Computer related security

  • Older Canadians are targeted big time by hackers, I can't tell you how many times they've attempted to phish my father, he's under strict orders to bring any email asking for anything related to...anything to me before he starts messing about. For good reason too. You can have password managers (he does), use passphrases made up of phrases/rhymes/etc (rumored to be harder to brute force than long strings of characters/etc like PW managers use), and so forth, phishng attacks are always a threat.

    I believe it when Iron says you won't believe what's been tried and done. I'd hate to be in IT, especially security, right now too. The hackers and phishers will always have the initiative.

  • We were going to specialize in security services but there's just too much liability, at least for now. We outsource that for our clients. Of course we still provide security policies and implementation but with caveats. An employee for one of our clients, a nonprofit IT security adviser, got pissed when we wouldn't change his password on a call in from a number we hadn't verified. Go figure.

    One area I see as a growing problem, at least for business users, is single sign on. Like Active Directory syncing with O365. Someone phishes your email password, MFA or not, they have your office network password. Not hard to guess a VPN host. Same goes for personal users. You may use 2 Factor Verification for gmail but if you use the same password for Chase, Paypal, etc..., they don't need to login to gmail to steal your money.