To combat this, Apple’s iOS 17.3 introduces “Stolen Device Protection”. Here’s why activating it is crucial:

1. Face ID/Touch ID Requirement: Your iPhone will require your Face ID or Touch ID to turn off lost mode or erase the phone.
2. Time-Delay Security: Changes to your Apple ID password, iPhone passcode, and key settings now have a one-hour delay.

Settings for Theft Protection:

• Quick Tip to find specific settings: Open Settings, swipe down slightly, and use the search box that appears at the top. You will find all of the settings in bold text by searching in Settings:
• Software Update: iOS 17.3 enables Stolen Device Protection.*
• Backup: Check your backup status by searching for Backup in Settings.
• Use Face ID or Touch ID so potential thieves won’t see you enter your passcode.
• Activate Stolen Device Protection:This is the new setting that spurred me to write this blog for you
  
• Ensure “Find My” is enabled on Apple devices. Use iCloud.com/find or the Find My app to be sure tracking works.

Other Essential Steps:

• Have alternate login methods for resetting passwords for apps and websites that use multi-factor and two-step logins.
• If you use authentication apps, ensure you configure ways to generate codes or recover keys if you lose or erase your phone.

If Your Phone is Stolen:

• Act Fast: Use iCloud.com/find or the Find My app to enable “lost mode” and track your phone.
• Consider Carrier Notification: They can disable phone calls and cellular data but might limit Find My functionality.
• Device Erasure: If you have backups, and ways to recover keys in authentication apps, use Find My to erase your device to help prevent data access.
• Password Resets: If not erasing your phone, consider resetting passwords for critical accounts if passwords are stored on the phone or if apps login automatically.

As always, threat actors will seek ways to bypass this protection. As of now, this feature is a huge leap forward to protect an iPhone and iPad from thieves who see the passcode. Congratulations, and thank you, Apple!

*If your phone or tablet is too old to update to iOS version 17.3 or newer, see https://fosterinstitute.com/be-prepared-know-the-impact-of-iphone-theft-and-what-to-do-right-now/. for recommendations.

Note: Testing the Stolen Device Protection feature at home may not work, as Apple devices might waive the strict requirements in familiar locations like home or work. You can read all of the details about Apple Stolen Device Protection for iPhone here: https://support.apple.com/en-us/HT212510

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

Disclaimer: The information provided in this blog is for general informational purposes only. Technology changes constantly, and some of this information might become obsolete or incorrect. We do not endorse or receive compensation for mentioning products, services, or brand names. Any outbound links provided are for your convenience and to get you started, but we cannot guarantee the security or safety of those external websites. Conducting your research and making an informed decision about any products or services mentioned here is essential. We shall not be held responsible for any actions taken based on the information provided.

The post Safeguard Your Apple iPhones and iPads: Activate the Latest Theft Protection Setting Now! appeared first on Foster Institute.

Credit monitoring is important too, and it catches problems after the fact. Credit freezes help prevent fraud from happening. When you place a credit freeze, lenders can’t access your credit report without your permission.

For example, if you want to finance a car purchase, you’ll contact the credit bureau to lift the freeze temporarily for an hour so the dealership can check your credit. The lender might congratulate you on being savvy enough to know to freeze your credit.

If an identity thief tries to get a loan or buy a car in your name, if the lender refuses to make the loan in your name if they cannot run your credit reports, then your proactivity blocked the thief! Congratulations!

Be sure to place credit freezes for the rest of your family, including your youngsters, to help stop fraudsters from taking out loans in their names too.

Read more from the Federal Trade Commission (FTC) at https://consumer.ftc.gov/consumer-alerts/2018/09/free-credit-freezes-are-here.

