Roger A. Grimes

Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist.

Why aren't we using SHA-3?

Why aren't we using SHA-3?

The Secure Hash Algorithm version 3 fixes flaws in the now-standard SHA-2 cipher. Here's how to prepare for a migration to SHA-3 when SHA-2 is inevitably compromised.

How to prove and fight online dating and romance scams

How to prove and fight online dating and romance scams

Friends and family of romance scam victims sometimes call on security pros to prove their online loves are not who they claim to be. Here's how to handle the case the right way.

What is personally identifiable information (PII)? How to protect it under GDPR

What is personally identifiable information (PII)? How to protect it under GDPR

The EU's General Data Protection Regulation requires companies to protect the privacy of their EU customers. That means keeping personally identifiable information (PII) safe. Here's what you need to know.

The two most important ways to defend against security threats

The two most important ways to defend against security threats

Patching and security training programs will thwart attacks more effectively than anything else. You're already doing them. Here's how to do them better.

Using better data to fight credit card fraud

Using better data to fight credit card fraud

Galileo Processing uses artificial intelligence to more accurately identify fraudulent credit card transactions. It's an example of how AI can be a powerful security technology.

What is penetration testing? Ethical hacking basics and requirements

What is penetration testing? Ethical hacking basics and requirements

Penetration testing, or ethical hacking, is an in-demand skill for evaluating an organization’s defenses. Here’s what it entails and tips for breaking into the role.

How bad are Meltdown and Spectre?

How bad are Meltdown and Spectre?

Some people aren't taking hardware vulnerabilities like Meltdown and Spectre seriously. Here's a point-by-point rebuttal to their arguments.

6 reasons you’re failing to focus on your biggest IT security threats

6 reasons you’re failing to focus on your biggest IT security threats

Most companies are not focused on the real security threats they face, leaving them ever more vulnerable. That can change if they trust their data rather than the hype.

Risk management is all about the data; security should be, too

Risk management is all about the data; security should be, too

Bay Dynamics takes a data-driven approach to helping companies identify and address the real security threats based on asset value.

Are you crypto-agile?

Are you crypto-agile?

A recent spate of successful attacks against our most popular and trusted cryptographic algorithms has me hoping that all companies understand the importance of crypto-agility.

17 steps to being completely anonymous online

17 steps to being completely anonymous online

The default state of internet privacy is a travesty. But if you're willing to work hard, you can experience the next best thing to absolute internet anonymity.

The truth about RFID credit card fraud

The truth about RFID credit card fraud

Despite demonstrations to show it's possible, documented cases of RFID credit card fraud are unknown. And as security professionals know, there is a huge gulf between potential crime and actual crime.

Hacking bitcoin and blockchain

Hacking bitcoin and blockchain

Both bitcoin and blockchain are vulnerable to attack. Here's what you need to know to protect yourself and why blockchain is becoming a foundational technology.

5 computer security facts that surprise most people

5 computer security facts that surprise most people

As a 30-year road warrior, I’ve learned some security truths that seem wrong, but must be accepted if you really want to understand the threats you face.

Are home security cameras ready for business use?

Are home security cameras ready for business use?

Thinking of buying a consumer IP camera for use as a surveillance system in your business? Read this first.

Why you don't need an RFID-blocking wallet

Why you don't need an RFID-blocking wallet

RFID wallets, sleeves and clothing are security snake oil. You don't need RFID protection because there is no RFID crime.

Infected with malware? Check your Windows registry

Infected with malware? Check your Windows registry

Auditing your registry can turn up telltale signs on malware infection. Here's how to monitor the registry keys that matter using Microsoft's Sysinternals Autoruns.

15 real-world phishing examples — and how to recognize them

15 real-world phishing examples — and how to recognize them

How well do you know these crafty cons?

Malware detection in 9 easy steps

Malware detection in 9 easy steps

Hey Windows users: Here's how to get the incredible power of 67 antivirus engines with no performance impact on your computer

The best mobile VPNs for the enterprise and how to evaluate them

The best mobile VPNs for the enterprise and how to evaluate them

Do cloud-based mobile VPNs work for the enterprise? Many businesses are saying "yes," but you need to choose a moble VPN and how you use it carefully.

Load More