

Roger A. Grimes
Columnist
Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.


Quantum supremacy might be here, upending conventional encryption
Last week Google posted and quickly took down a report announcing a stunning quantum computing milestone. Regardless of whether the report was premature, conventional encryption’s days are numbered.

What is OAuth? How the open authorization framework works
OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets. It is widely accepted, but be aware of its vulnerabilities.

10 signs you're being socially engineered
Scammers will try to trick you and your organization's users into giving up credentials or other sensitive date. Be skeptical if you see any of these signs.

Why you need a cybersecurity incident response specialist
If your cyber insurance provider gives you the number of an incident response specialist, call them now. It will save time when an attack occurs.

Why giving users two separate systems won't improve security
Red/green systems, which give users one system for work and another for other tasks, no longer makes sense from a security and cost perspective. There are alternatives.

Beware rogue email rules and forms
Creating malicious rules and forms in a compromised email client is an old but effective hacker trick that evades traditional antimalware software. Here’s how to make sure you can detect it.

12 things every computer security pro should know
Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

Top cyber security certifications: Who they're for, what they cost, and which you need
Expand your skills, know-how and career horizons with these highly respected cybersecurity certifications.

Lack of trust will doom crytpocurrency
Loss of crypto coins through hacks, fake trading and volatility destroy trust in cryptocurrency, but those aren't its only problems.

What blockchain can and can't do for security
Blockchain expert Rosa Shores agrees: Unless you have a data integrity problem, blockchain won't fix it. Try a distributed ledger instead.

Your backup and restore process is broken--here's how to fix it
Don't wait for a ransomware attack to expose backup flaws. These eight steps will put you on the path for reliable data restores.

A new website explains data breach risk
Breach Clarity ranks the risk of stolen or exposed personal data. It's a much needed work in progress.

Preventing address spoofing with DMARC, DKIM and SPF
These email security protocols will help cut down on malicious emails from spoofed addresses. Setting them up is easier than you think.

How to stick it to LinkedIn romance scammers
LinkedIn is becoming a popular channel for criminals to find victims for romance scams. Here's how to identify, report and block those scammers.

5 ways compliance hurts security
The tasks of meeting regulatory requirements and providing true security that actually mitigates risk do not align. Here's how focusing exclusively on compliance can undermine security.

How to spot a scam: 14 red flags to watch for
Does your security awareness training program help your employees learn when someone is trying to scam them?

Does your cyber insurance cover social engineering? Read the fine print
Some cyber insurance policies will pay only a small fraction of damages if an attacker used social engineering. Here's how to estimate the risk.

What should your company’s change password policy be?
Microsoft's recent dropping of its maximum password age default renews the debate over forced password changes. Here's why you should continue to expire passwords.

Why unauthenticated SMS is a security risk
Multifactor authentication that uses SMS messaging as a second factor is vulnerable to simple hacks. User education is the best defense.