<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>IT Security Archives - Foster Institute</title>
	<atom:link href="https://fosterinstitute.com/category/it-security/feed/" rel="self" type="application/rss+xml" />
	<link>https://fosterinstitute.com/category/it-security/</link>
	<description>Cybersecurity Experts</description>
	<lastBuildDate>Tue, 30 Jun 2026 02:23:07 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://fosterinstitute.com/wp-content/uploads/2021/02/Favicon.png</url>
	<title>IT Security Archives - Foster Institute</title>
	<link>https://fosterinstitute.com/category/it-security/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>An Executive’s Guide to Demystifying and Understanding the Four Families of AI Tools</title>
		<link>https://fosterinstitute.com/four_families_of_ai_tools/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Sun, 21 Jun 2026 14:29:57 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[IT Best Practices]]></category>
		<category><![CDATA[IT Security]]></category>
		<category><![CDATA[Technology]]></category>
		<category><![CDATA[Technology Safety Tips]]></category>
		<category><![CDATA[Technology Tips]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=6216</guid>

					<description><![CDATA[<p>What a great time to be alive! AI tools and features are being released so quickly, too fast for most busy executives to keep up with. This article gives you a framework your brain can use to understand and file your knowledge about the tools that exist now and the new ones as they arrive. [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/four_families_of_ai_tools/">An Executive’s Guide to Demystifying and Understanding the Four Families of AI Tools</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>What a great time to be alive! AI tools and features are being released so quickly, too fast for most busy executives to keep up with. This article gives you a framework your brain can use to understand and file your knowledge about the tools that exist now and the new ones as they arrive.<br />
<img decoding="async" class="alignnone size-full wp-image-6239" src="https://fosterinstitute.com/wp-content/uploads/2026/06/four-families-map-v4.png" alt="" width="2400" height="1300" srcset="https://fosterinstitute.com/wp-content/uploads/2026/06/four-families-map-v4.png 2400w, https://fosterinstitute.com/wp-content/uploads/2026/06/four-families-map-v4-1280x693.png 1280w, https://fosterinstitute.com/wp-content/uploads/2026/06/four-families-map-v4-980x531.png 980w, https://fosterinstitute.com/wp-content/uploads/2026/06/four-families-map-v4-480x260.png 480w" sizes="(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) and (max-width: 1280px) 1280px, (min-width: 1281px) 2400px, 100vw" /></p>
<h2>Your Framework for Your Memory</h2>
<p>Inside each family, there are smaller groups of tools. Each family below lists those groups, with some example tools available now (June 2026) and where they fit. We do not endorse any of these tools, nor do we recommend or advise against any of them, although we do use many of them. The product names are here to make the differences between the families easier to recognize.</p>
<h3>Family 1 &#8211; Analysts: AI tools that Analyze</h3>
<p>For tools in this family, you chat with the AI. It can research a topic, summarize a long document, write a draft, pull out the key points, and work inside projects you have set up. For non-technical professionals, this is the most visible way to use AI as of June 2026. Think of this family as an analyst on your team. It studies things, reports back and then you decide what to do.</p>
<p>You will notice that many tools you already use have a built-in chat helper. When you ask that built-in helper to research or summarize, it behaves like a Family 1 Analyst, even though the chat feature is embedded in another program. The makers tend to label these helpers &#8220;Assistants.&#8221; A real human assistant can take action for you, and that is where the next family comes in.</p>
<ul>
<li><strong>General chat analysts:</strong> Claude, ChatGPT, Gemini, Perplexity, Microsoft Copilot. Microsoft sells Copilot in three tiers: the free Copilot, the individual Copilot Pro, and the business Microsoft 365 Copilot that natively accesses your company data, works inside several Microsoft Office apps, and, for now, lets you choose which AI model answers, including Anthropic&#8217;s Claude and OpenAI&#8217;s models alongside Microsoft&#8217;s own.</li>
<li><strong>Customized analysts:</strong> Claude Projects &amp; Skills, Custom GPTs &amp; GPT Projects, Gemini Gems, Perplexity Spaces, Microsoft 365 Copilot Agents, Microsoft Copilot Notebooks</li>
</ul>
<h3>Family 2 &#8211; Assistants: AI tools that Take Action</h3>
<p>You delegate tasks to AI, and it completes them. You can give these &#8220;task agents&#8221; selective access to your files, your mouse, and your screen, and they have connectors to other programs you use. Your instructions to a task agent can let it move a file, send an email, write a row in a spreadsheet, add a record to a database, notify your team, and more. Instead of dragging a dozen documents into a Family 1 Analyst and asking it to do a task, your task agent can find the dozens of files itself and do the work using those files, based on your instructions.</p>
<p>While using AI in Family 1 carries privacy and security risks, Family 2 requires even more attention. Don&#8217;t be afraid to use these tools, but approach them carefully and put safeguards in place. You must accept some risk in order to use these tools. &#8220;Cloud task agents&#8221; that run in the cloud put you at risk if an attacker can find a way to exploit weaknesses in them by using techniques such as &#8220;prompt injection&#8221; to trick your AI task agent into working for them. One goal threat actors have is to trick your task agent into sending them sensitive information. Once you start using &#8220;on your machine&#8221; task agents that might have access to your local computer, including accessing some files on your drives and the ability to imitate you by moving the mouse and clicking the mouse buttons, based on what it &#8220;sees&#8221; on your screen, your risk increases. If your AI behaves irrationally, or an attacker is able to take control of it, you&#8217;re more exposed.</p>
<ul>
<li><strong>Cloud task agents:</strong> ChatGPT Agent, Gemini Spark, Perplexity Computer, Microsoft Copilot Cowork (cloud task agent) run in the cloud. As with everything in all these families, be aware of privacy and security risks.</li>
<li><strong>On-your-machine task agents:</strong> Claude Cowork, Perplexity Personal Computer, OpenClaw, NanoClaw, and Microsoft Scout. Be especially aware that if you use these task agents running on your machine, they can pose enormous security risks in some cases. Scout, built on the open-source OpenClaw project, is experimental as of late June 2026.</li>
</ul>
<p>The difference in Family 2 compared to Family 1 is that here you end up with a completed task, something a task agent did for you based on your instructions right then.</p>
<h3>Family 3 &#8211; Tools that let you create workers</h3>
<p>This family is where you build highly skilled workers who can start on their own at an event, such as when an email arrives or at a set time of day. You manually start the Family 2 tools. Family 3 helps you produce task agents that can start automatically, without you needing to be present.</p>
<p>There are two kinds of workers you can make here. The first is a workflow in which you lay out every step yourself, so the result is predictable and repeatable. You have the option to add or not add AI to your workflow, and the difference is massive. AI reasons on its own, so you will not always get the same result if you use AI within a workflow. When you add an AI step to a workflow, it can return different results each time, and that variation can disrupt the operation of the otherwise predictable steps that follow. Workflows can be composed of steps that do not have to use AI at all, so the workflow is predictable, which is essential for work that must be accurate every time, such as exact statistical or financial calculations.</p>
<p>The second type of AI in Family 3 is a task agent builder. Instead of writing out every detailed step, you give the worker a goal and let it work out the steps on its own. You design a worker that you will not tell what to do; you just give it an outcome to achieve. Because you don&#8217;t define the steps exactly, a task agent may produce different results each time you use it.</p>
<p>Both kinds run automatically when an event occurs, such as an email arriving, and both let you hand off tasks you used to do manually. The difference is whether you want to define the steps or let AI choose its own steps to achieve your result. The first can be predictable if you leave AI out of the steps, and the second can be fluid, flexible and adaptable, but be prepared that you might not always get a result you expected.</p>
<ul>
<li><strong>Workflow automation:</strong> Zapier, Make.com, n8n, Gumloop, Microsoft Power Automate</li>
<li><strong>Agent builders:</strong> Zapier Agents, OpenAI Agents SDK, Botpress, StackAI, Microsoft Copilot Studio. (OpenAI&#8217;s no-code Agent Builder, which used to accompany the Agents SDK, is being retired on November 30, 2026.)</li>
</ul>
<h3>Family 4 &#8211; Tools that let you write programs</h3>
<p>With these tools, you explain a program in plain English, and the AI writes it for you. This activity is called vibe coding. AI helps you add features and upgrade your program whenever you want, without you needing to learn how to program. Experienced developers use this family too, to speed up their own work.</p>
<p>There are two kinds here. The first kind, called app builders, write the program and host it for you in their cloud, so you stay in plain English from start to finish. You won&#8217;t need to understand much about how programs work on the backend.</p>
<p>Other tools, called agentic coding tools, write code you can run wherever you like, giving you more power and showing you more of the moving parts. You&#8217;ll have an opportunity to get a little deeper into what is going on, and the AI tool can help you through the process. Having the flexibility not to be locked into a specific vendor&#8217;s cloud can be appealing in some cases.</p>
<ul>
<li><strong>App builders:</strong> Base44, Lovable, v0, Replit, GitHub Spark. GitHub Spark, which Microsoft owns, is still in preview as of late June 2026.</li>
<li><strong>Agentic coding tools:</strong> Claude Code, Codex App, Cursor, GitHub Copilot.</li>
</ul>
<h2>Terminology</h2>
<p>Now that we have covered the families as a framework, here are some terms in case any of them are new to you.</p>
<p><strong>Agent.</strong> The term &#8220;Agentic AI&#8221; refers to AI that can take action, and the word &#8220;agent&#8221; always benefits from a descriptor next to it, such as &#8220;coding agent&#8221; for an agent that writes code, &#8220;task agent&#8221; for an agent that performs tasks, and so on.</p>
