Step 1: Attackers compromise work-from-home users.
Step 2: They gain access to their company.
Step 3: They bite into the company to discover what’s inside.

There are so many work from home users; this is a target-rich environment.

1. You must harden remote users’ systems against attacks. Secure their connections.
2. When possible, issue laptops, so your IT team has more control over your remote users’ security.
3. Implement user training and phish testing. Please say if you’d like us to provide phish testing and online training for your users. We do all the work so your IT teams can focus on their other tasks.

Please forward this to your friends so they realize their remote users must be more secure than ever, and attackers target them indiscriminately.

The post Your Work From Home Users are Like a Box of Chocolates appeared first on Foster Institute.

You’ll make your computer less attractive to attackers, and it limits the window during which they can attack. You have nothing to lose, and you might even reduce your power bill!

Please forward this to all of your friends, so they know this simple step to protect themselves.

The post Power Down to Boost Security appeared first on Foster Institute.

To help address the security problems, Zoom now offers a reward for anyone who finds a way to break in. The payoff, for bad actors and researchers, is enormous. A sobering thought is that maybe the attackers already have full control over Zoom. However, they might have complete control over GoToMeeting, Microsoft Teams, Skype, TeamViewer, WebEx, and any other virtual meeting platform. I certainly hope not.

Zoom is Making Improvements

Zoom says they’ve configured the system to avoid sending meetings through China’s servers. Otherwise, the Chinese government might require disclosure of your communications.

If you use Zoom on a Mac, then if a bad actor has your computer, they could take over your camera and microphone. Additionally, Zoom exposed information that could reveal Windows passwords. Zoom says they fixed those problems.

After Consumer Reports raised red flags, Zoom improved its privacy policy and practices. Zoom still has problems. A notable issue is that there is no end-to-end encryption during meetings. Security best practices dictate protection from each participant to every other.

You and Other Companies can Help Protect Meetings

For example, if you permit your users to record the meeting, encourage them to password protect the recordings, especially if they upload them to a cloud storage service. Otherwise, anyone with access to the recording can play it back.

Require passwords and require waiting rooms per new default settings. The goal is to stop intruders from interrupting a Zoom meeting with disruptive or disgusting content.

Configure the meeting so that only the host can share their screen. Then intruders cannot share theirs.

Never use a personal meeting room ID for scheduling meetings. Use the default setting to generate a meeting ID randomly.

Alert users to expect fraudulent email meeting invitations attempting to trick users into typing their Zoom username and password.

Enable two-step login requirements to protect accounts even if a bad actor does discover usernames and passwords.

Or, you could ditch Zoom all together. Options include FaceTime, Signal, Teams, and many others. But who knows which one could get hacked? No matter how secure it is, all it takes to destroy security is for one person on the call, or an attacker with remote access to their computer, to record the conversation using third party screen recording software.

To help protect your Zoom meetings, watch other videos that concisely cover the security settings available in a paid Zoom account, configuring the two-step login feature, and a run-through of paid account settings so you can follow along:

Zoom Security – Set Up Two-Step Login

Zoom Security Settings – The Concise Details

Zoom Security – Follow Along to Set Settings

The post Zoom Security Issues – Protect Yourself appeared first on Foster Institute.

This video is for non-technical people who need to make Zoom more secure today. So, if that’s you, open up your zoom account settings on your screen, and keep this video where you can see it side-by-side. Pause the video when you need to.

Some people say, “Mike, tell us what settings to change to increase our Zoom security.” If that’s you, then you are going to love this video. It walks you through your Zoom account settings so you can follow along.

I know that some of you will want to fine tune the settings more than this. This video is not designed to replace your IT Pro; they know more about your specific system and requirements.

To help protect your Zoom meetings, watch other videos that cover concerns about using Zoom:

Zoom Security – Set Up Two-Step Login

Zoom Security Settings – The Concise Details

Zoom Security Issues – Protect Yourself

The post Zoom Security – Follow Along to Set Security Settings appeared first on Foster Institute.

