*|MC:SUBJECT|*
View this email in your browser
Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.

If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
Subscribe
In this issue:
Month's News in Review
Upcoming Speaking Events
TCE Strategy in the News
Must Read Articles This Month
Cybersecurity Tip of the Month
Enjoy this month's newsletter? You can use this link to post on social media or send to friends! Thanks for sharing!

https://www.linkedin.com/pulse/march-2022-news-tips-russiaukraine-update-linux-bryce-austin-cism
This Month's News in Review
Russia / Ukraine update:

The war between Russia and Ukraine shows no signs of de-escalation, and things in cyber space are a mixed bag. There is no question that cybercrime incidents aimed at the USA from Russia have risen sharply (regrettably including a ransomware event that TCE Strategy is actively working to remediate). That being said, there has not been a massive, coordinated attack that many in the West feared would occur. There are a few theories around this. First, it could be that the difficulty Russia is having of advancing on Ukraine in their kinetic war has them more occupied than they anticipated. Second, stealthy, targeted attacks (such as Stuxnet) are more difficult to pull off in the general chaos that a kinetic war causes. Third, it could be that the number of groups targeting Russia with offensive cyberattacks has Russia’s cyber teams on the defensive. No matter what the cause, I would strongly encourage anyone reading this to double-down on cybersecurity basics.

Pick good passwords and don’t reuse them for multiple purposes. Use a password keeper such as Dashlane, 1Password or Lastpass to help you with this.

Use Multi-Factor Authentication (MFA) for your email accounts and any other account you care about (financial institutions especially). If you don’t know how to set it up, do a Google search for things like “Facebook MFA” or “Gmail MFA” and you will find the steps to do so.

Patch your computers. Desktops, laptops, tablets and smartphones. Set them to auto-update themselves. Do a Google search on how to do this if you are unsure.

Retire end-of-life computers. Windows 7 or XP PCs, MacOS 10.14 “Mojave” or older, Android 9 “Pistachio Ice Cream” or older, or iPhone 5 or older. Those all have to go. They can’t be kept secure. They are the asbestos brake pads of computers. Get rid of them.

Get a good antivirus program. I’ve gained much more respect for Windows Defender in recent years (but only for Windows 10 or 11). Macs do not come with built-in Antivirus – you need to add it.
 
Do you have a Linux computer? MUST READ!

Last month I mentioned the new Linux vulnerability called Log4j. Apparently that wasn’t enough fun, because now we have a new one called Dirty Pipe. Yes, it’s serious. Yes, it’s already been weaponized. Yes, it impacts many Android phones as well. Patch early, patch often.
 
Until next month, stay safe!

Upcoming Speaking Events

 
Live events are back in action! Here is a list of the cities that I will be in for 2022. Please feel free to reach out if you have an event in mind.
 
May 10th-11th, Allentown, PA
May 17th-19th, Huntsville, AL
June 9th-12th, Fayette, IA
June 14th-21st, San Francisco, CA

TCE Strategy in the News

Thank you to CSO Magazine for the opportunity to contribute to their article 8 keys to more effective vulnerability management.

Interesting Articles

1) I like this legislation, as it will bring a LOT of breaches into the public eye that would otherwise be covered up. 2) What will the penalties for breaking this law be? Laws do not change behavior. Laws + penalties + enforcement of those penalties will change behavior.
This is genuinely bad, as some of the vulnerabilities mentioned have active exploits against them and are critical issues. I often complain that articles like these make a mountain out of a mole hill. This one appears to honestly be a mountain.
Cybersecurity Tip of the Month
 
Spring Cleaning: Safely Disposing of External Hard Drives and USB Drives

With the first day of Spring finally arriving this past weekend, many of us will surely have the "spring cleaning" bug very soon. If you come across old USBs or hard drives that you decide to get rid of, please keep these things in mind before you do.

When selling, donating, or disposing of old USB drives or hard drives, many people think they can simply delete the files and they will be safe. This is not true, however. Third-party data recovery software programs can often restore these files, meaning that any sensitive documents or data on these drives could be exposed or fall into the wrong hands.
 
There are several different ways you can securely wipe these devices:
 
-Formatting an external device: Windows and Mac operating systems come with built-in format options for erasing hard drive data. You can follow a few simple steps to initiate this method which performs a write-zero pass, filling the storage space with zeros. To see more detailed step-by-steps for Windows and MacOS, 
visit this article.
 
-Erasing data on external drives using an app: There is no shortages of apps, paid and free, that will perform a data erasure service for you. Some of these are 
described more in depth here and include:
 
              -Android: Secure Eraser, Shreddit
              -Windows: CCleaner, Eassos PartitionGuru, MiniTool Drive Wipe
              -MacOS: StellarWipe Mac, Mac Washing Machine Secure X9
              -Windows and MacOS: AweEraser, Super Eraser
              -Windows, MacOS, and Linux: WipeDrive
 
-Erase hard drives using Darik’s Boot-and-Nuke (DBAN) software: DBAN is a free data destruction program used to completely erase all the files on a hard drive. This is a great free program but will erase EVERYTHING on the hard drive, including applications, personal files, and operating systems, so it needs to be used carefully and intentionally. These articles give some very helpful tips and steps for using DBAN:
 

https://www.lifewire.com/dban-dariks-boot-and-nuke-review-2619130
https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148
 
-Using the cipher command: Cipher.exe is a built-in command line tool in the Windows operating system that can be used to encrypt or decrypt data on drives and can be used to securely erase the free space on a drive, meaning you must first format the drive so it is all free space. A short tutorial on using cipher can be found 
here.
 
If you are disposing of a USB or external hard drive for any reason, be sure to do your due diligence. Double check what data is on the drive, determine how sensitive it is, and decide on the best way to ensure it is erased from the drive. And if in doubt, a good old fashioned hammer will always get the job done.
LinkedIn
Twitter
Facebook
Website
Forward Forward
We want your feedback!
*|POLL:RATING:x|*
< On a scale of 10, how helpful was this newsletter?>
*|END:POLL|*

Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.
*|IFNOT:ARCHIVE_PAGE|* *|LIST:DESCRIPTION|*

Our mailing address is:
*|HTML:LIST_ADDRESS_HTML|* *|END:IF|*

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

You can reach Bryce at bryce@bryceaustin.com

*|IF:REWARDS|* *|HTML:REWARDS|* *|END:IF|*