<p><strong>Embedded AI.</strong> This is when software you already own has AI features built in, such as a chat helper in your email or a spreadsheet. Usually, embedded AI is a feature you enable, not a separate tool.</p>
<p><strong>Connections.</strong> Connectors provide access. This is how programs connect to other programs you use, online services, databases, and everything else. For AI to work in the real world, and to reach the data sitting in your databases and elsewhere, you need connectors. You may see the terms API and MCP; I will cover them in a future article. They are the backbone of most connectors that provide access. Access by itself is not enough, though. The tool also needs to know what to do with that access, which leads to the next term below, skill.md. Connectors carry a significant risk if a threat actor compromises one. We call this &#8220;east-west&#8221; security because it involves data flowing between programs, as opposed to the traditional &#8220;north-south&#8221; security that protects your data and systems via a firewall. Using connectors bypasses firewall protection because your SaaS applications can communicate with each other without the conversation ever passing through the traditional firewall at your network perimeter, where your network connects to the outside world. This east-west traffic is harder to see and control than traditional perimeter traffic, and it should be on your CISO&#8217;s radar, especially if workers set up connections without their knowledge or approval. Threat actors target connectors. I will cover service-to-service, API, and MCP security inside and between environments in more detail in a future article.</p>
<p><strong>SKILL.md.</strong> This is a file that teaches AI how to do a task the way you want it done. The skill file often includes instructions on how to work with another program you have connected to, and it can also hold your own process, such as your style, checklist, or standards. The connector gives the AI access; the skill file gives it the know-how to do a great job. As an aside, the &#8220;md&#8221; in the file name stands for &#8220;markdown,&#8221; and md files are saved as plain text you can read and edit in a basic app such as Notepad or TextEdit. People often say &#8220;skills&#8221; out loud, while the file itself is usually named SKILL.md. Just as you train a new worker at your organization, you can use a skill file, along with related markdown files, to train your task agents and other AI tools.</p>
<p><strong>AaaS.</strong> Agent as a Service is a way you can pay for task agents to perform specific tasks for you. Their features fit in Family 2 above, and they are useful when you just want to pay for a result. For example, you might pay a monthly fee for a task agent to run your lead follow-up and clean up your sales pipeline.</p>
<p><strong>Loops.</strong> Looping is a recursive process in which the AI plans, acts, observes, and refines, then repeats the cycle, starting with refined planning. Each pass through the loop can improve the result. Keep in mind that more loops do not always mean a better answer; the gains usually are higher during the first rounds. As of now, a loop can drift in the wrong direction if it is unsupervised and runs too many times. Looping also uses a lot of computing power, known as &#8220;compute,&#8221; which can mean a high token cost, the next term.</p>
<p><strong>Tokens.</strong> Companies such as Google, OpenAI, and Anthropic charge you to use their models, and the unit they use to measure usage is called a token. To give you a rough idea, a token is about three-quarters of a word in the English language. If you are using a Family 1 chat tool for a monthly fee, you usually are not billed by the number of tokens you use, but you might find yourself temporarily restricted if you reach a specified limit. The other families may have features that result in your getting charged per token. You use more tokens when you run more activities, open larger files, and run processes more often. You are charged for both what you send to the model and what it sends back to you. The topic of saving money with AI while being charged per token deserves special attention, because some companies are finding AI is becoming very expensive for them. I will write an article about that soon, probably next week.</p>
<h2>Conclusion</h2>
<p>You now have a shared vocabulary and, more importantly, a framework for filing AI tools into families. Share this with your friends so that, as new AI tools arrive, and they will keep arriving quickly, they can file each tool into its family and help keep their sanity while everything else keeps changing.</p>
<p>The post <a href="https://fosterinstitute.com/four_families_of_ai_tools/">An Executive’s Guide to Demystifying and Understanding the Four Families of AI Tools</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Executives &#8211; Any User Can Accidentally Expose All Your Data Unless IT Changes This Default Setting</title>
		<link>https://fosterinstitute.com/executives-your-employees-might-be-one-click-away-from-exposing-all-sensitive-data-heres-how-to-stop-it/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Wed, 04 Jun 2025 21:08:04 +0000</pubDate>
				<category><![CDATA[Alerts]]></category>
		<category><![CDATA[Best Practices]]></category>
