UNITED STATES
×
Close
Roger A. Grimes

Roger A. Grimes

Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

The Latest from Roger
What is OAuth? How the open authorization framework works
Feature

What is OAuth? How the open authorization framework works

OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets. It is widely accepted, but be aware of its vulnerabilities.

10 signs you're being socially engineered
Feature

10 signs you're being socially engineered

Scammers will try to trick you and your organization's users into giving up credentials or other sensitive date. Be skeptical if you see any of these signs.

The 5 CIS controls you should implement first
Feature

The 5 CIS controls you should implement first

The CIS Critical Security Controls list (formerly the SANS Top 20 controls) has been the gold standard for security defense advice. These are the tasks you should do first.

Why you need a cybersecurity incident response specialist
Opinion

Why you need a cybersecurity incident response specialist

If your cyber insurance provider gives you the number of an incident response specialist, call them now. It will save time when an attack occurs.

What is personally identifiable information (PII)? How to protect it under GDPR
Feature

What is personally identifiable information (PII)? How to protect it under GDPR

The EU's General Data Protection Regulation requires companies to protect the privacy of their EU customers. That means keeping personally identifiable information (PII) safe. Here's what you need to know.

Why giving users two separate systems won't improve security
Feature

Why giving users two separate systems won't improve security

Red/green systems, which give users one system for work and another for other tasks, no longer makes sense from a security and cost perspective. There are alternatives.

Beware rogue email rules and forms
Feature

Beware rogue email rules and forms

Creating malicious rules and forms in a compromised email client is an old but effective hacker trick that evades traditional antimalware software. Here’s how to make sure you can detect it.

12 things every computer security pro should know
Opinion

12 things every computer security pro should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

Top cyber security certifications: Who they're for, what they cost, and which you need
Feature

Top cyber security certifications: Who they're for, what they cost, and which you need

Expand your skills, know-how and career horizons with these highly respected cybersecurity certifications.

Lack of trust will doom crytpocurrency
Feature

Lack of trust will doom crytpocurrency

Loss of crypto coins through hacks, fake trading and volatility destroy trust in cryptocurrency, but those aren't its only problems.

What blockchain can and can't do for security
Feature

What blockchain can and can't do for security

Blockchain expert Rosa Shores agrees: Unless you have a data integrity problem, blockchain won't fix it. Try a distributed ledger instead.

Your backup and restore process is broken--here's how to fix it
Feature

Your backup and restore process is broken--here's how to fix it

Don't wait for a ransomware attack to expose backup flaws. These eight steps will put you on the path for reliable data restores.

A new website explains data breach risk
Feature

A new website explains data breach risk

Breach Clarity ranks the risk of stolen or exposed personal data. It's a much needed work in progress.

Preventing address spoofing with DMARC, DKIM and SPF
Feature

Preventing address spoofing with DMARC, DKIM and SPF

These email security protocols will help cut down on malicious emails from spoofed addresses. Setting them up is easier than you think.

How to stick it to LinkedIn romance scammers
Feature

How to stick it to LinkedIn romance scammers

LinkedIn is becoming a popular channel for criminals to find victims for romance scams. Here's how to identify, report and block those scammers.

5 ways compliance hurts security
Feature

5 ways compliance hurts security

The tasks of meeting regulatory requirements and providing true security that actually mitigates risk do not align. Here's how focusing exclusively on compliance can undermine security.

How to spot a scam: 14 red flags to watch for
Feature

How to spot a scam: 14 red flags to watch for

Does your security awareness training program help your employees learn when someone is trying to scam them?

Does your cyber insurance cover social engineering? Read the fine print
Feature

Does your cyber insurance cover social engineering? Read the fine print

Some cyber insurance policies will pay only a small fraction of damages if an attacker used social engineering. Here's how to estimate the risk.

What should your company’s change password policy be?
Feature

What should your company’s change password policy be?

Microsoft's recent dropping of its maximum password age default renews the debate over forced password changes. Here's why you should continue to expire passwords.

Why unauthenticated SMS is a security risk
Feature

Why unauthenticated SMS is a security risk

Multifactor authentication that uses SMS messaging as a second factor is vulnerable to simple hacks. User education is the best defense.

Load More
Popular Resources
See All