USB: A new ploy is bad actors mailing USB devices, appearing to be from your company to your users. Once plugged in, they can open up a channel that permits unauthorized remote control and capturing keystrokes, including passwords.

Fake Login Prompts: Remind your users to beware of login screens when they don’t expect them. Attackers create persuasive prompts that ask your users passwords for their logon, VPN, or Microsoft Office 365 login, and more. Sometimes the windows tell the user that their connection dropped, and to provide credentials to reestablish their link. Your Users must ignore those prompts and notify your IT team immediately.

Fraudulent websites and apps: Sites may have useful coronavirus information, but they also contain malicious attack software that strives to infect computers. Attackers create bad apps offering online statistics, tracking of the virus spread, and more.

Please forward this to your friends so they can alert their users too.

The post Alert Your Team – USB Devices, Login Prompts, and Apps appeared first on Foster Institute.

Almost always, the vendor or contractor had no malicious intent. Their organization’s own IT systems were not secure, and/or their team members performed actions in a non-secure way.

Be sure the service providers you use are working every day to be more secure too. Ask them about their security awareness training program. Ask them how often they are audited by independent third party firms that are interested in helping them increase their own security. If you want to, encourage them to sign up for our newsletter.

Remember, your IT security relies on their IT security too.

The post About Half of All Breaches are Caused by a Contractor or Service Provider appeared first on Foster Institute.

She became so tired and lethargic that I determined that one of the best thigs I could do was stop letting her pediatricians care for her; so, I rushed my 7-year-old angel to an emergency room at a different healthcare system. Tests revealed that her body was on the precipice of shutting down. Her body was going into shock, perhaps irreversibly. The ER physician explained that, even with immediate medical intervention, she might die. I had no idea how hearing those words would feel to a parent. Like a sledge hammer hitting one’s chest. The doctors admitted her to the hospital immediately.

Today marks her fourth day the pediatric unit at the hospital. I just gave her a big hug, and she smiled and said, “I love you Daddy.” Were it not for the IV in her arm, it could have been a normal evening. After giving that sweet hug, she snuggled up with my wife in the hospital bed, and fell asleep.

She is going to be ok. But, had I continued to adhere to our health system’s pediatricians’ advice, that hug would never have happened, and her sleep would have been eternal.

How is it that a huge medical system, with 10 million members and more than 180 physicians, could do such a poor job? If a doctor has a computer in the examination room, and a tablet everywhere they go, does that make them a competent physician? Does the technology help them do their jobs, or get in the way of taking care of their patients?

Another experience: Two weeks ago I encountered a CEO who has tossed his smartphone and gone back to a flip-phone. He is not the only CEO making this move. He says the smartphone technology slowed him down. He didn’t need the frustration, and is fine with all the ribbing he receives from his peers about being a technology Neanderthal.

Perhaps he possesses the uncommon wisdom to know when to use, and not to use, technology.

How often do salespeople, especially those in the field, lament that being forced to use technology for all aspects of their role hurts their ability to sell productively?

Have you ever encountered an organization that spent a ton of money on a new ERP that was supposed to be amazing, but they ended up abandoning the ERP project later at an incredible expense?

Have you ever heard of a company so debilitated by ransomware that they could not run their organization until they recovered from the attack? Should your organization be that dependent on technology? Yes. In some businesses, it is practically mandatory to be that reliant on technology.

Being reliant on technology is a big part of doing business.

But it is time to reconsider the wisdom of relying on computers, the cloud, and other technologies for every process in your organization. As the CEO pointed out, this not only applies to the organization, but to individuals as well. Just because there is an app for that doesn’t mean the app is a better way to do things.

I encourage you to make another New Year’s resolution: Identify where technology truly helps, and where it impedes, your organization’s effectiveness. By all means, continue to use technology where it serves you well; be the best at utilizing the technology. And, be courageous enough to go against the technology trend, where appropriate.

