Posts by Simon

The first security technique you should master!

Security planning can make your life easier to manage. It’s easy to become paralysed when you consider all of the threats that exist and all of the possible solutions. You can’t buy every security product available and you certainly shouldn’t even try.

There are risks that we all face (let’s call those ‘general risks’) and risks that are quite specific to you (‘individual risks’).

Security planning for anyone, whether you are the CEO of a large enterprise or a retired amateur gardener, should take into account what risks you (specifically) face and the consequences of something bad actually happening.

General risks

In this article we’re going to focus on cybersecurity, but the principles apply to any area of your life. In the computing world there are three major threats that we all face:

When security policies and security testing meet…

Security solutions can stop you getting things done. They can make mistakes, interpreting your actions as malicious. And then block your work. But they can also blindly follow security policies set by the IT department. Sometimes they do both! How can you predict which products will be most accurate after you buy them?

Custom security policies

Your business most likely doesn’t rely entirely on the detections and protections offered by security solutions. IT usually needs to make a least some configuration changes. Default settings should be good, but businesses commonly make their own adjustments. Every company has its own characteristics and one size definitely does not fit all.

A strategic alternative to penetration testing.

Is Microsoft’s anti-virus good enough? Are the ‘next-gen’ endpoint products as good as they claim? Is our combination of anti-malware and whitelisting giving us full threat coverage? Enterprises are asking themselves, and SE Labs, these questions all the time. The good news is, we can help provide an answer.

By understanding the rules of security testing.

The reports below contain security testing results. You can compare the performance of a variety of products that claim to protect you against online threats. This, in theory, will help individuals and businesses choose the best security product.

AMTSO-Compliant Test ✔

Rules of engagement

But these are free reports. How can you trust that the high-scoring vendors didn’t just pay for their ranking? Do you suspect that some low-scoring vendors dropped out of the report? Or asked to be retested until they scored better?

What are the rules behind the scenes in security testing?

ENDPOINT PROTECTION: NEW REPORTS ONLINE!

Keep your devices safe and help others too!

Everyone needs to protect themselves online. There is a lot of advice out there but much of it is confusing and contradictory. We’ll show you simple but effective steps you can take to put yourself in the top ranks. And you can help your friends and loved ones stay safe too.

Welcome to the Bluffer’s Guide to Home Cyber Security!

This article is going to tell you everything you need to know to stay safe online. It won’t baffle you with too much detail. But rest assured, although the steps are simple they are backed up by our thorough and unbiased understanding of how computer security works. We don’t have anything to sell you. This is all good, free advice.

Real-world security reports don’t always reflect your real world.

What makes a real-world security test useful? Does it need to provide a full assessment of a product or service? An assessment that is directly relevant for all potential customers? Or does it need to give just a taste of how effective a product can be?

The perfect security test

Tests can vary in how they are run and the level of information that they provide. Not all tests are equally reliable or even useful. But one thing they all have in common is that they aren’t perfect. Let’s look at how tests are limited, how you can interpret them and what the future holds.

False positives are not all equal. Or always real false positives!

Security tests ought to test for ‘false positives’. It’s important to see if a security product stops something good on a customer’s system, as well as the bad stuff.

Measuring the balance in security

Almost nothing in this world can be reduced to ‘good’ or ‘bad’ accurately. There is too much subtlety: what’s good for one person is bad for another. Someone else might feel neutral about it, or slightly positive or negative. The same applies when testing security products. It’s rare to get a straightforward good/ bad result.

An anti-malware product might block all threats but also all useful programs. It might ask the user frequent and unhelpful questions like, “Do you want to run this ‘unknown’ file?” Alternatively, it might let everything run quietly. Or prevent some things from running without warning or explanation. Maybe you want to see alerts, but maybe you don’t.

We look at how to put the nuance back into security testing.

Security testing needs to be more realistic and subtle than just running malware

Your own network can provide everything that an attacker needs to achieve its goal. In many ways it’s impossible to tell the difference between an effective attacker and a good systems administrator.

Advice says, “research the app.” But where do you start with mobile app security?

Most people want to keep their mobile devices secure. But how do you know the mobile app you are going to install is safe? You can’t trust the app stores. Most Android malware comes from Google’s Play Store. The good news is there are loads of articles giving advice on how to do so. Almost inevitably, one piece of advice will be, “research the app” or “research the company”. The advice is true, because you should check things like that. But rarely does the advice go into detail, because it’s hard to research mobile app security properly! We’ll show you how.

Research the app in 6 easy(ish) steps

Researching a mobile app before you install it is important. There are plenty of fake apps out there and, possibly even worse, some that work but also include unwelcome ‘things’. These ‘things’ could be intrusive ads, extensive tracking of your behaviour or even malware.

Legal firms vs. data security: How to solve the tension between lawyers, their IT teams, clients and data security

Traditional ways of working in the legal world clash with modern technology and tech-savvy clients. Outdated law firm tech might be safe, but it makes customers unhappy.

There is a tension between lawyers, their IT teams and their clients. Law firms don’t like to recognise this, at least publicly. But there is a clash between “the way things are done”, customer service and the convenience provided by modern technology.