To make things easier for you, below are the contact details for the major credit reporting agencies to contact and ask them to place freezes on your credit. They may offer services for fees that might be different than freezing your credit, and you might decide that a free freeze is all you need:

Equifax: https://www.equifax.com/personal/credit-report-services/ or call 888-298-0045.
Experian: https://www.experian.com/freeze/center.html or call 888-397-3742.
TransUnion: https://www.transunion.com/credit-freeze or call 888-909-8872.

The information shared here is not financial or legal advice, only a suggestion to protect your security. Consult with legal and financial professionals who can guide you appropriately.

Please forward this to your friends so they can protect their financial well-being by freezing their credit too!

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post Help Protect Your Financial Future: Freeze Your Credit appeared first on Foster Institute.

The race is on. They’ll step around a corner, unlock your phone with your passcode, click on settings, Apple ID, and reset your Apple ID password. All they need to know is your passcode to the phone. Your phone asks them, “Sign out other devices using your Apple ID?” Of course, they know to say yes.

Update on January 27, 2024: Apple has a new feature called Lost Device Protection released with iOS version 17.3 that helps solve this problem. Learn more here: https://fosterinstitute.com/safeguard-your-apple-iphones-and-ipads-activate-the-latest-theft-protection-setting-now/

They know that if you put the phone in Lost Mode, they have the passcode and can unlock the phone immediately. You might have your Apple ID protected with two-factor authentication; good work! But the second step of the verification process displays a verification code on your trusted devices. Unless you set your phone otherwise, the thief has a trusted device. Unless you posses a trusted device tied to your Apple ID, you won’t see the verification code, and your attempt to log in will fail.

At this point, only they can perform any functions that require you to enter your Apple ID and password.

Strive to Intervene:

The process only took seconds. It is unlikely you can stop their next moves quickly enough.

Perhaps your friend walked up as the thief was running away. Thinking you might win the race, you grab in a friendly way, of course, any device they have with Internet access and open https://appleid.apple.com. Enter your Apple ID and your password quickly! Remember, the bad guy is around the corner racing you. Then, guess what? Unless your friend’s device is a trusted device on your Apple ID account, you won’t see the secret code you need to log in. The thief will see the code on your stolen phone’s screen, and they’re laughing but admire your trying. You never had a chance in that race. Read more below about setting up Recovery Contacts and Recovery Keys.

But a way to win and be faster than the thief is if you have your second iPhone in your pocket booted up and connected to the Internet. If so, scramble to be the first to open settings, Apple ID, scroll down through the devices, and log out the stolen device. Reset your Apple ID password. Great job! You did it! They can use the phone and most apps, but at least they cannot take over your Apple ID. Keeping two iPhones connected to your Apple account with you will help if one gets stolen.

Or, a more likely scenario than having two phones, maybe you happen to have your Mac open on the table in front of you the moment the phone is stolen. Assuming you weren’t using the phone as your hotspot, quickly click on the apple symbol in the top left corner, choose system settings, Apple ID, password & security, change password, find the stolen device in the list at the bottom of the menu, log it out, and reset your Apple ID password. Whew! They’re not going to gain control over your Apple ID. But they can still use your apps, log in to bank accounts, and access your company email, so you’ll need to reset all those passwords too.

Will you win the race, or will they? Maybe you want to practice the process a few times.

More Things the Thief Can Do to Affect You:

As you read this, do not be terrified. You can relax and remember this scenario assumes a thief has stolen your phone after watching you enter your passcode and memorized it. Hopefully, that will never happen to you, and it is good to be aware of some consequences, your response, and some preventative measures so you can educate your friends.

Since the thief knows the phone’s passcode, they can reset the Apple ID password. Then they can log in to your Apple account and affect your other Apple devices, including Mac laptops and computers connected to your account.

Then the bad actor can access your device’s Keychain, Apple Pay, Apple Cash, and other sensitive information. They can reset the Apple account’s recovery key. The thief can turn off location services so the phone cannot be tracked. They can change the Apple ID account’s trusted phone number and email address to make it even more difficult for you to regain access to your Apple account. They can change Face ID and Touch ID to their face and finger. They devastated your digital world and will start to steal your money and wreak havoc in your life. And don’t blame Apple; blame the bad guys.

