Podcast appearances and mentions of sherri davidoff

The Stuph File Program Featuring cyber security expert, Sherri Davidoff; Kristen Lopez, author of But Have You Read The Book?; & science writer Andrew Fazekas, author of National Geographic Backyard Guide to the Night Sky and National Geographic's Stargazer Atlas: The Ultimate Guide To The Night Sky Download Cyber security expert, Sherri Davidoff, CEO of LMG Security, talks about artificial intelligence, some of the pitfalls, and where it can take us in the future. Sherri is also the author or co-author of several books, including Network Forensics: Tracking Hackers through Cyberspace; Ransomware and Cyber Extortion: Response and Prevention and Data Breaches: Crisis and Opportunity. Kristen Lopez, film editor for TheWrap, is the author of But Have Your Read The Book?. It's done in collaboration with Turner Classic Movies and features 52 films and the books they were based on. (Patreon Stuph File Program fans, there is a Patreon Reward Extra where Kristen and I have a post interview chat about films based on movies). Science writer, Andrew Fazekas, The Night Sky Guy, author of National Geographic Backyard Guide to the Night Sky and National Geographic's Stargazer Atlas: The Ultimate Guide To The Night Sky, talks about orbital space debris. (Patreon Stuph File Program fans, there is a Patreon Reward Extra where Andrew talks about China's spy satellites spying on other satellites; China's dead rover on Mars; lunar time zones and more). Now you can listen to selected items from The Stuph File Program on the new audio service, Audea. A great way to keep up with many of the interviews from the show and take a trip down memory lane to when this show began back in 2009, with over 750 selections to choose from! This week's guest slate is presented by Montreal freelance writer, Steve Hatton.

Guests include Kevin Starrett at Oregon Firearms Federation - constitutional carry ballot measure? Kevin says not a good idea at this time. Sherri Davidoff, cybersecurity guru joins me. ChatGPT - the ups....and DOWNS.

In this episode of CHATTIN CYBER, Marc Schein interviews Sherri Davidoff and Michael Kleinman about the rising ransomware attacks in cyberspace and the legal and operational ways to confront them. Sherri Davidoff is the CEO of LMG Security, and the author of three books, including "Ransomware and Cyber Extortion" and "Data Breaches: Crisis and Opportunity." Michael Kleinman is Special Counsel in the Data Strategy, Security, and Privacy Practice at Fried, Frank, Harris, Shriver & Jacobson LLP. The Russian-Ukrainian war has given us an open window into ransomware gang operations, thanks to some gangs facing internal discord, like the Conte ransomware gang, which became known for putting a pro-Russia statement and having a gang affiliate steal their internal information and put it out online. If sources are to be believed, the Conte ransomware gang has made at least $2.7 billion in Bitcoin over the past three years – a number drastically higher than any previous ones we've seen. The result of the explosive growth of such ransomware gangs is also that law enforcement is getting better at following the money and busting cybercriminals. However, the fight gets tougher as criminals move to more privacy-oriented cryptocurrencies. With the current geopolitical state with Russia and Ukraine in the way, cyber attacks are focused on more than economic gains, as our guests share. Vulnerabilities and attacks on critical infrastructure are predicted to rise. An interesting point to note is the OFAC advisory on ransomware from September 2021, which tends to assuage the risks towards individuals considering making a ransomware payment and avoid being hit with sanctions violation and the reputational and financial risks associated with that. This new advisory helps you if you implement cybersecurity practices, including those highlighted by Cisco, like having an offline backup, incident response plan, cyber training, and authentication protocols, and cooperating with law enforcement during and after an attack. You might never get a full sign-off, but these would certainly help your company's image significantly. The FTC is on the watch, and you need to look for a lock for vulnerabilities and repair or remediate them. If not, you'd land in hot water. The Ukraine-Russian war has also seen the introduction of new kinds of malware like wiper ransomware that wipe out the complete information from a system. These are known to have been distributed through software vendors like tax software. Though Ukraine is on the receiving end of these attacks at the moment, fears are the attack could extend to more countries. In situations like this which jeopardize our cyber health, early detection is critical. Also important is the need to have a coordinated industry-wide response to reduce the damage. As attackers get better at sneaking in and damaging our systems, our defense style also needs to grow from reactive to proactive. Prevention methodologies must also go hand-in-hand with government regulations. For more on this, listen to this episode! Please note that this podcast was recorded on February 25,2022  prior to the passage of the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Highlights: “One of the points from the White House is to bolster resilience to withstand ransomware attacks. And for the past two decades, we've seen almost a reticence to push our businesses and organizations too much. Because we recognize cybersecurity as a cost.” “The new banking law was designed not to be overly burdensome to banks, but to give regulators an early heads up about issues. And that is super important, especially if you're concerned about large scale operational impact on our financial sector.” “Now is the time to deploy proactive measures, things like multi factor authentication, endpoint detection and response security training, we have to figure out what is blocking organizations and just jump over those h...

LMG Security founder and CEO Sherri Davidoff provides insight into the world of cybersecurity.

The US government and military have recently confirmed investigations and sightings of UFOs, reigniting the phenomenon of aliens among us. Ironically, an unidentified spaceship descends into BarCode, and official contact is made.Sherri Davidoff is the CEO of LMG Security and the author of “Data Breaches.” She is a recognized expert in cybersecurity and data breach response, co-author of NetworkForensics: Tracking Hackers Through Cyberspace and is the subject for the book , Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien”.Our close encounter involves a discussion on her recent visit with the Senate Committee, LMG explorations, Ransomware and the 4th dimension, Cyberinsurance, and other unexplained phenomena.Tony identifies an extraterrestrial “Alien Brain Hemorrhage”.This episode is sponsored by Nucleus Security.Support the show (https://www.patreon.com/barcodepodcast)

Prevention is key when it comes to cybersecurity, and lawyers simply can't afford to skimp on security technologies. Sharon and John talk with expert Sherri Davidoff about growing cyber threats and the changing nature of attack tactics. They discuss the impacts of these new developments on lawyers and law firms and chat about how to prioritize security measures, reduce your risks, and create a budget plan that addresses all your cybersecurity needs.  Sherri Davidoff is a cybersecurity expert, author, speaker and CEO of both LMG Security and BrightWise, Inc. Special thanks to our sponsors CaseFleet and PInow.

Prevention is key when it comes to cybersecurity, and lawyers simply can't afford to skimp on security technologies. Sharon and John talk with expert Sherri Davidoff about growing cyber threats and the changing nature of attack tactics. They discuss the impacts of these new developments on lawyers and law firms and chat about how to prioritize security measures, reduce your risks, and create a budget plan that addresses all your cybersecurity needs.  Sherri Davidoff is a cybersecurity expert, author, speaker and CEO of both LMG Security and BrightWise, Inc. Special thanks to our sponsors CaseFleet and PInow.

