Information Security Leader, Author, Instructor and Speaker

5 Ways to Update An Agency’s Incident Response Plan

Quick, find a copy of your agency’s cybersecurity incident response plan. Pull that binder off the shelf or call up an electronic copy. OK, now that you have it, let me ask you a few questions.

How long did it take you to find it? Did you have dust off the physical binder? When was the digital copy last accessed? And, most important, if you were about to launch into an incident response effort right now, how confident would you be with that plan by your side?

If that quick exercise left you with an uneasy feeling in the pit of your stomach, you’re not alone. Many agencies have very outdated incident response plans that haven’t been opened in months or years. 

Published August 2020 in FedTech Magazine.
Read the full article: 5 Ways to Update An Agency?s Incident Response Plan

Posted in Articles | Leave a comment

How Agencies Can Secure Data from Shared Documents After Users Leave

A decade ago, agencies struggled to build collaborative workplaces because the technology to facilitate teamwork simply didn’t exist. The advent of modern office productivity suites changed that picture entirely.

With tools such as Google G Suite, Microsoft OneDrive and Box, agency teams could quickly and easily work together on a shared document without the version control problems that occurred with file servers and email threads back in the day.

Eventually, however, these tools presented a new problem: Specifically, what happens when a user leaves the agency?

Published August 2020 in FedTech Magazine.
Read the full article: How Agencies Can Secure Data from Shared Documents After Users Leave

Posted in Articles | Leave a comment

The VPN Is Obsolete. Here’s What to Do Instead.

The virtual private network has been a vital enabler of remote work for decades. But the technology, invented in 1996, is getting a bit long in the tooth. And when too many people are on a VPN simultaneously, as has been the case all summer with most businesses, issues with application latency are inevitable.

The good news is, there’s a better way for modern businesses to protect their networks no matter how many remote workers they have.

Tunnel to the Network

VPNs fit into the perimeter protection model of cybersecurity. Years ago, it was common for security professionals to describe the networks as having “hard outer shells and soft chewy interiors.” This phrase meant that businesses focused primarily on building walls around networks designed to protect the trusted resources on the inside from threat actors. This approach required robust firewalls designed to keep out virtually all traffic from the internet.

Published July 2020 in BizTech Magazine.
Read the full article: The VPN Is Obsolete. Here?s What to Do Instead.

Posted in Articles | Leave a comment

Secure Your VPN, No Matter What

Last year, the Department of Homeland Security issued a vulnerability notice that disturbed many in the cybersecurity community: Several popular virtual private network solutions had insecurely stored authentication cookies in their memory or log files. An attacker gaining access to that information could steal a legitimate user’s session and gain access to services protected by the VPN without going through the normal authentication process.

Since then, vendors have provided patches for this vulnerability. But the announcement underscores the importance of carefully configuring and managing all components of an organization’s security program. VPNs play a crucial role, safeguarding network traffic between sites for remote and mobile users.

Published June 2020 in EdTech Magazine.
Read the full article: Secure Your VPN, No Matter What

Posted in Articles | Leave a comment

How to Stop Phishing Attacks

Most successful attacks begin with a simple message. Here is what every organization should know about eliminating email-based malware.

How Real Is the Threat?

It’s very real. It may be tempting to dismiss phishing attacks as a tactic of the past, but attackers continue to rely on them because they work. Verizon studied hundreds of security breaches in 2019 and found that phishing was the most common method for successful attacks. 

Published May 2020 in BizTech Magazine.
Read the full article: How to Stop Phishing Attacks

Posted in Articles | Leave a comment

IDC PlanScape: Privacy Engineering

“Meeting privacy expectations of management and stakeholders requires a cross-functional approach with contributions from business leaders, privacy professionals, technologists, and cybersecurity teams,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP).

IDC Research Report published May 2020.
Read the full report: IDC PlanScape: Privacy Engineering

Posted in White Papers | Leave a comment

Tech Tips for Colleges Using Zoom for Remote Learning

Last summer, I had the opportunity to teach an undergraduate course in my university’s online summer program. I took a course that I had delivered in person many times and worked with my school’s digital learning team to transform it into a hybrid digital format that combined a series of short five- to 10-minute videos with weekly live online sessions over Zoom. Little did I know that my experiment was setting the stage for the most disruptive change to hit higher education in my career. 

I feel quite fortunate to have that remote class under my belt as I take part in the rush to move online this semester. Here’s some practical advice from that experience that might help you as you adapt to online learning.

Published April 2020 in EdTech Magazine.
Read the full article: Tech Tips for Colleges Using Zoom for Remote Learning

Posted in Articles | Leave a comment

3 Tips for Protecting a VPN in the Face of Major Vulnerabilities

Last year, the Department of Homeland Security issued a vulnerability notice that disturbed many in the cybersecurity community: Several popular virtual private network solutions insecurely stored authentication cookies in their memory or log files.

An attacker gaining access to that information could steal a legitimate user’s session and gain access to services protected by the VPN without going through the normal authentication process.

Published March 2020 in FedTech Magazine.
Read the full article: 3 Tips for Protecting a VPN in the Face of Major Vulnerabilities

Posted in Articles | Leave a comment

Best Practices for Ensuring Data Security in the Cloud

Cloud solutions offer virtually limitless potential to educators. From interactive learning management systems to parent communication portals, cloud-based technologies provide state-of-the-art educational tools without the large investments required to build and maintain technical infrastructure. It’s no surprise that schools and districts around the nation are quickly embracing these tools as the future of educational technology.

These benefits do come with risks, however. Faculty and administrators often embrace the educational advantages offered by the cloud but remain wary of the security and privacy implications of using cloud-based platforms. To ensure their use of technology doesn’t create security or privacy headaches, here are five best practices that educators should follow.

Published February 2020 in EdTech Magazine.
Read the full article: Best Practices for Ensuring Data Security in the Cloud

Posted in Articles | Leave a comment

The 5 Cybersecurity Must-Haves for Every Business

Walking the exhibition hall at a modern cybersecurity trade show can be a dizzying experience. Vendors from every angle tout products bearing seemingly urgent new capabilities (and new acronyms to match). The unspoken implication is that failure to purchase the latest solution will result in certain cybersecurity doom.

It’s hard to separate the signal from the noise to determine which security solutions will really move the needle for a business.

Here’s the thing, though: Robust cybersecurity programs revolve around a core set of solutions that provide the foundation for a strong cybersecurity operations team. Let’s take a look at a few of the technologies that should be in almost every business environment today.

Published December 2019 in BizTech Magazine.
Read the full article: The 5 Cybersecurity Must-Haves for Every Business

Posted in Articles | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple