...and write an open letter to the Everyman: stop doing stupid things in public.

Hi. I'm Jon Fedor and this is InCyber Regular, edition 19. Let's boogie; security-wise.

At InCyber I talk about cyber-related issues and security-awareness for smaller enterprises, the cyber-curious, and the security-conscious. Sometimes we talk tactics, sometimes theories; always, security.

Today:

1. Paul's Security Weekly News Wrap Up Show
2. The NSA thing
3. The U.S. sucks at cyber security

Paul's Security Weekly is a gem?

There are a lot of great podcasts out there. A ton, really.

I could probably have a 2-3 hour conversation with you about podcasts you and I both love, new ones we both have yet to discover, and how to make a business out of soundwaves on the internet.

But I won't do that here.

Instead: please listen to Paul's Security Weekly. It's one my favorites. I learn more in 30-45 minutes listening to this podcast than I did some of my engineering classes during an entire semester.

Can you wifi like the NSA?

Speaking of Paul's Security Weekly, the latest episode was awesome! Go listen here (and check out all the links to the topics discussed).

One thing that stood out is the NSA's recently-released tip sheet on how to be more digitally secure in public.

The tip sheet is wordy until you get to page four (4). (What else do you expect from a bit of writing collaboratively authored by three separate Federal agencies?).

But page four (4) begins a series of helpful Do vs Don't tables to help you break bad digital security habits and stop exposing yourself in public. Here are a couple of examples:

The tips are legit, though. And if nothing else serve as another helpful reminder of good digital security hygiene. The more reminders the better (just look at how many places need to remind their employees to wash their hands in the bathroom...).

The Senate thinks our cyber security sucks

Well well. The Senate Homeland Security Committee released a report this week detailing the results of an extensive audit and investigation into the security practices of our primary homeland security Federal agencies.

Turns out they're falling short of Federally-mandated standards for network, data, and privacy security.

The report card gave them a C-grade. Which, teeeechnically is a pass. We all know Cs get degrees. But c'mon. This is homeland security we're talking about.

Turns out the Federal government struggles with many of the same things we all do:

1. Terminated employees still having access to their government accounts, systems, and data
2. Data misuse and mishandling
3. Exposure of personally identifiable information (PII)
4. Massively inadequate asset registries and management procedures (for instance, the Department of Transportation was missing 15,000 assets from their records)

Remarks from Senator Portman (R) of Ohio:

"This report shows a sustained failure to address cybersecurity vulnerabilities at our federal agencies, a failure that leaves national security and sensitive personal information open to theft and damage by increasingly sophisticated hackers... I am concerned that many of these vulnerabilities have been outstanding for the better part of a decade."

In the words of the infamous Ned Land, there's only one thing a guy can do when he's made a mistake this big: get drunk.

And then get to work righting the ship!

Maybe the Feds should start by reading their own NSA's tips for digital security...

Thanks!

Hanging with you every week is the highlight of my week! Thanks for being here.

If you ever have questions on personal digital security, cyber security news, a story you want to tell, or a favorite resource to share (etc) reply back and let me know!

Last week a few of you responded back and sent me interesting information and articles - thank you! Keep 'em coming and I'll feature you in future editions!

Have a good'un, Good Lookin'.

~ Jon "Know Your Assets" Fedor