In 2005, when Albert Gonzalez was hacking his way into the networks of many retail chains in the US, credit cards were still very insecure: magnetic stripes and signed receipts did little to stop smart hackers such as Gonzalez and his crew. Sherri Davidoff talks to Nate Nelson about the past and present state of credit card security.

In 2005, when Albert Gonzalez was hacking his way into the networks of many retail chains in the US, credit cards were still very insecure: magnetic stripes and signed receipts did little to stop smart hackers such as Gonzalez and his crew. Sherri Davidoff talks to Nate Nelson about the past and present state of credit card security.

In part two of our Chattinn Cyber with with host Marc Schein, our guests, Sherri and Michael, continue talking about ransomware. They start with the question of whether or not you should actually pay the ransom. Sherri recommends making sure you have backups. Have a plan to resecure your data even if you have to engage with the hackers. From the legal side, Michael recommends contacting law enforcement—but not the local police. These days, the FBI works really hard to help. It also helps to have built a relationship with federal police ahead of time. Sherri suggests looking into community partnership programs that have sprung up recently. Regarding police takedown, Sherri explains that some leading ransomware gangs have recently been taken down, including Emotet. Emotet was one of the leading technological threat distributors. With Emotet on your computer, all your information could be stolen within 15 minutes. And then they could simply nuke it all with the Ryuk ransomware. Members of that very gang have been arrested. Emotet will uninstall itself by April of this year. A lot of repair software may actually be working as malware itself. It’s absolutely vital to have expert help at every step of the way. Sherri finishes the episode by giving a few key things to watch out for to protect yourself from ransomware: Exposed remote login credentials. Email phishing. Software vulnerabilities. She recommends using two-factor authentication and a VPN. Be sure to train users to think before they click. Michael urges to do your due diligence assuming there is risk. Get ahead of the proliferation of ransomware attacks. Key Takeaways: Ask for proof of life if you’re going to pay the ransom on your data. Knowing who to contact is important. An advisory can help to organize your response to hackers. There are downsides to getting your ransomware payments insured. You must treat any threat as a potential data breach. Key Quotes: “There’s nothing new here from a legal perspective.” - Michael (13:00) “We actually have seen takedowns of ransomware-as-a-service gangs.” - Sherri (22:00) “You have to assume that there may have been data stolen.” - Sherri (24:50) “You cannot figure out what the breach is without the technology side.” - Michael (26:00) “The second you start a letter-writing campaign, you have to be mindful of the fact that you’re creating a record for court.” - Michael (33:10)

In this episode of Chattinn Cyber Marc Schein interviews guests; Sherri Davidoff, CEO of LMG Security and author of the recently released book, “Data Breaches.” And Michael A. Kleinman, Special Counsel, Fried Frank. Sherri started working in cyber security before that was even a term.  And Michael, on the other hand, comes from the legal world. A litigator, Michael started to see more and more clients needing counsel with regard to cyber and use privacy issues. They begin their conversation digging into the issue of ransomware. Sherri explains what ransomware is and moves into how ransomware continues to evolve. She shares a story of a ransomware case that infiltrated a trucking company. This stranded the trucks and affected the retail industry at large. They also discuss what kind of legal room the victims of a cyber attack actually have. It’s a complicated issue when business is disrupted—especially when they are contractually obligated to deliver. Sherri explains that businesses need to demand security reviews in their contracts, and the community as a whole needs to understand that transparency around security benefits everyone. Michael talks briefly about notification laws and how they affect private data in contractual agreements. Sherri says that 75% of ransomware breaches take personal data. What you really need to do is figure out what they actually have before taking the next step of paying the ransomware. Key Takeaways: There is now ransomware as a service. The hacker economy is demanding more and more specialized roles. A cyber attack can actually cause a breach of contract. 92% of breaches come from third parties. There really aren’t standards for suppliers notifying when there’s a hack. Think about which suppliers have important access to your data. Key Quotes: “The operational impact of a ransomware case, sometimes by design, often has this huge ripple effect—especially when who’s targeted is a key supplier.” - Sherri (6:00) “Once you start getting into a ransomware case, you start to realize how dependent even little things are.” - Sherri (9:35) “This issue of incidents arising out of third parties is not new.” - Michael (15:30) “You need to understand what the contracts actually say.” - Michael (18:20) “If your data is up there, YOU need to do an investigation.” - Sherri (20:36) “Reduce your access, and you reduce your risk.” - Sherri (21:30) “Today, ransomware is typically the tip of the iceberg. It’s the last thing you see after a long-range attack.” - Sherri (22:25)

  It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of light, it was the season of darkness, it was the spring of hope, it was the winter of despair.  -- Charles Dickens, A Tale of Two Cities     It’s that time again! Time to take a look back on the year that was. This episode takes a look at the time from January through the end of March. Ah yes… simpler times… still optimistic and curious. We chat about the value of design, electric motorcycles that go 200 mph, autonomous vehicles and the role of technology in a then newly blooming pandemic… among other things. The guests are some of the most important thinkers in the IT world. It’s interesting to hear their thoughts then, filtered through the prims of what we know now.   Jordan DeVries: Yes Design Really is That Important Derek Dorresteyn: A 200 mph ELECTRIC Superbike? Damon Motorcycles Builds Those Ryan Permeh: Leading the AI Journey from Cylance to BlackBerry Kip Boyle: Virtual CISO at Your Service Richard Steinon: Security Yearbook 2020 Jeff Davis: Smart Mobility Is More than Just Autonomous Vehicles Joseph Menn: Malware Is More Interesting than I Thought Ted Claypoole: Does AI Have Rights? Dr Saif Abed: The Role of Technology in a Global Healthcare Crisis Dr Jessica Barker, Cheryl Biswas, Sherri Davidoff and Theresa Payton: Perspectives on the New Normal     About Matt Stephenson       Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe.   I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know...   Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy.   InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round...   Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

It's election season and almost goes without saying, the hackers and data thieves are working overtime to tinker, tamper and meddle in our elections.  LMG Security's Sherri Davidoff explains who's watching the bad guys and how can you protect yourself.  Listen Now to Learn More! Click Here to See the Webinar

Our guest today is Sherri Davidoff. She's the founder and CEO of LMG Security, a cybersecurity and digital forensics firm with clients across the globe. She shares the story of her professional journey, including her time deep in the hacker culture at MIT, where she adopted the hacker nickname Alien.  She also discusses her insights on the evolution of ransomware, and how she and her team help negotiate with the ransomers on behalf of her clients. We'll learn more about her leadership style, the importance of team building, and what she looks for when hiring.