		<category><![CDATA[Cloud Security]]></category>
		<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[IT Best Practices]]></category>
		<category><![CDATA[IT Pro Tips]]></category>
		<category><![CDATA[IT Security]]></category>
		<category><![CDATA[IT Settings]]></category>
		<category><![CDATA[Microsoft Settings]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=6097</guid>

					<description><![CDATA[<p>Your employees might be one click away from exposing all sensitive data. Here&#8217;s how to stop it. We&#8217;re receiving calls from our cybersecurity customers when the IT Team discovers that ordinary users have given third-party applications access to all their organization&#8217;s files, email messages, calendar events, Teams chats and channels, and other data. How can [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/executives-your-employees-might-be-one-click-away-from-exposing-all-sensitive-data-heres-how-to-stop-it/">Executives &#8211; Any User Can Accidentally Expose All Your Data Unless IT Changes This Default Setting</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Your employees might be one click away from exposing all sensitive data. Here&#8217;s how to stop it.</p>
<p>We&#8217;re receiving calls from our cybersecurity customers when the IT Team discovers that ordinary users have given third-party applications access to all their organization&#8217;s files, email messages, calendar events, Teams chats and channels, and other data.</p>
<p>How can ordinary users have that much power?</p>
<p>By default.</p>
<p><strong>Situation:</strong> This configuration affects most companies. While the default settings for your Microsoft 365 system allow your users to approve third-party access, Microsoft recommends the following more restrictive settings to increase security.</p>
<p><strong>The Risk:</strong> Without this setting, workers may override protections without oversight and allow any application to access your company data, create and delete files in SharePoint and OneDrive, read and send email messages, edit calendar events, access and modify Teams chats and channels, update user profile information, and perform other tasks. While some applications might need this level of access, it must be granted only after the appropriate authorities, including your IT Team, thoroughly consider it.</p>
<p><strong>Reality Check:</strong> This setting catches many IT Teams by surprise. Microsoft is updating its security controls quickly, and it is nearly impossible for IT Teams to keep up with the changes. And when defaults promote ease-of-use over security, like this one, your systems can become at risk quickly without the team realizing it. Know that your IT Team&#8217;s level of expertise can be excellent, and situations like this sneak up on them anyway.</p>
<p><strong>Urgent Quick Verification:</strong> Your IT Team can quickly access the Microsoft Entra admin center &gt; Enterprise applications &gt; Consent and permissions &gt; User consent settings. There are three options:</p>
<ul>
<li>&#8220;Do not allow user consent.&#8221;</li>
<li>&#8220;Allow user consent for apps from verified publishers, for selected permissions.&#8221;</li>
<li>&#8220;Allow user consent for all apps&#8221; (the current risky default value)</li>
</ul>
<p><strong>Update If Necessary:</strong> Microsoft recommends you select “Allow user consent for apps from verified publishers, for selected permissions.” Different organizations have different data access needs. Your IT and compliance teams must determine the appropriate level for your situation. Smaller organizations might choose the first option if they don&#8217;t want users to expose data to third-party applications without checking with the IT team. Larger organizations with more complex needs often prefer the middle option with careful permission management to take some of the workload off busy IT professionals while providing protection.</p>
<p><strong>Next Step:</strong> Your Administrators will also need to specify which permissions are low-impact, as detailed in Microsoft&#8217;s article &#8220;Overview of user and admin consent.&#8221;</p>
<p><strong>Facilitate the Approval Process:</strong> Your team can optionally set up an admin consent workflow that users must follow when they want to provide permissions.</p>
<p>Forward this to your friends who are executives at other organizations so they can give their teams this heads-up, too.</p>
<p>The post <a href="https://fosterinstitute.com/executives-your-employees-might-be-one-click-away-from-exposing-all-sensitive-data-heres-how-to-stop-it/">Executives &#8211; Any User Can Accidentally Expose All Your Data Unless IT Changes This Default Setting</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Your Advanced AI Models Are Now Learning to Give Fake Answers</title>
		<link>https://fosterinstitute.com/your-advanced-ai-models-are-now-learning-to-give-fake-answers-2/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Fri, 27 Dec 2024 20:00:40 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[Best Practices]]></category>
		<category><![CDATA[IT Risk Management]]></category>
		<category><![CDATA[IT Security]]></category>
		<category><![CDATA[Technology Safety Tips]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=5968</guid>

					<description><![CDATA[<p>We&#8217;ve renamed our sweet, playful Golden Retriever &#8220;She didn&#8217;t mean to&#8221; since she&#8217;s unaware of her ability to cause damage. Just like when she bumps into the vase in the hall, it falls to the floor, shattering; even though there was no intention to harm, the damage is done. Just because AI doesn&#8217;t intend to [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/your-advanced-ai-models-are-now-learning-to-give-fake-answers-2/">Your Advanced AI Models Are Now Learning to Give Fake Answers</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>We&#8217;ve renamed our sweet, playful Golden Retriever &#8220;She didn&#8217;t mean to&#8221; since she&#8217;s unaware of her ability to cause damage. Just like when she bumps into the vase in the hall, it falls to the floor, shattering; even though there was no intention to harm, the damage is done. Just because AI doesn&#8217;t intend to cause harm, it could, and there&#8217;s lots more than a vase at stake.</p>
<p>AI models are trained to align with human values and never tell people how to cause harm. This is called &#8220;AI Alignment&#8221; training. New research reveals advanced AI models can give answers that demonstrate harmlessness during training and testing, only to drop the &#8220;harmless&#8221; act while operating in the real world. This doesn&#8217;t mean AI will hurt us all soon, but it raises serious concerns about whether the models are actually aligned with human interests.</p>
<p>To score well on your exams, did you ever choose answers you knew the professor wanted, even if you disagreed? Surprisingly, advanced AI systems seem to have developed a similar capability, giving fake answers to match what trainers want during AI alignment training. Scientists at Anthropic, an AI company valued at $18 billion and backed by Amazon and Google, explored this phenomenon in their paper &#8220;Alignment Faking in Large Language Models&#8221; in December 2024.</p>
<p>But hold on; those two paragraphs are written from the perspective that AI is like a human. It is essential to remember that AI models don&#8217;t have intentions or motivations like humans do. The observed behavior is not a conscious decision to deceive humans but results from the training process. Rest assured that scores of people are working on solving this problem and keeping AI results &#8220;safe&#8221; for humanity. When alarmist people predict AI will get out of control, it is more that our programming is flawed; most of us do not believe AI is making conscious decisions.</p>
<p>For businesses using AI tools, this means, from now on, to use AI responsibly, you must evaluate AI answers in two ways:</p>
<ol>
<li>As always, check if the AI is hallucinating and giving wrong information accidentally</li>
<li>And now, pay attention to whether the AI&#8217;s responses align with your values and safety guidelines</li>
</ol>
<p>The research published in the aforementioned article suggests that in regular conversations when AI doesn’t “think” it is being trained or tested, it’s more likely to give straightforward responses based on its core training.</p>
<p>Unfortunately, the discovery that advanced AI has evolved to give fake answers gives skeptics another reason not to trust AI.</p>
<p>As AI becomes more powerful, business leaders must be cautious and aware of risks as well as benefits.</p>
<p>My speeches about AI have focused primarily on its benefits. I’m creating new presentations about managing the emerging AI security risks that responsible business leaders must consider.</p>
<p>As AI becomes more powerful, business leaders must be cautious and aware of risks and benefits. At least I know my dog isn&#8217;t lying to me&#8230; I hope.</p>
<p>The post <a href="https://fosterinstitute.com/your-advanced-ai-models-are-now-learning-to-give-fake-answers-2/">Your Advanced AI Models Are Now Learning to Give Fake Answers</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Safeguard Your Apple iPhones and iPads: Activate the Latest Theft Protection Setting Now!</title>
		<link>https://fosterinstitute.com/safeguard-your-apple-iphones-and-ipads-activate-the-latest-theft-protection-setting-now/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Sun, 28 Jan 2024 03:46:40 +0000</pubDate>
				<category><![CDATA[Apple]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Family Cyber Safety]]></category>
		<category><![CDATA[IT Risk Management]]></category>
		<category><![CDATA[IT Security]]></category>
		<category><![CDATA[IT Settings]]></category>
		<category><![CDATA[Mobile Devices]]></category>
		<category><![CDATA[Mobile Security]]></category>
		<category><![CDATA[phones]]></category>
		<category><![CDATA[Technology Security]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=5714</guid>

					<description><![CDATA[<p>Imagine this: You&#8217;re waiting for a friend, texting them on your iPhone, unaware that a thief is watching you enter your passcode. Moments later, your phone is stolen. In an instant, your Apple life, including Apple Pay, Keychain passwords, and family photos, is at risk. To combat this, Apple&#8217;s iOS 17.3 introduces “Stolen Device Protection”. [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/safeguard-your-apple-iphones-and-ipads-activate-the-latest-theft-protection-setting-now/">Safeguard Your Apple iPhones and iPads: Activate the Latest Theft Protection Setting Now!</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Imagine this: You&#8217;re waiting for a friend, texting them on your iPhone, unaware that a thief is watching you enter your passcode. Moments later, your phone is stolen. In an instant, your Apple life, including Apple Pay, Keychain passwords, and family photos, is at risk.</p>
