When ransomware signs are spotted—perhaps your endpoint-detection just found the credential-gathering exploit Mimikatz—it might be time to draft that company-wide memo and get everybody ready for a password reset.

The Los Angeles Unified School District (LAUSD) knows the drill. Following a September ransomware attack, the LAUSD called for (thousands of) students and employees to change their credentials—in person.

Password-reset options have advantages and disadvantages (like, say, long lines at the school). Organizations can benefit from considering the choices in advance, to avoid the complicated problem of users—and services—shut out until new passwords are added.

“There’s the IT side of having to deal with all the services and systems that now need to have the passwords changed within them. And then there’s the user side of just, ‘How the heck do I get back into the environment?’” said Ryan Chapman, principal incident response consultant with BlackBerry.

Here’s a quick review of some common password reset options.

In-person. The LAUSD’s in-person option is perhaps a more secure choice, given that identity can be literally seen and ascertained. A drawback: it’s going to take a while.

“The detriment to resetting all the credentials is that you’re resetting all the credentials,” said Chapman.

The conservative approach, however, often halts the race between hacker and end-user—a sprint that remote resets sometimes present:

“If the attacker already has the credentials, they can basically beat that user to resetting the password to something that they would know,” said Jason Rebholz, CISO at the insurance provider Corvus.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

There aren’t protocols and regulations in place for how to manage algorithms and data in many Western countries, but they’re coming—and social media companies hoping to push that day off by opening their books and auditing one another are only slowing what’s to come.

Midterm elections could well determine the future of algorithmic regulation, Justin Sherman, a geopolitics and internet expert and nonresident fellow with the Atlantic Council, told IT Brew. With a new Congress on the horizon, who controls the House and Senate will likely be the main factor in what the laws look like.

“At this point, it’s considered inevitable that there will be some kind of algorithmic regulation,” Sherman said. “Whether that’s something as simple as saying, ‘These companies need to give more data to researchers in a more open way to study the platforms,’ or whether that’s imposing things like mandated third-party independent algorithmic audits, which is a growing area of focus.”

Regulators, mount up. The US has long had a contentious relationship with social media companies. Both sides of the aisle have found reasons to go after Facebook, Twitter, and Google.

In a move responsive to concerns over the platform’s power over elections and political news, Facebook announced in August that it would restrict political advertising in the US from Nov. 1 to Election Day; a prohibition that includes “ads that call into question the legitimacy of the methods and processes of elections, as well as their outcomes.”

TikTok has been the subject of perennial accusations that it may present a national security threat. The Biden administration and the company are currently in talks to work out a deal for TikTok to remain working in the US, but any challenges at the federal level are likely to run up against constitutional issues.

Read the rest here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @EoinHiggins_ on Twitter.

Today’s top IT reads.

Stat: $25,910. That’s the amount Nintendo is paying to settle a labor dispute with a former QA employee who alleged they were fired for engaging in protected activity. (The Verge)

Quote: “Whether you’re presenting to a colleague or just sitting down for a coffee chat, we want the Project Starline experience to feel natural, as if the person is sitting in the same room as you.”—Andrew Nartker, director of product management at Google, announcing the expansion of its proprietary videoconferencing system (Google)

Read: Two of Microsoft’s new Surface devices feature either Intel or Arm-based processors, making the choice between them a bit more complicated. (ZDNet)

Learn: Q4 got you singing the “budget blues”? The Brew’s Financial Forecast sprint is here to help you change your tune. Secure your spot and prepare to build the 2023 budget of your company’s dreams.

Business pros + AirPods Pros: Electric’s virtual conference, Elevate 2022, hosts Shark Tank star Kevin O’Leary + author Kim Scott. Don’t miss actionable insights for improving and scaling your biz + building an inclusive workplace culture, plus a chance to win AirPods Pros. Register here.* 

^{*This is sponsored advertising content.}