Our guest today is Sherri Davidoff. She’s the founder and CEO of LMG Security, a cybersecurity and digital forensics firm with clients across the globe. She shares the story of her professional journey, including her time deep in the hacker culture at MIT, where she adopted the hacker nickname Alien.  She also discusses her insights on the evolution of ransomware, and how she and her team help negotiate with the ransomers on behalf of her clients. We’ll learn more about her leadership style, the importance of team building, and what she looks for when hiring.

We are using personal devices for work (and working from home) more than we ever have before. These are both big risk factors as cybersecurity threats have soared during the pandemic. So, how do we make security sustainable and not live life at the hackers' mercy? ALPS Risk Manager Mark Bassingthwaighte sits down with Sherri Davidoff, CEO and Founder of LMG Security and the latest addition to the ALPS Board of Directors, to give you some practical advice in guarding your data like the gold it is. TRANSCRIPT: Mark: Let's rock and roll. Hello. Welcome to ALPS in Brief, the podcast that comes to you from the historic Florence building in beautiful downtown Missoula, Montana. I am really excited about our guest today. I have heard her speak and have read a book about her. And let me just share, our guest is Sherri Davidoff, the CEO of LMG Security. And I believe, Sherri, that is short for Lake Missoula Group. Is it not? Sherri Davidoff: It's true. We're named after the lake that we're sitting at the bottom of. Mark: For those of you, it's worth looking up in Wikipedia or Google or something to get a little bit of history of Lake Missoula. That's a whole nother story. But Sherri is a noted speaker, trainer, white hack, excuse me, white hacker, and author of the recently released book, Data Breaches, Crisis and Opportunity. As a recognized expert in cybersecurity and data breach response, Sherri has been called, and I love this, a security badass by the New York Times. I just think that's fantastic. Mark: She has conducted cybersecurity training for many distinguished organizations, including the Department of Defense, the ABA, the FFIEC, the FDIC, and many more. She's also a faculty member at the Pacific Coast Banking School and an instructor for Black Hat, where she teaches her data breaches course. She is also the co-author of Network Forensics: Tracking Hackers Through Cyberspace. It's a Prentice Hall publication, out in 2012. And this is a noted security text in the private sector and a college textbook for many cybersecurity courses. Mark: Sherri is also a GIAC certified forensic examiner, a penetration tester, and holds her degree in computer science and electrical engineering from MIT. She has also been featured as the protagonist in the book Breaking and Entering: The Extraordinary Story of a Hacker Called Alien. And so welcome, Sherri. And I can say I love the book. Sherri Davidoff: Thank you so much, Mark. It's a pleasure to be here with you. Mark: It was a lot of fun. It was a good read. Sherri Davidoff: Good. Mark: What you and I had been visiting about in terms of just having a conversation today, obviously in light of all that has happened in recent months with COVID-19, global pandemic, and this fallout of a very rapid move into working from home did not overlook lawyers. Many, many had to immediately jump and try to figure out how to make this work. And it seems some were pretty successful at that. Others, there were a few struggles, but they got there. But what I really want to focus on is the security side, the security piece of this. Mark: I think remote security is exposing not only lawyers, I think businesses of all shapes and sizes, to unexpected or perhaps a broadened way, broadened their risk, their exposure just because we have at times home systems. And I guess initially, would you agree, is the remote work setting a concern for you? Sherri Davidoff: Well, absolutely. There's an expanded attack surface now that so many people are working remotely. And I'd say that's for two reasons. Number one, because many people have moved to the cloud, or have started logging into work remotely, and therefore poked holes in their firewalls and things like that in order to facilitate it. And everybody did what we needed to do keep going and to keep business up and running. And that's fine. I'm here to tell everybody it's all fine. Sherri Davidoff: Our goal is progress and not perfection. But now's the time to step back and think, "What do we do?" And start cleaning things up, start thinking about, "How do we sustain this potentially long-term?" Because I think remote work has been here for a while and has definitely ramped up, and is here to stay. And the other reason why the attack surface has expanded is because a lot of people are using personal devices for work more than we ever have before. Sherri Davidoff: And so all of a sudden, you have sometimes very sensitive data on your personal device that you also share with your kids, or your friends, and you play games and this and that. And there's a different risk level that we have in our personal lives versus what's appropriate when we're handing this very sensitive information, so we have to balance those issues. Mark: Yeah. I like sort of two comments here, briefly. Initially, I like that you're saying lawyers haven't done anything wrong, in other words, by transitioning. It's so tempting to try to scare the bejeezus out of everybody and say, "You're not doing anything," but they did what they needed to do. And now is the time because I think you're absolutely right, this work from home evolution in terms of the rapid rise of it, is here to stay in a lot of ways. And so now it's time to say not, you've done anything wrong, or you're bad, but let's try to fix it. Sherri Davidoff: How do we make it sustainable and not get hacked all the time? Mark: Yeah, yeah, yeah. And I want to come back to here a little bit down the road, but I do really appreciate the comment of personal devices. And I think that's worth exploring a little bit. Where I'd like to start, if we may, and I don't know if you agree or disagree with this, but even again today, I have come across additional articles talking about an exposure that is I think for so many, flying under the radar. And that is simply the wireless access points, the routers and whatnot that all of us typically have in our homes. And do you feel, is that an overblown risk? Would you have any thoughts about some basic things that staff and lawyers should be thinking about? Sherri Davidoff: Well, it depends where you are. I used to live in the middle of Boston, and there were a zillion people around my house all the time. Now I live in the middle of Montana, and wireless security is always important, but less of a concern. So first of all, consider physically where you are and who might have physical access to that wireless network. And absolutely, your network is only as secure as the devices that are on it. And we've seen time and time again that if a computer gets infected, it will try to infect all the devices around it. So if you have a neighbor that starts using your wireless network, and they happen to have a computer that's been infected, that could absolutely cause risk for systems on your network as well. Mark: Very good. And thoughts about, are there any just practical steps you think folks might be able to take to minimize that likelihood? Sherri Davidoff: Sure. Well, as we were talking about ahead of time, there have been a number of vulnerabilities in common routers and wireless access points. So step number one, make sure that your software is up to date, your firmware is up to date on those devices. And you can do that either, sometimes they have an app that's paired with your smartphone, so you can update it that way. Or you can go into the device itself in the administrative interface and do updates. So every now and then, sit down, have a glass of wine, whatever, update your router. It's fun. It's easy. And change that password. Make sure that the password is not a default, that it's secure, it's not your phone number or your address, because guess what, people know that. Sherri Davidoff: And also that the name of your wireless network is something that does not draw attention to you, that it's a little bit under the radar, boring. Make your network look boring. Mark: I like that. I like that. Sherri Davidoff: Really slow wireless, that's what you should call it. Nobody will want this. Mark: I think your idea of maybe having a glass of wine to do this isn't a bad one because there have been times where I've been trying to do some things in terms of ... I take security very, very seriously because I've been telecommuting, and boy, there are times when certain things aren't as easy as they should be. And just instead of throwing the computer, you could have a little sip of, just relax. Sherri Davidoff: Yeah. Well, risk is your job at ALPS, so I could imagine it's something you take seriously. Mark: That's right. That's right. For a moment, let's just say that I am a lawyer. I'm the owner of a small firm, couple of staff. And we have made this transition out, and everybody's at home for the time being. May or may not be coming back. We'll just see how this all evolves. But as the owner of this small business, what kinds of things really should be on my radar that may not be? What should I think about? Sherri Davidoff: Yeah. The number one thing to think about right now is two-factor authentication. And I know that's a big word. I cannot even tell you how important that is because we're living in a world today where all of your passwords have been stolen, just assume that, because if you get a virus on your computer, it's going to steal all your passwords first thing before you even know it. And you're not fooling anybody by keeping it in a Word document with a totally different name. I know that it's there and so do the criminals, and they're just going to grab it. Sherri Davidoff: The other thing is if you