October 17, 2023

Good morning, everyone!

This week’s critical vulnerabilities: Apple has released iOS and iPadOS 16.7.1 to fix critical vulnerabilities under active exploit (these were addressed last week in 17.0.3) Microsoft released patches for 105 vulnerabilities in last week's Patch Tuesday, including two under active exploit. Double-check your updates were downloaded and installed! Cisco has announced a critical vulnerability in devices running IOS XE software that is under active exploit, with more than 10k devices known to be compromised already. While a patch is not yet available, "Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems" as a workaround. WordPress TagDiv Composer Plugin has released an update to fix a critical flaw currently being exploited Patch All the Things!

I've mentioned before that Kevin Parker, FBI Special Agent with a true passion for cyber security, posts the best stuff on LinkedIn. This week he wrote another post that I found extremely relevant, so I'm going to share a few key points.

The shift to remote work has brought incredible flexibility, but it has also presented new cybersecurity challenges. Let's strive to maintain clear separations between work and your personal digital life.

I've spoken with several small business owners that work from home and have noted that many do not maintain a clear division between their work and personal computers and accounts. This can cause security challenges and compromise privacy.

Consider the following to help secure your work activity and maintain personal privacy:

• Dedicated Devices and Accounts: Maintain separate devices for work and personal use. Set up distinct user accounts on each device, ensuring work-related apps and data are isolated. If you can’t use a dedicated device, use separate user accounts for work at a minimum.
  
  
• Use Secure Communication and Storage: Leverage company-approved communication tools and email accounts for work-related discussions. Avoid using personal messaging apps or emails for sensitive work matters. Many small companies use cloud services like Microsoft 365 that can also manage devices remotely for better security and compliance.
  
  
• Secure Physical Workspaces: Create a dedicated workspace for professional activities. Ensure this area is secure, and family members or non-work individuals do not have access to work devices.

By strictly delineating work and personal accounts and adhering to these cybersecurity best practices, you significantly reduce the risk of a security breach. Stay vigilant, stay informed, and let's prioritize a secure digital environment, even from the comfort of our homes.

Stay cyber safe this week!

October is Cyber Security Awareness Month

And CISA has developed some resources to raise awareness and assist in employee training. You will probably recognize their "Four Easy Ways to Stay Safe Online" -- read and share.

Stay cyber safe this week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