?
  • Create a culture of security awareness in your organisation through policies, training and compliance testing.
  • Perform internal and possibly public code reviews.  
  • Track data check-in and check-outs.
  • Incentivize reporting vulnerabilities through rewards programs.
  • AV as a cyber target is increasing in popularity.

Mentioned In This Episode…