Roger A. Grimes

Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

10 signs you're being socially engineered

10 signs you're being socially engineered

Scammers will try to trick you and your organization's users into giving up credentials or other sensitive date. Be skeptical if you see any of these signs.

The 5 CIS controls you should implement first

The 5 CIS controls you should implement first

The CIS Critical Security Controls list (formerly the SANS Top 20 controls) has been the gold standard for security defense advice. These are the tasks you should do first.

Why you need a cybersecurity incident response specialist

Why you need a cybersecurity incident response specialist

If your cyber insurance provider gives you the number of an incident response specialist, call them now. It will save time when an attack occurs.

Why giving users two separate systems won't improve security

Why giving users two separate systems won't improve security

Red/green systems, which give users one system for work and another for other tasks, no longer makes sense from a security and cost perspective. There are alternatives.

What is personally identifiable information (PII)? How to protect it under GDPR

What is personally identifiable information (PII)? How to protect it under GDPR

The EU's General Data Protection Regulation requires companies to protect the privacy of their EU customers. That means keeping personally identifiable information (PII) safe. Here's what you need to know.

Beware rogue email rules and forms

Beware rogue email rules and forms

Creating malicious rules and forms in a compromised email client is an old but effective hacker trick that evades traditional antimalware software. Here’s how to make sure you can detect it.

12 things every computer security pro should know

12 things every computer security pro should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

Top cyber security certifications: Who they're for, what they cost, and which you need

Top cyber security certifications: Who they're for, what they cost, and which you need

Expand your skills, know-how and career horizons with these highly respected cybersecurity certifications.

Lack of trust will doom crytpocurrency

Lack of trust will doom crytpocurrency

Loss of crypto coins through hacks, fake trading and volatility destroy trust in cryptocurrency, but those aren't its only problems.

What blockchain can and can't do for security

What blockchain can and can't do for security

Blockchain expert Rosa Shores agrees: Unless you have a data integrity problem, blockchain won't fix it. Try a distributed ledger instead.

Your backup and restore process is broken--here's how to fix it

Your backup and restore process is broken--here's how to fix it

Don't wait for a ransomware attack to expose backup flaws. These eight steps will put you on the path for reliable data restores.

A new website explains data breach risk

A new website explains data breach risk

Breach Clarity ranks the risk of stolen or exposed personal data. It's a much needed work in progress.

Preventing address spoofing with DMARC, DKIM and SPF

Preventing address spoofing with DMARC, DKIM and SPF

These email security protocols will help cut down on malicious emails from spoofed addresses. Setting them up is easier than you think.

How to stick it to LinkedIn romance scammers

How to stick it to LinkedIn romance scammers

LinkedIn is becoming a popular channel for criminals to find victims for romance scams. Here's how to identify, report and block those scammers.

5 ways compliance hurts security

5 ways compliance hurts security

The tasks of meeting regulatory requirements and providing true security that actually mitigates risk do not align. Here's how focusing exclusively on compliance can undermine security.

How to spot a scam: 14 red flags to watch for

How to spot a scam: 14 red flags to watch for

Does your security awareness training program help your employees learn when someone is trying to scam them?

Does your cyber insurance cover social engineering? Read the fine print

Does your cyber insurance cover social engineering? Read the fine print

Some cyber insurance policies will pay only a small fraction of damages if an attacker used social engineering. Here's how to estimate the risk.

What should your company’s change password policy be?

What should your company’s change password policy be?

Microsoft's recent dropping of its maximum password age default renews the debate over forced password changes. Here's why you should continue to expire passwords.

Why unauthenticated SMS is a security risk

Why unauthenticated SMS is a security risk

Multifactor authentication that uses SMS messaging as a second factor is vulnerable to simple hacks. User education is the best defense.

9 types of malware and how to recognize them

9 types of malware and how to recognize them

Think you know your malware? Here's a refresher to make sure you know what you're talking about — with basic advice for finding and removing malware when you've been hit

Load More