The city of Baltimore is still reeling from the effects of an attack three weeks ago. The city refuses to pay a ransom and is steadily recovering their systems.

Last night during my flights, several display screens that usually show departures and arrivals showed a crashed Windows screen. The advertising screen of one airport store’s advertising displayed the blue screen of death.

What should you do to protect your organization from ransomware and other exploits that use Eternal Blue?

Give your IT professionals time away from their other projects to double-check essential functions. If you outsource, be willing to pay your managed service provider to perform additional steps beyond their usual scope of work.

Be sure to update the operating systems and all applications on all Windows instances. Microsoft released essential updates in March and more in October. Your missing patches may be weeks behind because proper patching is so challenging. If you’re unsure, Microsoft has instructions on how to verify the patch is installed. If you need a work-around, Microsoft also provides guidance on how to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Servers.

Back up in multiple ways. Additionally, copy your essential files to storage that gets disconnected from your network in case your backup files get encrypted with ransomware.

Test the restore process and time it. If the restore takes longer than you can comfortably stand being down, find another way to back up.

Update and confirm that your anti-virus tools are up to date on all endpoints.

Ask IT to turn up the restrictions on the spam filter. You, executives, must examine your risk appetite to determine how restrictive the filtering should be. Are you willing to accept the risk some good email messages could be blocked?

The same goes for web content filtering. Increase the strength too. Block all countries’ websites and re-enable them as needed.

The IT team must limit the number of administrative accounts that have privileged access.

Constantly re-educate your users.

Additional reading: As EternalBlue Racks Up Damages It Reminds Us There Is No Such Thing As A Safe Cyber Weapon

.

The post Protect your Company from the Imminent Threat called Eternal Blue appeared first on Foster Institute.

What if your password manager is infiltrated by attackers? The concern that attackers may steal your passwords is eclipsed by the concern that attackers might use the password manager to gain access and take control of your network.

What if attackers spread viruses into your computer, using your favorite music program? Or a game? Or an add-on for your browser?

Attackers already infected the program called C-Cleaner, used by millions. Unfortunately, this tool became a powerful attack tool when attackers poisoned the update server.

As another example, some people believe that there is evidence that Kaspersky anti-virus software has been used to infiltrate computers.

By their nature, anti-virus programs need to have access to the deepest parts of computers in order to function properly. That makes them an appealing target for attackers. When an attacker can take over an antivirus program, of any brand, the attacker will have the same deep access to the victim’s computer.

Some people use an add-on program to help check their grammar in documents. This week, a patch was released to fix a bug that made it possible for attackers to access users’ private documents. Although the problem was fixed quickly once discovered, how much sensitive data was stolen before the discovery?

Talk to your IT Professionals and remove all software that is not essential to your business. Each program is a potential vector for attackers. If you need a program, keep it. The concern is that a program can be used as a pathway into your organization’s sensitive information, and to even give attackers the ability to take full control of your network.

Please forward this to your friends so they can re-think having non-essential programs installed on their network. The problem, of attackers using trusted programs to access networks, is trending in 2018 and is a growing threat to the security of all organizations.

The post When Trusted Programs get Hacked: An Attacker May Be Putting Germs on Your Toothbrush appeared first on Foster Institute.

Second, attackers will target, more than ever before, organizations who store protected health information. If you are in healthcare, or even if your company name makes it sound like you are in healthcare, ramp up security to unprecedented levels and have a plan of what to do when you are breached.

Third, more attackers will use trusted security software as a vector to infect networks. Attackers already infected the program called C-Cleaner, used by millions of people to, among other things, speed up slow Windows computers. C-Cleaner is a very useful, and trusted, security program. Unfortunately, this tool became a powerful attack tool when attackers took over the update server. What program, one that you trust, will attackers take over to use as a vector to hack your computer?

Please forward this to your friends who can be on the lookout too.

The post Three Serious Trends to Watch Out for in Cyber Security appeared first on Foster Institute.

By default, all of your computers permit communication between each other, and attackers use those same communication channels to spread attacks from one machine to the next.

The solution is so basic that it is often overlooked: Computers do not need to talk to each other anyway, just to servers. Block the communication between workstations, and you take away a major vector used by ransomware to spread.

Ask your IT team to use local firewall settings on each computer to prohibit communication between workstations. They can make the setting once, and your servers will propagate that message to the other computers on the network. Give them a little time to complete this, because they will want to test their settings.