<p>To combat this, Apple&#8217;s iOS 17.3 introduces “Stolen Device Protection”. Here’s why activating it is crucial:</p>
<ol>
<li><strong>Face ID/Touch ID Requirement</strong>: Your iPhone will require your Face ID or Touch ID to turn off lost mode or erase the phone.</li>
<li><strong>Time-Delay Security</strong>: Changes to your Apple ID password, iPhone passcode, and key settings now have a one-hour delay.</li>
</ol>
<p><strong>Settings for Theft Protection</strong>:</p>
<ul>
<li>Quick Tip to find specific settings: Open Settings, swipe down slightly, and <strong>use the search box that appears at the top</strong>. You will find all of the settings in <strong>bold</strong> text by searching in Settings:</li>
<li><strong>Software Update</strong>: iOS 17.3 enables Stolen Device Protection.*</li>
<li><strong>Backup</strong>: Check your backup status by searching for <strong>Backup</strong> in Settings.</li>
<li>Use <strong>Face ID</strong> or <strong>Touch ID </strong>so potential thieves won&#8217;t see you enter your passcode.</li>
<li>Activate <strong>Stolen Device Protection</strong>:This is the new setting that spurred me to write this blog for you<strong><br />
</strong></li>
<li>Ensure &#8220;<strong>Find My</strong>&#8221; is enabled on Apple devices. Use iCloud.com/find or the Find My app to be sure tracking works.</li>
</ul>
<p><strong>Other Essential Steps:</strong></p>
<ul>
<li>Have alternate login methods for resetting passwords for apps and websites that use multi-factor and two-step logins.</li>
<li>If you use authentication apps, ensure you configure ways to generate codes or recover keys if you lose or erase your phone.</li>
</ul>
<p><strong>If Your Phone is Stolen</strong>:</p>
<ul>
<li>Act Fast: Use <strong>iCloud.com/find</strong> or the Find My app to enable “lost mode” and track your phone.</li>
<li>Consider Carrier Notification: They can disable phone calls and cellular data but might limit Find My functionality.</li>
<li>Device Erasure: If you have backups, and ways to recover keys in authentication apps, use Find My to erase your device to help prevent data access.</li>
<li>Password Resets: If not erasing your phone, consider resetting passwords for critical accounts if passwords are stored on the phone or if apps login automatically.</li>
</ul>
<p>As always, threat actors will seek ways to bypass this protection. As of now, this feature is a huge leap forward to protect an iPhone and iPad from thieves who see the passcode. Congratulations, and thank you, Apple!</p>
<p>*If your phone or tablet is too old to update to iOS version 17.3 or newer, see <a href="https://fosterinstitute.com/be-prepared-know-the-impact-of-iphone-theft-and-what-to-do-right-now/." target="_blank" rel="noopener">https://fosterinstitute.com/be-prepared-know-the-impact-of-iphone-theft-and-what-to-do-right-now/.</a> for recommendations.</p>
<p>Note: Testing the Stolen Device Protection feature at home may not work, as Apple devices might waive the strict requirements in familiar locations like home or work. You can read all of the details about Apple Stolen Device Protection for iPhone here: <a href="https://support.apple.com/en-us/HT212510" target="_blank" rel="noopener">https://support.apple.com/en-us/HT212510</a></p>
<p><strong>Subscribe</strong> to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: <a href="https://fosterinstitute.com/e-savvy-newsletter/">https://fosterinstitute.com/e-savvy-newsletter/</a></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<h6></h6>
<h6></h6>
<h6></h6>
<h6>Disclaimer: The information provided in this blog is for general informational purposes only. Technology changes constantly, and some of this information might become obsolete or incorrect. We do not endorse or receive compensation for mentioning products, services, or brand names. Any outbound links provided are for your convenience and to get you started, but we cannot guarantee the security or safety of those external websites. Conducting your research and making an informed decision about any products or services mentioned here is essential. We shall not be held responsible for any actions taken based on the information provided.</h6>
<p>The post <a href="https://fosterinstitute.com/safeguard-your-apple-iphones-and-ipads-activate-the-latest-theft-protection-setting-now/">Safeguard Your Apple iPhones and iPads: Activate the Latest Theft Protection Setting Now!</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Three Essential Questions to Ask Your IT Team Today Because of the Massive Exchange Attack</title>
		<link>https://fosterinstitute.com/three-essential-questions-to-ask-your-it-team-today-because-of-the-massive-exchange-attack/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Mon, 08 Mar 2021 17:48:54 +0000</pubDate>
				<category><![CDATA[Best Practices]]></category>
		<category><![CDATA[Cyber Attacks]]></category>
		<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[IT Best Practices]]></category>
		<category><![CDATA[IT Security]]></category>
		<category><![CDATA[Cyber Security Best Practices]]></category>
		<category><![CDATA[it security review]]></category>
		<category><![CDATA[IT security training]]></category>
		<category><![CDATA[recommendations]]></category>
		<category><![CDATA[risk management]]></category>
		<category><![CDATA[Security expert]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=3467</guid>