Chances are that most of the apps on your phone will still work even if you log the device out of your Apple account. If the apps remember your passwords for you, then the attacker can use the apps. If you have a password manager that automatically fills in passwords without asking you to prove you are you, the password manager will also fill in passwords for the thief.

And if any of your apps, bank, email, or other services send a text message to your phone to verify your identity, and the thief has your phone, they will get the text message to authenticate and can impersonate you.

And any tools you have that rely on Apple’s Face ID or Touch ID to confirm your identity, if the thief resets Face ID or Touch ID on your phone to their face or finger, they’ll have access to those tools too.

Continue Immediate Steps:

You’d better rush to reset passwords to financial and other sensitive services. See the section on multi-factor authentication below.

Contact your phone service provider and convince them to disable your stolen phone’s ability to call or receive text messages until you buy your new phone.

Reset Passwords on all your other accounts for email, online payment tools, social media, cloud storage, and more. Apple devices, including the stolen phone, are very powerful for running apps, accessing email, using web applications, and more, even if the thief does not know the password for your Apple ID. If a thief has your phone, you have many passwords to reset quickly.

Keep trying to regain control over your Apple ID account. You can download the Apple Support App on your friend’s Apple device and initiate a process that will allow you to set a different phone number for the Apple ID verification process. Still, you must have access to the email address associated with your Apple ID to receive an emailed verification code. If you pass that verification, then endure a waiting period of at least 24 hours. The recovery process is similar to recovering your account at https://iforgot.apple.com/. The thief can cause much trouble during the day or longer wait. Read more below about the preventative step of setting up Recovery Contacts and Recovery Keys. More information about the recovery process: support.apple.com/en-us/HT204921. Apple’s guidance if someone gains control of your Apple ID: support.apple.com/en-us/HT204145.

Some people would advise you to not remove the stolen phone from your Apple ID account. If you do, you will lock yourself out of many ways to recover the phone, although the thief can block many of the protections because they know the passcode.

Multi-Factor Authentication:

An essential protection strategy is configuring multi-factor authentication, such as facial recognition, on apps and websites that support MFA. However, many two-factor authentication techniques rely on you having access to your phone.

It can be complicated to reset passwords on your sites and apps using multi-factor authentication if the second factor goes to the stolen phone’s phone number or relies on you having your phone for some other step. If you set up the MFA to send a text message to the phone, and the thief has your phone, they will see the text message, and you will not.

That might spur you to get a new phone and transfer the phone number to your new phone ASAP before the attacker logs into your apps and sites and changes the verification phone number to a number only they can access, and locks you out.

For websites or services that only support text messages for the second step, consider having text messages go to a device other than your phone.  Consider investing in an inexpensive flip phone with a different phone number to receive text messages. If the website or app supports other options for the second factor besides only text messages, consider how a phone thief could bypass them.

For example, if MFA involves an email message, if the thief can easily access your email on your stolen phone, it defeats the purpose of MFA. If you set up email as the second step, use an email address that requires some other form of authentication or is unavailable on the phone. Ensure email messages do not pop up on the preview screen when received.

Or, do everything possible to prevent an attacker from stealing your phone and knowing its passcode.

If you use passkeys, be sure to see this blog posting: https://fosterinstitute.com/the-risk-iphone-theft-poses-to-your-passkeys-and-what-to-do-now/

Prevention:

To Apple’s credit, and they deserve a lot of credit, they are taking many steps to fight this problem. They must balance the phone’s usability with security, and their multiple advanced security controls are extraordinary, and their responses are highly effective. In the constant game of cat and mouse between those who want to protect you and those who wish to harm you, there might be better defenses when you read this. As of now, here are some essential steps to protect yourself:

One of the most helpful defenses is to be cautious about where and when you enter your passcode. Hence, attackers never find out your passcode. An attacker must know the passcode to the phone as part of resetting the Apple ID password. Using an alphanumeric passcode would be more difficult for a bad actor to read from a distance than a four or six-digit passcode.

