WiFi

By cliang1 Comment
Getting connected to the Internet for various activities (getting updates from email, news, social media, weather, checking maps, traffic condition etc.) becomes an expected living habit due to mature technology and well established infrastructure. This need is even more when travelling around. Free or paid Internet access is available anywhere in library, hotel, airport, café, shopping malls and even inflight. Therefore WiFi cybersecurity is a concern. I have heard criticism from a cybersecurity practitioner on a single workstation (specific business function) in getting system updates via corporate guest WiFi is insecure and the connection should be switched to a 4G/5G data plan but there is no reason behind. This appears as an irrational advice. By default, Internet isn't secure whether it's WiFi or data plan. The recommendation should provide reason why it is insecure and mostly importantly practical measure to secure. If we look at this further, the insecurity from WiFi is likely due to: The infrastructure does not impose...
Read More

Risk Evaluation

By cliangNo Comments
Risk assessment is the approach to identify hazard and implement proper controls to reduce likelihood. When doing so, we should look at the portion that must be function well to support the intended outcome. In the illustration, the vehicle is to transport people or goods from one location to another. The engine and tires must be in good condition with sufficient fuel plus cooling fans to achieve this purpose. Any one of these components fails will affect the intended outcome. Therefore, vehicle (especially commercial) needs to undergo regular inspection and maintenance to keep in good condition. Check the tires and fuel capacity before any trip to reduce the likelihood of break down. Having spare tires or road-side assist contact numbers are the mitigation under assumption that the cellular phone signal coverage is within the trip. Otherwise, a different support model (say, satellite phone) is required.. ...
Read More

Do The Right Thing

By cliangNo Comments
No matter in physical or cyber world, there are facilities built for people using them to achieve certain purposes - whether paid or free. All these facilities are designed per proper usage. That said, if the assumed usage behavior is not exercised, some adverse consequence might be resulted to the facility provider or the facility user. Take Internet banking as an example. Banks always remind people to safeguard their access credential (i.e. password) to avoid account being misused: never disclose the password to 3rd party not even the Bank, mandate 2-step authentication, enforce regular changing of password, never click links from email or from social network shared by others. Further, the Bank will alert account holder via text message or email for any credit card transaction executed with physically wiping the card, impose transaction limit to 3rd parties, etc. So as an user, do the right thing as advised to keep cyber secure. That means in the Internet banking example,...
Read More