					<description><![CDATA[<p>So far, it appears that more than 30,000 organizations, including small businesses, are compromised. The US National Security Council urges organizations, including small businesses, to &#8220;take immediate measures&#8221; to detect compromise. &#8211;&#62; ONE: Ask your IT team, &#8220;Do we still have Microsoft Exchange Server email software installed anywhere?&#8221; If they answer affirmatively, even if they&#8217;re [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/three-essential-questions-to-ask-your-it-team-today-because-of-the-massive-exchange-attack/">Three Essential Questions to Ask Your IT Team Today Because of the Massive Exchange Attack</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>So far, it appears that more than 30,000 organizations, including small businesses, are compromised. The US National Security Council urges organizations, including small businesses, to &#8220;take immediate measures&#8221; to detect compromise.<span id="more-3467"></span></p>
<p>&#8211;&gt; <strong>ONE</strong>: Ask your IT team, &#8220;Do we still have Microsoft Exchange Server email software installed anywhere?&#8221;</p>
<p>If they answer affirmatively, even if they&#8217;re already moving to the cloud, you must continue:</p>
<p>&#8211;&gt; <strong>TWO</strong>: Ask them, &#8220;What can I take off your plate or postpone so that you can immediately test and deploy the patches to the Exchange Server right now?&#8221;</p>
<p>Essential: Applying security updates to your Exchange server does not resolve the issue if your organization is already compromised. There might be a small program on your system quietly waiting for an attacker&#8217;s commands.</p>
<p>To help determine if you are already compromised: <a href="https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log" target="_blank" rel="noopener">https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log</a></p>
<p>If your team cannot update immediately, send them here: <a href="https://github.com/microsoft/CSS-Exchange/tree/main/Security" target="_blank" rel="noopener">https://github.com/microsoft/CSS-Exchange/tree/main/Security</a></p>
<p>&#8211;&gt; <strong>THREE</strong>: Say, &#8220;The emergency is too great to postpone. Later, let&#8217;s discuss the pros and cons of moving email to the cloud.&#8221;</p>
<p>Pros include eliminating one server and associated headaches. Often, online email is better for remote workers too. But you could lose some integration features you have now, for example, an on-site phone system tied into Exchange. Because saving money and streamlining is essential, online Exchange is often less expensive.</p>
<p>The blog posting <a href="https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log" target="_blank" rel="noopener">https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log</a> has a plethora of other information and guidance for your team related to the updates. Some organizations are experiencing errors after applying the security updates. For example, some learned they must install the updates from an elevated command prompt window. Microsoft provides more guidance:</p>
<p><a href="https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/" target="_blank" rel="noopener">https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/</a></p>
<p><a href="https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b" target="_blank" rel="noopener">https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b</a></p>
<p><a href="https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2010-service-pack-3-march-2-2021-kb5000978-894f27bf-281e-44f8-b9ba-dad705534459" target="_blank" rel="noopener">https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2010-service-pack-3-march-2-2021-kb5000978-894f27bf-281e-44f8-b9ba-dad705534459</a></p>
<p>The post <a href="https://fosterinstitute.com/three-essential-questions-to-ask-your-it-team-today-because-of-the-massive-exchange-attack/">Three Essential Questions to Ask Your IT Team Today Because of the Massive Exchange Attack</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Your Phone, Tablet, and Computer Started Hiding You – and How to Overcome the Associated Problems</title>
		<link>https://fosterinstitute.com/your-phone-tablet-and-computer-started-hiding-you-and-how-to-overcome-the-associated-problems/</link>
		
		<dc:creator><![CDATA[Mike Foster]]></dc:creator>
		<pubDate>Thu, 25 Feb 2021 14:50:39 +0000</pubDate>
				<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[IT Best Practices]]></category>
		<category><![CDATA[IT Security]]></category>
		<category><![CDATA[Technology]]></category>
		<category><![CDATA[Technology Tips]]></category>
		<category><![CDATA[Cyber Security Consultant]]></category>
		<category><![CDATA[cyber security expert]]></category>
		<category><![CDATA[it security review]]></category>
		<category><![CDATA[IT security training]]></category>
		<guid isPermaLink="false">https://fosterinstitute.com/?p=3453</guid>

					<description><![CDATA[<p>A friend contacted me a few days ago and said, “Every few weeks, I’ll go to a site, and it will say that this appears to be a new device? For example, I’ve looked at my Twitter account this morning, and it put up my username and asked me for my password again. Is this [&#8230;]</p>