Another strategy is to use facial or fingerprint recognition to unlock the phone. That would be Face ID, or Touch ID when available, on Apple devices. If the user doesn’t type their passcode into the phone, nobody can “watch the victim type their code” into the phone. If Face ID won’t work due to lighting conditions or some other factor, rather than entering the passcode, you could move somewhere safe where Face ID works.

Even if the attacker holds the phone in front of the victim’s face and the phone unlocks, the attacker still won’t know the passcode to reset the Apple ID account password. Furthermore, Apple’s Face ID settings have an option called “Attention Detection,” so if the user is unconscious or drugged, the facial recognition will refuse to unlock the phone. Unless the thief coerces the victim to tell them the passcode, the thief cannot reset the Apple ID password.

Consider using a password manager rather than the Keychain that is tied to the Apple ID. If the user doesn’t use the Keychain to store passwords and uses a password manager such as 1Password, LastPass, NordPass, or others, then the thief knowing the phone’s passcode does not give them access to passwords stored outside of the Keychain. Ensure your password manager’s settings force you to enter a passcode and do not use the same passcode as the phone.

Before everything seems hopeless, remember this disaster starts when a thief sees you enter your passcode and steals your phone.

Be Proactive:

Erase your SSN, NI, DL, Passport, or other sensitive information anywhere you’ve stored it, whether in text, contact records, photos, and everywhere else. The thief will search for that information and use it to open accounts, take out loans, and perform other identity theft compromises.

And obviously, don’t share your passcode with anyone other than, if you are going to share it, a family member or close friend you can trust with the key to your digital world.

If you’ve not done so recently, visit appleid.apple.com to update all of your personal or security info. Look for an email address that is not yours. Be sure you recognize the devices in your account.

While you are there, consider setting up someone you trust who has an Apple device as a Recovery Contact who can vouch for you and generate a code to help you recover your Apple ID. They cannot access your data, only verify your identity if you lose access to your Apple ID. Details: support.apple.com/en-us/HT212513

You could set up a 28-character Recovery Key to print out and store in multiple secure locations to help you recover your Apple ID. But be careful. If you choose to have a Recovery Key, and lose the 28-character key, even Apple cannot help you recover your Apple ID. Details: support.apple.com/en-us/HT208072

You’ll see an option to set up a Legacy Contact who, with access to your death certificate, can access your photos and text messages but not passwords. Details: support.apple.com/en-us/HT212360.

Stay current on updates. Rarely do updates create security issues; more often they provide protection against ways attackers find to bypass security.

If you lose access to your Apple ID, you could permanently lose access to your photos of you, your friends, and your family. This underscores how important it is to keep backups of your Apple photos and videos in case someone takes over your Apple account: https://support.apple.com/en-us/HT209454.

Reality Check:

Rather than go through life fearing what could happen, reduce the damage you can suffer and the likelihood of something terrible happening. Continue to recognize and avoid dangerous situations and locations. Keep your phone secure, never enter your passcode when someone can see you, and take the preventative and proactive steps above. Now that you know the risks, your subconscious will alert you to dangers more than before.

Examine your risk tolerance. Balance the likelihood of someone stealing your phone against the damage a phone thief can cause you. If you need to be super-secure, you can reevaluate your practices based on the information contained within. Some people might take some steps to reduce the danger and accept what risk is left. Others might leave their phone locked safely at home more often when they go out.

With the advent of AI, attackers will find new ways to steal, but AI will also help develop new ways to prevent attacks. Everything is changing so quickly on both sides. When you read this, perhaps additional protections are available to help keep you, your organization, and your loved ones safe.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

Disclaimer: The information provided in this blog is for general informational purposes only. Technology changes constantly, and some of this information might become obsolete or incorrect. We do not endorse or receive compensation for mentioning products, services, or brand names. Any outbound links provided are for your convenience and to get you started, but we cannot guarantee the security or safety of those external websites. Conducting your research and making an informed decision about any products or services mentioned here is essential. We shall not be held responsible for any actions taken based on the information provided.

The post Be Prepared: Know the Impact of iPhone Theft and What to Do Right Now appeared first on Foster Institute.

If you want to know more about passkeys: https://fosterinstitute.com/the-rise-of-passkeys-a-paradigm-shift-in-authentication-technology/

To gain the most value out of the information below, first review the details about how a stolen phone creates an authentication disaster: https://fosterinstitute.com/be-prepared-know-the-impact-of-iphone-theft-and-what-to-do-right-now/

As mentioned above, if your phone with passkeys is stolen, the thief can access your accounts and deny you access. Because passkey technology and strategies are constantly evolving, there might be more solutions when you read this. As of now:

One possible solution would be storing the passkeys in a password manager, not the Keychain. Then, as long as the attacker cannot unlock the password manager, the attacker will not have access to the passkeys. And if an attacker destroys the passkeys in the Keychain or blocks access to your Apple ID and thus Keychain, you would still be able to access your passkeys since the passkeys are stored in the password manager. The password manager NordPass advertises allowing users to create, store, and share passkeys between their devices. The password managers 1Password and LastPass have announced they will support storing passkeys soon. As you read this, other password managers might support storing passkeys too.

Without using a password manager to store passkeys, another way to protect passkeys would be to set up passkeys in multiple environments. Many iPhone users have a Windows desktop or laptop too. Or they might purchase an Android device where they could configure passkeys. Even if an attacker resets the Apple ID password or deletes the passkeys from the Keychain, thus blocking the victim’s access from all their Apple devices, the victim can still access their sites protected with a passkey generated using their Windows or Android device. Then they can revoke the passkeys created in their Apple ecosystem to prevent the attacker from authenticating from the stolen phone.

But unless users have them already, it is extra trouble and expense to buy a Windows computer or Android phone and remember to set up passkeys on two different devices. Someday, the technology created for convenience might allow the same passkey to function across Apple, Windows, and Android devices. That would render this strategy ineffective, but it could be a long time before such cooperation comes to fruition. A drawback of having more than one device is it gives thieves more opportunities to steal. Thus, using a password manager to store passkeys is a better option for many unless they distrust the security of password managers.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

Disclaimer: The information provided in this blog is for general informational purposes only. Technology changes constantly, and some of this information might become obsolete or incorrect. We do not endorse or receive compensation for mentioning products, services, or brand names. Any outbound links provided are for your convenience and to get you started, but we cannot guarantee the security or safety of those external websites. Conducting your research and making an informed decision about any products or services mentioned here is essential. We shall not be held responsible for any actions taken based on the information provided.

The post The Risk iPhone Theft Poses to Your Passkeys and What to Do Now appeared first on Foster Institute.

Once attackers gain access to a network, before they make themselves known, they explore your files to

• Locate cyber insurance policies to determine what your coverage limits are.
• Find financial statements to determine how much ransom you can afford to pay.
• Look for the most sensitive files they can download and threaten to release if you do not pay them.
• And watch to see if you’ve discovered, or suspect, that they’ve gained access to your compute

Do you have folder names that contain these letters in a row?

bank
Bank*Statement
budget
HR
Insurance
IRS
password
SSN

See below for the complete list of 123 groups of characters.

The security group MalwareHunterTeam obtained the Pysa ransomware operation’s attack script and shared the list with Bleeping Computer.

Hopefully, we don’t reach a point of needing to name folders, not using descriptive names, but the names of sections of parking lots at major amusement parks. A better strategy is to do everything possible to prevent the attackers’ access. Rather than terrify you, use any concern you feel to redouble your efforts to implement robust cybersecurity controls, including but not limited to:

• Utilize application control features of operating systems. Consider Microsoft AppLocker but consider keeping the implementation less complex by not verifying hashes.
• Apply critical security updates to operating systems, applications, and infrastructure devices such as firewalls.
• Eliminate local administrative rights for all users.
• Have both online and offline backups. Offline backups are disconnected from your network so that if an attacker gets into your network, they cannot alter your backups.
• Even though it can be a monumental task, practice a complete system restore into a test environment so you can rest more confidently that you can get your data back in the event it is encrypted during a ransomware attack.
• Use a two-step login feature for online programs, VPNs, and remote desktop connections.
  If you still have a local Exchange server, migrate it to Office 365 ASAP. Exchange mail servers are the target of successful attacks.

Please communicate with your IT professionals and support them by providing time to focus on implementing security controls. Help them with automation and delegation of daily tasks.

Please forward this to your friends, so they see this example and appreciate the level of sophistication of ransomware tools.

Here’s a full list of text the ransomware program will look for automatically in your folder names:

941
1040
1099
8822
9465
401K
4506-T
ABRH
Addres
agreem
Agreement Disclosure
ARH
Assignment
Audit
balanc
bank
Bank Statement
Benef
billing
Brok
budget
bureau
card
cash
CDA
checking
claim
clandestine
compilation
compromate
concealed
confid
confident
Confidential Disclosure
contact
contr
CPF
CRH
Crime
DDRH
Demog
Detail
Disclosure Agreement
Disclosure Confidential
DRH
emplo
Enrol
federal
Finan
finance
Form
fraud
government
hidden
hir
HR
Human
i-9
illegal
important
Info
insider
Insurance
investigation
IRS
ITIN
K-1
letter
List
Login
mail
NDA
Numb
Partn
passport
passwd
password
pay
payment
payroll
person
Phone
privacy
privat
pwd
Recursos Humanos
report
Resour
resurses human
RHO
routing
RRHH
saving
scans
sec
secret
security
seed
Signed
sin
soc
SS-4
SS#
SSA
SSN
Staf
statement
Statement Bank
studen
SWIFT
tax
Taxpayer
Terror
Transact
unclassified
Vend
W-2
w-4
W-7
W-8BEN
w-9
W-9S

Source of the list of filenames, used with permission: https://www.bleepingcomputer.com/news/security/ransomware-gangs-script-shows-exactly-the-files-theyre-after from https://twitter.com/malwrhunterteam

The post Attackers Scan Your Network for These Folder Names appeared first on Foster Institute.

Here is how the scam works: Suppose you want to look up a company online named Super Duper, so you type the store’s name into your favorite search engine. An attacker might have purchased the top result to take you to the website superduperco.com. However, if you knew to scroll down past the paid-for-results, you would have seen that the real website is superduper.com. Attackers set up a website and named it superduperco.com.

Their deceptive site might contain malicious advertising, ask you to enter credit card numbers during checkout, or tempt you to download malicious programs and apps. They might ask you to login or reset a password, and they capture the password you type in.

If you look up a retailer in a search engine, skip past the ads and paid results. Scroll down to see real search results. Even then, be skeptical in case attackers used SEO techniques to appear at the top of the actual search results.

Please forward this to your friends to alert their users that top search engine results can be a trap.

The post Beware: Attackers Buy Top Search Engine Results to Trick You appeared first on Foster Institute.

Set a passcode on the device. Even a 4-digit code is much better than nothing. Just avoid 0000, 1111, 1234, 2580, or other easily guessed codes. Keeping the device in your possession, or in a secure place, is just as essential since is can prevent the opportunity for someone to guess your password.

Keep the device backed up, and apply security patches as soon as they are released. The patches often protect against attacks that are already happening in the wild.

