Their program already installed on your computer should be able to give them all the information that they need. Even if the tech support person does require you to install another program, there is a possibility that the diagnostic program has an undiscovered security vulnerability.

If you do decide to install the program, at least make sure that the file location they offer you is on their main website, not a misspelled version such as qickbooks.com or abode.com.

Additionally, refuse to permit tech support to log in to your computer, even if you were the one who called them. Do you want to trust the security of your computer to a stranger?

Ask if there is some other way to provide them with the information they need.

Beware of imposters asking you to provide remote access or asking you to download diagnostic software.

The post Can you Trust the Kindness of Tech Support Strangers? appeared first on Foster Institute.

With computers, you can be up and running ASAP. Unless there is something broken with the computer’s hardware, a broken computer can be revived in just a few minutes.

In order for this to happen, ask your IT department (if they haven’t already) to create a golden image.

First they will set up a computer and configure it exactly the way it needs to be for your business – and you could do this for home computers too. Second, make an image backup of the computer. Recommended tools are below.

Now, you have a golden image, configured in the way you like with all the right software installed, etc., that can be restored to a computer to reset the computer to be like new again.

From now on, whenever you suspect that a computer is infected with a virus, has been hacked, or is just malfunctioning in general, do not troubleshoot it. Dump a golden image back onto the computer and refresh it to be like new.

Note: All the data will be overwritten when you restore the image. So, for personal computers, be sure to back up the data prior to restoring an image. At the office, all users store their data files on servers, not on workstations, right?

You may find that your IT team can create a single golden image that can be used on different models of computers, or they may need to make separate images for each model. If you use a technology called VDI, this is even easier. VDI is a different topic though.

Image backup tools include Shadow Protect Desktop from Storage Craft, and Acronis True Image. For Macs, use Carbon Copy Cloner.

Please forward this to everyone you know who troubleshoots a computer if it is acting up. There is another way, and troubleshooting may not be able to completely remove a virus if the computer is infected anyway.

The post Fix A Computer in Minutes and It Works Almost Every Time appeared first on Foster Institute.

Last weekend, I asked my daughter to tell me a fairy tale. She chose The Three Little Pigs and the Big Bad Wolf. As she told the story, it became so clear that organizations use straw, sticks, or brick to build their cyber-security protection. See which you are, and how to improve:

Security built with straw, is weak, and too common. It is when executives say:
1. “We moved everything to the cloud so we no longer need to be concerned with security.”
2. “Everybody is getting ransomware, so it is no big deal if we do too.”
3. “We encrypt our data, so it is safe.”

Security built with sticks is common too, and better, but will not stand up against attackers. They think they need only three things and can stop there:
1. Anti-virus
2. Firewalls
3. Strong passwords

Security built with bricks is very rare. You still need the “sticks” combination, and the rest of making a home out of brick is achieved by doing the hard things that attackers are counting on organizations not doing:
1. Ensure no programs or scripts can run unless approved
2. Keep patches current without crashing systems
3. Constantly measure to make sure the right things get done. Support your IT Professionals generously by truly listening to them and supporting them as they accomplish these difficult tasks

Past, and future, blog entries explain how to implement the brick solutions above.

Please forward this to everyone you know who may have built their cyber security out of straw or sticks. Encourage them to get out the bricks ASAP.

The post Straw, Sticks, or Brick: How to Tell Which Your Network Is, and How to Improve It appeared first on Foster Institute.

A drastic solution is to uninstall all browsers. Browsers can’t get hacked when they don’t exist. You can switch to hosted browser service that runs browsers in the cloud, not on your computer.

To see how this works, watch the short videos at authentic8 dot com and Citrix dot com/virtualization/secure-browser

This newsletter is targeted to executives who don’t need to understand technology, so you may choose to forward the following technical information to your IT Department.

And please forward this to anyone whose cybersecurity you care about.

For our more technical audience: As of today, only authentic8’s solution supports general web browsing, but both support web applications.

Since these services put security first, and functionality a close second, you may still need a local browser for some applications if they don’t function properly in the hosted browser environment. But, if that is the case, you may be able to remove Flash and Java from your systems to make your local browsers more secure.

The biggest problem with both products is that they do not have a way to be set as the default browser to be used if a user clicks inside an email message. So, if you must leave a local browser installed, your users will still need to be careful about clicking links in email messages. The solution may be available soon.

Hosted browsers still protect your computers during web browsing sessions. And it becomes practically impossible for an attacker to use a hosted browser to access the sensitive data stored on your network drives.

Investigate using a hosted browser for added protection against the many threats on the Internet that exploit browsers and plugins such as Flash and Java.

The post Finally, a Solution to Solve What May Be the Biggest Cyber Security Risk at Your Organization appeared first on Foster Institute.

An Australian Web Security Specialist, Troy Hunt, has compiled a database containing usernames that have been stolen in hacks and then published or sold. Some people use his site to look up their own email address or username.
His website is haveibeenpwned dot com. (In this case, Pwned refers to a condition of someone else having access to your login credentials.)

At his site, people enter their email address or any usernames they’ve used for online logins. Sometimes, they look up addresses of their family members. If there is a hit, the details of the breach are displayed on the site.

Even if not on the list, there is no guarantee that person’s credentials haven’t been stolen, but it still helps to know.

If you ever suspect that your login credentials to any website have been exposed, it is very important that you reset the password on that site, as well as any other sites where you may have used the same password.

There are other strategies to protect yourself. Enabling two-step-logon is very important these days since it can thwart attackers who know your username and password. Using a password manager, as opposed to letting your browser store passwords, can help make password security more convenient, but it still needs to be used carefully. These strategies are explained in detail elsewhere in this blog.

Forward this to anyone who might want to know if their username and password has been hacked…

The post How to Find Out if Your Password Might Have Been Hacked appeared first on Foster Institute.

Due to more than 35 instances of Samsung Galaxy Note 7 phones exploding, Samsung has recalled the 2.5 million devices.

Fortunately, none of the explosions happened in an airliner. Yet. And may it please never, ever, happen.

Will the ban be enforced and, if so, how? Do all Samsung device owners know which model they have?

Are we all gambling with our lives when we fly on planes with phones that might explode? Will the airlines deny use of other Lithium battery operated devices to make things easier to enforce? If you cannot take phones with you on a business trip, is this a new business opportunity for someone to rent phones to travelers arriving at airports?

The post “This is Your Captain Speaking – No Samsung Phones Allowed” appeared first on Foster Institute.

At a client’s office this week, one of the IT Professionals had an interesting idea. He can configure two-step logon to contact him, not the consultant, for login verification.

If you configure this at your office, here is how it would work: First, the consultant would enter their username and password to login to your network. Then, an app on your smartphone would indicate that the outsourced consultant is trying to gain access. Then, you will be able to choose to allow or deny the consultant’s login attempt.

This IT Professional wants to know, in real-time, when someone is attempting to log on to his network. If you use this arrangement, you will have the capability to permit them or deny them access each and every time.

It is an interesting idea.

The post A Way to Control Consultant Access – Every Time appeared first on Foster Institute.

I do not take medicine to aid sleep. Recent research shows that many sleep aids, including one that is almost universal and used for treating allergies, can greatly increase the likelihood of neurological issues, such as dementia, later in life. Some people say that tart cherry pills help. Other people complain about melatonin hangovers.

Sleep is a skill. There are now “sleep coaches” – especially for winning sports teams. Here are some sleep tips that, in my own experience, work well, and you may want to share them with your team:

Preparation – Three steps for the hour before bed:

1. Experience warm color light sources only.
-No “Daylight color” light bulbs or reading lights. Use “soft white” bulbs only before bedtime. No blue light.
-Turn off the TV, phone, and iPad. If you must, then Apple Night Shift settings at maximum warmth.
-Read a book or magazine, read to a loved one, or keep a journal.

2. Contents
-Let go of negative thoughts about work and about your mother-in-law.
-Avoid negative news stories.
-Have a snack so your body doesn’t wake you up to eat.

3. Relax
-Relaxing bath. Candles and rose petals optional.
-Focus on breathing. When you inhale, visualize happy and joyful images. Exhale worries, stress, and anything that doesn’t serve you.
-Progressive relaxation: Tense up your head and neck muscles, then relax them. Tense shoulder muscles, then relax them. Keep going all the way to your toes.
Protect your company against hackers by helping your team members get a good night’s sleep. Sleep has other benefits too.

Forward this to everyone you care about…

The post Sleep Deprivation Makes Attackers’ Dreams Come True appeared first on Foster Institute.

You’ll enter a username, and your phone will buzz to ask you if it is really you who is attempting to log in. Just keep your phone with you, and passwords may be a thing of the past.

But protect your phone so that an unauthorized person doesn’t gain access to it. Would you be willing to risk it? At least nobody thousands of miles away would come to steal your phone. But what about someone else in your office that gains access to your phone and approves a bogus logon so they could do you harm?

The obvious less convenient, but more secure, solution is two-step logon where you enter a user name and password, then your phone buzzes asking you to confirm. Someone else stealing your phone won’t help them at all, as long as they don’t know your password too.

The post No More Passwords appeared first on Foster Institute.

1. Keep critical operating system and application patches up to date, especially Flash, Java, Reader, and your browsers. Updates fix security loopholes in programs. The fear of a patch causing a program to malfunction can be reduced with proper testing, performing a staged rollout, and having a rollback plan.

2. Utilize Application Whitelisting. Application whitelisting allows you to specify what programs are permitted to run, such as Microsoft Office, your accounting program, and anything else your team needs for business purposes. Because of not being on the ok list, the majority of malicious software is blocked from running. The reason most companies don’t use application whitelisting is that their IT Pros know it can be a daunting process to set up and make it work well. Therefore, we can set that up for your IT pros. Why should they need to learn something when it only needs to be done once? The upkeep can be simple from then on.

3. Reduce the number of users with Local Admin rights as much as possible. This removes a user’s ability to install programs on their computer. As a result, it greatly hinders the ability for attackers to install malicious software too.

Other than implementation, none of those cost any money. You already paid for the technology. Emphasize the importance of, and support your IT Pros, as they implement these 3 powerful controls in your network.

Wishing you a thankful week and thank you all for remembering cyber-security as part of your main strategy for successful business operations!

The post Cyber Security’s Three Essential Steps appeared first on Foster Institute.