Challenge your executives to identify the effectiveness of using every program and process in your organization. Definitely keep technology that serves you, and ditch the rest. Those actions may lead to some of your biggest wins in 2017!

Please forward this to anyone who you feel will benefit from stepping back and examining which technology serves them, and what doesn’t.

The post How My Daughter Almost Died This Weekend & a Resolution Recommendation for You appeared first on Foster Institute.

Professional Development Workshop for IT Pros:
IT Pros must overcome ever-increasing challenges. Together, you can help yourself and your organization grow and thrive more than ever.
At the SuperTech workshop, IT Professionals receive what they really need in order to be truly successful in their careers… an arsenal of “best practices” that foster an environment where everyone in the company wins! SuperTech can be a positive life-changing experience for participants from everywhere.

Attention Executive Management:
These are just a few of the benefits you will enjoy when you send your IT techs to this one-of-a-kind ‘best practices’ IT workshop:
• Improved performance of your IT team and outsourced vendors.
• Increased productivity from IT teams that feel more appreciated.
• Improved IT Interaction with the rest of your organization’s team.
• Re-energized IT Pros who feel happier (and more loyal) about their jobs.
• Confident IT staff you can trust to professionally represent you to clients.
Imagine your IT department running like a well-oiled machine, with security precautions in place, projects completed on time, lines of communication wide open, and misunderstandings a thing of the past.

What The Workshop Covers:
This two and a half day workshop was created specifically for IT Professionals. Here are just a few of the proven practices that you’ll learn in this workshop that will help transform you into a true “Super-Tech:”
• Master communicating your technical knowledge to others.
• Make sure you are getting the most from your outsourced IT consultants.
• Discover the perfect strategies for providing feedback to management.
• Get the people you supervise to follow your instructions.
• Love your job and enjoy your projects.
• Handle multiple priorities with ease.
• Basics of superior communication.

Schedule:
Prior SuperTech events held in Napa and in New York City have been two days of 9a to 5p. Starting in 2015, the workshop expanded to two and a half days. It moved from a boring conference room and the new workshop meets at a different location each day. Expect a total of 12 hours of traditional training combined with 12 hours of other important activities:
• Monday August 8: In a Redwood Forest amongst trees more than 200 feet tall
• Tuesday August 9: At the Exploratorium and Fisherman’s Wharf in San Francisco
• Wednesday August 10: On the USS Hornet Aircraft Carrier

Testimonials:
Mark, a valuable IT Manager and past participant at SuperTech says, in addition to benefitting from the content, he values the resulting friendships with fellow IT Pros: “I am only 1 out of 70 people in my company. When there is an unusual IT problem at work, having other IT Pros to call is awesome!” He is a past participant and, because he received so much value, is coming again this year too. He knows that IT Professionals can achieve so much more as a unified force. Empower your IT Pro to become part of that force.

Jered says, “I thought it would be good but the content in the first two hours and Mike’s hospitality and attitude blew me away. (There are) so many things I can’t wait to go back and apply.”

Jamie says that the workshop, “Gave me a different perspective to see how other IT Professionals face similar challenges. This was an awesome conference.”

Lester says that the workshop exceeded his expectations because, “I thought this would be a dry boring conference room seminar. It wasn’t. I had a great time with a great group I hope to remain friends with.”

Investment: $1495 total for all two and a half days
Yes, this does include entry fees and tickets at venues.
Does not include travel or meals.
Please call if you want help finding a good price hotel, sharing a car, etc.
Your family is more than welcome. Alternate activities are provided for them, and the schedule is arranged such that you will have plenty of time for you all to be together as well.

Please call if you have questions – including help with travel arrangements
Register today! stacey@fosterinstitute.com or Mike Foster direct: 805-637-7039

The post Send your IT Professionals to The 2016 SuperTech Best Practices Workshop appeared first on Foster Institute.