Do not connect to Wi-Fi networks without weighing the risk of convenience versus your potential benefits. When you connect to any Wi-Fi network, there is a chance that attackers can exploit your device in many ways. Because bad actors can trick your device into connecting to their malicious access points without your knowledge, consider using your device’s settings to disable Wi-Fi when you are not using it. Re-enable Wi-Fi only when you are at your office, home, or in another trusted environment.

At the office, there is technology that will allow your IT team to implement MDM, Mobile Device Management, to restrict your team members’ activity on their devices. This can help protect against one of your team members accidentally becoming a vector for attackers to access, and potentially interfere with, your entire organization’s network.

For families, keep these three possibilities in mind:

First, use the internal parental controls and restrictions that are built into the device. The settings and features are very effective, and well documented on the support sites. More features can be added with security and feature updates, so review the settings periodically. The best strategy for using these restriction settings is to use steps A, B, and C.

• Step A: As you apply security and privacy restrictions to a device for a family member, keep reminding yourself that you are restricting that device for their, not your, needs. It is easy to think about how you might want to use wireless payment options, and then you avoid restricting the options accordingly. When in doubt, restrict. You can always re-enable features later.
• Step B: Before applying parental control restrictions, first configure the other settings on the device. If you apply parental control restrictions first, you may find that you’ve restricted your own ability to adjust these settings.
• Step C: Wait until you finish steps A and B before you apply the restrictions designed to protect family members. You’ll be prompted to create your own unique password so that, in theory, only you can adjust the parental controls.

Second, when protecting families, consider commercially available tools designed to enhance your ability to, not only restrict, but also monitor usage. Many reviews place a product named Qustodio at the top of the list. We receive no compensation in any way for recommending this, or any other product or service. We just want you to have a place to start. It seems that, for many of the control tools available, parents either love them or hate them, depending on their expectations. To help ensure a good outcome for you, research the features and read comments from other parents. Restrict your search to comments made in 2017. Each product’s features, and approval ratings, tend to change from year to year. Some products will even permit you to restrict laptops and desktop computers in addition to tablets and phones. Interestingly, you may find that third party software is able to restrict Android devices more than Apple devices. This is because Apple’s own internal controls are already so restrictive, they can partially block the parental control software too.

Third, consider restricting the Internet access at your home, too. For example, you may choose to set a time limit on usage duration or time of day. This can help ensure that youngsters get enough sleep. A very powerful tool is called Circle with Disney. Again, we receive no compensation for recommending products or services. This tool is widely accepted as being one of the best. If nothing else, check out its features to help you get an idea of what you may want to control. It has a feature that can restrict access even when the device uses a cellular connection or connects to a different network. That added protection can prevent family members from simply going to someone else’s house to operate without restrictions. Bear in mind that Internet filtering tools do not restrict the ability for family members to use apps, except for apps that need to connect to the Internet in order to function. The afore mentioned products can control both apps and Internet usage. But sometimes having two products can be helpful too.

When implementing family control tools, remember that all of them include privacy risks. While restricting apps and Internet usage, software is able to monitor your family members’ electronic behavior too. That information can be sold to marketing firms who already build a profile on each consumer. Do you want to contribute to what they know about your family members? What if bad actors gain access to information that helps them target a family member? You may decide the risks are worth the benefits.

Please forward this information to everyone you know who might want to place restrictions on Apple and Android based devices. Thank you for helping make the world a safer place to live and work! Happy New Year!

The post Protecting and Restricting iPads, iPhones, and Android Devices appeared first on Foster Institute.

If you want to be able to reach them when they are off playing around the neighborhood, or stay in contact when you all go to holiday festivities, the amusement parks, or about anywhere else, consider the wonderful radios that can be purchased for a fraction of the price of phones.

The FCC set aside frequencies for family radio service (FRS) for free, and for a FCC registration fee, members of the same household can use the more powerful GMRS radios.