reuse passwords on different websites, and one of those websites gets hacked, criminals have automated tools that will try your password in a zillion other websites. It's called credential stuffing attacks. And Akamai, which is a big tech company, reported that there were 61 billion credential stuffing attacks just in the past 18 months. So assume somebody's going to steal your password. You're not going to know about it because that company may not even know they have a data breach. Or if they know, maybe they'll report it to you six months to three years later. Sherri Davidoff: And in the meantime, you need to protect your accounts. The FBI recently reported that the number of business email compromised cases is going up because of coronavirus. Scammers are using tactics to try to trick people out of their money, so they're breaking into email accounts. They're finding examples of invoices, or payments, or things like that. And they're saying, "Oh, due to coronavirus, that bank account is being audited, and I really need these funds. Please send it to this other place." Sherri Davidoff: So you should guard your email account like it is gold because it is. You have valuable information in it. And remember with lawyers, information is your business. Right? If it's valuable to you, or if it's valuable to your client, it is valuable to a criminal. They can leverage it somehow. So protect that email account like it is gold. And your email account can also be used to reset your password on anything else, and the criminals know that, so they're after your email. Mark: That's a great point, that really is. Can you take just a moment or two and explain just a bit more about what you mean by two-factor authentication? I'm not sure that everybody in our audience, I think a lot do, but I know that there are more than a few that really don't understand. And I assume we talk about this, you're really saying we want to use this if we can in any and every setting, so email account, bank account. Sherri Davidoff: Yes. Cloud, you name it. Mark: Cloud, right, right. But can you just share just a little bit more to make sure everybody's with us? Sherri Davidoff: Absolutely. This is my favorite question, Mark. Thank you so much. So two-factor authentication is what you need to know. Authentication means how we verify someone's identity. So online you might have your identity verified with a password. Passwords are dead to me now. In the real world, you might verify your identity with your driver's license. Right? Two-factor authentication is when you use more than one method of verifying someone's identity together. And it makes it a lot less likely that your account will be broken into. And you might not know it, but we use two-factor authentication all the time. I don't know if you can think of a place where you use two different methods of verifying yourself. Mark: Well, the one that comes immediately to mind to me is just a debit card at the ATM machine. Sherri Davidoff: Yes. I'm giving you a prize. I have to rummage through my swag and drop it off at your office. Absolutely, yes. You're the only person I have ever worked with who's gotten it right off the bat. But yes, your debit card. And when ATMs first came out in the '60s, they did not all have a pin number associated with them. You were in England, you'd get your punch card. And if you lost that punch card, some criminal could pick it up and get your money. And it actually took over a decade before all the ATMs in the world had pins. But now, if you had a choice, if your bank said, "Oh, you don't need a pin on that ATM card," how would you feel about it? Mark: I would have a problem with that. Sherri Davidoff: You'd have a problem with it. And it's going to be that way on the internet pretty soon. People will be like, "Really? You don't have two-factor authentication? That's so dangerous. I can't believe it." Mark: Yeah. Sherri Davidoff: I can give you some examples of what you can use for two FA if you want. Mark: Sure. Sherri Davidoff: Okay. So when you're logging into your email for example, some of you are probably familiar with the case where you get a pin on your phone. Right? You log in, it sends a pin to your phone. That's better than nothing, but it's not the best because those are not encrypted. I don't know if you've heard of simjacking attacks, where attackers can take over your phone, or they can get your phone number sent somewhere else, so those are not the best. Sherri Davidoff: What's better than that is an app on your phone, like Google Authenticator, which is free, or Microsoft's Authenticator. And it'll show you a code that you type in. Or even better, it'll just pop up a message that says, "Do you want to authenticate, yes or no? Is this acceptable?" And so you type in your password and then you hit yes, or you type in your code, and then you get in. And so the criminal actually needs your phone and your password in order to get in, and that is so much safer than just a password. Mark: And I want to follow up. You had talked as we started this discussion a little bit about they're into your email and they're capturing your passwords. One of the things I want to underscore for our listeners is that you don't know they're in your system monitoring and capturing all this stuff. I still run into a lot of people that say, "Well, I've never been hacked because the computer still works." Nobody's going to send you a thank you card for doing something silly and saying, "We've been in. And thank you, we got all this." Mark: But you made the comment about passwords. And one of the things that I hear from time to time as I talk about password policies, long passwords, passphrases, complex passwords, those kinds of things, and the pushback you always get. How in the world do I remember all this? And your comment of a Word document is absolutely not the way to do this. But I have talked about password saves. And one of the questions that comes up from time to time is, well, here I am putting all this information into a file. And sometimes these safes, I have one, Iron Key, that's a jump drive. But they're also cloud-based. And what are your thoughts about the security of that? Because I had a lot of pushback of people saying, "How in the world can that be safe if they're hacking in?" Mark: I certainly have my thoughts about it. But I'd love to hear from your ... I mean, you do the pen testing. How reliable are these password safes in terms of helping us try to be as secure as we can? Sherri Davidoff: Yeah. So you're probably thinking, "Well, why would I want to put all my eggs in one basket?" And then hackers know they're going to attack that basket. Right? Mark: Exactly. Sherri Davidoff: The reality is that it's more complex than that because first of all, that basket LastPass, Dashly, OnePassword, you name it, they are especially designed to be hardened against attacks. For example, they're resistant to the common attacks. They're constantly researching it. And if they autofill a form for you, they're using different hooks in the operating system that make it harder for the attacker to grab that compared with a regular web browser, for example, so that's the first thing. Sherri Davidoff: The second thing is I use password managers not just for their ability to store passwords, but for their ability to generate passwords. And that's perhaps even more important. You need a unique password for every single website, maybe not the really junky ones that you don't have anything important in them. But most people underestimate the importance of an individual account. Ideally, you want a totally different login for each website because you never know which website's going to get hacked. Right? Sherri Davidoff: And the human brain is not designed to remember 20 billion passwords. I mean, it's probably all we can do to remember three passwords. And so then you get people picking the password fluffy1984, like their dog and their kid's birthday, which people can totally guess, or spring2018bicycles, and then that changes to summer2018 when you have to change it. The hackers are onto you. They have automated tools that will automatically try different variants on your favorite password that they have already captured. They'll put an exclamation point at the end. They'll put a one, and then a two, and then a three, and then a nine and a 10. Sherri Davidoff: And they'll change spring to summer and 2018 to 2019. So those ways that people modify their passwords are not very secure. So use your password manager. Use two-factor authentication on it if it's in the cloud. And if you hear, LastPass, for example, was actually hacked several years ago. And what happens in that case is you want to change at least your master password if [inaudible 00:21:58] passwords. Sherri Davidoff: But it is so much better than keeping your passwords in a file on your computer because people get their computers infected so frequently. And that's the first thing that goes out the door. The criminals are automatically stealing your files, and then you won't even know you've been hacked until your money's been missing, or a spam email goes out to all your clients. Mark: So what I'm hearing then as the owner, I need to be really concerned about authentication and protecting passwords, strong passwords. Are there other concerns that come to mind as the owner? Sherri Davidoff: Ransomware. A lot of attorneys are hit with ransomware. Ransomwares steal your information often before they hold you for ransom. And that's the thing that a lot of attorneys don't think about because I've seen many law firms even put up out of office messages that say, "Hey, we have ransomware. We'll get back to you tomorrow." That's not cool for your clients. Mark: No. Sherri Davidoff: That means chances are their data was stolen too. And the trend that we are seeing in 2020 is that criminals have started to realize that people have better and better backups. And if you don't pay them the ransom to get your data back, they will threaten to publish it. And in that case, you've got two options. You can either say, "Okay, we'll pay the ransom," in which case, they could come back to you in six months and say, "Pay us again or we'll release it again." You can't trust them. Sherri Davidoff: Or you don't pay the ransom, and all your data's published. And what does that mean for your clients and your relationships and your status as an attorney? So you really need to protect yourself with ransomware. And you do that with two-factor authentication, super important. Mark: Yes, right. Sherri Davidoff: And making sure you have a secure method to connect to your data. So for a lot of people who have just poked holes in their network and they're going through RDP, remote desktop protocol, that's not a secure way to do it. There's other better ways to do it, like using a VPN. Or you can, if you choose to store your data in the cloud, there are some benefits to that, especially if you use two-factor authentication. Mark: Let's talk a little bit about this. And for those of you listening, if you're not completely sure, VPN stands for virtual private network. And we're really talking about disguising our location at times, in terms of what servers, when I use my VPN for instance, I am picking servers in Canada and other parts of the United States. I can go all over the world if I wanted to. So you're hiding your location a little bit, but it's also encrypting the data stream, so that's what we're talking about in terms of any remote connection. And I think it's particularly important in the wifi space. Mark: But there are a lot of free VPNs available and a lot of other just tiered pricing of all kinds of things. Do you have any thoughts about is it unwise to use the free VPNs as opposed to spending a little bit of money? I hear at times the VPNs that are free, they may be monitoring and monetizing the information they're learning about what you're doing. But I truly don't know. Do you have any thoughts on that? Sherri Davidoff: In general, there's no such thing as a free lunch in our society. Right? If you're not paying for a product, you are the product, so they say. So I would be careful about that. In general, I would get an experienced IT person's advice when you're setting up your VPN. I wouldn't do it on your own because if you make a little mistake, again, it's all your data on the line. There's some pretty serious consequences. Also, consider if you really need a VPN. Are you just trying to get into one computer? And if so, is it just a certain type of data that you need? Sherri Davidoff: Personally, I am a proponent, I've become a proponent of using the cloud. And I was a slow adopter. Being a security professional, I was fairly conservative about it. But you have some really strong options like Microsoft Office 365 is a great option for attorneys. There's a lot of compliance. There's a lot of regulations that they adhere to, and you can get them to sign off on that. There's other providers as well that are very good. And again, if you're using that two-factor authentication, they have some very advanced security features built in. They are maintaining that software, so I think it takes a lot of the pressure off of small and solo practitioners to just use the cloud. And then you don't have to worry about somebody remoting into your whole computer. Mark: One question that comes up every once in a while from lawyers as they start to think through some of the things we're talking about, but in the context of ransomware the cloud, they're learning. And I think for the most part they have as a profession, have a pretty good understanding what ransomware does at a basic level. And it can infect the network and this kind of thing. But I think some believe one of two things, but first, the cloud one is if I put things in the cloud, I'm safe there because there's this break. Would you put that to rest? Sherri Davidoff: Yeah. I mean, if you can access it, so can criminals. Right? Mark: Oh, yeah. Sherri Davidoff: Especially because often we see people click on links in phishing emails. Their computers get infected. And the criminals will even install ransomware in your cloud drives, like One Drive. If you can get to it and a criminal has access to your account, then the criminal has access to it. And there are times, in fact, I have a little video example that we took in our laboratory, where criminals will deliberately remote into your computer and use your computer to break into your bank accounts or your email accounts because you have your password saved there. And you don't have ... You've clicked trust this computer, so it's way easier for them than trying to break in from Thailand, or Russia, or wherever they happen to be. Mark: And I want to respect your time here, Sherri. The stuff you're sharing is just awesome, awesome stuff. I want to just take a few moments and shift a little bit now. So we've talked about some really good security things that lawyers, business owners, firm leaders need to be thinking about. And of course, all of this needs to apply to everybody. But let's talk about the home place. So what do I need to think about in terms of making sure my employees do, or understand? Do you have concerns about what the individual is actually doing in their own home? Sherri Davidoff: Yes, of course. A big issue that comes up is sharing of computers, so you need to have a clear policy as to whether it's okay to share computers. Is it okay to have certain types of documents on their personal computers? Remember that personal computers are much higher risk. You are likely to get a virus on a personal computer, especially if multiple people are sharing that. So whenever possible, keep work documents on work systems, or systems that are just used for work. And again, the cloud can help you with that. Sherri Davidoff: For example, you can allow people to access documents in the cloud and prevent them from downloading those documents. And it's all well and good to tell people that. But ideally, you want to actually implement that control and prevent them from a technical measure. We also see people emailing documents to their personal emails, and now it's totally out of your control. It's up in Google somewhere else. You may have violated some policies, especially if you deal with health information. You might've violated some regulations just by putting it up in Google, or violated your client's privacy. So mainlining control of your data, especially during these times, is absolutely critical. Sherri Davidoff: I think I would be remiss if I didn't mention mobile device management software, so if you have people using personal devices, you can deploy what we call an MDM. It's a piece of software that allows you to have some level of control over that personal device. So if that employee leaves, or if the device is stolen, it'll wipe your data from it. It can require that there's a pin or a passcode set on that device, even though you don't own that device. It can require antivirus software, and that's another one. If you do nothing else, require antivirus software. And you can buy it for employees to use on their home computers if they're using those for work. Mark: Yeah. The takeaway for me, and there are a lot here, and we can talk about this for hours. Maybe I could. Sherri Davidoff: I've been talking about it for 20 years. Mark: But I do like, when I think about our confidentiality rules in law, I do think saying we really ... You can't use a home computer for work that the teenage kids have access to in the evening, and the gaming. That's just victim here on the forehead if you ask me. So it underscores the value of saying, "If you have the financial wherewithal, let's supply our employees and staff and associates, whoever may be involved here, with company-owned equipment," because we can enforce the rules. We have control over that. I really like that. I but I also think that there's value in having some policies and then thinking through some of the issues that you just identified. And let's have written policies that staff are well aware of, so that if they are constantly breaking the rules, which is so easy to do because we trust our personal devices. Do we not? Mark: We seem to trust our personal devices a little bit more than work devices, whether it's because we know we're not being watched, if you will, in terms of just when you're on corporate device, they have the ability to monitor what's happening to the device, that kind of thing. I don't know what it is. But I think having a policy allows you to, well, not monitor, but hold people accountable. Sherri Davidoff: Absolutely. Mark: And say, "Look, if you're not doing something." Sherri Davidoff: Yeah. A policy's a great first step. And remember, progress not perfection. I do recognize, especially right now, a lot of people just don't have any other option besides using personal devices. And if you do that, again, that next step is to create a separate account at least. So you're not sharing the same account as your kids or as the other people you're working with. And if you can, having a separate device for work is definitely the way to go if you are able to do that. Mark: Well, Sherri, it's been a pleasure. I want to share with our listeners that Sherri has made available some remote work cybersecurity checklists for employees and managers. And this isn't live yet, but when it will be, you can click right there and have access to these. They're excellent tools. And Sherri, thank you very much for making that available to our audience. For those of you listening today, I hope you have found something of value. And if you have an idea of a topic that you feel strongly about that you think others would enjoy hearing, or you have a speaker that you'd be interested in seeing if we can have join the podcast, please don't hesitate to reach out to me. My email address is mbass, M-B-A-S-S, @alpsinsurance.com. Mark: And before I close, for those listening to the mileage score, you have to go back to earlier podcasts. I'm up to 700 even as of today, so I'm getting there. That's it. Thank you all. Thanks for listening. Bye-bye.

LMG Security’s Sherri Davidoff summarizes steps for securing client data in work-remote environments. Stay tuned for tips on spotting new and more sophisticated phishing emails. Among many topics discussed: Data-security policies Two Factor Authentication Physical security Phishing Vishing Sources and Links: LMG Security - Work from Home Cybersecurity Checklist for Executives, IT, & Remote Employees LMG Security - How to Spot Phishing Email Fraud LMG Security - 4 Key Components of Effective Security Awareness Training for Employees Quiz for Detecting Bad or Malicious Links LMG Security - How to Protect Your Passwords

LMG Security's Sherri Davidoff summarizes steps for securing client data in work-remote environments. Stay tuned for tips on spotting new and more sophisticated phishing emails. Among many topics discussed: Data-security policies Two Factor Authentication Physical security Phishing Vishing Sources and Links: LMG Security - Work from Home Cybersecurity Checklist for Executives, IT, & Remote Employees LMG Security - How to Spot Phishing Email Fraud LMG Security - 4 Key Components of Effective Security Awareness Training for Employees Quiz for Detecting Bad or Malicious Links LMG Security - How to Protect Your Passwords

Women in Cybersecurity: Perspectives on The New Normal     Science is not a boy's game, it's not a girl's game. It's everyone's game. It's about where we are and where we're going. Space travel benefits us here on Earth. And we ain't stopped yet. There's more exploration to come    -- Nichelle Nichols   Tennis legend Serena Williams was once asked by a reporter about being considered “one of the greatest female athletes of all time,”   She replied: “I prefer the words ‘one of the greatest athletes of all time."   That made news for a week, which is embarrassing given the fact that Venus has more titles than Michael Jordan, Michael Schumacher and Cristiano Ronaldo… combined.   How bout we just round up the some of the top people in the field for a discussion on what is happening in this crazy world right now? Sound good? Good.   This week on Insecurity, Matt Stephenson speaks with an All-Star Cybersecurity panel of experts including Dr Jessica Barker, Cheryl Biswas, Sherri Davidoff & Theresa Payton. With COVID19 changing everything from industry conferences to the US Presidential Election process, what role does cybersecurity play in The New Normal and The Next Normal? Check it out…   About Dr Jessica Barker     Dr Jessica Barker (@drjessicabarker) is a leader in the human nature of cybersecurity. She has been named one of the top 20 most influential women in cybersecurity in the UK and awarded as one of the UK’s Tech Women 50. She is Co-Founder and Co-Chief Executive Officer of Cygenta, where she positively influences cybersecurity awareness, behaviors and culture in organizations around the world.   Dr Barker is a popular keynote speaker and shares her expertise in the media, for example on BBC News, Sky News, Channel 4 News and in Grazia magazine and the Sunday Times. She is Chair of ClubCISO, a peer-based members forum of over 300 information security leaders. In the last year, Dr Barker has given cybersecurity outreach sessions to over 5,000 school students.   Jessica’s new book Confident Cyber Security will be released on June 3rd, 2020, published by Kogan Page.   About Cheryl Biswas       Cheryl Biswas (@3ncr1pt3d) is a Strategic Threat Intel Analyst with a major bank in Toronto, Canada. Previously, she worked as a Cybersecurity Consultant with KPMG. Her experience includes strategic analysis of threat actors and campaigns, security audits and assessments, privacy, DRP, project management, vendor management and change management.   Cheryl holds an ITIL certification and has a degree in political science. She is actively involved in the security community as a conference speaker and a volunteer, and encourages women and diversity in infosec as a founding member of the The Diana Initiative.   About Sherri Davidoff     Sherri Davidoff (@sherridavidoff) is the CEO of LMG Security and the author of Data Breaches: Crisis and Opportunity. As a recognized expert in cybersecurity, Davidoff has been called a “security badass” by the New York Times. She has conducted cybersecurity training for many distinguished organizations, including the Department of Defense, the American Bar Association, FFIEC/FDIC and many more.   Sherri is an instructor for Black Hat, and the co-author of Network Forensics: Tracking Hackers through Cyberspace. Davidoff is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in computer science and electrical engineering from MIT. She has been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called Alien.   About Theresa Payton       Theresa Payton (@TrackerPayton) is President and CEO of Fortalice Solutions, former White House CIO, star of the CBS hit show Hunted, and best-selling author of the book Privacy in the Age of Big Data.   Payton is one of the nation’s most respected authorities on information security, cybercrime, fraud mitigation, and security technology implementation.   As White House Chief Information Officer at the Executive Office of the President from 2006 to 2008, Payton administered the information technology enterprise for the President and 3,000 staff members.   Theresa founded Fortalice in 2008 and lends her expertise to government and private sector organizations to help them improve their information technology systems. In 2010, Security Magazine named her one of the top 25 "Most Influential People in Security."   Theresa’s new book, Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth     About Matt Stephenson     Insecurity Podcast host Matt Stephenson (@packmatt73) leads the broadcast media team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and video series at events around the globe.   Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come   Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.   Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

