Common questions on insurance applications include:

Do you use MFA? Multi-factor authentication means users must go through a second step when logging in. A prevalent method for the second factor is using an authentication application on users’ phones. It is essential to use a number-matching requirement so that a user must type in a code displayed on their phone into their computer before authentication. Another second factor is time-based one-time password (TOTP) apps on phones that display a number on the phone that the user enters as part of the authentication process. The number displayed in the app resets periodically, typically every 30 seconds. Other factors include using hardware keys that plug into USB ports and biometrics, including fingerprints or facial recognition. A typical second factor is receiving an SMS text message with a code, but that method is vulnerable to attacks such as SIM Swapping. In the interest of security, you should enforce MFA everywhere possible, including VPN, Remote Desktop, and SaaS offerings.

Do you provide ongoing cybersecurity awareness training and periodic phishing simulation emails to measure worker proficiency? Your users must receive regular security awareness training, such as once per month and perhaps a comprehensive webinar or other presentation once a year. Additionally, services can send users a fraudulent or email phishing message once a month to measure their response, such as if they open the message, click on the simulated fraudulent link, and are duped into entering credentials. One often overlooked aspect of training and simulated phishing is that it might take time for your already overworked staff to configure, send, monitor, and produce reports about the results every month. You’re welcome to contact us to provide that service, and we do 100% of the work, so there is no additional burden on your workers. Training for new employees is available. We also provide comprehensive yearly training webinars and other presentations. Whatever training you use, be sure that it adapts to keep your users current with the rapidly evolving threat landscape.

Do you provide password management tools to users? Tools that remember and automatically enter users’ passwords can help encourage users to use different passwords for every login. Users with the habit of reusing passwords pose a risk to your organization. Once attackers compromise a password, they will attempt to use that same password at popular sites. This practice is sometimes called credential stuffing, and attackers can be very successful at breaking into sites if users reuse passwords. An added benefit is user productivity and user happiness. Ensure the company’s password manager uses strong encryption to store your passwords securely. Single Sign-On (SSO) is becoming more popular, allowing users to log in once to access multiple sites or resources.

Do you utilize geo-blocking or geo-filtering? These technologies identify computers, users, and email messages based on geographical locations. You will be more secure if you block email and login attempts from geographical areas where you never do business and block user logins from countries without users. While attackers can bypass these protections using VPNs, the protections are still helpful.

Are users local administrators? When you set up a new Windows or Apple computer, the user has local administrator access and can perform many activities, including installing programs. If an attacker manages to compromise that user’s account, the attacker has tremendous power to compromise that computer and potentially your entire organization. This topic is complex, but the goal of every organization must be to ensure all workers are “standard users” on their computers. Being a standard user limits what an attacker can damage and makes the user account more difficult to compromise in the first place. Privilege Access Management (PAM) solutions help manage local admin rights by controlling and monitoring privileged access to critical systems.

Do you segment your network? Network segmentation splits your network into smaller parts based on the purpose or type of device. For example, suppose you isolate your security cameras from your servers on a different network segment, such as a subnet or VLAN. If an attacker breaks into a security camera, segmentation can block their ability to hack your servers through the camera. Common segments include:

-Servers
-Desktops and Laptops
-Wireless Network
-VPN users
-Security cameras
-VoIP systems
-Different floors in your building or different buildings on your campus

It is possible to over-segment and create too much work for your IT Team, but that rarely happens. Your team will set up Access Control List (ACL) rules that limit communications between the segments to block unauthorized activities.

Have you established a security baseline for your systems? Have a documented standard configuration for security controls you enforce on your servers, workstations, and mobile devices.

How soon after release do you apply critical security updates to your devices? Microsoft, Apple, your firewall manufacturer, and other providers release security updates to programs to block attackers from using previously undetected security holes. You must apply the patches quickly to prevent attackers from exploiting the vulnerabilities. Testing patches before deployment is essential to avoid errors. Staging patches allows you to help ensure they don’t disrupt your production network. Zero-day patches and updates fix problems that attackers are already using to compromise systems.

Do you allow workers to use family computers or mobile devices to access email and work from home? Family computers are significantly less secure than company-issued devices that your IT Team manages, monitors and protects 24×7. It is relatively common for organizations to permit users to use their BYOD phones to access company email. Your insurance company could see that as a red flag against providing or renewing a policy. You’ll want to demonstrate other safeguards you use to minimize the risk.

Do you enforce EPP on all devices? Endpoint protection is a tool your IT Team can use to protect each device on your network. Ask your IT Team. Chances are they’ve implemented this solution. They might use Security Information and Event Management (SIEM) to enhance visibility and response. SIEM systems aggregate and analyze activity from different resources across your IT infrastructure.

Do you utilize EDR/XDR tools? Using Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), or Managed Detection and Response (MDR) agents on the laptops can increase security by monitoring for malicious behavior known as an indicator of compromise (IoC). EDR/XDR tools provide many benefits, including continuously monitoring network devices and watching for suspicious activities or evidence that an attacker is compromising a system. EDR/XDR is designed to identify, isolate, and mitigate threats. EDR and XDR must be effectively monitored, managed, and updated. One way many organizations ease the burden on their internal IT Teams is to utilize a third-party MSSP to perform these tasks. Managed Detection and Response (MDR) means you pay a third-party provider to manage your EDR/XDR. One key point to remember is that attackers can also obtain these protection tools and continually seek ways to bypass them. We perform Red Team Exercises at companies to test the capabilities of the EDR and XDR protections. Do not make the common mistake of letting your guard down in other security areas after implementing EDR or XDR.

How frequently do you conduct internal and external security audits, vulnerability assessments, penetration tests, and Red Team Exercises? These tests identify previously undiscovered weaknesses in your security. Please get in touch with us if you need these services as part of a comprehensive security advisory service for executives to help them secure their organizations. We guide and become a resource for your existing IT team rather than replacing them.

Does your spam filter scan messages and attachments for malicious links? If the answer is no, you need to add these features immediately.

Do you use web filtering and DNS filtering? Web filtering features, often integrated with firewalls, allow your IT team to block known malicious sites, gambling, and other categories of websites. Domain Name Service (DNS) maps URL website names to addresses of servers on the web. DNS filtering services strive to identify malicious web servers and automatically block communications from your network to them. As a bonus, some services permit you to hinder users from accessing sites you might deem inappropriate.

Do you use SPF for email messages? The Sender Policy Framework is a protective solution that your IT Team can enable to permit your email servers to confirm that inbound email messages came from an approved server rather than a fraudster impersonating or spoofing a legitimate source. While they are at it, your IT Team can enable DKIM to help other organizations’ mail servers confirm that messages they receive from you are legitimate and unaltered. They can configure DMARC to tell remote email servers to throw away messages from fraudsters attempting to impersonate your organization. It is essential to regularly review your SPF, DKIM, and DMARC records to adapt to the changing configurations and threat landscape.

Do you identify storage locations and isolate PII, PHI, and other sensitive data? Determining where you store Personally Identifiable Information (PII), Protected Health Information (PHI), Cardholder Data (CHD), and other sensitive information is essential. Knowing where to store sensitive information is a fundamental step in protecting it. Do you keep the information isolated and protected? This identification and isolation is becoming even more critical due to the integration of AI into organizations, which might give AI access to company information.

Do you use role-based access control (RBAC) to limit user access based on their job functions, and how do you manage and monitor privileged accounts? Role-Based Access Control (RBAC) ensures that users only have access to the data and systems necessary for their specific job functions. This minimizes the risk of unauthorized access to sensitive information. Privileged accounts with higher access levels are managed through Privilege Access Management (PAM) solutions that monitor and control their use, reducing the risk of misuse or compromise. Regular audits and real-time monitoring of these accounts are essential to detect and respond to suspicious activities.

Do you encrypt sensitive data at rest and in transit, and what encryption standards do you use? Encryption is critical for protecting sensitive data when it is stored (at rest) and transmitted (in transit). Encryption standards such as Advanced Encryption Standard (AES) with 256-bit keys are commonly used to ensure robust security. Data at rest is encrypted to protect it from unauthorized access, even if physical security is breached. Data in transit is encrypted using protocols like TLS (Transport Layer Security) to prevent interception during transmission over networks.

How do you assess and manage third-party vendors’ cybersecurity risks and ensure vendors follow appropriate security practices? Third-party vendors can introduce significant cybersecurity risks. Assessing these risks involves regular security evaluations and audits of the vendors’ practices. It’s important to have contracts that require vendors to follow appropriate security practices tailored to their roles and services. Continuous monitoring and periodic reassessments ensure that vendors maintain the required security posture over time. Organizations can manage risks by working collaboratively with vendors to meet security expectations without imposing stringent certification requirements.

Do you use firewalls, intrusion detection/prevention systems (IDS/IPS), and other network security measures? Firewalls act as a barrier between the internal network and external threats, controlling incoming and outgoing traffic based on predetermined security rules. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) monitor network traffic for suspicious activities and take action to prevent potential breaches. These network security measures are crucial for protecting against unauthorized access and cyberattacks.

How do you secure remote access to your network? Securing remote access involves implementing measures such as Virtual Private Networks (VPNs), which encrypt the connection between remote users and the corporate network. Your IT professionals must manage remote devices to help increase security. Multi-factor authentication (MFA) adds an extra layer of security by requiring additional verification steps beyond just a password. Additionally, restricting remote access to only essential personnel and monitoring for unusual login activities are critical components of a secure remote access strategy. This is an extensive topic; please let us know if you want more information.

What physical security measures do you have in place to protect your data centers and offices? Physical security measures are essential to protect data centers and office premises from unauthorized access. These measures include access control systems like key cards or biometric scanners, surveillance cameras, and security personnel. Secure facilities should also have environmental controls such as fire suppression systems and backup power supplies to safeguard against physical threats and disasters. The Foster Institute offers full-scale Physical Red Team Exercises to test your physical security measures.

Are you compliant with relevant regulations and industry standards, such as GDPR, HIPAA, PCI-DSS, or ISO/IEC 27001, and how do you ensure ongoing compliance with these standards? Compliance with regulations and industry standards demonstrates a commitment to maintaining high security and privacy standards. Regular audits and assessments help ensure compliance with frameworks such as GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), PCI-DSS (Payment Card Industry Data Security Standard), and ISO/IEC 27001. Ongoing compliance is maintained through continuous monitoring, employee training, and updates to policies and procedures as standards evolve. Please let us know if you need help with achieving or maintaining compliance. The Foster Institute, Inc. can simplify and manage the process for you.

How do you secure mobile devices employees use to access company data and use mobile device management (MDM) solutions to enforce security policies on mobile devices? Mobile Device Management (MDM) solutions enforce security policies on employees’ mobile devices that access company data. These solutions can remotely manage and secure devices, ensuring they comply with organizational security standards. Features include enforcing strong passwords, encrypting data stored on the device, and remotely wiping data if a device is lost or stolen. This ensures that mobile devices do not become a weak point in the company’s overall security posture.

Do you store backups offline or on immutable storage? If an attacker gains access with the intent of encrypting or deleting data to demand ransom, they might attempt to destroy your ability to restore. They know you’re more likely to pay the ransom if you cannot restore sensitive data. So, you must isolate some backup data so the attacker cannot damage it. It is essential to have backups that threat actors cannot delete or damage if they break into your network. Immutable storage is data stored where you can access it, but no users, not even your administrators, can delete or alter the backup files. Cloud providers, such as Microsoft, offer immutable cloud storage. Other devices use write-once-read-many (WORM) technology to store data immutably. Offline backup is disconnected from your network. Some companies might use backup tapes or hard drives disconnected from the network and store them in a safe location for offline storage. Other organizations have a secondary network, isolated from the primary network, dedicated to their backup servers; the only connection is a server that transfers production network data to the backup network. It is best to store backups in diverse locations for redundancy and eliminate any single points of failure.

Do you encrypt your backups? If an unauthorized person accesses your backup data, it is useless if they cannot read the contents. Encryption is a setting in your backup software. There was a time when people wouldn’t encrypt backups because the backups would take much longer. With today’s technology, there should be little added time.

How often do you practice the restore process? If you have never practiced your complete restore process, do it now. Many organizations find out they cannot restore from their backups. Often, their failed attempt was the first time they’d ever tried to restore. It can be complicated to perform a test restore, so be prepared to give your IT Team additional time. If you outsource your IT, it is understandable that they’ll charge you for practicing the restore. Always perform restore tests in a controlled environment, separate from your production systems.

How long will it take to restore your data from backups? When you practice your complete restore process, measure the time it takes to restore. If you find out the duration is too long, you can take steps to speed up the process.

What steps do you take to prevent ransomware attacks? This space on the insurance application allows you to list the items above in statement form. Almost all security measures you use can protect against ransomware attacks or limit the impact.

Do you have a documented Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP) in place? Documented disaster recovery plans demonstrate that you’ve thought through the processes required to recover from disruptive events. These plans should outline specific procedures for data recovery, system restoration, and maintaining business operations during and after an incident.

Do you conduct disaster recovery drills? Regular drills ensure your team is prepared to execute the DRP and BCP effectively. These drills can be as basic as tabletop exercises, where team members discuss their roles and responses to hypothetical scenarios, or as comprehensive as full-scale exercises that simulate actual disaster conditions and involve all aspects of the organization.

These are some of the most common questions on our customer’s insurance policy application and renewal forms. If you find others, please reach out for guidance.

The post Demystifying Questions Cyber Insurance Companies Will Ask You appeared first on Foster Institute.

Passkey authentication can be configured to be very secure based on four conditions:

1. You must have your mobile device with you. (An attacker is unlikely to have the device with them.)
2. You must be able to log in to your mobile device using facial recognition, a fingerprint, PIN, pattern, USB token, etc. Some people call passkeys a “Face” or “Fingerprint” sign-in.
3. Your device must have a unique key assigned to you that ties to a unique key at the site or application.
4. If you log into a site or application from a computer, the mobile device must be physically close to the computer where you’re logging in.

