Roger A. Grimes

Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

Why giving users two separate systems won't improve security

Why giving users two separate systems won't improve security

Red/green systems, which give users one system for work and another for other tasks, no longer makes sense from a security and cost perspective. There are alternatives.

What is personally identifiable information (PII)? How to protect it under GDPR

What is personally identifiable information (PII)? How to protect it under GDPR

The EU's General Data Protection Regulation requires companies to protect the privacy of their EU customers. That means keeping personally identifiable information (PII) safe. Here's what you need to know.

Beware rogue email rules and forms

Beware rogue email rules and forms

Creating malicious rules and forms in a compromised email client is an old but effective hacker trick that evades traditional antimalware software. Here’s how to make sure you can detect it.

12 things every computer security pro should know

12 things every computer security pro should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

Top cyber security certifications: Who they're for, what they cost, and which you need

Top cyber security certifications: Who they're for, what they cost, and which you need

Expand your skills, know-how and career horizons with these highly respected cybersecurity certifications.

15 signs you've been hacked -- and how to fight back

15 signs you've been hacked -- and how to fight back

Redirected internet searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been hacked.

Lack of trust will doom crytpocurrency

Lack of trust will doom crytpocurrency

Loss of crypto coins through hacks, fake trading and volatility destroy trust in cryptocurrency, but those aren't its only problems.

What blockchain can and can't do for security

What blockchain can and can't do for security

Blockchain expert Rosa Shores agrees: Unless you have a data integrity problem, blockchain won't fix it. Try a distributed ledger instead.

Your backup and restore process is broken--here's how to fix it

Your backup and restore process is broken--here's how to fix it

Don't wait for a ransomware attack to expose backup flaws. These eight steps will put you on the path for reliable data restores.

A new website explains data breach risk

A new website explains data breach risk

Breach Clarity ranks the risk of stolen or exposed personal data. It's a much needed work in progress.

3 email security protocols that help prevent address spoofing: How to use them

3 email security protocols that help prevent address spoofing: How to use them

DMARC, DKIM and SPF will help cut down on malicious emails from spoofed addresses. Setting them up is easier than you think.

How to stick it to LinkedIn romance scammers

How to stick it to LinkedIn romance scammers

LinkedIn is becoming a popular channel for criminals to find victims for romance scams. Here's how to identify, report and block those scammers.

5 ways compliance hurts security

5 ways compliance hurts security

The tasks of meeting regulatory requirements and providing true security that actually mitigates risk do not align. Here's how focusing exclusively on compliance can undermine security.

How to spot a scam: 14 red flags to watch for

How to spot a scam: 14 red flags to watch for

Does your security awareness training program help your employees learn when someone is trying to scam them?

Does your cyber insurance cover social engineering? Read the fine print

Does your cyber insurance cover social engineering? Read the fine print

Some cyber insurance policies will pay only a small fraction of damages if an attacker used social engineering. Here's how to estimate the risk.

What should your company’s change password policy be?

What should your company’s change password policy be?

Microsoft's recent dropping of its maximum password age default renews the debate over forced password changes. Here's why you should continue to expire passwords.

Why unauthenticated SMS is a security risk

Why unauthenticated SMS is a security risk

Multifactor authentication that uses SMS messaging as a second factor is vulnerable to simple hacks. User education is the best defense.

9 types of malware and how to recognize them

9 types of malware and how to recognize them

Think you know your malware? Here's a refresher to make sure you know what you're talking about — with basic advice for finding and removing malware when you've been hit

Check your access control permissions before hackers do

Check your access control permissions before hackers do

Every organization has devices, networks or cloud services with improperly configured permissions that expose sensitive data or could allow hackers to gain privileged access. Check them now.

Assume breach is for losers: These steps will stop data breaches

Assume breach is for losers: These steps will stop data breaches

Yes, you do need to be prepared should your organization be breached, but countering social engineering, patching, multi-factor authentication and a solid backup plan will keep them from happening.

Load More