When we mention enterprise computers, most of us instantly picture the typical Windows or macOS systems. But in this blog, I aim to challenge the norm and introduce an often-overlooked contender: Chromebooks. ChromeOS’s unique security features combined with a lightweight design make Chromebooks a compelling tool for modern businesses. Let’s delve deeper into why Chromebooks could be an intriguing choice for your enterprise security.

Understanding Chromebooks for Enterprise Security: A Secure Paradigm Shift

Chromebooks have the potential to revolutionize the security aspect of enterprise computing with their unique features. Verified boot ensures that the system hasn’t been tampered with at the start, while the design, resistant to traditional executable files, minimizes the attack surface, thereby reducing malware risks significantly.

Few tools have transformed the landscape of browser extension security as profoundly as CRXcavator. Born out of a simple idea, it has gone on to shape industry practices and empower organizations across sectors with robust security oversight.

It all began with a straightforward concept – to design a script that could help security analysts review Chrome Extension requests in an efficient and consistent manner. As simple as the idea was, the execution was revolutionary. Rather than keeping the process manual, we leveraged the power of AWS Lambda to scan all public Chrome extensions in the Chrome Web Store simultaneously. This move not only amplified its efficiency but also set the stage for CRXcavator’s public availability, thanks to the light weight web-based interface.

In the 1995 movie “Hackers“, young cyber rebels, portrayed by actors such as Jonny Lee Miller and Angelina Jolie, infiltrate computer systems, outsmart corporate security, and ultimately save the day. The movie, while dated in terms of technology, surprisingly remains relevant when it comes to its depiction of cybersecurity threats. In fact, it seems that despite the massive technological advancements we’ve seen in the past 30 years, many of the ways Crash, Burn and the gang use when hacking the Gibson are still commonly used today.

Running a Cyber Security program for your organization is leadership, and often it’s leading without authority.  For your program to run effectively it must:

Lead without imposing: Your users should feel like they’re making security decisions because they make sense, not simply because they’ve been mandated to do such, this is especially necessary when you’re leading without authority. When they do need to make a decision that impact their security or that of the business it should be the path of least resistance. When security is hard to use people often find a way around it.

I recently looked at four different aspects of the security posture of a number of US banks. I’d like to explain in detail what these security controls are and why they’re important. In this post I’ll explain what two factor authentication is and why you should be using it everywhere you can.

To start off, I’d like to define authentication. Authentication is the process by which one proves that they are who they say they are. In the case of most internet sites this is done with a username and password. I tell the site who I claim to be with my username, and prove it by providing something that only I would know: my password. That’s one factor authentication.

I have had an account with the same bank for a really long time. Perhaps the time has come to switch to a new bank. After all in 2016 my bank still doesn’t offer two factor authentication, EMV cards, and several other modern features that I see from other banks. I’d like a bank that takes information security seriously, it seems like my current one does not. While I’m sure I could find clean compliance based audits for each of these banks, I would prefer to take a different, more open approach. For this exercise let’s just look at email and web site security.