Passkeys are new, and there is varying support for specific browsers, operating systems, and devices.

Tips for Using Passkeys:

1. Start setting passkeys up on your mobile device, such as a smartphone, before you use your computer.
2. If the website or application does not allow you to set up a passkey on your computer:
   • Look for and select an option on the computer that says, “Use a passkey to log in,” Your computer will display a QR code image.
   • Use your phone’s camera to scan the QR code image displayed on your computer.
   • After scanning the QR code, your phone completes the passkey login process.
3. It’s essential to confirm that passkeys work on all devices and browsers before disabling the old login method for each website or application. This way, you can avoid problems accessing your account if the passkey login method doesn’t work on some of your devices or browsers.

As the adoption is just starting, you might discover limitations or frustrations, but they’ll disappear soon. Some people have great luck experimenting with setting up their first passkey at best buy dot com even if they don’t shop there.

Apple uses the Apple Keychain to store a passkey that should work on all your Apple devices after enrolling one. Google uses the Google Password Manager in the Chrome browser and Android. Microsoft uses Microsoft Hello. Some password managers store keys.

Mobile device backups and some password managers are designed to back up the passkeys in case you lose your phone. If you do lose your phone, it is a good idea to go to the apps and sites to set up a new key and disable your old key. One concern is that, if an attacker can access your backups or the passkey manager and obtain a key from there, they might find a way to bypass passkey protection. But that doesn’t necessarily make passkeys less secure than other authentication methods; they may well be the best protection available when implemented properly since they offer so many benefits:

1. Users cannot be tricked into giving away passkey values they do not know in social engineering and phishing attacks.
2. Since passkeys come in unique pairs, users cannot re-use passwords, another user mistake that leads to compromised passwords.
3. Keyloggers cannot capture passwords since users are not typing passwords.

Your IT team might choose to eliminate your existing Multi-Factor authentication process since using passkeys involves multiple factors already. Unlike SMS text messages, passkeys cannot be redirected to attackers. Passkeys are immune to MFA Fatigue addressed here https://fosterinstitute.com/mfa-fatigue-the-hidden-danger-and-how-to-combat-it/

Please forward this to your friends so they can explore eliminating passwords and eventually start adopting passkeys as Passkey support expands.

Prepare yourself for what would happen if an attacker steals a phone containing passkeys: https://fosterinstitute.com/the-risk-iphone-theft-poses-to-your-passkeys-and-what-to-do-now/

Technical Details – If You are Interested

You do not need to know this to use passkeys. But if you wonder how these keys can be so secure, read on.

Passkeys are much more secure because passkeys come in key pairs. When you use one key of the pair to lock something, you must use the paired key to unlock it. Only the paired key can unlock what the first key locked.

So for each site or application you set up to use a passkey, your mobile device generates a pair of keys:
– A unique private key for that site or application is stored on your device.
– A paired key that your device sends to the site or application which stores the key just for you.

If you have a passkey set up for 100 sites or applications, your device will store 100 keys. Sites that have 100 million users will have 100 million keys. Each key is half of a pair. The private key must be kept secret on your device to be secure. Even if attackers access all the keys for a site or application, your account is still protected since they won’t have the second key stored solely on your device.

If you want to get more technical and understand why passkeys are so resistant to person-in-the-middle attacks: Websites that start with https:// and most web applications use PKI encryption to protect data during transit. SSL (deprecated) and TLS (use the newest version) protocols use public-private key pairs to initiate a multi-step process to secure traffic to websites or web applications. Attackers can use person-in-the-middle attacks to defeat that encryption. They generate key pairs to make the user’s connection think the attacker is the website and make the website believe the attacker is the user’s connection. Bad actors insert themselves between the user and the website and can access the data as it goes through their connection.

When a user creates a passkey, the user’s device generates a key pair. It stores one key locally on the device and sends the other to the site or application for passkey authentication. The site or web application stores a unique key for each passkey a user generates. The secret key never leaves the user’s device during the authentication process, and the unique paired key is stored at the website or application. Hence, passkeys are extremely resistant to person-in-the-middle attacks.

Where supported, consider using passkeys. Hopefully they’ll be the common standard soon.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post The Rise of Passkeys: A Paradigm Shift in Authentication Technology appeared first on Foster Institute.

When you eliminate passwords:
– You don’t need to worry about creating, forgetting, or re-using passwords because you don’t use passwords.
– IT Helpdesk Professionals save time since they don’t have to help users who forget their passwords.
– Hackers will not try to trick users into disclosing passwords because the user won’t know passwords.

Microsoft, and others, continue to make their big push for people to go passwordless.

Alternatives to Passwords:

Today, determine where and how you can eliminate passwords from your life. Focus on using:

Something you have:
– A USB Token such as a YubiKey
– A proximity badge you wear around your neck or carry in your pocket
– An authenticator app on your smartphone or tablet
– A text message, phone call, or email with a one-time code

Or, something you are:
– A fingerprint scan
– Facial recognition
– Eye recognition

And the real magic is when you combine two for multi-factor authentication (MFA) without passwords.

Note that USB tokens can include fingerprint scanners for built-in MFA. Your IT Team might need to get creative using mobile phone technology to accomplish both. If you decide to use push notifications, be sure to refer to https://fosterinstitute.com/mfa-fatigue-the-hidden-danger-and-how-to-combat-it/

There are few ways attackers can exploit some of these login methods, and your IT Team can help you shore up weaknesses. Visit with your IT Team about ways you can eliminate passwords. Be sure they’ve seen this post: https://fosterinstitute.com/the-risk-iphone-theft-poses-to-your-passkeys-and-what-to-do-now/

Know About Passkeys:

Be sure you, and your IT team, know about passkeys. Passkeys are the future, and the future is arriving now: https://fosterinstitute.com/the-rise-of-passkeys-a-paradigm-shift-in-authentication-technology/

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post Ditch Passwords for Good: The Ultimate Guide to Passkeys and Passwordless Authentication appeared first on Foster Institute.

Logins often go like this:
1. User enters a password
2. The user receives a text message with a code to confirm it is them

That second step is called MFA (Multi-Factor Authentication).

Entering numbers is frustrating, so some organizations use push notifications:
1. User enters a password
2. The user has an authenticator app asking, “Is that you trying to log in?” The user can click “Yes,” and they’re in. If it is an attacker, the user can ignore the alert or click “no.”

Attackers are overwhelmingly bypassing push notification protection. Here’s how: Once the bad guys obtain the user’s password, they make frequent attempts to log in, sending many alerts to the targeted user’s phone. The user is annoyed by the interruptions. Sometimes, users click “approve” to stop the annoyance. They don’t realize they are allowing an attacker into the system. This phenomenon is known as MFA fatigue.

If you use push notifications, ensure that your push notifications require the user to enter at least two digits displayed on the device where they entered the password rather than simply pressing the approve button in their phone app. This verification helps prove the user has the device. The process becomes:
1. The user enters a password on the device they’re logging into.
2. The user has an authenticator app asking them, “What code is your device displaying?” The user enters the code, and they’re logged in.

