Information Security Leader, Author, Instructor and Speaker

4 Tips For Protecting Intellectual Property In Academia

Around the world, academic researchers have turned their focus to combating the novel coronavirus. From medical schools to biology labs, researchers are working nonstop to better understand the virus, develop therapeutic treatments and create a vaccine that could lift the pandemic’s shadow.

Collaboration across higher education is bringing the world’s best minds to bear on COVID-19. The resulting intellectual property could have tremendous public health benefits. But it also has massive potential commercial value, and few things are more attractive to would-be cybercriminals than other people’s valuable ideas.

Published October 2020 in EdTech Magazine.
Read the full article: 4 Tips For Protecting Intellectual Property In Academia

Posted in Articles | Leave a comment

The Fundamentals of Zero-Trust Security for Schools

When technology leaders encounter the term “zero trust” for the first time, they often find it off-putting. In a cybersecurity context, zero trust sounds like a paranoid approach, embracing the “trust nobody” philosophy that forms the basis for many negative stereotypes of cybersecurity teams.

The reality couldn’t be further from the truth. Zero-trust approaches to cybersecurity actually empower employees to work more effectively and remove barriers to efficiency created by legacy security controls.

Published October 2020 in EdTech Magazine.
Read the full article: The Fundamentals of Zero-Trust Security for Schools

Posted in Articles | Leave a comment

5 Ways to Update An Agency’s Incident Response Plan

Quick, find a copy of your agency’s cybersecurity incident response plan. Pull that binder off the shelf or call up an electronic copy. OK, now that you have it, let me ask you a few questions.

How long did it take you to find it? Did you have dust off the physical binder? When was the digital copy last accessed? And, most important, if you were about to launch into an incident response effort right now, how confident would you be with that plan by your side?

If that quick exercise left you with an uneasy feeling in the pit of your stomach, you’re not alone. Many agencies have very outdated incident response plans that haven’t been opened in months or years. 

Published August 2020 in FedTech Magazine.
Read the full article: 5 Ways to Update An Agency?s Incident Response Plan

Posted in Articles | Leave a comment

How Agencies Can Secure Data from Shared Documents After Users Leave

A decade ago, agencies struggled to build collaborative workplaces because the technology to facilitate teamwork simply didn’t exist. The advent of modern office productivity suites changed that picture entirely.

With tools such as Google G Suite, Microsoft OneDrive and Box, agency teams could quickly and easily work together on a shared document without the version control problems that occurred with file servers and email threads back in the day.

Eventually, however, these tools presented a new problem: Specifically, what happens when a user leaves the agency?

Published August 2020 in FedTech Magazine.
Read the full article: How Agencies Can Secure Data from Shared Documents After Users Leave

Posted in Articles | Leave a comment

The VPN Is Obsolete. Here’s What to Do Instead.

The virtual private network has been a vital enabler of remote work for decades. But the technology, invented in 1996, is getting a bit long in the tooth. And when too many people are on a VPN simultaneously, as has been the case all summer with most businesses, issues with application latency are inevitable.

The good news is, there’s a better way for modern businesses to protect their networks no matter how many remote workers they have.

Tunnel to the Network

VPNs fit into the perimeter protection model of cybersecurity. Years ago, it was common for security professionals to describe the networks as having “hard outer shells and soft chewy interiors.” This phrase meant that businesses focused primarily on building walls around networks designed to protect the trusted resources on the inside from threat actors. This approach required robust firewalls designed to keep out virtually all traffic from the internet.

Published July 2020 in BizTech Magazine.
Read the full article: The VPN Is Obsolete. Here?s What to Do Instead.

Posted in Articles | Leave a comment

Secure Your VPN, No Matter What

Last year, the Department of Homeland Security issued a vulnerability notice that disturbed many in the cybersecurity community: Several popular virtual private network solutions had insecurely stored authentication cookies in their memory or log files. An attacker gaining access to that information could steal a legitimate user’s session and gain access to services protected by the VPN without going through the normal authentication process.

Since then, vendors have provided patches for this vulnerability. But the announcement underscores the importance of carefully configuring and managing all components of an organization’s security program. VPNs play a crucial role, safeguarding network traffic between sites for remote and mobile users.

Published June 2020 in EdTech Magazine.
Read the full article: Secure Your VPN, No Matter What

Posted in Articles | Leave a comment

How to Stop Phishing Attacks

Most successful attacks begin with a simple message. Here is what every organization should know about eliminating email-based malware.

How Real Is the Threat?

It’s very real. It may be tempting to dismiss phishing attacks as a tactic of the past, but attackers continue to rely on them because they work. Verizon studied hundreds of security breaches in 2019 and found that phishing was the most common method for successful attacks. 

Published May 2020 in BizTech Magazine.
Read the full article: How to Stop Phishing Attacks

Posted in Articles | Leave a comment

IDC PlanScape: Privacy Engineering

“Meeting privacy expectations of management and stakeholders requires a cross-functional approach with contributions from business leaders, privacy professionals, technologists, and cybersecurity teams,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP).

IDC Research Report published May 2020.
Read the full report: IDC PlanScape: Privacy Engineering

Posted in White Papers | Leave a comment

Tech Tips for Colleges Using Zoom for Remote Learning

Last summer, I had the opportunity to teach an undergraduate course in my university’s online summer program. I took a course that I had delivered in person many times and worked with my school’s digital learning team to transform it into a hybrid digital format that combined a series of short five- to 10-minute videos with weekly live online sessions over Zoom. Little did I know that my experiment was setting the stage for the most disruptive change to hit higher education in my career. 

I feel quite fortunate to have that remote class under my belt as I take part in the rush to move online this semester. Here’s some practical advice from that experience that might help you as you adapt to online learning.

Published April 2020 in EdTech Magazine.
Read the full article: Tech Tips for Colleges Using Zoom for Remote Learning

Posted in Articles | Leave a comment

3 Tips for Protecting a VPN in the Face of Major Vulnerabilities

Last year, the Department of Homeland Security issued a vulnerability notice that disturbed many in the cybersecurity community: Several popular virtual private network solutions insecurely stored authentication cookies in their memory or log files.

An attacker gaining access to that information could steal a legitimate user’s session and gain access to services protected by the VPN without going through the normal authentication process.

Published March 2020 in FedTech Magazine.
Read the full article: 3 Tips for Protecting a VPN in the Face of Major Vulnerabilities

Posted in Articles | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple