We’re receiving calls from our cybersecurity customers when the IT Team discovers that ordinary users have given third-party applications access to all their organization’s files, email messages, calendar events, Teams chats and channels, and other data.

How can ordinary users have that much power?

By default.

Situation: This configuration affects most companies. While the default settings for your Microsoft 365 system allow your users to approve third-party access, Microsoft recommends the following more restrictive settings to increase security.

The Risk: Without this setting, workers may override protections without oversight and allow any application to access your company data, create and delete files in SharePoint and OneDrive, read and send email messages, edit calendar events, access and modify Teams chats and channels, update user profile information, and perform other tasks. While some applications might need this level of access, it must be granted only after the appropriate authorities, including your IT Team, thoroughly consider it.

Reality Check: This setting catches many IT Teams by surprise. Microsoft is updating its security controls quickly, and it is nearly impossible for IT Teams to keep up with the changes. And when defaults promote ease-of-use over security, like this one, your systems can become at risk quickly without the team realizing it. Know that your IT Team’s level of expertise can be excellent, and situations like this sneak up on them anyway.

Urgent Quick Verification: Your IT Team can quickly access the Microsoft Entra admin center > Enterprise applications > Consent and permissions > User consent settings. There are three options:

• “Do not allow user consent.”
• “Allow user consent for apps from verified publishers, for selected permissions.”
• “Allow user consent for all apps” (the current risky default value)

Update If Necessary: Microsoft recommends you select “Allow user consent for apps from verified publishers, for selected permissions.” Different organizations have different data access needs. Your IT and compliance teams must determine the appropriate level for your situation. Smaller organizations might choose the first option if they don’t want users to expose data to third-party applications without checking with the IT team. Larger organizations with more complex needs often prefer the middle option with careful permission management to take some of the workload off busy IT professionals while providing protection.

Next Step: Your Administrators will also need to specify which permissions are low-impact, as detailed in Microsoft’s article “Overview of user and admin consent.”

Facilitate the Approval Process: Your team can optionally set up an admin consent workflow that users must follow when they want to provide permissions.

Forward this to your friends who are executives at other organizations so they can give their teams this heads-up, too.

The post Executives – Any User Can Accidentally Expose All Your Data Unless IT Changes This Default Setting appeared first on Foster Institute.

Realize Even Photos Can Give an AI Attacker All they Need to Know:
AI-based facial recognition enables bad actors to link you to locations, people, and your daily activities. Some photos you take with your phone contain exact location data. Protect yourself and inform your friends:
-Adjust privacy settings on social media, making profiles private and sharing only with trusted connections.
-Be cautious when posting photos that reveal sensitive details about you and your loved ones.
-Disable geotagging on your smartphone’s camera app to prevent automatic location embedding.

Verify the Identity of the Caller:
Attackers can change their Caller-ID to match whomever they’re impersonating. When receiving a suspicious call, verify the caller’s identity by asking a question that only they would know the answer to. Avoid questions that could be answered with information on social media or online. If you receive a call from a loved one in distress, hang up and call them back on a known number.

Set a Code Word with Loved Ones:
Set a ‘code word’ with your kids, family members, or trusted close friends that only you and they would know. They can use this code word to confirm their identity in a genuine emergency and contact you.

Educate Yourself About Deepfakes:
Deepfakes are AI-generated videos or audio that can convincingly mimic real people. Familiarize yourself with the signs of a deepfake, such as suspiciously good voice recording quality, no discernible background noise, unnatural blinking patterns, poor lip-syncing, or anything that seems a little off. People can use AI to put your face on a scantily clad body doing embarrassing things. The deepfake videos look convincing, and the bad actors will threaten to share the pictures online or with your friends or family and demand money. Cyberbullying is real.

Be Aware of Current AI Scams:
Common scams include a caller claiming they are from the IRS or that you have a warrant out for your arrest. The IRS provides an updated list of scams here: https://www.irs.gov/newsroom/tax-scams-consumer-alerts. One of the most prominent organizations in the UK that provides information and guidance on scams is the “Action Fraud” website: www.actionfraud.police.uk

Recognize AI Hallucinations:
Another red flag is inconsistency in the story or information provided. Like when using a chatbot, you sometimes identify responses sounding goofy. If you notice contradictions or a seemingly confused train of thought, that is a clue that AI might be generating the audio.

Teach Your Youngsters:
Teach them that AI can allow attackers to figure out lots about them, and they should not share their real names, family members’ names, city names, addresses, phone numbers, school names, or birthday information. They must assume that every person they chat with or meet in games may not be who they claim to be, even if they sound like friends from school, due to knowing accurate details. You don’t want to terrify your young people to the point that they cannot sleep, so you might choose to limit the number of and how frequently you share horror stories.

Use Verified Communication Channels:
Whenever possible, use verified communication channels, especially for sensitive conversations. For example, use your bank’s official app for financial transactions instead of a link sent via email. Use encrypted email to communicate sensitive information.

Keep Your Cool:
Scammers often impersonate trusted individuals or organizations in some crisis or drama to trigger your brain into fight or flight mode. Attackers try to freak you out so you make poor choices. Beware of urgent, unexpected, or out-of-character phone calls.

Please forward this to your friends and coworkers so they know these top strategies to protect themselves from falling victim to AI-generated scams.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post AI Scams in the Spotlight: Essential Tips to Protect You and Your Family appeared first on Foster Institute.

Passkey authentication can be configured to be very secure based on four conditions:

1. You must have your mobile device with you. (An attacker is unlikely to have the device with them.)
2. You must be able to log in to your mobile device using facial recognition, a fingerprint, PIN, pattern, USB token, etc. Some people call passkeys a “Face” or “Fingerprint” sign-in.
3. Your device must have a unique key assigned to you that ties to a unique key at the site or application.
4. If you log into a site or application from a computer, the mobile device must be physically close to the computer where you’re logging in.

Passkeys are new, and there is varying support for specific browsers, operating systems, and devices.

Tips for Using Passkeys:

1. Start setting passkeys up on your mobile device, such as a smartphone, before you use your computer.
2. If the website or application does not allow you to set up a passkey on your computer:
   • Look for and select an option on the computer that says, “Use a passkey to log in,” Your computer will display a QR code image.
   • Use your phone’s camera to scan the QR code image displayed on your computer.
   • After scanning the QR code, your phone completes the passkey login process.
3. It’s essential to confirm that passkeys work on all devices and browsers before disabling the old login method for each website or application. This way, you can avoid problems accessing your account if the passkey login method doesn’t work on some of your devices or browsers.

As the adoption is just starting, you might discover limitations or frustrations, but they’ll disappear soon. Some people have great luck experimenting with setting up their first passkey at best buy dot com even if they don’t shop there.

Apple uses the Apple Keychain to store a passkey that should work on all your Apple devices after enrolling one. Google uses the Google Password Manager in the Chrome browser and Android. Microsoft uses Microsoft Hello. Some password managers store keys.

Mobile device backups and some password managers are designed to back up the passkeys in case you lose your phone. If you do lose your phone, it is a good idea to go to the apps and sites to set up a new key and disable your old key. One concern is that, if an attacker can access your backups or the passkey manager and obtain a key from there, they might find a way to bypass passkey protection. But that doesn’t necessarily make passkeys less secure than other authentication methods; they may well be the best protection available when implemented properly since they offer so many benefits:

1. Users cannot be tricked into giving away passkey values they do not know in social engineering and phishing attacks.
2. Since passkeys come in unique pairs, users cannot re-use passwords, another user mistake that leads to compromised passwords.
3. Keyloggers cannot capture passwords since users are not typing passwords.

Your IT team might choose to eliminate your existing Multi-Factor authentication process since using passkeys involves multiple factors already. Unlike SMS text messages, passkeys cannot be redirected to attackers. Passkeys are immune to MFA Fatigue addressed here https://fosterinstitute.com/mfa-fatigue-the-hidden-danger-and-how-to-combat-it/

Please forward this to your friends so they can explore eliminating passwords and eventually start adopting passkeys as Passkey support expands.

Prepare yourself for what would happen if an attacker steals a phone containing passkeys: https://fosterinstitute.com/the-risk-iphone-theft-poses-to-your-passkeys-and-what-to-do-now/

Technical Details – If You are Interested

You do not need to know this to use passkeys. But if you wonder how these keys can be so secure, read on.

Passkeys are much more secure because passkeys come in key pairs. When you use one key of the pair to lock something, you must use the paired key to unlock it. Only the paired key can unlock what the first key locked.

So for each site or application you set up to use a passkey, your mobile device generates a pair of keys:
– A unique private key for that site or application is stored on your device.
– A paired key that your device sends to the site or application which stores the key just for you.

If you have a passkey set up for 100 sites or applications, your device will store 100 keys. Sites that have 100 million users will have 100 million keys. Each key is half of a pair. The private key must be kept secret on your device to be secure. Even if attackers access all the keys for a site or application, your account is still protected since they won’t have the second key stored solely on your device.

If you want to get more technical and understand why passkeys are so resistant to person-in-the-middle attacks: Websites that start with https:// and most web applications use PKI encryption to protect data during transit. SSL (deprecated) and TLS (use the newest version) protocols use public-private key pairs to initiate a multi-step process to secure traffic to websites or web applications. Attackers can use person-in-the-middle attacks to defeat that encryption. They generate key pairs to make the user’s connection think the attacker is the website and make the website believe the attacker is the user’s connection. Bad actors insert themselves between the user and the website and can access the data as it goes through their connection.

When a user creates a passkey, the user’s device generates a key pair. It stores one key locally on the device and sends the other to the site or application for passkey authentication. The site or web application stores a unique key for each passkey a user generates. The secret key never leaves the user’s device during the authentication process, and the unique paired key is stored at the website or application. Hence, passkeys are extremely resistant to person-in-the-middle attacks.

Where supported, consider using passkeys. Hopefully they’ll be the common standard soon.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post The Rise of Passkeys: A Paradigm Shift in Authentication Technology appeared first on Foster Institute.

When you eliminate passwords:
– You don’t need to worry about creating, forgetting, or re-using passwords because you don’t use passwords.
– IT Helpdesk Professionals save time since they don’t have to help users who forget their passwords.
– Hackers will not try to trick users into disclosing passwords because the user won’t know passwords.

Microsoft, and others, continue to make their big push for people to go passwordless.

Alternatives to Passwords:

Today, determine where and how you can eliminate passwords from your life. Focus on using:

Something you have:
– A USB Token such as a YubiKey
– A proximity badge you wear around your neck or carry in your pocket
– An authenticator app on your smartphone or tablet
– A text message, phone call, or email with a one-time code

Or, something you are:
– A fingerprint scan
– Facial recognition
– Eye recognition

And the real magic is when you combine two for multi-factor authentication (MFA) without passwords.

Note that USB tokens can include fingerprint scanners for built-in MFA. Your IT Team might need to get creative using mobile phone technology to accomplish both. If you decide to use push notifications, be sure to refer to https://fosterinstitute.com/mfa-fatigue-the-hidden-danger-and-how-to-combat-it/

There are few ways attackers can exploit some of these login methods, and your IT Team can help you shore up weaknesses. Visit with your IT Team about ways you can eliminate passwords. Be sure they’ve seen this post: https://fosterinstitute.com/the-risk-iphone-theft-poses-to-your-passkeys-and-what-to-do-now/

Know About Passkeys:

Be sure you, and your IT team, know about passkeys. Passkeys are the future, and the future is arriving now: https://fosterinstitute.com/the-rise-of-passkeys-a-paradigm-shift-in-authentication-technology/

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post Ditch Passwords for Good: The Ultimate Guide to Passkeys and Passwordless Authentication appeared first on Foster Institute.

Most people I encounter talk about their fun with ChatGPT, and I can relate. Type “Write a Valentine’s day note to my lover who likes (activities). I’m attracted to their (attractions) and want them to know (details).” Keep adding details. And, of course, you can say, “Make it rhyme” or “write it like Shakespeare.” You’ll have a smile on your face.

Be sure to select “New chat” whenever you change topics. After you get a surprisingly fun Valentine’s message, open a new chat to ask, “Remind me of the Excel formula to return the first twenty characters of a string.” ChatGPT remembers conversations in chat segments, so avoid mixing topics to get the best results.

AI has given a new meaning to the term Virtual Assistant. Sometimes I compose long email messages and want to shorten them. I first compose the message with no sensitive information, give it to ChatGPT, and say, “Write this shorter.” It is stunning how capable it is at combining sentences and summarizing ideas while mostly keeping the whole meaning. Sometimes it elaborates and incorporates new ideas into the message. I find that amusing and occasionally helpful. I must re-read the output carefully and often make changes since ChatGPT is not perfect at knowing precisely what I mean, but for long messages, it sometimes helps me make them concise, saving the recipient time.

Do not be duped – AI does not know everything and can accidentally produce inaccurate information that sounds very convincing.

When I hear people discussing the risks of ChatGPT, they usually focus on students using it to write their essay assignments for them. They have not considered more severe concerns. If you are interested, search the web for: chatbot ai can be used to create ransomware video.

Fortunately, ChatGPT is implementing safeguards to help prevent malicious use, and there are ways to trick it. Values and ethics vary from person to person, and some people, or governments, might feel justified in using AI to help create weapons, influence elections, or help them with strategies to harm.

Before his death, the famous physicist Stephen Hawking warned that AI could “end mankind.” Elon Musk has donated millions of dollars to OpenAI but intensely voiced concerns about the dangers of AI.

Some of our clients now block access to ChatGPT on company networks and devices. Some won’t.

Please forward this to your friends so they will consider the risks and enjoy AI-related fun. ChatGPT is impressive, and the business world will never be the same.

The post Cybersecurity Concerns and Fun with ChatGPT appeared first on Foster Institute.

In North America, System Intrusion (Now up to 80%) attacks surpass Social Engineering (down to 20%). System Intrusion is when attackers gain access to networks, plant ransomware, establish remote access, and otherwise compromise data and processes in a network.

90% of system intrusion attacks in North America were performed by threat actors external to the company. But the 10% of internal attacks highlights the concern of insider threats. Insider threat is when someone working for an organization accidentally or intentionally gives attackers access.

In North America, the motivation for attacks are:
For financial gain: 96%
Espionage and spying: 3%
Grudges and anger: 1%

Of attacks in North America, 14% were caused Primarily by Cloud Security Misconfigurations, highlighting the need to ensure IT professionals are familiar with the complex security settings related to cloud services. An excellent resource for Microsoft Cloud Security is https://learn.microsoft.com/en-us/microsoft-365/solutions/setup-secure-collaboration-with-teams?view=o365-worldwide#securing-teams-for-sensitive-and-highly-sensitive-data

To see statistics in other parts of the world and overall, you can find the report at https://www.verizon.com/business/resources/reports/dbir/

The post Short List of Essential Cybersecurity Statistics Exposes Attackers and Can Help You Secure Your Systems appeared first on Foster Institute.

If you know what MFA is, you can skip this paragraph. The most common first step of MFA is for users to enter their username and password. They receive a text message with a code to complete the login process. Alternatively, the user might have an authenticator app on their phone that provides a code. Another option is for the user to receive a “push” notification asking the user to approve the login through the app. The latter is sometimes referred to as one-tap login. There are other options for the factors, including approving specific computers, geo-location, USB hardware keys, and biometrics, including fingerprints, facial recognition, and iris scans. There are pros and cons to each.

Summarized steps you can take to help protect yourself from attackers bypassing multi-factor authentication:

= Know how to protect yourself against a thief stealing a phone if MFA uses text or email messages as the second step.
= If supported, instead of a code number from a text message or authenticator app, consider using a USB token, fingerprint, or facial recognition for the second factor.
= Reduce the duration a code is valid. For example, perhaps change the code every 60 seconds so an older code won’t work.
= Limit the number of failed login attempts in a specific period.
= Implement web content filtering to help protect users from being exposed to fake login screens.
= Limit logins to specific countries.
= If users primarily use the same device, restrict logins to specific devices.
= Train users to beware of fraudulent login prompts.

Please see the details below:

If MFA to sends a text message to a stolen phone, the thief might see the text message. For websites or services that only support text messages for the second step, consider investing in an inexpensive flip phone with a different phone number to receive text messages. Similarly, if MFA involves an email, and the thief can easily access your email on the stolen phone, it defeats the purpose of MFA. Therefore, if you set up the two-step login with email as the second step, use an email address that requires some other form of authentication on the phone to access email messages. Ensure email messages do not pop up on the preview screen when received.

Another way attackers bypass MFA:
Step 1: Trick the user into clicking a link that takes the user to a fake login screen for Microsoft 365, LinkedIn, or any other valuable site.
Step 2: The user enters their username and password into the fake login form. Now the attacker knows the user’s login name and password.
Step 3: The attacker’s computer pulls up the genuine login form and enters the username and password the victim just provided.
Step 4: The legitimate website sends the user the text message, sends a push notification, or performs another second factor the user is used to. The user expects this, and the process seems normal to them.
Step 5: The attacker can create a fake form for the user to enter the code from their text message or app. When the victim enters the data, the attacker’s computer inserts the data into the genuine website. If the user received a push notification, they could approve the login because the user believes they are indeed logging into the site.
Step 6: The attacker is logged in and has the user’s full access. The attacker needed no previous knowledge of the user’s username, password, or text key.

One strategy to fight his kind of attack is to use a second factor that isn’t a text code. For example, a user doesn’t need to enter a code if the second factor is a fingerprint or USB token plugged into the computer. The user cannot enter that information into a fraudulent login screen.

Another common strategy attackers use to bypass MFA is to reduce the time an OTP (One Time Password) code can work without the user requesting and receiving a new text message or generating a new code in the authenticator app. Shorter expiration times mean the attackers must use the stolen credentials and second factor to log in more quickly.

Another strategy, though slightly less effective but can be used in conjunction, is to limit the number of failed login attempts within a period. An example rule is if there is a failed login attempt for a user account three times in a row within five minutes, lock their account so they cannot try logging in again for ten minutes.

A useful cybersecurity control that is underutilized is conditional access by country. If your users will always log in from specific countries, block logins from all other countries. That will make it more difficult for foreign adversaries to compromise your users’ accounts. Identifying a user’s location is sometimes referred to as geolocation.

Another method to bypass MFA is to use social engineering to trick the user into disclosing their username, password, and code or another second factor. A typical example is for a bad actor to contact a user, impersonate a technical support person, and ask the user to provide the information to help prevent some fake problem that doesn’t exist. Some trusting users walk the attacker through the login process, bypassing the protection of MFA.

Another strategy bad actors use is called MFA fatigue. The hacker will make so many attempts to log on that the user finally tires of receiving push notification alerts. The fatigued user approves the login to make their phone be quiet, and the attacker is in the system.

Attackers could use SIM Swapping to reroute calls and text messages to their phones. Therefore, text and callbacks can be less secure than other second factors. However, many sites only offer those two options.

As your IT team can tell you, there are more technical ways for attackers to bypass MFA by creating person-in-the-middle attacks using something called a proxy. Another strategy attackers can utilize is captured authentication cookies or tokens. Authentication can rely on digital key values that must be kept secret inside servers. If attackers get access to the keys, they can gain access.

Your IT Team can implement some form of web content filtering and configure it to block communications with known malicious sites and attacker command-and-control servers. This isn’t perfect because attackers frequently change command servers, but it helps.

Using SSO (Single Sign On) reduces the number of opportunities an attacker has to trick the user. Of course, the flip side is that if an attacker successfully gains access to the single sign-on, the attacker won’t need any other credentials to access everything the user can access.

User training is essential, as is keeping the computer safe.

As you can see, using MFA does not mean your authentication process is secure. Whenever a new security control is invented, someone finds a way to break it. The strategies above will help you be more secure.

Alert your friends to some of the ways attackers can bypass MFA. They might decide to consider using USB keys, biometrics, or cryptographic codes stored in a computer or hardware.

The post How Attackers Break Your Multi-Factor Authentication Protection and 7 Strategies to Protect Yourself appeared first on Foster Institute.

This so-called cyber-flashing is a growing problem with Apple’s AirDrop feature and Android’s Nearby Share feature that allow you to send and receive images, videos, and files from other users nearby.

Yes, you get prompted to decline or accept the image, but you cannot unsee the preview image in the prompt.

To protect yourself on your Apple device, Click on Settings, General, and AirDrop to choose Receiving Off, Contacts Only, or Everyone. I recommend you select Receiving Off. Temporarily enable receiving when you wish to exchange photos. Apple provides a detailed explanation of AirDrop at https://support.apple.com/en-us/HT204144

To protect yourself on an Android device, choose Hidden your Nearby Share settings. The steps will differ depending on your device and version: Settings, Connected Devices, Connection preferences, Nearby Share, and choose Hidden. Or your device might have you go to Settings, Google, Devices & Sharing, Nearby Share, and set Use Nearby Share to Off. You can learn more about Nearby Share at https://support.google.com/android/answer/9286773?hl=en

Bad actors strive to find ways to affect users of any brand and type of device and service. Please forward this to your friends, so they don’t receive shocking images via AirDrop or Nearby Share!

The post How to Avoid Receiving Disturbing Photos via Apple AirDrop and Android Nearby appeared first on Foster Institute.

An exception will be if you feel held hostage by them, or if there is some other outstanding reason they’ve failed you. Yes, we’ve seen horror stories. In those extreme cases, the executives had already decided to fire their outsourced firm.

When we perform cybersecurity consulting, unless the executives ask us to approach it differently, we give the outsourced firm the benefit of the doubt that their intentions are always to provide you with the best service possible. If we encounter a grave security mistake, that’s one purpose of the audit – for us to catch things like that so your IT providers can fix it. We almost always find at least one gaping hole, which is our specialty. After all, third-party IT companies are responsible for many aspects of your IT operations, while our focus is cybersecurity. Once outsourced IT firms realize we’re there to help and not replace them or their services, they relax, welcome input, and ask questions about the best way to protect you.

If you move to a new provider, there could be a steep learning curve before they can serve you at the same level. Keep in mind that your IT provider is already familiar with your systems and understands the unique challenges you face. Unless their turnover is high, the professionals that serve you know your team members and maintain a friendly, professional working relationship with them.

If you consider changing providers because some well-meaning person says you have the wrong brands of products, find out if their personal bias is evidence-based. If the specific solution your provider prefers meets all the functionality criteria, it is almost always best to allow your IT Professionals to select brands and vendors they like. They typically prefer particular brands and solutions for important reasons.

For example, their engineers might be most familiar with Cisco, Juniper, SonicWALL, WatchGuard, or one of the many other firewall brands. Most brands, if configured properly, will serve you well. As with automobile repairs, you want a technician familiar with your car’s brand. If you ask your outsourced IT company to support an unfamiliar product, you’re putting them in an uncomfortable position. They want to consistently produce excellent outcomes for you, and if you insist that they support a brand they are unfamiliar with, you could be setting them up for failure.

Your outsourced IT firm almost certainly has you set up with specific vendors for your anti-virus, anti-spam, backup solution, etc., because they have automated tools that allow them to monitor and manage your solutions. That efficiency of scale facilitates them taking optimum care of you. Deviating from their standard brands creates unnecessary expense and frustration. For this reason, if you do decide to change providers, prepare yourself for needing to replace some of your software and hardware to conform to the new IT provider’s preferred configuration.

If your provider is too slow to respond, perhaps they’re understaffed but have an expedited service option you could invest in to get priority access to their best engineers. Or maybe they have a different brand or product solution that permits them to use streamlined tools, but you’re still using products a previous IT firm installed.

Without knowing the brands you are using, I cannot say if you’ve got great ones. I can share that most brands have excellent products and solutions that work well when appropriately configured by knowledgeable professionals who’ve proven their proficiency by earning certifications on those brands.

Executives sometimes ask if they should seek a cheaper provider. We rarely see third-party IT companies overcharging for services. They are aware of the competitive nature of their business. Consider how much it would cost you if all your systems were down, and the investment you pay your IT support firm is probably worth it.

Yes, your IT provider might be priced higher, but consider their level of professionalism too. Are they quick to reply when you need them? Do they fix issues the first time?

It can be an excellent sign if you feel you don’t need your provider because you never have any problems. That can indicate that your IT firm is taking such good care of the inner workings of your systems that everything runs smoothly for you. If you did terminate your IT provider, things could start falling apart slowly, without being observable, until everything stacks up to the point when you suffer a disaster.

If you wonder if they are competent, consider asking them for a list of certifications they’ve earned from Microsoft, Cisco, or the brands and technologies they provide and support for you. If they’re not certified, encourage them to take the training and pass the tests. Certifications often involve significant expense and time, so don’t expect them to earn the credentials overnight. Passing the certificate will be a breeze if they’re already knowledgeable about the products they support. And during the training, they might find new ways to help your organization without you needing to buy more stuff. Everyone benefits.

Your firm may not have top-level cybersecurity certifications. Cybersecurity is a complicated and rapidly evolving field that requires intense specialization. We never have expectations that third-party computer services companies know everything there is to know about cybersecurity. We expect them to be open to cybersecurity recommendations. We’re thrilled to discuss and answer their questions as they tune the solutions from brands they sell and support.

As cybersecurity advisors, it is rewarding to see and facilitate, if necessary, our customers strengthening their relationship with their MSPs and other third-party IT firms. Sometimes it is a matter of us helping you identify the pros and cons of the add-on cybersecurity packages your provider offers. Or, if their package isn’t the perfect fit, sometimes you can negotiate the offerings to get the best solution.

Please forward this to your friends if they wonder if they should change to a new outsourced IT consulting firm. As long as they’re well-staffed, competent, and professional, there are many advantages to staying with the company with whom they have an established working relationship.

The post Reasons to Keep Your Same Outsourced Computer Consultant or Managed Service Provider appeared first on Foster Institute.

Delete your third-party apps. You can always reinstall them if you decide to use them. Your phone and tablet are more secure the fewer apps you have. Most people only use 20% of their apps.

On an iPhone, press on the app’s icon and hold your finger down. Follow the prompts to remove and delete the app.

In Android, there are a few ways to delete apps as described in this article: https://www.lifewire.com/delete-apps-on-android-phone-5271421

Please forward this to your friends, so they know to delete old applications too. If they’re waiting for something anyway, it will make the time pass quicker, and they’ll be more secure.

The post The Next Time You’re Bored or Waiting, Delete Some Unused Apps from your Android or iPhone appeared first on Foster Institute.