<p>The post <a href="https://fosterinstitute.com/your-phone-tablet-and-computer-started-hiding-you-and-how-to-overcome-the-associated-problems/">Your Phone, Tablet, and Computer Started Hiding You – and How to Overcome the Associated Problems</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A friend contacted me a few days ago and said, “Every few weeks, I’ll go to a site, and it will say that this appears to be a new device? For example, I’ve looked at my Twitter account this morning, and it put up my username and asked me for my password again. Is this anything to be concerned about?” <span id="more-4514"></span></p>
<p>A little background information helps explain what is going on: Every device connected to a network has a serial number, called a MAC address. That address is how the network identifies the device and differentiates it from all the other devices on a network. As you can imagine, networks need to know what devices are connected. Think of what might happen if the network thought your computer was a printer. Printer paper might not come shooting out of your keyboard, knock over your coffee or smoothie, but you get the idea.</p>
<p>Because the MAC address uniquely identifies you for everyone else, think of the MAC address as a fingerprint for your device. Potentially, an advertiser, or someone in a public place, could use your fingerprint, in this case, your device’s MAC address, to track you, your activities, and what networks you use.</p>
<p>Apple, Google, and Microsoft want to help protect your privacy, so they might periodically change the MAC address on your computer to a different address. The new behavior strives to help keep you more anonymous on public networks at hotels and coffee shops. However, randomly changing MAC addresses can break essential security features, including:</p>
<p>1) As my friend did, you might start receiving alarming alerts that another person connected a new device to one of your websites or accounts. The warnings are concerning until you realize it is your computer reconnecting with a new unique index. After a time, you might ignore the alerts. But then you won&#8217;t know if a real attacker broke into your account with some other computer, tablet, or phone.</p>
<p>2) Parental controls at home fail if the safety restrictions are unique for each family device. When a youngster disconnects and reconnects to your network, sometimes they are no longer protected.</p>
<p>3) Your company keeps an inventory of your computers, tablets, and phones. It is challenging to keep the list current when your IT team must track three times as many devices as you have.</p>
<p>How do you solve this? It is possible to disable the randomization feature, but it takes time to reconfigure. Time is a precious commodity for you and your IT team too. An example of how to disable the behavior on iPhones, iPads, and Apple Watches: <a href="http://support.apple.com/en-us/HT211227" target="_blank" rel="noopener">support.apple.com/en-us/HT211227</a></p>
<p>However, your employees or kids could change the feature back again to help them hide on your networks.</p>
<p>The answer to my friend&#8217;s question is that if the website tells you a date, time, and location of that person&#8217;s login, and you know you weren&#8217;t logging in from there at that time, yes, you need to be concerned. Otherwise, your experience may be because your device is disguising itself from the website. Disable the randomization feature, and the problem might go away.</p>
<p>Please forward this to your friends so that if they, or their IT team, cannot figure out why some of your security features are breaking, they will know to suspect their devices are rotating through MAC addresses.</p>
<p>If you want more technical details, a network identifies your device with an index number called a MAC address when you connect. There are more than 280 trillion possibilities for a MAC address; the odds are that nobody you know has the same number as your device. The first half of the number identifies the manufacturer; that makes it easier to find unidentified devices on a network.</p>
<p>Other problems you&#8217;ll notice because of rotating MAC addresses include:</p>
<p>4) Security tools at the office fail to work if the security tools rely on associating users with their computers, tablets, or phones. This problem affects both BYOD and company-issued devices.</p>
<p>5) IT Professionals can configure necessary reservations for computers, tablets, and phones. Those reservations are based on index numbers. When the index changes, the reservation stops working, and systems can fail or lose security.</p>
<p>6) Your websites will forget you. Some sites have a feature to Remember This Computer, so you do not need to go through as many steps each time you log in. The sites identify your devices by their index numbers. Your device will need to be re-remembered when your index changes.</p>
<p>MAC addresses look like FF:FF:FF:FF:FF:FF:FF:FF where each value I listed as F can be a hexadecimal digit 0,1,2,3,4,5,6,7,8,9, A, B, C, D, E, or F. If you know where to look, your phone, tablet, and computer can tell you the MAC addresses of each network interface.</p>
<p>The new behavior is causing lots of frustration in the cybersecurity world. This battle isn&#8217;t over yet.</p>
<p>The post <a href="https://fosterinstitute.com/your-phone-tablet-and-computer-started-hiding-you-and-how-to-overcome-the-associated-problems/">Your Phone, Tablet, and Computer Started Hiding You – and How to Overcome the Associated Problems</a> appeared first on <a href="https://fosterinstitute.com">Foster Institute</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