Please forward this message to help make the world a safer place. And remember, the more secure your service providers are, the more secure you are too.

The post One Setting Can Protect Your Network from Ransomware appeared first on Foster Institute.

Almost universally, security log files are too small and have overwritten themselves, making it impractical, and sometimes impossible, to see what security events have been happening on the network for more than a few hours.

Ask your IT Pros to be sure that the security log file size is set to at least 256 Megabytes.

Your IT Pros probably already know all about security logs, and can find out all the details on Microsoft’s site. Someday, as time permits, they may be interested in monitoring more than the default events, and that’s good. Microsoft provides detailed recommendations about events to monitor.

Please forward this to every executive you know so that they can forward it to their IT professionals and outsourced IT companies. Experience has shown that the majority of companies are still configured to use the tiny default size, and attackers love that.

The post Please Alert Your IT Pros – Increase Your Security Log File Capacity appeared first on Foster Institute.

Regular backups, including file backups, can do a great job of protecting your documents, pictures, and other files. But a full restore of a computer after an attack can take a very long time, and often requires you to reset the computer to factory defaults and spend hours reloading your programs.

If you need to restore after an attack, restoring an entire image is much faster than starting a re-installation from scratch. Disk images are a one-to-one copy of everything on your computer’s internal hard drive. Most often, you will replicate your drives to an external USB hard drive.

Image backup tools include Shadow Protect Desktop from Storage Craft, and Acronis True Image. For Macs, use Carbon Copy Cloner.

Keep using whatever backup method you already use for backup too. Image backup is an addition, not a replacement.

Please forward this to everyone you know who would like to be able to recover their computer quickly in the event of a ransomware attack.

The post Recover Quickly if Ransomware Attacks at Remote Worker and Home Computers appeared first on Foster Institute.

Last weekend, I asked my daughter to tell me a fairy tale. She chose The Three Little Pigs and the Big Bad Wolf. As she told the story, it became so clear that organizations use straw, sticks, or brick to build their cyber-security protection. See which you are, and how to improve:

Security built with straw, is weak, and too common. It is when executives say:
1. “We moved everything to the cloud so we no longer need to be concerned with security.”
2. “Everybody is getting ransomware, so it is no big deal if we do too.”
3. “We encrypt our data, so it is safe.”

Security built with sticks is common too, and better, but will not stand up against attackers. They think they need only three things and can stop there:
1. Anti-virus
2. Firewalls
3. Strong passwords

Security built with bricks is very rare. You still need the “sticks” combination, and the rest of making a home out of brick is achieved by doing the hard things that attackers are counting on organizations not doing:
1. Ensure no programs or scripts can run unless approved
2. Keep patches current without crashing systems
3. Constantly measure to make sure the right things get done. Support your IT Professionals generously by truly listening to them and supporting them as they accomplish these difficult tasks

Past, and future, blog entries explain how to implement the brick solutions above.

Please forward this to everyone you know who may have built their cyber security out of straw or sticks. Encourage them to get out the bricks ASAP.

The post Straw, Sticks, or Brick: How to Tell Which Your Network Is, and How to Improve It appeared first on Foster Institute.

Knowing that updates might cause a problem, please back up your computer first. You are backing up all the time already, right? Time Machine is a wonderful tool and is built in. If you want to supplement Time Machine with an additional backup, Carbon Copy Cloner from Bombich dot com is very popular and clients experience great results. You’ll need a couple of external USB drives, but the investment is worth it.

In case you are not familiar with how to apply patches, here are instructions:

On your Apple computer, even if your computer is set for automatic updates, it is good to verify that you have the most recent patches. Click on the image of the apple in the top left corner, and choose App Store. If not already selected, choose Updates inside the title bar that already contains the words: Featured, Top Charts, Categories, Purchased, and Updates. You may see many updates for your applications, and those are fine to apply, but the urgent one is the update called macOS Sierra Update and the version is 10.12.5. If you’ve not updated in a while, you may see other macOS updates too.

iPhone and iPad users, press on the Settings icon that looks like a gear. In the left-hand column, select General, and you’ll see Software Update on the right-hand column near the top. The most recent patch is for iOS 10.3.2.