Someone loses, or breaks, a radio? Easy to replace. No monthly fees.

We keep several radios right next to the front door. Someone leaves to go play? Grab a radio. The whole family headed for an indoor or outdoor adventure, grab all the radios. The range isn’t unlimited, but we can reach each other easily within a two-mile radius, and usually, since our family travels, and howls, in packs, it is more than enough. Need more range? That’s an option too.

If you want more details, please ask.

The post Portable Radios Can Replace Family Phones appeared first on Foster Institute.

Data stolen may include contact information, dates of birth, driver’s license information, and Social Security numbers. Attackers can make money selling the information to people who could steal your identity and take out loans in your name.

Place a credit freeze on your credit report. To do so, contact all four: Experian, Innovis, Trans Union, and, you guessed it, Equifax. In total, you’ll spend less than $75 to place the freeze.

A credit freeze stops people for gaining access to your credit report. It is difficult for an imposter to borrow money if a lender cannot check a credit report first.

Remember, credit monitoring, though good, sometimes only catches bad things when it is too late.

A security freeze is more effective, and lasts longer, than a fraud alert.

Additionally, watch out for anything odd or abnormal on your bank statements. Download your credit reports every quarter to see what is on them. One way to see your credit reports is to use a service such as annualcreditreport dot com

The FTC gives suggestions about avoiding and handling identity theft at consumer.ftc dot gov/features/feature-0014-identity-theft

Equifax has set up a website equifaxsecurity2017 dot com for people to see if their information was part of the breach. However, many people have been experiencing problems with that website.

Executives – FYI: Reports say that the attack did not result from social engineering. In other words, nobody clicked a bad link in an email. The attackers got in because an Equifax website was insecure. Have you had someone check the security of your website lately? If your site simply displays static information, you are at a much lower risk than if your site has a place for someone to login and/or look up information via your site.

Reports say that the breach may have happened as early as May, and Equifax discovered the breach on July 29. The time between when attackers compromise a system, and when it is discovered, is called dwell time. The best thing to do is to stop hackers from getting in to begin with. Keep security a top priority at your organization! The attackers are counting on you to overlook important steps.

Please forward this to anyone you care about…

The post What You Need to Do to Protect Yourself after the Equifax Breach appeared first on Foster Institute.

Be sure the “automatic update” feature is turned on in Windows and in Mac OS. Students must have the critical security patches installed to dramatically increase security. They’ll need to patch their browsers separately.

Uninstall all programs that they don’t think they will use. Start with the programs that are easy to recognize and skip the rest for now. Each program is a potential toe-hold for an attacker to gain access to a system. Worst case, if they delete something now that they need later, they can re-install it. In particular, remove Java and Flash. These are two tools that are frequently hacked and may be unnecessary. If a student finds they need either, he or she can reinstall them with the newest version. Make sure they get Java only from java dot com and Flash from get.adobe dot com/flashplayer/

Make sure they make their user account a “standard user” on their computer. This helps block attackers. Steps for Windows and Mac: 1) Create a new user 2) promote that user to be a local administrator 3) Demote your account to a standard user and use your own account.

Turn on two-step verifications on all the websites they visit. The setting is usually in the security settings of the website.

They need to keep their computer physically secure. Someone could access their files, social media, and e-mail accounts easily and without their knowledge. Passwords aren’t that helpful. It is usually trivial to bypass passwords on computers once an attacker gains physical access to a computer.

And though they may not heed this last step, it is a really good idea to avoid connoting to Wi-Fi services at school, coffee shops, etc. It is better if they use their phone or personal hot-spot to connect their computer to the Internet when they need to. The phone charges may be lower than you expect, especially if you call your phone provider and check about new data plan options.

Please forward this to your friends who have students; it can help prevent some big heartaches.

The post Moms, Dads, and Friends: Take 7 Steps to Secure Your Students’ Computers appeared first on Foster Institute.