Immediate Action if You Suspect a Breach:

If a clever hacker duped you into doing something that resulted in a suspected security breach, and you received a prompt asking you to run a program on your computer and agreed, your computer is likely compromised. Do not reboot your machine – disconnect it from the network immediately. The machine needs to stay awake so logs stay intact for forensic evidence. Document every step you take from this point forward – it could be crucial for legal and insurance purposes later.

Is there Customer or Other Sensitive Information on the Computer?

Assuming this is a work computer, potentially exposing sensitive information can be very serious. Contact your insurance company immediately. They will likely connect you with a data breach attorney immediately.

There are potential lawsuits, fines, etc. Some regulations and laws might require you to notify entities and customers. Different industries have specific compliance requirements – healthcare providers must consider HIPAA, financial institutions have regulations, privacy laws can come into effect, etc. You might be required to notify specific parties. Knowing your obligations is crucial. This is another reason to open a case with your insurance so they will connect you with a data breach attorney for guidance. If you don’t have insurance, contacting a data breach attorney immediately can protect you later.

For a Computer Without Sensitive Information:

You can run a full scan with your existing antivirus software to look for malware. Make sure it’s up to date before you start. This might catch obvious threats, but it’s just step one. Some solopreneurs, small companies, and families use additional malware scanning tools for a more thorough check. We receive no compensation for mentioning them, nor do we endorse them, but some families and small companies say they’ve had good luck with products such as Malwarebytes and HitmanPro. The latter requires an Internet connection to work. If you suspect your computer is infected, know that reconnecting it to the Internet could allow an attacker to re-establish access. While these tools can be helpful, remember that advanced attackers design their exploits to be undetectable by scanning tools. There’s no guarantee of complete security.

EDR/XDR Tools Look for Indicators of Compromise:

EDR/XDR (Endpoint Detection and Response / Extended Detection and Response) tools look for computer activity resembling attacker behavior and can intervene. EDR/XDR tools typically require you to purchase a minimum number of seats and thus are sometimes viewed as cost-prohibitive for businesses and families with fewer than 20 computers. For example, if an MSSP charges $20/mo. per computer for managed EDR/XDR, but customers must purchase at least twenty computer licenses even if they have fewer than twenty computers, which results in a $400/mo investment. Of course, breaches are costly, too. If you open a case with your cyber insurance company, a common practice is for them to run EDR/XDR software to look for installed programs, and they’ll remove the software when finished.

A Clean Start:

If you want to feel more confident that your computer doesn’t contain keyloggers or other malware, you might choose to erase your computer and start fresh. Back up your essential data files first, then reinstall your operating system and all your software from scratch. It’s a hassle, sure, but it’s the most reliable way to know your system is likely clean. You can probably find a computer consultant to help you. If you don’t want to use a consultant, or if it is your family computer, I’ve known people who take their computers to local tech repair shops for this process.

Network-Wide Considerations:

Remember, if one computer on your network is compromised, others might be too. Consider having a professional assess your entire network for signs of intrusion. They can help identify any backdoors or persistent threats that might be lurking.

Prevention is Key:

To avoid future incidents, make sure all your software and operating systems are always up-to-date. Use strong, unique passwords for all accounts, and consider implementing two-factor authentication where possible. Regular backups of your important data can be a lifesaver if you ever need to start fresh. Restrict user permissions and rights. Use excellent spam filtering tools. Train your users not to click links, open attachments, scan QR codes, follow instructions to download documents, and more. Use other essential industry cybersecurity practices. Ensure your IT Pros are managing your computers.

Develop an Incident Response Plan:

It’s crucial for businesses of all sizes to have an incident response plan in place before a breach occurs. This plan should outline the steps to take, who to contact, and how to mitigate damage.

Even for families, having a basic plan can help them act quickly and effectively if they suspect a breach.

Engage a Qualified MSSP:

If your business doesn’t have an internal IT professional, or if yours is overwhelmed with work, strongly consider partnering with a qualified MSSP (Managed Security Service Provider) to help your company stay safe.

Summary:

I hope your family or very small company never gets hacked, but if it does, I hope this guidance helps you decide whether or not to attempt to find and remove malware and provides tips about how to do so. Remember, when in doubt, don’t hesitate to seek professional help – the cost of expert assistance is often far less than the potential damage from a mishandled breach.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post When Cybersecurity Fails: How to Respond if Your Small Business Gets Hacked appeared first on Foster Institute.

Credit Freeze

If you haven’t already, consider freezing your credit to prevent new credit accounts from being opened in your name without your permission. Here are in-depth instructions and details: Help Protect Your Financial Future: Freeze Your Credit – Foster Institute

Monitor Financial Accounts

Keep a close watch on your financial accounts for any unauthorized activity or transactions. Consider subscribing to an identity theft protection service, which can help monitor your information and alert you to potential misuse of your personal data. If you didn’t place the credit freeze mentioned above, doing so is essential.

Beware of Fraud and Scams

Beware of email, text, phone calls, or messages popping up on your computer that claim you are hacked and offer tech support help. Familiarize yourself and your family with the latest fraud techniques. Be skeptical of emails, phone calls, or messages that request personal information or direct you to websites asking for personal or financial data.

Be Cautious with Search Engine Results that are Ads

Threat actors can purchase ads so that, if you search for keywords such as ‘My phone provider database was hacked,’ the ad, disguised as a helpful search result, will appear at the top. This can lead you to a page designed to defraud you or compromise your computer

To help protect yourself, when you search, scroll down and click on the organic search results rather than the ads. You are more likely to access safer websites.

Malicious advertising is not limited to search engines. Advertisements on websites can be just as dangerous. These attacks are called malvertising and trick millions of users each year.

Change Passwords Immediately

If you haven’t recently, change passwords for all your accounts including phone provider, social media, banking, and other sensitive accounts, especially if you’ve used the same password for multiple accounts.

Use a Password Manager

Consider using a password manager to manage your unique passwords on every website. Detailed information about using password managers: Password Managers Speed Your Workflow – Foster Institute

Set Up Unique Security Questions

When setting up security questions, avoid real answers that are easy for a bad actor to research. Instead, use fictional answers like, “The fourth crater on the moon.” Save your secret answers in a randomly named file such as “socks.docx,” and consider encrypting this file for added safety.

Enable Two-Step Verification

Enable two-step verification for accounts. Prioritize setting this up on sensitive websites and services where it’s available.

Update Operating Systems and Software

Ensure that all your devices have the latest security software, web browsers, and operating systems updates and patches. This is one of the best defenses against viruses, malware, and other online threats.

Secure Your Tax Identity with an ID.me Account

Given that social security numbers were compromised, there’s an elevated risk of someone attempting to file a fraudulent federal tax return in your name. To combat this, consider registering for an ID.me account which provides access to IRS services. With this account, you can also apply for an IRS Identity Protection PIN (IP PIN) that adds an extra layer of security to your tax filings by requiring this unique six-digit number on your tax return.

Protect Your Property Records

With personal details like your SSN in the wrong hands, even your home ownership documents could be targeted. It’s advisable to monitor and possibly register your property deeds with services that alert you to any unauthorized filings or changes. While a universal solution for this isn’t available yet, taking initial steps such as contacting your local county clerk’s office to inquire about protective measures can be beneficial.

Awareness for Business Impact

Businesses, particularly those utilizing services from the breached provider, should be acutely aware of the implications this breach can have on their operations. It’s crucial for business owners to assess their exposure and strengthen their internal security measures, including employee training on data privacy and regular security audits to prevent further damage.

Register for Online Tax Accounts in All States

To prevent the misuse of your personal information for fraudulent state tax filings, consider registering for an online tax account in each of the 50 states. This pre-emptive registration can block identity thieves from creating accounts in your name, a tactic increasingly used to commit tax fraud across state lines.

Digital Footprint and Data Sharing

Be vigilant about the information you share online and through mobile applications. It’s crucial to minimize data sharing and scrutinize the permissions you grant to apps, especially those that request access to sensitive personal information. Educate yourself and limit exposures to safeguard against unauthorized data usage. The less information threat actors can gather about you, the more difficult it will be for them to misuse your identity.

Review and Update Privacy Settings

Regularly review and update your privacy settings on social media and other online platforms to ensure minimal public exposure of personal information. This proactive measure can significantly deter fraudsters from using accessible data to facilitate identity theft or scams.

Legal and Financial Consultation

Consult with legal and financial advisors to explore additional protective measures tailored to your personal or business circumstances. Discuss setting up legal structures such as trusts to shield assets, or other strategies that may offer enhanced security against identity theft and financial fraud.

Emergency Contacts and Protocols

Prepare an emergency contact list and establish protocols for immediate action if you suspect identity theft or if a data breach occurs. Include the contact information for essential services such as credit bureaus, your bank, and legal advisers, to ensure a swift and organized response to security threats.

Forward this message to your friends so they can follow these steps can help mitigate the damage from the breach and protect their personal information.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

Disclaimer: The information provided in this blog is for general informational purposes only. Technology changes constantly, and some of this information might become obsolete or incorrect. We do not endorse or receive compensation for mentioning products, services, or brand names. Any outbound links provided are for your convenience and to get you started, but we cannot guarantee the security or safety of those external websites. Conducting your research and making an informed decision about any products or services mentioned here is essential. We shall not be held responsible for any actions taken based on the information provided.

The post Protecting Your Financial Interests in the Wake of a Major Data Breach appeared first on Foster Institute.

The post Leadership in the Line of Fire: Cleanup or Clean Slate? appeared first on Foster Institute.

SolarWinds is a well-respected organization, and many organizations utilize their products. Not enough details are known to discredit their organization. Clearly, attackers see them as valuable enough to use as an infection vector.

This is called a supply chain attack because bad actors use a trusted product in an organization’s supply chain to attack the organization. A similar well-publicized attack happened with a popular tool, with many benefits, called CCleaner. The attackers successfully compromised 2.3 Million PCs.

The CCleaner supply chain attack is an illustration of dwell time. Attackers waited five months from the time they gained access to CCleaner before they launched the attack on CCleaner users. Many computers were safe, but not 2.3 Million of them.

Remember: Just because your organization fixes a vector through which the infection came does not eliminate damage already done. As an analogy, if you were the king or queen of a castle, and you found that attackers entered your castle walls to attack your city, raising the bridge over your moat does not eliminate the attackers who already made it inside.

Supply chain attacks are one of many reasons to eliminate as much software as possible at your organization. If a program is not essential, remove it asap. SolarWinds is vital for many organizations.

Please forward this to your friends so they can alert their IT departments to address this situation, and know to remove all non-essential software from all computers.

The post Emergency Update if Your IT Team Uses SolarWinds Products, and How to Protect Against Supply Chain Attacks appeared first on Foster Institute.

The attacker does not need to know any passwords; they do not even need a username. They plug in a cable, and 3 seconds later, they’ve completely compromised your network. An attacker posing as a visitor, a copier repair person, or a member of a cleaning crew can all compromise your organization. They can steal sensitive information, install ransomware, and can shut down operations entirely. They bypass the majority of, if not all, of your other protections because now they’re a Domain Administrator.

This exploit is so severe that the Department of Homeland Security directed all federal agencies to apply the patch in accordance with the Federal Emergency Directive 20-04.

Take these three steps ASAP:

First, ask your IT team if they’ve backed up your Domain Controller servers and applied Microsoft’s patches that address the Zerologon exploit CVE-2020-1472. They must do this immediately. Be compassionate if they’ve not. IMPORTANT: Realize that if an attacker already took over a network, the patch doesn’t help.

Second, if you have Domain Controllers using operating systems older than Windows Server 2008 R2, your IT professionals must shut them down for good. Be sure to migrate any mission-critical services to other servers.

Third, does your organization rely on third parties to support you? What if one of your major suppliers, a distributor, or your biggest customer falls prey to an attack? Prepare your organization now for an interruption of their operations. Be sure their executives know about this flaw and these three steps. You do not want a catastrophe at their organization to domino and cause a disaster for you, even though you’ve protected your systems.

Additional steps:

Inform your work-from-home team members that, in some cases, the attacker can take over your network using a VPN connection. Do you have an armed guard at every work-from-home user’s home to watch visitors? Of course not. But your entire organization might rely on their security. What if a teenager’s friend feels like playing around, experimenting, with this new cool exploit on a mom or dad’s computer?

The patches only protect you from attacks from Windows devices. If an attacker accesses a network port or cable with a non-Windows machine, the attacker can still take control of your network. Microsoft will release a second patch on February 9, 2021. Ask your IT team to configure alerts now to monitor security log events 5827 thru 5831 to see when connections are allowed or denied.

The average time for IT Professionals to apply critical security patches is five months, but you need to help yours be above average. Ask them what you can do to help them have time to test and install all critical security patches within 14 days or sooner. They might want to have a patch management tool. They might need more time to devote to applying updates.

Confirm that your IT Team disconnects or disables all unused Ethernet ports, including those in conference rooms. Lock doors to any offices and conference rooms that contain active Ethernet ports. Train everyone to be proactive and remove opportunities for anyone, including guests and repair people, to plug a device into a network port.

Keep in mind that 911 systems, airlines, governments, and every organization that you depend on are at risk for Zerologon exploit CVE-2020-1472 until they take action too.

Please forward this to fellow executives you care about so they can support their IT Professionals successfully backing up servers and applying the emergency patch.

The post Attackers Can Take Control of Your Network in Three Seconds, and How to Stop Them appeared first on Foster Institute.

The leak exposed a tremendous amount of information about you, your personal and work history, your interests and hobbies, current and past contact information, and more all gathered and stored in one package. If someone knows your email address, they could immediately know your birthdate if you ever entered that date into a social media profile.

The data might also include your religion, financial information, members of your family, buying preferences, and more. It is alarming that your information is now more readily available than ever. Even more disturbing is that interested parties can access your data all in one place. Do you read the privacy policies when you install applications or sign up for services? You often agree that they can share some or all of your information with third parties. Those third parties may be data aggregation companies, called enrichment companies. This leak’s source was an Elasticsearch server. It contained data from two data enrichment servers called People Data Labs and OxyData.

What should you do? Now, more than ever, watch for fraudulent messages that seem very legitimate. Consider an example if your data set includes your phone provider. Social engineers might pretend to be your phone provider. They will demonstrate that they know real towns where you’ve lived. They’ll add legitimacy by including your accurate birthdate, one of your hobbies, and potentially your credit history. On the flip side, people that have your information can impersonate you to organizations. They might reset a password or change your listed email address so they can access your protected accounts. They might be more successful at tricking your relatives and friends into clicking a link because they’ll recognize personal details.

Use different passwords at different websites. Enable two-step verification as suggested and described in prior newsletters. Warn your friends that they must be more vigilant than ever for frauds and scams, even when the contact seems to know all about them.

The post A Huge Data Leak Exposed Your Personal Information appeared first on Foster Institute.

If you want to find out if your passwords were released, visit his site called https://haveibeenpwned.com. If you elect to enter your email address, he will tell you if it is in the collection and give you more details.

What do you do if you are on the list? Reset your passwords. Use a password manager that will remember your passwords for you to make your life easier when you use a different password at each website from now on.

Now is a great time to enable two-step verification. A basic form of two-step verification is when you enter a username and password, and you receive a text message code to type in. Enable two-step verification on PayPal, LinkedIn, Dropbox, Facebook and every other web service you use. On each website, look for Settings > Security. You may need to dig down, but more reputable sites now support two-step verification, but you must enable the feature.

Some bad news is that, about a week ago, a tool called Modlishka shows how to break two-step verification so it isn’t that secure, but two-step verification is still more secure than a simple username password combination. If it allows, have a website use some other method than texting you a password. Using an app on your phone or calling you via a voice call are options that are often more secure than the text message. Microsoft, Google, and a service called Duo offer these options and more. Having a hardware key is even better unless your laptop users leave the key stored in the laptop case, and their password written on the bottom of the laptop.

The post 773 Million Passwords Exposed – Were You Exposed? appeared first on Foster Institute.

Set a passcode on the device. Even a 4-digit code is much better than nothing. Just avoid 0000, 1111, 1234, 2580, or other easily guessed codes. Keeping the device in your possession, or in a secure place, is just as essential since is can prevent the opportunity for someone to guess your password.

Keep the device backed up, and apply security patches as soon as they are released. The patches often protect against attacks that are already happening in the wild.

Do not connect to Wi-Fi networks without weighing the risk of convenience versus your potential benefits. When you connect to any Wi-Fi network, there is a chance that attackers can exploit your device in many ways. Because bad actors can trick your device into connecting to their malicious access points without your knowledge, consider using your device’s settings to disable Wi-Fi when you are not using it. Re-enable Wi-Fi only when you are at your office, home, or in another trusted environment.

At the office, there is technology that will allow your IT team to implement MDM, Mobile Device Management, to restrict your team members’ activity on their devices. This can help protect against one of your team members accidentally becoming a vector for attackers to access, and potentially interfere with, your entire organization’s network.

For families, keep these three possibilities in mind:

First, use the internal parental controls and restrictions that are built into the device. The settings and features are very effective, and well documented on the support sites. More features can be added with security and feature updates, so review the settings periodically. The best strategy for using these restriction settings is to use steps A, B, and C.

• Step A: As you apply security and privacy restrictions to a device for a family member, keep reminding yourself that you are restricting that device for their, not your, needs. It is easy to think about how you might want to use wireless payment options, and then you avoid restricting the options accordingly. When in doubt, restrict. You can always re-enable features later.
• Step B: Before applying parental control restrictions, first configure the other settings on the device. If you apply parental control restrictions first, you may find that you’ve restricted your own ability to adjust these settings.
• Step C: Wait until you finish steps A and B before you apply the restrictions designed to protect family members. You’ll be prompted to create your own unique password so that, in theory, only you can adjust the parental controls.

Second, when protecting families, consider commercially available tools designed to enhance your ability to, not only restrict, but also monitor usage. Many reviews place a product named Qustodio at the top of the list. We receive no compensation in any way for recommending this, or any other product or service. We just want you to have a place to start. It seems that, for many of the control tools available, parents either love them or hate them, depending on their expectations. To help ensure a good outcome for you, research the features and read comments from other parents. Restrict your search to comments made in 2017. Each product’s features, and approval ratings, tend to change from year to year. Some products will even permit you to restrict laptops and desktop computers in addition to tablets and phones. Interestingly, you may find that third party software is able to restrict Android devices more than Apple devices. This is because Apple’s own internal controls are already so restrictive, they can partially block the parental control software too.

Third, consider restricting the Internet access at your home, too. For example, you may choose to set a time limit on usage duration or time of day. This can help ensure that youngsters get enough sleep. A very powerful tool is called Circle with Disney. Again, we receive no compensation for recommending products or services. This tool is widely accepted as being one of the best. If nothing else, check out its features to help you get an idea of what you may want to control. It has a feature that can restrict access even when the device uses a cellular connection or connects to a different network. That added protection can prevent family members from simply going to someone else’s house to operate without restrictions. Bear in mind that Internet filtering tools do not restrict the ability for family members to use apps, except for apps that need to connect to the Internet in order to function. The afore mentioned products can control both apps and Internet usage. But sometimes having two products can be helpful too.

When implementing family control tools, remember that all of them include privacy risks. While restricting apps and Internet usage, software is able to monitor your family members’ electronic behavior too. That information can be sold to marketing firms who already build a profile on each consumer. Do you want to contribute to what they know about your family members? What if bad actors gain access to information that helps them target a family member? You may decide the risks are worth the benefits.

Please forward this information to everyone you know who might want to place restrictions on Apple and Android based devices. Thank you for helping make the world a safer place to live and work! Happy New Year!

The post Protecting and Restricting iPads, iPhones, and Android Devices appeared first on Foster Institute.

Almost always, the vendor or contractor had no malicious intent. Their organization’s own IT systems were not secure, and/or their team members performed actions in a non-secure way.

Be sure the service providers you use are working every day to be more secure too. Ask them about their security awareness training program. Ask them how often they are audited by independent third party firms that are interested in helping them increase their own security. If you want to, encourage them to sign up for our newsletter.

Remember, your IT security relies on their IT security too.

The post About Half of All Breaches are Caused by a Contractor or Service Provider appeared first on Foster Institute.

Every program that you install on your computer is a potential security risk.

CCleaner may be installed on your computers, right now, by well meaning, qualified, IT professionals who care about you and your organization. It is a powerful tool with many beneficial features. Yet it has been hacked.

It will not help you to invest energy being angry at your in-house, or outsourced, IT professionals, or to be angry at the developer of CCleaner. They mean well and are using their skills to protect you and your company. CCleaner has undoubtedly added a great deal of value to the world by speeding up computers and removing malware. At some point, IT professionals have to trust that some programs are secure.

But their trust is exactly what attackers are counting on.

What you, as an executive, must do is to ask your IT team for a list of all programs installed on your network. Ask IT to uninstall all programs, that you, with their input, decide are not absolutely essential for you to use to serve your employees and customers. Do not burden them with making that decision on their own.

You owe that to your customers who trust you with their information.

You may decide to stick to using programs from well known and vetted companies, although that is no guarantee that the program is safe. Any program that is installed by millions of users becomes a target for attackers to use as a vector into your organization’s computers.

If you use CCleaner, uninstall it. Know that some of your data, perhaps whole computers, have been compromised. You can read their official announcement here: https://forum.piriform.com/index.php?showtopic=48869

Know that uninstalling software does not remove the malicious code imbedded in your computer. And don’t count on your anti-virus to find the code. Attackers know how to hide malware from anti-virus programs. The best thing to do would be to rebuild the computers from scratch. Hackers are counting on the fact that your IT Pros do not have time to reload each computer. Ask your IT Pros if they have time. Either free up some of their time so they can perform the reload, or bring in an outsourced company to help, or choose to accept the risk and go on. That’s a decision for the executives to make. Using a technology called VDI makes the reinstallation process much easier.

If you want to continue to use CCleaner, if there is an executive level decision that the risk is worth the benefit, then you can ask IT to re-install the newest version.

Forward this to every executive you know. Tell them about this crisis, and how they must be involved in identifying all non-essential programs, so that IT can uninstall them.

The post Your Software, such as CCleaner, May Have Backdoors appeared first on Foster Institute.