Virgin Media discloses a data exposure incident, another misconfigured database. Microsoft subdomains are reported vulnerable to takeover. A dark web search engine is gaining popularity, and black market share. Researchers find that Russian disinformation trolls have upped their game. The crypto wars have flared up as the US Senate considers the EARN IT act. Tech companies sign on to voluntary child protection principles. And Huawei talks about backdoors. Thomas Etheridge from Crowdstrike on empowering business leaders to manage cyber risk, guest is Sherri Davidoff on her book, Data Breaches: Crisis and Opportunity. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_06.html Support our show

Jeremy Smith has written for The Atlantic, Discover, and the New York Times. Jeremy's work have been featured by CNN, NPR, The Today Show, and Wired. He is a graduate of Harvard College and the University of Montana. Jeremy's book, Breaking and Entering: The Extraordinary Story of a Hacker Called "Alien" is available now.Sherri Davidoff is a noted cybersecurity expert, author, speaker and CEO of both LMG Security and BrightWise, Inc. During her hacker days, she was known as, "Alien." Sherri holds her degree in Computer Science and Electrical Engineering from MIT.We discuss:What does it mean to be a 'hacker'?What did Jeremy learn about his personal, digital privacy?What can digital communication users do to better protect themselves?Become a Patron!Help us grow and become a Patron today: https://www.patreon.com/smartpeoplepodcastSponsors:Rothy's - Check out all the amazing styles available right now at Rothys.com/smart.BetterHelp - Get 10% off your first month - https://betterhelp.com/smartAudible - Visit audible.com/smart or text SMART to 500-500 to get started today!Donate:Donate here to support the show!

Put phishing emails in front of credit union employees and how many will fall for them and cough up sensitive info? 20 to 60% will get conned.And that can be costly to a credit union, both in terms of money and reputation.Enter BrightWise, a Des Moines Iowa cyber training company created by Sherri Davidoff, CEO of LMG Security, and the Iowa Credit Union League's holding company Affiliates Management Company (AMC).After training, said Davidoff, the number of employees who fall for the phishing con tumbles below 10%.What BrightWise will focus on, said Davidoff, are fun, short videos - think maybe five minutes - than an employee can absorb at his/her leisure.Smarter employees are critical because how hackers work has changed, said Davidoff. “It's no longer 13-year-olds in their moms' basements that are hacking us; it's organized crime groups all over the world,” Davidoff shared with NBC's Today Show.“People tend to think cybersecurity happens in the IT department,” added Davidoff. “Front-line staff are under constant assault from crooks and their automated robots, look-alike communications and other crafty tricks. We have to arm employees with knowledge, but also give them the tactics they need to sidestep cyber sneak attacks.”Want more details on the Paul Allen scam? Read this.Listen up to this podcast for a fast overview of the cyber threats credit unions face - and what they can, indeed must, do to protect themselves and their membeLike what you are hearing? Find out how you can help sponsor this podcast here. Very affordable sponsorship packages are available.Find out more about CU2.0 and the digital transformation of credit unions here. It's a journey every credit union needs to take. Pronto

Joe describes one of history's great con artists, Victor Lustig, who sold the Eiffel Tower. Twice. Dave shares a story from a listener involving a UPS tracking number scam. The catch of the day involves am attempted romance scam on the XBOX platform. Dave interviews Sherri Davidoff, CEO of LMG Security and is the hacker named "Alien" in Jeremy Smith's book, "Breaking and Entering." She has her own book coming out this summer, "Data Breaches: Crisis and Opportunity."   Links to this week's stories: http://mentalfloss.com/article/12809/smooth-operator-how-victor-lustig-sold-eiffel-tower https://community.ebay.com/t5/Archive-Shipping-Returns/Seller-Scam-UPS-Tracking-Shows-Delivered/td-p/26206551 Thanks to our show sponsors KnowBe4.

Sherri Davidoff: Data is Hazardous Material… Act Accordingly If you want to make sure that all the data in your bank is safely secured… who better to talk to than someone who used to break into banks? Sherri Davidoff was a hacker who then turned those skills she learned as a student into a career helping others protect their data and their clients’ data. Over the years, organizations ranging from the Department of Defense to the FDIC have come to her in order to learn from her expertise. This week on DirtySecurity, Edward Preston has a chat with Sherri on a myriad of topics that affect businesses that run the gamut from sole proprietor to large enterprise. Whether it is how do deal with the monetary demands from Ranomsware hooligans (spoiler alert… work with professionals to figure it out) or what kind of cyber-hygeine steps can harden your network, Sherri has the experience and the easy deliver to help. About Sherri Davidoff Sherri Davidoff (@SherriDavidoff) is a cybersecurity expert, author, speaker and CEO of both LMG Securityand BrightWise, Inc. As a recognized expert in digital forensics and cybersecurity, Sherri has authored courses for Black Hat and the SANS Institute. She has consulted for and/or provided cybersecurity training at many notable organizations, including the Department of Defense, the American Bar Association, FFIEC/FDIC, and many more. Sherri is a faculty member at the Pacific Coast Banking School, where she teaches cybersecurity classes. She is a frequent contributor of education articles and webinars, and occasionally serves as a cybersecurity expert on television. Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in Computer Science and Electrical Engineering from MIT. Sherri’s new book, Data Breaches: Crisis and Opportunity, will be released in 2019. This book gives a glimpse into the high-octane world of data breach disclosure and response, while showing you how to protect your organization before and after a data breach. Since her hacking days at MIT, where she was known as “Alien” and ran her first real-world social engineering and penetration tests, Sherri has been passionate about cybersecurity. You will be able to read more about her experiences as a hacker turned security consultant in Jeremy N. Smith’s 2020 book, Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien”. About Edward Preston Edward Preston (@eptrader) has an eclectic professional background that stretches from the trading floors of Wall Street to data centers worldwide. Edward started his career in the finance industry, spending over 15 years in commodities and foreign exchange. With a natural talent for motivating, coaching, and mentoring loyal, goal-oriented sales teams, Edward has a track record for building effective sales teams who have solid communication lines with executive management.  Every week on the DirtySecurity Podcast, Edward Preston chats with Cylance’s best and brightest about what is happening in the world of Cybersecurity and the work Cylance is doing to make things better. Each episode shines a spotlight on the people of Cylance and the work they do with our technology and consulting services to clean up the often dirty world of the data center. To hear more, visit: ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste Make sure you Subscribe, Rate and Review!