If you want to configure automatic updates for your Apple computers, find instructions by searching for this phrase in Google: Automatic security updates os x site:apple.com

If you want to configure automatic updates for the iPhone and iPad, find instructions by searching for this phrase in Google: Automatic security downloads iOS site:apple.com

Please forward this to everyone you know who uses Apple devices and you want to help be more secure…

The post Get Apple’s Urgent Patches that Fix Dozens of Security Holes appeared first on Foster Institute.

Instructions for Windows and Apple home users are listed below the numbers. For organizations, here are 10 Steps To Avoid Incidents Including the Massive Ransomware Attack:

1. The reality is that most organizations are missing critical security patches and there is a very strong likelihood that yours is too.

2. Provide your team with extra time, and perhaps additional personnel, to test and then deploy patches ASAP. Some organizations are adding a new IT professional to their team whose sole responsibility is to manage patches. If the patch fails testing, then time must be invested to resolve the issue or implement compensating controls.

3. Prioritize critical security patches for the operating system, all the browsers, Flash, Java, your PDF Reader, and Microsoft Office. They are usually the easiest to attack and form your first line of defense.

4. Many IT teams are very reluctant to apply patches for fear of breaking your systems that are already running. Help remove their fears by reassuring them that you take on responsibility if the patch causes a problem. Encourage them to follow a procedure that mitigates risks:

5. Test Patches in a test environment that uses the same applications as the rest of your network. For very small companies, your test environment might be a single computer. For larger organizations, and organizations that stand to lose a great deal in the event of an attack, create a separate testing environment that is isolated from the production environment.

6. Have a pre-tested rollback plan so that, if the patch does cause a problem, your IT team will already know what they need to do right away to roll back a patch that causes an unexpected problem. They will then go back to the testing phase.

7. Deploy the patches in stages rather than patching all machines simultaneously. That way, even if the patch does cause a problem, not all your machines will be affected.

8. You may decide to empower your IT team with a patch management tool such as Ninite, LANGuard, Shavlik, or others. Allow them to test and choose a tool, and provide them with the means and time to do so, ASAP.

9. Ask IT, perhaps weekly and at least monthly, to provide you with a list of missing patches, not a pie chart.

10. You must upgrade from older operating systems, any of the ones that Microsoft no longer supports. If some machines cannot be upgraded, then they must be isolated or some other compensating control put into place. Microsoft clearly states when they stop producing patches for old operating systems.  So, there was no patch available for Windows XP and others.

Call me if they are not able to apply patches. Let’s team up to help prevent this.

At home, or if your organization is so small that you do not have an IT team or have an outsourced IT company that takes care of your patches, be sure that the option that provides automatic updates to Microsoft is enabled. The instructions are easy to find – just google the phrase: configure automatic updates site:Microsoft.com

Apple computer users, google: Automatic security updates os x site:apple.com

iPhone and iPad users, google: Automatic security downloads ios site:apple.com

Additionally, manually check for updates in Microsoft Office to be sure those are applied. Be sure that automatic updates are enabled in your browsers. Regularly download and apply patches to, or new versions of, Flash, Java, and your PDF reader.

Please forward this to everyone you care about and want to help stay secure.

The post Patching – 10 Steps to Seal the Holes in Your Armor appeared first on Foster Institute.

A drastic solution is to uninstall all browsers. Browsers can’t get hacked when they don’t exist. You can switch to hosted browser service that runs browsers in the cloud, not on your computer.

To see how this works, watch the short videos at authentic8 dot com and Citrix dot com/virtualization/secure-browser

This newsletter is targeted to executives who don’t need to understand technology, so you may choose to forward the following technical information to your IT Department.

And please forward this to anyone whose cybersecurity you care about.

For our more technical audience: As of today, only authentic8’s solution supports general web browsing, but both support web applications.

Since these services put security first, and functionality a close second, you may still need a local browser for some applications if they don’t function properly in the hosted browser environment. But, if that is the case, you may be able to remove Flash and Java from your systems to make your local browsers more secure.

The biggest problem with both products is that they do not have a way to be set as the default browser to be used if a user clicks inside an email message. So, if you must leave a local browser installed, your users will still need to be careful about clicking links in email messages. The solution may be available soon.

Hosted browsers still protect your computers during web browsing sessions. And it becomes practically impossible for an attacker to use a hosted browser to access the sensitive data stored on your network drives.

Investigate using a hosted browser for added protection against the many threats on the Internet that exploit browsers and plugins such as Flash and Java.

The post Finally, a Solution to Solve What May Be the Biggest Cyber Security Risk at Your Organization appeared first on Foster Institute.