Microsoft calls the process “Number Matching.” Duo calls it “Verified Duo Push.” Okta calls this a number challenge.

If you use push notifications, enable some form of number matching verification ASAP to combat MFA Fatigue.

Please tell your friends to be sure they know this hidden danger and can tighten security in their organizations.

The post MFA Fatigue: The Hidden Danger and How to Combat It appeared first on Foster Institute.

If you have malware on your phone, tablet, or computer, it could be recording images of your screen as you type. If the malware can only see dots, your password is safe from “shoulder surfers” looking at your screen from thousands of miles away.

Additionally, if you use language translation or other browser plug-ins that read your screen, your browsers could be “reading” the text on your screen. If web applications or websites display your actual password, it might get transmitted to strangers without you realizing it.

It can be frustrating not to see your password as you type, but there is a good reason beyond knowing the person next to you isn’t watching your screen.

For information about preventing malware on your systems, please visit the Foster Institute Blog at fosterinstitute.com/blog

The post Know Why Web Application Providers Show Dots when You Type Your Passwords appeared first on Foster Institute.

If you know what MFA is, you can skip this paragraph. The most common first step of MFA is for users to enter their username and password. They receive a text message with a code to complete the login process. Alternatively, the user might have an authenticator app on their phone that provides a code. Another option is for the user to receive a “push” notification asking the user to approve the login through the app. The latter is sometimes referred to as one-tap login. There are other options for the factors, including approving specific computers, geo-location, USB hardware keys, and biometrics, including fingerprints, facial recognition, and iris scans. There are pros and cons to each.

Summarized steps you can take to help protect yourself from attackers bypassing multi-factor authentication:

= Know how to protect yourself against a thief stealing a phone if MFA uses text or email messages as the second step.
= If supported, instead of a code number from a text message or authenticator app, consider using a USB token, fingerprint, or facial recognition for the second factor.
= Reduce the duration a code is valid. For example, perhaps change the code every 60 seconds so an older code won’t work.
= Limit the number of failed login attempts in a specific period.
= Implement web content filtering to help protect users from being exposed to fake login screens.
= Limit logins to specific countries.
= If users primarily use the same device, restrict logins to specific devices.
= Train users to beware of fraudulent login prompts.

Please see the details below:

If MFA to sends a text message to a stolen phone, the thief might see the text message. For websites or services that only support text messages for the second step, consider investing in an inexpensive flip phone with a different phone number to receive text messages. Similarly, if MFA involves an email, and the thief can easily access your email on the stolen phone, it defeats the purpose of MFA. Therefore, if you set up the two-step login with email as the second step, use an email address that requires some other form of authentication on the phone to access email messages. Ensure email messages do not pop up on the preview screen when received.

Another way attackers bypass MFA:
Step 1: Trick the user into clicking a link that takes the user to a fake login screen for Microsoft 365, LinkedIn, or any other valuable site.
Step 2: The user enters their username and password into the fake login form. Now the attacker knows the user’s login name and password.
Step 3: The attacker’s computer pulls up the genuine login form and enters the username and password the victim just provided.
Step 4: The legitimate website sends the user the text message, sends a push notification, or performs another second factor the user is used to. The user expects this, and the process seems normal to them.
Step 5: The attacker can create a fake form for the user to enter the code from their text message or app. When the victim enters the data, the attacker’s computer inserts the data into the genuine website. If the user received a push notification, they could approve the login because the user believes they are indeed logging into the site.
Step 6: The attacker is logged in and has the user’s full access. The attacker needed no previous knowledge of the user’s username, password, or text key.

One strategy to fight his kind of attack is to use a second factor that isn’t a text code. For example, a user doesn’t need to enter a code if the second factor is a fingerprint or USB token plugged into the computer. The user cannot enter that information into a fraudulent login screen.

Another common strategy attackers use to bypass MFA is to reduce the time an OTP (One Time Password) code can work without the user requesting and receiving a new text message or generating a new code in the authenticator app. Shorter expiration times mean the attackers must use the stolen credentials and second factor to log in more quickly.

Another strategy, though slightly less effective but can be used in conjunction, is to limit the number of failed login attempts within a period. An example rule is if there is a failed login attempt for a user account three times in a row within five minutes, lock their account so they cannot try logging in again for ten minutes.

A useful cybersecurity control that is underutilized is conditional access by country. If your users will always log in from specific countries, block logins from all other countries. That will make it more difficult for foreign adversaries to compromise your users’ accounts. Identifying a user’s location is sometimes referred to as geolocation.

Another method to bypass MFA is to use social engineering to trick the user into disclosing their username, password, and code or another second factor. A typical example is for a bad actor to contact a user, impersonate a technical support person, and ask the user to provide the information to help prevent some fake problem that doesn’t exist. Some trusting users walk the attacker through the login process, bypassing the protection of MFA.

Another strategy bad actors use is called MFA fatigue. The hacker will make so many attempts to log on that the user finally tires of receiving push notification alerts. The fatigued user approves the login to make their phone be quiet, and the attacker is in the system.

Attackers could use SIM Swapping to reroute calls and text messages to their phones. Therefore, text and callbacks can be less secure than other second factors. However, many sites only offer those two options.

As your IT team can tell you, there are more technical ways for attackers to bypass MFA by creating person-in-the-middle attacks using something called a proxy. Another strategy attackers can utilize is captured authentication cookies or tokens. Authentication can rely on digital key values that must be kept secret inside servers. If attackers get access to the keys, they can gain access.

Your IT Team can implement some form of web content filtering and configure it to block communications with known malicious sites and attacker command-and-control servers. This isn’t perfect because attackers frequently change command servers, but it helps.

Using SSO (Single Sign On) reduces the number of opportunities an attacker has to trick the user. Of course, the flip side is that if an attacker successfully gains access to the single sign-on, the attacker won’t need any other credentials to access everything the user can access.

User training is essential, as is keeping the computer safe.

As you can see, using MFA does not mean your authentication process is secure. Whenever a new security control is invented, someone finds a way to break it. The strategies above will help you be more secure.

Alert your friends to some of the ways attackers can bypass MFA. They might decide to consider using USB keys, biometrics, or cryptographic codes stored in a computer or hardware.

The post How Attackers Break Your Multi-Factor Authentication Protection and 7 Strategies to Protect Yourself appeared first on Foster Institute.

The exploits may come in the form of attempts to get you to transfer money to a friend, someone threatening to send out defamatory information about you unless you pay them not to, or phony messages attempting to acquire some personally identifiable information from you.

Be sure to alert your family members that it could be a forgery, even if an email message appears to be from you. Family members should verbally speak to you if there is ever a concern about any communications that are purportedly from you. No one should ever respond to a suspicious email or text message.

Know that legitimate text messages claiming to be from organizations are usually from a five to six-digit source such as 26096. If the text message is from a phone number they don’t recognize, even if the digits are all run together, like 4105550009, there is a good chance the text is fraudulent.

Additionally, there are crucial steps you must take to help protect your devices, including iPhones, iPads, Android phones and tablets, laptops, desktop computers, and all of your devices. Keep the devices locked up when they are not in your possession. If someone gains physical access to your device, it is possible that they can steal information, both your history and real-time now and into the future.

Be sure to apply critical security updates to the operating systems and browsers when prompted. But watch out for fake requests. Update alerts should never come via email or text message; those are bogus and dangerous.

Avoid connecting to public WiFi networks in coffee shops, airports, and hotels. Using your phone as a hotspot is much safer. A VPN protects your privacy but doesn’t prevent attackers from targeting your device on the network.

Avoid using a family computer to do your online banking, connect to your office, or type sensitive information. Attackers seek to infect work-from-home computers, and family computers are often the most vulnerable. Use your laptop or computer dedicated to you so that another family member doesn’t accidentally install malware for attackers to monitor your keystrokes, take control, or dwell inside, waiting for you to log in to your office.

There are so many steps to take, and, primarily, you must have a heightened awareness that you are at an increased risk of attacks as a high net-worth individual. Consider having a cybersecurity advisor to guide you and your team as you increase your security. Be sure they hold top-level cybersecurity certifications, including CISSP, CEH, and CISA, to help you receive the best guidance.

Please forward this to your friends so that they are extra vigilant too.

The post Attackers are Targeting High Net Worth Individuals appeared first on Foster Institute.

Imagine that your firewall has doors to allow connections into your network. Usernames and passwords are the keys to unlocking the doors. An effective cybersecurity control is to remove the doors. When there is no door, there is no keyhole for an attacker to try to guess the keys.

Many organizations have too many open doors exposed to the world. An essential cybersecurity control is to remove the entries. Alternatively, if you must have the door, your IT team can configure the firewall with a cloaking strategy so that only specific sources can see the door. Most people would never know there is a door.

Ask your IT team to close external ports that are not essential to doing business. If they must leave ports open, ask them to create rules to limit access to specific source addresses if possible.

Below is information from the security log file on a server tracking failed login attempts. For a brute-force password guessing attack, the attackers must also guess usernames. They can predict usernames such as Administrator, so they try many passwords, 1398 in the example below, for predictable names.

If your IT team shows you a list of guessed names, and the guessed usernames match workers in your organization, that is a severe concern. It means that the attackers have done their research or already have access. You are a specific target. Remember, if there is no door, then these attacks cannot happen:

1398 different passwords attempted with this guessed username: Administrator
836 different passwords attempted with this guessed username: Admin
554 different passwords attempted with this guessed username: user
314 different passwords attempted with this guessed username: test
314 different passwords attempted with this guessed username: user1
160 different passwords attempted with this guessed username: user2
156 different passwords attempted with this guessed username: user3
156 different passwords attempted with this guessed username: admin1
155 different passwords attempted with this guessed username: test1
111 different passwords attempted with this guessed username: guest
91 different passwords attempted with this guessed username: sql
89 different passwords attempted with this guessed username: aspnet
87 different passwords attempted with this guessed username: support_388945a0
84 different passwords attempted with this guessed username: david
83 different passwords attempted with this guessed username: root
82 different passwords attempted with this guessed username: backup
80 different passwords attempted with this guessed username: sys
80 different passwords attempted with this guessed username: support
80 different passwords attempted with this guessed username: Other
80 different passwords attempted with this guessed username: a
78 different passwords attempted with this guessed username: test2
78 different passwords attempted with this guessed username: server
78 different passwords attempted with this guessed username: 1
78 different passwords attempted with this guessed username: john
78 different passwords attempted with this guessed username: test3
78 different passwords attempted with this guessed username: console
78 different passwords attempted with this guessed username: owner
78 different passwords attempted with this guessed username: actuser
78 different passwords attempted with this guessed username: 123
78 different passwords attempted with this guessed username: adm
78 different passwords attempted with this guessed username: admin2
78 different passwords attempted with this guessed username: user4
78 different passwords attempted with this guessed username: user5
32 different passwords attempted with this guessed username: surferquest
18 different passwords attempted with this guessed username: auditor
15 different passwords attempted with this guessed username: alilong
14 different passwords attempted with this guessed username: SCOTT
13 different passwords attempted with this guessed username: chirotouch
13 different passwords attempted with this guessed username: PEGGY
12 different passwords attempted with this guessed username: follow
12 different passwords attempted with this guessed username: CHERYL
12 different passwords attempted with this guessed username: TERRI
11 different passwords attempted with this guessed username: ETB User
10 different passwords attempted with this guessed username: system_backupDB
10 different passwords attempted with this guessed username: QBPOSDBSrvUser
10 different passwords attempted with this guessed username: xuhai
10 different passwords attempted with this guessed username: tu
9 different passwords attempted with this guessed username: mroot
9 different passwords attempted with this guessed username: manager
9 different passwords attempted with this guessed username: justin
8 different passwords attempted with this guessed username: iis
8 different passwords attempted with this guessed username: Linux
7 different passwords attempted with this guessed username: acs
7 different passwords attempted with this guessed username: vetvault
7 different passwords attempted with this guessed username: squirrel
7 different passwords attempted with this guessed username: user01
7 different passwords attempted with this guessed username: crsuser
6 different passwords attempted with this guessed username: saleslan
6 different passwords attempted with this guessed username: IUSR_SOR
6 different passwords attempted with this guessed username: scan
6 different passwords attempted with this guessed username: expedite
6 different passwords attempted with this guessed username: DSNVSUser
6 different passwords attempted with this guessed username: reception
6 different passwords attempted with this guessed username: hei
6 different passwords attempted with this guessed username: VNIAdmin_DoNotDelete
6 different passwords attempted with this guessed username: kaypro
6 different passwords attempted with this guessed username: payroll
6 different passwords attempted with this guessed username: mark
6 different passwords attempted with this guessed username: alex
6 different passwords attempted with this guessed username: linhai
6 different passwords attempted with this guessed username: ntsec_admin
6 different passwords attempted with this guessed username: lisa
6 different passwords attempted with this guessed username: oprrs
6 different passwords attempted with this guessed username: monster
5 different passwords attempted with this guessed username: Acsadmin
5 different passwords attempted with this guessed username: cli
5 different passwords attempted with this guessed username: awesen
5 different passwords attempted with this guessed username: aloha
5 different passwords attempted with this guessed username: micrologic
5 different passwords attempted with this guessed username: scanner
5 different passwords attempted with this guessed username: swentz
5 different passwords attempted with this guessed username: jacob
5 different passwords attempted with this guessed username: jordan
5 different passwords attempted with this guessed username: backoffice
5 different passwords attempted with this guessed username: amiga
5 different passwords attempted with this guessed username: pos
4 different passwords attempted with this guessed username: warehouse
4 different passwords attempted with this guessed username: rdspos
4 different passwords attempted with this guessed username: linda
4 different passwords attempted with this guessed username: copier
4 different passwords attempted with this guessed username: rds
4 different passwords attempted with this guessed username: acasey
4 different passwords attempted with this guessed username: mary
4 different passwords attempted with this guessed username: sapsupport
4 different passwords attempted with this guessed username: Post6
4 different passwords attempted with this guessed username: james
4 different passwords attempted with this guessed username: micros
4 different passwords attempted with this guessed username: spppse
4 different passwords attempted with this guessed username: possvr
4 different passwords attempted with this guessed username: apple_terminal
3 different passwords attempted with this guessed username: shipping
3 different passwords attempted with this guessed username: manw
3 different passwords attempted with this guessed username: MssqlUser
3 different passwords attempted with this guessed username: miass
3 different passwords attempted with this guessed username: receptionist
3 different passwords attempted with this guessed username: grace
3 different passwords attempted with this guessed username: iusr_qa
3 different passwords attempted with this guessed username: hk
3 different passwords attempted with this guessed username: fax
3 different passwords attempted with this guessed username: menw
3 different passwords attempted with this guessed username: sales
3 different passwords attempted with this guessed username: parts
3 different passwords attempted with this guessed username: Tsmotw
3 different passwords attempted with this guessed username: svc-netmon
3 different passwords attempted with this guessed username: staff
3 different passwords attempted with this guessed username: adminsc5
3 different passwords attempted with this guessed username: ssyyet
3 different passwords attempted with this guessed username: sysadmin
3 different passwords attempted with this guessed username: ashley
3 different passwords attempted with this guessed username: araxi
3 different passwords attempted with this guessed username: ccdrs
3 different passwords attempted with this guessed username: ava
3 different passwords attempted with this guessed username: Cat
3 different passwords attempted with this guessed username: Spectra
3 different passwords attempted with this guessed username: tech
3 different passwords attempted with this guessed username: voicemail
3 different passwords attempted with this guessed username: adm1n
3 different passwords attempted with this guessed username: terry
3 different passwords attempted with this guessed username: Administrador
2 different passwords attempted with this guessed username: laptop
2 different passwords attempted with this guessed username: lab
2 different passwords attempted with this guessed username: Astsm
2 different passwords attempted with this guessed username: larry
2 different passwords attempted with this guessed username: lee
2 different passwords attempted with this guessed username: billing
2 different passwords attempted with this guessed username: besadmin
2 different passwords attempted with this guessed username: bill
2 different passwords attempted with this guessed username: joshua
2 different passwords attempted with this guessed username: kathy
2 different passwords attempted with this guessed username: avery
2 different passwords attempted with this guessed username: beadmin
2 different passwords attempted with this guessed username: Kantech
2 different passwords attempted with this guessed username: keith
2 different passwords attempted with this guessed username: kiosk
2 different passwords attempted with this guessed username: aubrey
2 different passwords attempted with this guessed username: joseph
2 different passwords attempted with this guessed username: benjamin
2 different passwords attempted with this guessed username: lewis
2 different passwords attempted with this guessed username: alan
2 different passwords attempted with this guessed username: aiden
2 different passwords attempted with this guessed username: addison
2 different passwords attempted with this guessed username: lvellman
2 different passwords attempted with this guessed username: madison
2 different passwords attempted with this guessed username: manger
2 different passwords attempted with this guessed username: accountant
2 different passwords attempted with this guessed username: mia
2 different passwords attempted with this guessed username: abigail
2 different passwords attempted with this guessed username: mason
2 different passwords attempted with this guessed username: matthew
2 different passwords attempted with this guessed username: adam
2 different passwords attempted with this guessed username: angela
2 different passwords attempted with this guessed username: andrew
2 different passwords attempted with this guessed username: andrea
2 different passwords attempted with this guessed username: liam
2 different passwords attempted with this guessed username: anthony
2 different passwords attempted with this guessed username: lillian
2 different passwords attempted with this guessed username: logmeinremoteuser
2 different passwords attempted with this guessed username: lori
2 different passwords attempted with this guessed username: lucas
2 different passwords attempted with this guessed username: amelia
2 different passwords attempted with this guessed username: alexander
2 different passwords attempted with this guessed username: logan
2 different passwords attempted with this guessed username: joe
2 different passwords attempted with this guessed username: cindy
2 different passwords attempted with this guessed username: chris
2 different passwords attempted with this guessed username: chloe
2 different passwords attempted with this guessed username: CorpOwner
2 different passwords attempted with this guessed username: evelyn
2 different passwords attempted with this guessed username: consult
2 different passwords attempted with this guessed username: front
2 different passwords attempted with this guessed username: frontdesk
2 different passwords attempted with this guessed username: gabriel
2 different passwords attempted with this guessed username: checkout
2 different passwords attempted with this guessed username: FranOwner
2 different passwords attempted with this guessed username: checkin
2 different passwords attempted with this guessed username: ethan
2 different passwords attempted with this guessed username: elijah
2 different passwords attempted with this guessed username: elizabeth
2 different passwords attempted with this guessed username: ella
2 different passwords attempted with this guessed username: doctor
2 different passwords attempted with this guessed username: don
2 different passwords attempted with this guessed username: donna
2 different passwords attempted with this guessed username: dennis
2 different passwords attempted with this guessed username: daniel
2 different passwords attempted with this guessed username: cs13368
2 different passwords attempted with this guessed username: emily
2 different passwords attempted with this guessed username: emma
2 different passwords attempted with this guessed username: eric
2 different passwords attempted with this guessed username: general
2 different passwords attempted with this guessed username: bruce
2 different passwords attempted with this guessed username: jack
2 different passwords attempted with this guessed username: jackson
2 different passwords attempted with this guessed username: buexec
2 different passwords attempted with this guessed username: isabella
2 different passwords attempted with this guessed username: bruno
2 different passwords attempted with this guessed username: bkupexec
2 different passwords attempted with this guessed username: jerry
2 different passwords attempted with this guessed username: jim
2 different passwords attempted with this guessed username: brian
2 different passwords attempted with this guessed username: jayden
2 different passwords attempted with this guessed username: jeff
2 different passwords attempted with this guessed username: intern
2 different passwords attempted with this guessed username: harper
2 different passwords attempted with this guessed username: charlie
2 different passwords attempted with this guessed username: chad
2 different passwords attempted with this guessed username: glenn
2 different passwords attempted with this guessed username: charlotte
2 different passwords attempted with this guessed username: grocery
2 different passwords attempted with this guessed username: canon
2 different passwords attempted with this guessed username: info
2 different passwords attempted with this guessed username: install
2 different passwords attempted with this guessed username: celerant
2 different passwords attempted with this guessed username: henry
2 different passwords attempted with this guessed username: carlos
2 different passwords attempted with this guessed username: remote
2 different passwords attempted with this guessed username: tim
2 different passwords attempted with this guessed username: tom
2 different passwords attempted with this guessed username: Ray
2 different passwords attempted with this guessed username: robert
2 different passwords attempted with this guessed username: roger
2 different passwords attempted with this guessed username: RETAIL
2 different passwords attempted with this guessed username: ricoh
2 different passwords attempted with this guessed username: Post4
2 different passwords attempted with this guessed username: Post7
2 different passwords attempted with this guessed username: trish
2 different passwords attempted with this guessed username: peter
2 different passwords attempted with this guessed username: production
2 different passwords attempted with this guessed username: tony
2 different passwords attempted with this guessed username: toshiba
2 different passwords attempted with this guessed username: tool
2 different passwords attempted with this guessed username: sophia
2 different passwords attempted with this guessed username: sqladmin
2 different passwords attempted with this guessed username: Tech01
2 different passwords attempted with this guessed username: sofia
2 different passwords attempted with this guessed username: steve
2 different passwords attempted with this guessed username: symantec
2 different passwords attempted with this guessed username: stanley
2 different passwords attempted with this guessed username: t1
2 different passwords attempted with this guessed username: samuel
2 different passwords attempted with this guessed username: scans
2 different passwords attempted with this guessed username: terasoma
2 different passwords attempted with this guessed username: temp
2 different passwords attempted with this guessed username: Silverx
2 different passwords attempted with this guessed username: skaner
2 different passwords attempted with this guessed username: security
2 different passwords attempted with this guessed username: shop
2 different passwords attempted with this guessed username: operator
2 different passwords attempted with this guessed username: olivia
2 different passwords attempted with this guessed username: natalie
2 different passwords attempted with this guessed username: zoey
2 different passwords attempted with this guessed username: mike
2 different passwords attempted with this guessed username: william
2 different passwords attempted with this guessed username: ospite
2 different passwords attempted with this guessed username: office
2 different passwords attempted with this guessed username: veronica
2 different passwords attempted with this guessed username: vismail
2 different passwords attempted with this guessed username: victoria
2 different passwords attempted with this guessed username: noah
2 different passwords attempted with this guessed username: ncrm
2 different passwords attempted with this guessed username: wand
2 different passwords attempted with this guessed username: nss256wendys
2 different passwords attempted with this guessed username: michael
2 different passwords attempted with this guessed username: microssvc
2 different passwords attempted with this guessed username: visitor
2 different passwords attempted with this guessed username: xerox
1 different passwords attempted with this guessed username: template
1 different passwords attempted with this guessed username: cia
1 different passwords attempted with this guessed username: cihan
1 different passwords attempted with this guessed username: cayetano
1 different passwords attempted with this guessed username: muhasebe
1 different passwords attempted with this guessed username: bruno1234
1 different passwords attempted with this guessed username: comercial
1 different passwords attempted with this guessed username: susan
1 different passwords attempted with this guessed username: vrfy
1 different passwords attempted with this guessed username: camilie
1 different passwords attempted with this guessed username: teresa
1 different passwords attempted with this guessed username: telnet
1 different passwords attempted with this guessed username: ted
1 different passwords attempted with this guessed username: tape
1 different passwords attempted with this guessed username: washington
1 different passwords attempted with this guessed username: web
1 different passwords attempted with this guessed username: taylor
1 different passwords attempted with this guessed username: tcp
1 different passwords attempted with this guessed username: tarragona
1 different passwords attempted with this guessed username: tanya
1 different passwords attempted with this guessed username: teds
1 different passwords attempted with this guessed username: acct1
1 different passwords attempted with this guessed username: t12010
1 different passwords attempted with this guessed username: tammy
1 different passwords attempted with this guessed username: www
1 different passwords attempted with this guessed username: ceyda
1 different passwords attempted with this guessed username: accounting
1 different passwords attempted with this guessed username: training
1 different passwords attempted with this guessed username: tracy
1 different passwords attempted with this guessed username: travis
1 different passwords attempted with this guessed username: transition
1 different passwords attempted with this guessed username: vance
1 different passwords attempted with this guessed username: tracey
1 different passwords attempted with this guessed username: appservadmin
1 different passwords attempted with this guessed username: appismo
1 different passwords attempted with this guessed username: vanschoor
1 different passwords attempted with this guessed username: trent
1 different passwords attempted with this guessed username: user02
1 different passwords attempted with this guessed username: tsadmin
1 different passwords attempted with this guessed username: user8
1 different passwords attempted with this guessed username: user7
1 different passwords attempted with this guessed username: truck
1 different passwords attempted with this guessed username: tricia
1 different passwords attempted with this guessed username: uwe
1 different passwords attempted with this guessed username: troisi
1 different passwords attempted with this guessed username: uucp
1 different passwords attempted with this guessed username: timc
1 different passwords attempted with this guessed username: thomas
1 different passwords attempted with this guessed username: timeclock
1 different passwords attempted with this guessed username: beer
1 different passwords attempted with this guessed username: therese
1 different passwords attempted with this guessed username: term
1 different passwords attempted with this guessed username: teri
1 different passwords attempted with this guessed username: theresa
1 different passwords attempted with this guessed username: texas
1 different passwords attempted with this guessed username: backupexec
1 different passwords attempted with this guessed username: vcs
1 different passwords attempted with this guessed username: toni
1 different passwords attempted with this guessed username: vargas
1 different passwords attempted with this guessed username: tonya
1 different passwords attempted with this guessed username: tommy
1 different passwords attempted with this guessed username: timothy
1 different passwords attempted with this guessed username: timeclock mails
1 different passwords attempted with this guessed username: todd
1 different passwords attempted with this guessed username: tina
1 different passwords attempted with this guessed username: perl
1 different passwords attempted with this guessed username: pentagon
1 different passwords attempted with this guessed username: piotr
1 different passwords attempted with this guessed username: Post2
1 different passwords attempted with this guessed username: Post1
1 different passwords attempted with this guessed username: paul1234
1 different passwords attempted with this guessed username: kevin
1 different passwords attempted with this guessed username: pcadmin
1 different passwords attempted with this guessed username: karen
1 different passwords attempted with this guessed username: pdf
1 different passwords attempted with this guessed username: posuser
1 different passwords attempted with this guessed username: postmaster
1 different passwords attempted with this guessed username: prepress
1 different passwords attempted with this guessed username: program
1 different passwords attempted with this guessed username: IUSR_SERVER
1 different passwords attempted with this guessed username: jimmy
1 different passwords attempted with this guessed username: Post3
1 different passwords attempted with this guessed username: Post5
1 different passwords attempted with this guessed username: poste2
1 different passwords attempted with this guessed username: Post8
1 different passwords attempted with this guessed username: paul
1 different passwords attempted with this guessed username: myhost
1 different passwords attempted with this guessed username: nasa
1 different passwords attempted with this guessed username: love
1 different passwords attempted with this guessed username: neil
1 different passwords attempted with this guessed username: micros1
1 different passwords attempted with this guessed username: michelle
1 different passwords attempted with this guessed username: miguel
1 different passwords attempted with this guessed username: marco
1 different passwords attempted with this guessed username: mode
1 different passwords attempted with this guessed username: parking
1 different passwords attempted with this guessed username: ospite1234
1 different passwords attempted with this guessed username: patrizia
1 different passwords attempted with this guessed username: kubik
1 different passwords attempted with this guessed username: patrizia2
1 different passwords attempted with this guessed username: lorenzo
1 different passwords attempted with this guessed username: netsis
1 different passwords attempted with this guessed username: network
1 different passwords attempted with this guessed username: orders
1 different passwords attempted with this guessed username: new
1 different passwords attempted with this guessed username: publish
1 different passwords attempted with this guessed username: socket
1 different passwords attempted with this guessed username: SmokinPremiums
1 different passwords attempted with this guessed username: solaris
1 different passwords attempted with this guessed username: documents
1 different passwords attempted with this guessed username: domain
1 different passwords attempted with this guessed username: scan123
1 different passwords attempted with this guessed username: expn
1 different passwords attempted with this guessed username: evan
1 different passwords attempted with this guessed username: silver
1 different passwords attempted with this guessed username: esmtp
1 different passwords attempted with this guessed username: station4
1 different passwords attempted with this guessed username: cscadmin
1 different passwords attempted with this guessed username: sue
1 different passwords attempted with this guessed username: supervisor
1 different passwords attempted with this guessed username: contract
1 different passwords attempted with this guessed username: spiceworks
1 different passwords attempted with this guessed username: soss
1 different passwords attempted with this guessed username: daniela
1 different passwords attempted with this guessed username: csi
1 different passwords attempted with this guessed username: SQLAgentCmdExec
1 different passwords attempted with this guessed username: salesman
1 different passwords attempted with this guessed username: reguser
1 different passwords attempted with this guessed username: rcpt
1 different passwords attempted with this guessed username: relay
1 different passwords attempted with this guessed username: guard
1 different passwords attempted with this guessed username: halt
1 different passwords attempted with this guessed username: qwerty
1 different passwords attempted with this guessed username: query
1 different passwords attempted with this guessed username: rad
1 different passwords attempted with this guessed username: radiant
1 different passwords attempted with this guessed username: IME_ADMIN
1 different passwords attempted with this guessed username: rupert
1 different passwords attempted with this guessed username: fuji1
1 different passwords attempted with this guessed username: FPUPDENGUSR
1 different passwords attempted with this guessed username: fbi
1 different passwords attempted with this guessed username: sales2
1 different passwords attempted with this guessed username: report
1 different passwords attempted with this guessed username: renteria
1 different passwords attempted with this guessed username: good
1 different passwords attempted with this guessed username: gans
1 different passwords attempted with this guessed username: Richard

The post Anatomy of a Password Attack, and How to Prevent Them appeared first on Foster Institute.

Another advantage of a password manager is that it is simple for you to use different passwords for every website. If a bad actor ever discovers your password for one site, they can use a technique called credential stuffing to try the same password at other sites too. If you’ve reused the password, then the attacker will gain access.

Some password managers synchronize passwords between multiple devices, including phones and computers. Some password managers come with added features. Some people consider the added tools bloatware. If there is a feature you don’t need, see if there is an option not to install that feature. A password manager needs to use plugins for users’ browsers, so that’s a given. Stuff like VPN offerings aren’t always beneficial, and sometimes installing additional programs creates “one more thing that might go wrong” or “one more program an attacker can attack” on the computer or phone.

Which password manager should you choose? You might already have a favorite. If not, consider asking your IT Professional for their input. If you use the one they like the best, you’ll know they’ll be able to help you if you have a question later. If a product forces you to install added software and you have no option to opt-out, consider a different password manager.

If you read reviews, many reviews weigh “free” heavily into their weighting. I know I’m willing to pay to get the best product and understand that companies need to make money to survive.

Of course, as always, I strongly encourage you to use some form of two-step verification in addition to the password. If the website provides the option to “Remember this device” so you don’t need to go through the second step as often, then logging in the second time should be almost seamless for you if you have a password manager.

What is the most significant risk of using a password manager? People immediately think of how attackers might break into the password manager to steal the passwords. With the modern technology to protect the password vault, it is more likely an attacker will steal your passwords out of your browser if you’ve told the browser to remember your passwords. To feel better, you might choose to memorize passwords for your bank and other sensitive passwords, but use your password manager for less risky logins. If you use a two-step login, you’re still protected by the second step even if an attacker discovers your password.

Perhaps the most significant risk of using a password manager is that attackers might somehow infect the company that writes the software and use the program to attack your computer. Attackers taking control of a widely used and trusted program is known as a supply chain attack and is what happened at Solar Winds, Log4j, CCleaner, and other high-profile breaches.

Passwords do not always stop attackers. They get into computers and wait for the user to enter the passwords for them: https://fosterinstitute.com/how-attackers-bypass-your-password-protection-even-if-you-use-two-step-login/

Please forward this to your friends so they know a password manager can speed up their workflow.

The post Password Managers Speed Your Workflow appeared first on Foster Institute.

What he is experiencing is a common ploy. The bad actors probably didn’t hack his account, and I’m sure he reset his password just in case. The chances are that they don’t have any pictures. They certainly don’t have photos if whatever they claim happened didn’t happen.

The bullies are adept at social engineering, and their goal is to be terrifying. They’re incentivized because they make more money.

They commonly send information to make their messages look legitimate. They find passwords on the dark web and send those, where someone works, where they went to school, date of birth, and the names and ages of family members. That information is often easy to find, and bad actors having those details doesn’t mean they hacked an account. Often the entire information gathering process is automated. https://fosterinstitute.com/why-phishing-messages-contain-such-accurate-information/

The best thing is to avoid communicating with the bad actors and act like you never receive the messages. The bad actors will pick on someone else to try to get money from them.

I wouldn’t be surprised if he starts getting email messages from them.

Do this now: Be sure none of your email programs displays graphics or images when you open a message. On your iPhone or iPad, go to Settings > Mail and turn off “Load Remote Images.” If you don’t see that option, look under Settings > Mail > Privacy Protection > and choose “Block all Remote Content.” In Outlook, select File > Options > Trust Center > Automatic Downloads and choose: Don’t download pictures automatically. Note that the setting can move around, but a quick search engine search for “how to block email tracking” and the name of your device or application will produce fast results. Take similar steps for every device you use to check your email. This step will usually prevent the attacker from knowing you opened the email message, but you must change the setting before receiving the message.

Cover up the cameras on your computers, tablets, and phones if you do not use the camera often.

If you do receive one of these messages, print it out and save it in case you need it for evidence in the future. Do not forward the message unless you are confident that the transmitted message contains no graphics.

It is up to you to decide if you want to warn family, friends, and everyone else in your address book in case the attacker follows through with their threat. Reassure your contacts that the contents of the message are false.

Make a detailed log, and make copies of all email messages, phone calls, and text messages you receive from them. Submit a complaint at ic3.gov. Contact the police if you fear that your life is in danger. If the email message came from Gmail, notify Google, and they can investigate.

Visit www.haveibeenpwned.com to see if there is evidence that your password has shown up posted on the dark web.

Reset sensitive passwords and enable two-step verification on websites where you log in. Be sure you are current on all security patches on your devices.

Please forward this to everyone you know so that they will prepare for threatening social media and email messages.

The post Watch for Threatening Email and Social Media Messages Saying You’re Hacked appeared first on Foster Institute.