Google recently added a setting to its Gmail service that allows users to always keep their sessions encrypted. It’s a really good idea to turn this one on if you want to keep hackers out of your account.

But I already login with https…

That’s true… the Gmail service handles your login in an encrypted fashion, but… unless you’re very specific about opening the site using https:// (or SSL), the service will authenticate your login and then switch you back to an http:// (non-encrypted) session.  So… your password remains secure, but your session does not.

A tool is about to be unleashed to hackers that will allow them to get busy breaking into Gmail accounts.  You’re particularly vulnerable if you access Gmail from a wifi hotspot or any public computer… which is one of the reasons we all have Gmail accounts, isn’t it?

Here’s how to make the change

Our “don’t be evil” friends have been kind enough to be very quiet about the new settings option, and then bury it so it’s hard to find. Here’s where to make the change:

1. Login to your Gmail account.  Here’s a hint: use this secure login link.
2. Click on “Settings” (on the top, near the right)
3. On the “General” tab, scroll all the way down. I’m including a picture below for you, but click “Always use https” and then save your changes. Your settings will be remembered no matter what computer you login from.

Now you should be in good shape.  Hey… when was the last time you changed this password? (You do change passwords regularly, right?)

By the way, if you’re interested, you can find the technical explanation here. (And you thought mine was technical!)

How safe is your company’s information?

Once again, strategically operating your business is about knowing what the right questions are. If you haven’t recently given consideration to the physical and electronic vulnerability of your company’s intellectual property, confidential and proprietary methods, financial information, and business plans… it’s time to do so!

The Sylint Group, a Sarasota-based information security firm, is putting on an Executive Cyber Security Symposium that will provide the strategic vantage point you need as a business owner or executive in order to evaluate your current exposure to risk. Sylint’s team consists of people whose resumes list agencies such as NSA, CIA, and FBI. Access to such top-notch expertise is something you don’t find everyday, nor would it be inexpensive if you did.

But, for $385, you can hear from members of Sylint’s team, as well as two local attorneys, and a current FBI agent. Not a bad deal when you consider that the costs associated with the average cyber security incident run in excess of $20,000…. Think of it as identity theft for your business… only multiplied.

I’ve had the privilege of working in the past with the father & son team at the helm of The Sylint Group. John Jorgensen and Serge Jorgensen are not only experienced and knowledgeable, but they’re some of the finest people you’ll meet. Here’s the nitty-gritty on the upcoming event:

Executive Cyber Security Symposium

Featuring:

• The Sylint Group
  • John Jorgensen & Serge Jorgensen
  • Prevention. Protection. Future Response.
  • How to understand the technology and plan for Cyber Security
• Abel Band (Law Firm)
  • Scott La Porta & Jennifer Compton
  • The Legal Risks and Remedies of Cyber Security
  • What you need to know about electronically-stored information
• FBI
  • Special Agent A. J. Gilman
  • FBI Computer Crime Program
  • Discussion of actual disclosable cases

When: Friday, February 23, 2007, 9:00am – 3:30pm (Registration opens at 8am)

Where:

Sarasota Hyatt Regency Hotel
1000 Boulevard of the Arts
Sarasota, Florida, USA 34236

They’re including a continental breakfast and a sit-down lunch with your paid registration. Be sure to register in advance, as this will likely fill up quickly. Also, there may be an additional charge for on-site registration.

Contact: Diane Lane, (941) 951-6015 ext. 440 or dlane [at] usinfosec [dot] com