Sean Lawless

Subscribe to all posts by Sean Lawless

Governors Recommend States Align Privacy Laws with Federal HIPAA

The National Governors Association released a road map report on December 9 entitled, Getting the Right Information to the Right Health Care Providers at the Right Time: A Road Map for States to Improve Health Information Flow Between Providers. The report aims at reducing the legal barriers that prevent the effective and efficient flow of health … Continue Reading

International Cellular Roaming – Am I Secure?

Many firms have strict international travel policies in relation to the use of technology. These policies tend to be more skewed towards countries with greater state control over communications networks and specifically the internet. However, the reality is that you are vulnerable whenever your device is roaming internationally. When roaming, local providers use a global … Continue Reading

Hardware Password Defaults – Do You Change Them?

IT professionals have long understood the importance of changing the default password for network connected hardware devices (printers, switches, wireless access points, etc.). In the world of the Internet Of Things it seems everything is connected to the internet, the locks to your house, the refrigerator, your car, the wireless router from the cable company, … Continue Reading

ATM vulnerability – Banks beware!

It is said that a chain is only as strong as its weakest link.  Often the same is said for an organization’s data privacy & security defensives. Could it be that the ubiquitous ATM machine is the weak link to the banking system?  Thursday, July 14, IBSintelligence.com reported that in Taiwan, thieves, possibly using a … Continue Reading

SSO – Single Sign On

Due to recent high profile data breaches users have a heightened awareness of security and how they manage or don’t manage their various account credentials.  People are beginning to pay more attention to the advice given to them by security professionals.  Advice regarding using strong passwords, using a different password for every account and so … Continue Reading

MFA – Multi-Factor Authentication

Every morning we sit down at our computers and provide our credentials to the network; user name and password.  Because it has become such a ubiquitous part of modern life, we have a user name and password to everything, we even have password management applications.  This system of challenge and response is designed to prove … Continue Reading

RBAC – Is it implemented in your organization?

Traditionally it was very common for organizations to adopt an optimistic security model. Give everyone access to everything unless specifically denied access to sensitive areas, like HR or Finance. While this approach is generally regarded as more convenient for end users, it is less secure and leaves organizations more vulnerable than pessimistic security models. Pessimistic … Continue Reading

Google Mandates Full Disk Encryption

With the release of Android 6.0, code name Marshmallow, Google has mandated that OEMs (Original Equipment Manufacturers) enable full disk encryption. Google is requiring that the feature be enabled as part of the ‘out of box experience’ for customers setting up new mobile devices. Google previously attempted to do the same for Android 5.0, code name Lollipop, … Continue Reading

Encryption: What is it, Why do it!

Encryption is a basic term used to describe the act of encoding data, files, and digital communications such that only those with the cipher could read or understand the information. Think back to the decoder ring you got in your cereal box; the messages it decoded were encrypted. There are many different encryption algorithms used … Continue Reading

Password Best Practices – I know, AGAIN!

With the uptick in high profile security breaches like the Office of Personnel Management, Target, JPMorgan and others, it is easy to become desensitized to the constant risk our cyber lives pose both personally and professionally. Information Technology departments have been rallying the battle cry about the necessity of using strong, complex passwords for decades … Continue Reading
LexBlog