Susan Bradley

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Windows Secrets, is a moderator on the PatchManagement.org listserve and SBS2k, and was one of the authors of Windows Server 2008 Security Resource Kit. . In real life she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, an Exchange Server, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at www.sbsdiva.com and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

How to prepare for the Microsoft Windows 10 1903 security feature update

How to prepare for the Microsoft Windows 10 1903 security feature update

Microsoft is changing the way it does Windows 10 feature updates, and that will affect how you schedule update deferrals. Here's what you need to know.

How to time-sync Windows systems

How to time-sync Windows systems

Incorrect time on a Windows device or server can prevent security updates or user authentication, and it can interfere with a forensics investigation.

How to audit Windows Task Scheduler for cyber-attack activity

How to audit Windows Task Scheduler for cyber-attack activity

Two recently discovered Windows zero-day attacks underscore the importance of monitoring for unauthorized tasks.

Windows security updates that require new registry keys

Windows security updates that require new registry keys

Don't assume automated Windows security updates are complete. You might need to add registry keys manually. Here are a few to check now.

How to protect against poor Windows password practices

How to protect against poor Windows password practices

Employees will reuse passwords for work systems for their personal online accounts. Here's how to set up multifactor authentication in a Windows environment to reduce the risk of password compromise.

How to install PowerShell 5 on Windows 7

How to install PowerShell 5 on Windows 7

Have older Windows systems on your network? You can give them PowerShell 5's event logging capabilities even if they run Windows 7.

How to update Windows 10 for side channel vulnerability fixes

How to update Windows 10 for side channel vulnerability fixes

Since Spectre and Meltdown were discovered in 2018, other side channel vulnerabilities have emerged. These are the mitigations to consider for each of them.

How to identify, prevent and remove rootkits in Windows 10

How to identify, prevent and remove rootkits in Windows 10

Rootkits are among the most difficult malware to detect and remove. Now, new variations are targeting Windows 10 systems. Use this advice to protect yourself from them.

How to prevent and recover from an APT attack through a managed service provider

How to prevent and recover from an APT attack through a managed service provider

Threat actors are compromising their targeted victims through managed service providers (MSPs). These are the steps to take to minimize your exposure and to recover from these attacks if necessary.

How to harden Windows 10 workstations and servers: Disable SMB v1

How to harden Windows 10 workstations and servers: Disable SMB v1

Early versions of Server Message Block are still present on many Windows networks and devices, leaving them open to attack. Here's how to detect and disable them.

How to defend Office 365 from spear-phishing attacks

How to defend Office 365 from spear-phishing attacks

A recent successful zero-day Flash attack began with a spear-phishing email. These Windows 10 and Office 365 settings could have prevented it.

Center for Internet Security releases Microsoft 365 benchmarks

Center for Internet Security releases Microsoft 365 benchmarks

Follow the guidance in this CIS document to configure Microsoft 365 security settings to the level that suits your organization.

How to enable audit logs in Microsoft Office 365

How to enable audit logs in Microsoft Office 365

Audit logging of Office 365 mail reads makes forensics investigations of attacks much easier. Here's how to make sure it's enabled.

Best resources for setting up Microsoft Office 365 security

Best resources for setting up Microsoft Office 365 security

Office 365 presents admins with many choices and options. These information sources, online forums and script repositories can help you make the right decisions.

How to set Microsoft Office 365 ATP policies to block malicious URLs

How to set Microsoft Office 365 ATP policies to block malicious URLs

Windows Advanced Threat Protection allows admins to set link filters for email messages and attachments in Outlook.

How to set up data loss prevention rules in Microsoft Office 365

How to set up data loss prevention rules in Microsoft Office 365

Most data leakage occurs via emai. Set Office 365 DLP policies to stop sensitive data from leaving your organization.

How to set up multifactor authentication for Office 365 users

How to set up multifactor authentication for Office 365 users

Requiring MFA for some or all Microsoft Office 365 users will better protect your network and email system from attacks.

How to stop malicious email forwarding in Outlook

How to stop malicious email forwarding in Outlook

Microsoft Office 365 administrators can use these settings to find and delete hidden rules attackers use to intercept Outlook email messages.

How to use Windows Update Delivery Optimization to distribute updates across your network

How to use Windows Update Delivery Optimization to distribute updates across your network

These are the Delivery Optimization settings you need to know to deliver feature and security updates without using Windows Software Update Services.

How to script Windows 10 security update installs

How to script Windows 10 security update installs

You can download Microsoft Windows updates for later deployment across your network. Here's how you script the process.

Load More