Writing and Blog

A collection of my writing, musings, and opinion pieces. Please check back for updates!

Hire Ross

Ross is available for technical and other writing.

Should you be interested, please get in touch!

What’s up with WhatsApp?

There has been a massive outcry about WhatsApp changing their privacy policies and sharing data with Facebook. While there is cause for concern, I don’t believe that it is the end of the world. And, if we talk a calm, rational approach to it, we can see that it’s perhaps not a new thing…

read more

Why I installed a contact tracing app

In South Africa, we are firmly in the grip of our second wave, with daily identified cases exceeding that of our first round of the virus. During this second wave, I have installed the COVID Alert SA app, South Africa’s contact tracing app (akin to the apps in other parts of the world). This app and those globally have been a hot topic on the privacy, tech, and cyber security fronts, with many very strong opinions in various directions.

read more

Stop getting “hacked” on Facebook

Given the sheer volume of messages I’ve received on Facebook Messenger saying “This look like you!” or similar with a video link, I figured I’d put together a post on how to secure up your Facebook profile. In a number of cases I’ve seen Facebook blamed, and while I hold no love for the company or their practices, they do make it pretty easy to secure your entire Facebook experience.

read more

The germophobe’s guide to data

While I would not say I’m a germophobe, COVID-19 has certainly made me more aware (and more paranoid) of the sanitisation habits of those around me, and the necessity for handwashing, cleanliness, and distancing. Much like the invisible pandemic, data has a tendency to spread without you realising it, and it is vitally important to have proper habits in place to prevent data oozing out and proliferating everywhere.

read more

Death to Guest WiFi

Today’s post is going to have a fairly strong opinion of mine: that guest WiFi needs to be stopped. While there are use cases to having a network that guests have access to, I believe in this day and age that the use cases are specific and becoming a rarity. The security risk imposed by having guest WiFi is simply not worth it, to the extent that a number of insurers in the cyber security space will not insure you if you have a guest WiFi network.

read more

Shared Hosting: The underrated email risk you’ve never considered

For many years, I ran (and still do to a degree) a hosting reseller business. It makes sense with handling items such as DNS, DMARC, DKIM and so forth. The most common form of hosting out there for small, and even medium sized businesses, is shared hosting. Shared hosting means that your website and email is on a server that’s shared between a dozen or more businesses. This keeps costs down, and has minimal performance impact if all the companies are small. It also means that most frequently, your email and hosting shares the same space on a server. This is a dangerous practice when it comes to your email security and privacy for a number of reasons.

read more

6 Worst “Trust Centre” Fails

When it comes to Software-as-a-Service, it’s great to have a Trust Centre on your site that details how you handle people’s data and how you secure it. It’s meant to instill some peace of mind that your data and the systems that you’re using are safe as houses and on the “up and up”. There are, however, catches to a Trust Centre. Wording on these pages can put even some of the worst legal contracts to shame with their double speak, and in this article I detail some of the worst offenders I’ve seen recently (and why).

read more

Security Audits, Gap Assessments, Podcasts and More

The last few months have been incredibly busy, with changes to my existing lineup of products and additions of new initiatives. Having POPIA signed into law in South Africa has got many businesses scrambling to get their compliance in place, and I am here to help with that journey.

read more

6 Key Cyber Threats During 2020

Part and parcel of a Data Protection programme is an awareness of the cyber security threats that are out there. A cyber security threat can be defined as “the possibility of a successful cyber-attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property or any other form of sensitive data.” (Tunggal, 2020). In this report, I’ll be describing a number of key threats that have emerged during 2020 and the accompanying pandemic.

read more

7 Deadly Sins of DevOps

As DevOps or Development, there are vital points in the deployment of any software tool that pertain to both cyber security and privacy. Privacy law states that security safeguards need to be in place, and that the “current state of technology” will come into play. This means that the public expectation of security measures and the current state of what is seen as “normal” or “minimum requirement” needs to be taken into consideration.

read more