CyberGnome

02/06/2025

It's time for the NerdyGnome

The CyberGnome often talks about the importance cybersecurity, but it's time to get into the weeds on often neglected topics.

Today, let's explore Content Security Policies.

Don't fall asleep there's good info here.

One of the first things that hackers do when they find a problem on your website is to inject their own code to try to make some money.

This might make your visitors mine cryptocurrency for them, for example, which would increase the temperature on their computer, and might slow it down, but won't affect your server.

Others might put ransomware on your website to infect your visitors. Not only does this open you up to liability issues, but it could also mark your website as being malicious so visitors with with antivirus or newer versions of Windows would get a big warning that would block them from accessing your website because it contained viruses. fortunately, Content Security Policies (CSP) can tell web browsers what content is allowed on your website.

Your web designer likely used third-party content, such as scripts, images, and styles to give you a website faster and more securely than if they did it themselves.

The downside of this is that you need to include all of that content in your Content Security Policy (CSP). CSP has the ability to report things that aren't in it and we've written some tools to gather that information and automate the process of building a CSP for you, so the process can be a lot easier than doing it by hand.

You might be using CSP to upgrade some of your web content from the older insecure versions to HTTPS. This will mean that your Cyber Insurance will be more expensive because when they look through your website, they'll see those missing headers and it exposes you to the risk of hackers putting malicious content on your site.

If you'd like to use our tools, we're happy to set you up with them. Just give us a call or book a meeting.

Call now to connect with business.

02/06/2025

There is a lot for the CyberGnome to be cranky about when dealing with cybersecurity. But some days, something magical happens.

We are often delivering unvarnished truth about problems that clients need to fix quickly. This often involves web designers and developers who show up in our comprehensive vulnerability assessments. Some put their backs up defensively, and others transform their business and practices to make the world a better place. This is a story about the latter.

After we found a lot of problems with a larger organization's website, they took the results to their extremely talented web designer.

And what this marketing company did with the findings blew me out of the water.

They listened, dug deep and fixed their own cybersecurity gaps.

Then, they referred us to their other clients who now have strong cybersecurity programs. It turned out that their clients had the same mindset, and they referred us to many others.

Because one confident web designer acted on news that has made others put up walls of denial, at least a dozen other companies are now better off, and I'm able to confidently refer our web design clients back to them, knowing that they're in good hands.

Nothing builds business better than partnerships, when we help one another, we all get better.

02/04/2025

Nothing makes the CyberGnome cranky like ineffective IT sold to business owners at outrageous prices!

As a business owner, you came up with a business name and bought the domain at a super low first-year rate (that will probably cost you three times as much as more secure options next year).

STOP.

Not only will you pay more than you have to for renewals, but the "GoParent" charges you extra for privacy and limits simple security like DNSSEC.

What do they make it easy to do? Pay more for stripped-down Microsoft 365. I'm amazed at how they can charge more than full M365 while giving less storage than the less expensive, comprehensive option. Not only that, but full best-practice security is unavailable with the expensive parent's version. Sadly, many entrepreneurs see it as a simple add-on to their "discounted" first-year domain.

Next, many set up their website on that shared "GoParent" hosting provider on the same server as many other vulnerable sites. When we pass these sites through the non-intrusive vulnerability and compliance scanner that we developed, these sites far exceed the median number of vulnerabilities of the thousands of sites that we've scanned.

The sad thing is that although we can block most of the "drive-by" attacks through a third-party web application firewall, we usually don't have access to properly secure these expensive shared providers that entrepreneurs think are inexpensive from their misleading first-year cheap domains.

It's surprising, but enterprise-grade tools instead can save even solopreneurs money and start you off on the right security foot so you don't have to pay someone like CyberGnome to migrate you later.

09/24/2024

Fun cybersecurity for Canadian ADHD entrepreneurs?
This isn't just a dream. It exists, and it's for you!
ADHD entrepreneurs take on too much, including IT, cybersecurity, and compliance.

That distracting IT squirrel balloons into a productivity-zapping monster that makes insurance more expensive, lets in hackers, and makes employees grumpy. Let's fix that with CyberGnome carrying your IT and compliance burden so you can focus on what you love.

(the ADHD entrepreneurs at CyberGnome love cybersecurity and compliance, so we're a match made in heaven)

It's normal for ADHD Entrepreneurs to take on too much -- The IT squirrel is often why they get hacked.

09/09/2024

Cybersecurity insurance isn’t just for the big companies.

Wait, I thought the CyberGnome was supposed to be fun; cyber insurance is boring.

True, but the CyberGnome loves the boring stuff so you don't have to think about it. But in the event you find yourself in a strange misadventure and actually worrying about cyber insurance, CyberGnome thinks you should know a few things about it.

Small companies are being targeted directly by bad actors and hackers. Don’t be a statistic.

Running a business comes with risks, and insurance is essential to managing them. While many businesses cover their property, vehicles, and liability, if you handle electronic payments, cyber insurance is a must.

Insurance is expensive — but part of the great thing about preparing your company to meet cyber insurance requirements is that it can help lower the costs of your general liability and errors and omissions (E&O) policies. So, even if getting set up might cost a little bit in the short term, it can translate into significant savings in the long term.

Cyber insurance is a cornerstone of a complete cybersecurity strategy. If your IT team hasn’t already addressed it, they might be overlooking other critical issues too. Beyond protecting your business, the process of preparing for cyber insurance strengthens your entire operation, benefiting both you and your customers.

Insurance questionnaires are complex. Don’t try and solve these problems alone. Having a cybersecurity expert at ThreeShield guide you through the process can save you thousands in the long run and help build up a strong foundation protecting your business and your customer’s precious data.

Reach out and find out if your company is ready for cyber insurance. Slide into the CyberGnome's DMs and see what he has to say.

08/29/2024

Hear Ye! Hear Ye!

Are you accepting Credit Cards over email?

To that, the CyberGnome says BOOOO!

This devious practice is a red flag that other problems lurk in the shadows. It's a clear sign that you ought to check out www.cybergnome.com.

We will guide you to the right and noble ways of protecting you and your customers' data.

07/31/2024

Calgary-based CyberGnome puts some fun back into comprehensive cybersecurity and IT support for small to medium-sized businesses.

Our experienced and cybersecurity-certified team provides remote and on-site support from Vancouver to Toronto. We transform the arcane world of IT into plain English with a bit of whimsy. Best of all, we do all of the boring cybersecurity stuff behind the scenes so you don't have to worry about it.

Learn more at

Calgary-based, security-focused IT management and support for Canadian businesses.

07/31/2024

Did you just get Microsoft Authenticator within the last year?

Congratulations, and welcome to 2016! Too bad it's too late at this point. Learn more in this Cranky Gnome blog post:
https://cybergnome.com/cyber-insights/microsoft-authenticator-2024/

Warning: This is a Cranky Gnome post and may be dripping with too much sarcasm. Viewer discretion is advised.

Did you just get Microsoft Authenticator? Congratulations, and welcome to 2016! Too bad it's too late at this point. Why did your slow IT provider get it for you? What risks are you dealing with? What should you do? Passkeys, Yubikeys, MFA, and 2-step authentication are the main characters in this s...