Learn more about the May 2019 dark web takedown of Wall Street Market, Valhalla and Deep Dot Web. LMG's Sherri Davidoff and Matt Durrin discuss what happened, as well as how the ripple effects from this takedown will impact your cybersecurity.  Watch LMG's Cyberside Chats webcast. The post LMG Security’s Cyberside Chats: The May 2019 Dark Web Takedown & the Ripple Effect on Cybersecurity appeared first on LMG Security.

What are the distinctions between penetration testing and vulnerability assessments? In this 100th episode of Digital Detectives, Sharon Nelson and John Simek talk to Sherri Davidoff about her career as a penetration tester and what she has developed with the companies in the area of cybersecurity. They discuss why law firms should consider pen testing in order to illustrate areas of weakness in security and become better protectors of their information. They also get a sneak peek of Sherri’s upcoming sessions at ABA TECHSHOW 2019. Sherri Davidoff is a cybersecurity expert, author, speaker and CEO of both LMG Security and BrightWise, Inc. Special thanks to our sponsor, PInow.

New and improving technology, like voice enabled software or the internet of things, are really cool and may help out at your law firm, but they also introduce a new need for security. In this report from On The Road, host Laurence Colletti talks to Sherri Davidoff and John Simek about keeping legal data secure. They talk about free (that’s right, free) ways to encrypt devices and emails, as well as promoting two factor identification as an extra means of protection. Sherri Davidoff is a nationally-recognized cyber security expert who is a founder and senior security consultant at LMG Security. John W. Simek is vice president of the digital forensics and security firm Sensei Enterprises. He is a nationally known expert in digital forensics and e-discovery.

To those unfamiliar with ransomware, it is a malicious software that effectively holds your files hostage until you pay a ransom. For lawyers, this could mean losing or compromising the data that keeps your business running smoothly. In this episode of Digital Detectives, hosts Sharon Nelson and John Simek discuss this malware with the CEO of LMG Security, Sherri Davidoff. Sherri divulges what we know about ransomware, what to do when it has infected your computer, and how to prevent data loss. While there are few ways to stop the infection when it has started, backing up your information and educating your team on malware countermeasures can significantly lessen ransomware’s impact on your business. Sherri Davidoff is the CEO of LMG Security, a cybersecurity and digital forensics company. She has more than a decade of experience as an information security professional, specializing in penetration testing, forensics, social engineering testing and web application assessments. Special thanks to our sponsors, PInow and SiteLock.

Cyber security experts Sherri Davidoff and Sharon Nelson spoke in a presentation titled “Passing Your IT Security Audit” at ABA TECHSHOW 2016. Before their presentation, they stop by to discuss the topic with Legal Talk Network producer Laurence Colletti. Tune in to learn why more and more clients are demanding IT security audits from their legal service providers and how you can prepare your law firm. Sharon opens the conversation by explaining how the internet has changed the way companies perceive data security. The discussion then shifts to tips and best practices that you can implement within your firm to build an effective security program. The conversation ends with a focus on cyber insurance and the nine building blocks of an effective security program. Sharon D. Nelson is president of the digital forensics, information technology, and information security firm Sensei Enterprises. In addition to serving on numerous noted legal organizations including the ABA’s Cybersecurity Legal Task Force and the ABA’s Standing Committee on Technology and Information Systems, she was president of the Virginia State Bar. Sherri Davidoff is a nationally-recognized cyber security expert who is a founder and Senior Security Consultant at LMG Security. She has over a decade of experience as an information security professional, specializing in penetration testing, forensics, social engineering testing, and web application assessments. Davidoff is an instructor at Black Hat and co-author of “Network Forensics: Tracking Hackers Through Cyberspace”. She is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in computer science and electrical engineering from MIT.

Law firms are considered by many hackers to be soft targets with a wealth of valuable information. Data from social security numbers, credit cards, and client confidences is enough to make the criminal mind salivate with malicious intent. Between 31-45% and 10-20% of firms have been infected by spyware or experienced security breaches respectively. But what can a private practitioner or law firm do to prevent these trespasses on their networks?In this episode of The Florida Bar Podcast, host Adriana Linares welcomes cyber security expert Sherri Davidoff to discuss the dangers to data that exist for law firms today. To begin their dialog, they define what ransomware is and tell us why so many firms give in to its extortion.Tune in to learn what practitioners can do to counteract or mitigate some of the risks. Spam filters, employee training, role-based access controls, and anti-virus software are among many countermeasures available for even small firms. In addition, lawyers may want to consider network monitoring, cloud-based software platforms, and comprehensive backup and retrieval systems. The key to successfully implementing the latter is to test your IT firm's ability to restore lost files.Sherri Davidoff is a nationally-recognized cyber security expert who is a founder and Senior Security Consultant at LMG Security. She has over a decade of experience as an information security professional, specializing in penetration testing, forensics, social engineering testing, and web application assessments. Davidoff is an instructor at Black Hat and co-author of "Network Forensics: Tracking Hackers Through Cyberspace". She is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in computer science and electrical engineering from MIT.Discussed on This Episode:RansomwareCryptowallRole based access controlsEmail trapsAnti-virus software

In this at-the-conference interview, Sherri and Jonathan recap their presentation, add insight and talk about their new SANS course being offered. Sherri Davidoff is a longtime information security consultant specializing in forensics, penetration testing and incident response. Jonathan Ham is an independent consultant who specializes in large-scale enterprise security issues.

Paul, Larry, and John welcome special guests, Jonathan Ham, SANS instructor/owner of Jham Corp and Sherri Davidoff, blogger at philosecurity.org/owner of Davidoff Information Security Consulting! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.securityweekly.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand