Danger:

Realize that using public networks via Wi-Fi or an Ethernet cable can be very dangerous. Your laptop is still exposed to network sweeps, vulnerability scans, and other network attacks. Threat actors don’t even need to be close to you; they can attack your laptop using other innocent people’s laptops.

Cellular Phones and Mobile Hotspots:

Instead of connecting to a public network at a hotel, coffee shop, or similar, use your phone’s data-sharing function to connect to the Internet while traveling. When you connect your laptop to your cellular network rather than the public Wi-Fi network, your laptop is not exposed to the dangers on the public network. Most phones permit you to connect your laptop to the Internet, and the connection speeds are usually very fast. Unless you are watching movies, the amount of data you consume may be less than you think.

Consider using a wireless hotspot from your phone provider. This option can be more convenient if you need to take your phone with you while stepping away, allowing you to leave your laptop connected to the internet.

What if a cell phone is connected to public Wi-Fi and then used as a hotspot?

If your phone allows you to connect it to public Wi-Fi and share that connection with your laptop, it could be beneficial. Your phone might act as a buffer, providing some protection for your laptop from direct exposure to the public Wi-Fi network. However, keep in mind that your phone would still be exposed to potential risks on the public network. Additionally, many phones do not support sharing a public Wi-Fi connection with a laptop; they typically only share the cellular connection.

Throttling:

Suppose you anticipate using lots of data, such as watching movies. In that case, your phone provider might slow your Internet connection to a crawl once you reach a specific data limit for that month, even if you have an unlimited data plan. They call this throttling your connection.

If you need a hotspot that will not get throttled in the USA, consider getting a hotspot by donating to https://calyxinstitute.org/ (We do not receive any compensation for mentioning them, and this is not an endorsement of Calyx Institute. We know many people who are very happy with their service, so it is important to tell you of a way to avoid throttling). Their website shows their coverage areas.

International Roaming:
If you are traveling outside your country, check with your phone service to see what International Roaming plans they offer. You can often use your phone and hotspot in other countries for a small monthly fee.

Portable Hardware Firewalls and Travel Routers:

If you are remote and away from your mobile phone providers’ coverage area, connecting to a public network might be your only option. Or perhaps you don’t want to use up minutes on your cellular data plan. You can help protect yourself on a public network by using a portable hardware firewall called a travel router.

Most travel routers have two radios to allow simultaneous Wi-Fi connections to your laptop and a public Wi-Fi network.

Note that some travel routers allow you to connect via Ethernet cables if you don’t want to use Wi-Fi. If you want to connect to the travel router via a cable, you will need an Ethernet port on your laptop or a USB to Ethernet adapter.

Here’s what to expect when setting up a travel router:

1. Connect your laptop to the travel router like any Wi-Fi or network cable connection.
2. Use your browser to put the router into “bridge mode.” Sometimes, the setting is named something similar. Then, connect the travel router to the public network at your hotel wirelessly or with a cable.
3. If required, log into the public network (e.g., entering your hotel room number and last name). If the public network has a login screen that doesn’t appear, you can try typing this address into a new tab in your browser: nossl dot com

The process usually takes about five minutes, even in new locations.

Remember, your connection speed depends on the speed of the public network and may vary throughout the day.

While travel routers can enhance security, proper configuration is crucial. Always consult with your IT team for setup, training, and best practices. The phone and hotspot recommendations are generally faster and simpler to connect.

If you plan to get a travel router, you should purchase it with a 30-day return policy and be sure to work on getting it up and running before you leave on your trip. Reliable travel routers are available for less than $100. I do not get any compensation for mentioning this brand, and this is not an endorsement: I have used the GL.iNet GL-MT3000 (Beryl AX) travel router successfully.

VPNs are Not a Shield:

This section is a bit technical, so feel free to skip it unless you believe a Virtual Private Network (VPN) is all you need to be secure on a public network.

Using a VPN is fine, but it does not shield your laptop from network sweeps, vulnerability scans, and other network attacks. You are still exposed to those attacks even if you use a VPN.

VPNs encrypt your data as it travels across the network. However, know that your data is encrypted anyway when you visit a website that starts with https:// whether you are using a VPN or not. The encryption may have been compromised or misconfigured on the site, but this is not common, especially on sites such as banks and other companies that are very careful about their site’s security.

A significant security advantage of using a VPN is that it helps protect against Adversary in The Middle (AiTM) attacks, where an attacker tries to insert themselves between you and the site you are visiting. These used to be called Man in The Middle (MiTM) attacks. Simplified, in an AiTM attack, the adversary convinces the bank that the adversary is you connecting to the bank. Then, the adversary tries to make your laptop believe the adversary is the bank. If the adversary is successful, they can read, change, insert, and delete data between you and the bank.

But keep in mind that if you are connecting via your phone or cellular hotspot, you needn’t be as concerned about an AiTM attack unless an attacker has compromised your phone carrier’s network, which is very unlikely. And, if you use a travel router as a firewall, many of them come with a VPN service if you want to enable it.

Outside of encrypting data in transit, the added benefits of using a personal VPN service, as opposed to your company’s, would be to hide what websites you visit, and you could disguise what country you’re in. However, many people avoid the VPN option since it doesn’t provide a shield against the attacks mentioned above, and using a VPN might make your data rate seem slower due to the VPN’s overhead and the network distance to the VPN server.

If your company uses a VPN, they might insist you use a VPN, or Secure Access Service Edge (SASE), to protect privacy.

Conclusion:

Connecting to a public network can be very risky. You are more secure if you connect to the cellular network via phone or cellular hotspot. If you must connect to a public network, strongly consider using a portable hardware firewall, commonly called a travel router.

Wishing you cyber-safe travels!

The post Vacations: Connecting at Coffee Shops, Hotels, and Airports Can be Dangerous to Cybersecurity – Here are Alternatives appeared first on Foster Institute.

Common questions on insurance applications include:

Do you use MFA? Multi-factor authentication means users must go through a second step when logging in. A prevalent method for the second factor is using an authentication application on users’ phones. It is essential to use a number-matching requirement so that a user must type in a code displayed on their phone into their computer before authentication. Another second factor is time-based one-time password (TOTP) apps on phones that display a number on the phone that the user enters as part of the authentication process. The number displayed in the app resets periodically, typically every 30 seconds. Other factors include using hardware keys that plug into USB ports and biometrics, including fingerprints or facial recognition. A typical second factor is receiving an SMS text message with a code, but that method is vulnerable to attacks such as SIM Swapping. In the interest of security, you should enforce MFA everywhere possible, including VPN, Remote Desktop, and SaaS offerings.

Do you provide ongoing cybersecurity awareness training and periodic phishing simulation emails to measure worker proficiency? Your users must receive regular security awareness training, such as once per month and perhaps a comprehensive webinar or other presentation once a year. Additionally, services can send users a fraudulent or email phishing message once a month to measure their response, such as if they open the message, click on the simulated fraudulent link, and are duped into entering credentials. One often overlooked aspect of training and simulated phishing is that it might take time for your already overworked staff to configure, send, monitor, and produce reports about the results every month. You’re welcome to contact us to provide that service, and we do 100% of the work, so there is no additional burden on your workers. Training for new employees is available. We also provide comprehensive yearly training webinars and other presentations. Whatever training you use, be sure that it adapts to keep your users current with the rapidly evolving threat landscape.

Do you provide password management tools to users? Tools that remember and automatically enter users’ passwords can help encourage users to use different passwords for every login. Users with the habit of reusing passwords pose a risk to your organization. Once attackers compromise a password, they will attempt to use that same password at popular sites. This practice is sometimes called credential stuffing, and attackers can be very successful at breaking into sites if users reuse passwords. An added benefit is user productivity and user happiness. Ensure the company’s password manager uses strong encryption to store your passwords securely. Single Sign-On (SSO) is becoming more popular, allowing users to log in once to access multiple sites or resources.

Do you utilize geo-blocking or geo-filtering? These technologies identify computers, users, and email messages based on geographical locations. You will be more secure if you block email and login attempts from geographical areas where you never do business and block user logins from countries without users. While attackers can bypass these protections using VPNs, the protections are still helpful.

Are users local administrators? When you set up a new Windows or Apple computer, the user has local administrator access and can perform many activities, including installing programs. If an attacker manages to compromise that user’s account, the attacker has tremendous power to compromise that computer and potentially your entire organization. This topic is complex, but the goal of every organization must be to ensure all workers are “standard users” on their computers. Being a standard user limits what an attacker can damage and makes the user account more difficult to compromise in the first place. Privilege Access Management (PAM) solutions help manage local admin rights by controlling and monitoring privileged access to critical systems.

Do you segment your network? Network segmentation splits your network into smaller parts based on the purpose or type of device. For example, suppose you isolate your security cameras from your servers on a different network segment, such as a subnet or VLAN. If an attacker breaks into a security camera, segmentation can block their ability to hack your servers through the camera. Common segments include:

-Servers
-Desktops and Laptops
-Wireless Network
-VPN users
-Security cameras
-VoIP systems
-Different floors in your building or different buildings on your campus

It is possible to over-segment and create too much work for your IT Team, but that rarely happens. Your team will set up Access Control List (ACL) rules that limit communications between the segments to block unauthorized activities.

Have you established a security baseline for your systems? Have a documented standard configuration for security controls you enforce on your servers, workstations, and mobile devices.

How soon after release do you apply critical security updates to your devices? Microsoft, Apple, your firewall manufacturer, and other providers release security updates to programs to block attackers from using previously undetected security holes. You must apply the patches quickly to prevent attackers from exploiting the vulnerabilities. Testing patches before deployment is essential to avoid errors. Staging patches allows you to help ensure they don’t disrupt your production network. Zero-day patches and updates fix problems that attackers are already using to compromise systems.

Do you allow workers to use family computers or mobile devices to access email and work from home? Family computers are significantly less secure than company-issued devices that your IT Team manages, monitors and protects 24×7. It is relatively common for organizations to permit users to use their BYOD phones to access company email. Your insurance company could see that as a red flag against providing or renewing a policy. You’ll want to demonstrate other safeguards you use to minimize the risk.

Do you enforce EPP on all devices? Endpoint protection is a tool your IT Team can use to protect each device on your network. Ask your IT Team. Chances are they’ve implemented this solution. They might use Security Information and Event Management (SIEM) to enhance visibility and response. SIEM systems aggregate and analyze activity from different resources across your IT infrastructure.

Do you utilize EDR/XDR tools? Using Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), or Managed Detection and Response (MDR) agents on the laptops can increase security by monitoring for malicious behavior known as an indicator of compromise (IoC). EDR/XDR tools provide many benefits, including continuously monitoring network devices and watching for suspicious activities or evidence that an attacker is compromising a system. EDR/XDR is designed to identify, isolate, and mitigate threats. EDR and XDR must be effectively monitored, managed, and updated. One way many organizations ease the burden on their internal IT Teams is to utilize a third-party MSSP to perform these tasks. Managed Detection and Response (MDR) means you pay a third-party provider to manage your EDR/XDR. One key point to remember is that attackers can also obtain these protection tools and continually seek ways to bypass them. We perform Red Team Exercises at companies to test the capabilities of the EDR and XDR protections. Do not make the common mistake of letting your guard down in other security areas after implementing EDR or XDR.

How frequently do you conduct internal and external security audits, vulnerability assessments, penetration tests, and Red Team Exercises? These tests identify previously undiscovered weaknesses in your security. Please get in touch with us if you need these services as part of a comprehensive security advisory service for executives to help them secure their organizations. We guide and become a resource for your existing IT team rather than replacing them.

Does your spam filter scan messages and attachments for malicious links? If the answer is no, you need to add these features immediately.

Do you use web filtering and DNS filtering? Web filtering features, often integrated with firewalls, allow your IT team to block known malicious sites, gambling, and other categories of websites. Domain Name Service (DNS) maps URL website names to addresses of servers on the web. DNS filtering services strive to identify malicious web servers and automatically block communications from your network to them. As a bonus, some services permit you to hinder users from accessing sites you might deem inappropriate.

Do you use SPF for email messages? The Sender Policy Framework is a protective solution that your IT Team can enable to permit your email servers to confirm that inbound email messages came from an approved server rather than a fraudster impersonating or spoofing a legitimate source. While they are at it, your IT Team can enable DKIM to help other organizations’ mail servers confirm that messages they receive from you are legitimate and unaltered. They can configure DMARC to tell remote email servers to throw away messages from fraudsters attempting to impersonate your organization. It is essential to regularly review your SPF, DKIM, and DMARC records to adapt to the changing configurations and threat landscape.

Do you identify storage locations and isolate PII, PHI, and other sensitive data? Determining where you store Personally Identifiable Information (PII), Protected Health Information (PHI), Cardholder Data (CHD), and other sensitive information is essential. Knowing where to store sensitive information is a fundamental step in protecting it. Do you keep the information isolated and protected? This identification and isolation is becoming even more critical due to the integration of AI into organizations, which might give AI access to company information.

Do you use role-based access control (RBAC) to limit user access based on their job functions, and how do you manage and monitor privileged accounts? Role-Based Access Control (RBAC) ensures that users only have access to the data and systems necessary for their specific job functions. This minimizes the risk of unauthorized access to sensitive information. Privileged accounts with higher access levels are managed through Privilege Access Management (PAM) solutions that monitor and control their use, reducing the risk of misuse or compromise. Regular audits and real-time monitoring of these accounts are essential to detect and respond to suspicious activities.

Do you encrypt sensitive data at rest and in transit, and what encryption standards do you use? Encryption is critical for protecting sensitive data when it is stored (at rest) and transmitted (in transit). Encryption standards such as Advanced Encryption Standard (AES) with 256-bit keys are commonly used to ensure robust security. Data at rest is encrypted to protect it from unauthorized access, even if physical security is breached. Data in transit is encrypted using protocols like TLS (Transport Layer Security) to prevent interception during transmission over networks.

How do you assess and manage third-party vendors’ cybersecurity risks and ensure vendors follow appropriate security practices? Third-party vendors can introduce significant cybersecurity risks. Assessing these risks involves regular security evaluations and audits of the vendors’ practices. It’s important to have contracts that require vendors to follow appropriate security practices tailored to their roles and services. Continuous monitoring and periodic reassessments ensure that vendors maintain the required security posture over time. Organizations can manage risks by working collaboratively with vendors to meet security expectations without imposing stringent certification requirements.

Do you use firewalls, intrusion detection/prevention systems (IDS/IPS), and other network security measures? Firewalls act as a barrier between the internal network and external threats, controlling incoming and outgoing traffic based on predetermined security rules. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) monitor network traffic for suspicious activities and take action to prevent potential breaches. These network security measures are crucial for protecting against unauthorized access and cyberattacks.

How do you secure remote access to your network? Securing remote access involves implementing measures such as Virtual Private Networks (VPNs), which encrypt the connection between remote users and the corporate network. Your IT professionals must manage remote devices to help increase security. Multi-factor authentication (MFA) adds an extra layer of security by requiring additional verification steps beyond just a password. Additionally, restricting remote access to only essential personnel and monitoring for unusual login activities are critical components of a secure remote access strategy. This is an extensive topic; please let us know if you want more information.

What physical security measures do you have in place to protect your data centers and offices? Physical security measures are essential to protect data centers and office premises from unauthorized access. These measures include access control systems like key cards or biometric scanners, surveillance cameras, and security personnel. Secure facilities should also have environmental controls such as fire suppression systems and backup power supplies to safeguard against physical threats and disasters. The Foster Institute offers full-scale Physical Red Team Exercises to test your physical security measures.

Are you compliant with relevant regulations and industry standards, such as GDPR, HIPAA, PCI-DSS, or ISO/IEC 27001, and how do you ensure ongoing compliance with these standards? Compliance with regulations and industry standards demonstrates a commitment to maintaining high security and privacy standards. Regular audits and assessments help ensure compliance with frameworks such as GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), PCI-DSS (Payment Card Industry Data Security Standard), and ISO/IEC 27001. Ongoing compliance is maintained through continuous monitoring, employee training, and updates to policies and procedures as standards evolve. Please let us know if you need help with achieving or maintaining compliance. The Foster Institute, Inc. can simplify and manage the process for you.

How do you secure mobile devices employees use to access company data and use mobile device management (MDM) solutions to enforce security policies on mobile devices? Mobile Device Management (MDM) solutions enforce security policies on employees’ mobile devices that access company data. These solutions can remotely manage and secure devices, ensuring they comply with organizational security standards. Features include enforcing strong passwords, encrypting data stored on the device, and remotely wiping data if a device is lost or stolen. This ensures that mobile devices do not become a weak point in the company’s overall security posture.

Do you store backups offline or on immutable storage? If an attacker gains access with the intent of encrypting or deleting data to demand ransom, they might attempt to destroy your ability to restore. They know you’re more likely to pay the ransom if you cannot restore sensitive data. So, you must isolate some backup data so the attacker cannot damage it. It is essential to have backups that threat actors cannot delete or damage if they break into your network. Immutable storage is data stored where you can access it, but no users, not even your administrators, can delete or alter the backup files. Cloud providers, such as Microsoft, offer immutable cloud storage. Other devices use write-once-read-many (WORM) technology to store data immutably. Offline backup is disconnected from your network. Some companies might use backup tapes or hard drives disconnected from the network and store them in a safe location for offline storage. Other organizations have a secondary network, isolated from the primary network, dedicated to their backup servers; the only connection is a server that transfers production network data to the backup network. It is best to store backups in diverse locations for redundancy and eliminate any single points of failure.

Do you encrypt your backups? If an unauthorized person accesses your backup data, it is useless if they cannot read the contents. Encryption is a setting in your backup software. There was a time when people wouldn’t encrypt backups because the backups would take much longer. With today’s technology, there should be little added time.

How often do you practice the restore process? If you have never practiced your complete restore process, do it now. Many organizations find out they cannot restore from their backups. Often, their failed attempt was the first time they’d ever tried to restore. It can be complicated to perform a test restore, so be prepared to give your IT Team additional time. If you outsource your IT, it is understandable that they’ll charge you for practicing the restore. Always perform restore tests in a controlled environment, separate from your production systems.

How long will it take to restore your data from backups? When you practice your complete restore process, measure the time it takes to restore. If you find out the duration is too long, you can take steps to speed up the process.

What steps do you take to prevent ransomware attacks? This space on the insurance application allows you to list the items above in statement form. Almost all security measures you use can protect against ransomware attacks or limit the impact.

Do you have a documented Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP) in place? Documented disaster recovery plans demonstrate that you’ve thought through the processes required to recover from disruptive events. These plans should outline specific procedures for data recovery, system restoration, and maintaining business operations during and after an incident.

Do you conduct disaster recovery drills? Regular drills ensure your team is prepared to execute the DRP and BCP effectively. These drills can be as basic as tabletop exercises, where team members discuss their roles and responses to hypothetical scenarios, or as comprehensive as full-scale exercises that simulate actual disaster conditions and involve all aspects of the organization.

These are some of the most common questions on our customer’s insurance policy application and renewal forms. If you find others, please reach out for guidance.

The post Demystifying Questions Cyber Insurance Companies Will Ask You appeared first on Foster Institute.

The Risk: When Convenience Becomes a Liability

Imagine this: You’ve visited a coffee shop and connected your smartphone to their Wi-Fi network. Your device remembers this network to connect automatically next time. Seems harmless, right? Here’s where the risk creeps in.

Once you tell a device to automatically reconnect to a remembered network in range, your device will continuously send out “probes” or signals looking for that network, typically one to four times a minute and more often when other events can trigger a probe. A threat actor can set up a Wi-Fi access point with a common SSID name, such as “home.” And what if your device is configured to automatically connect to a network you trust named “home?” When your device, say your smartphone or laptop, is within range, it might automatically connect to this rogue Wi-Fi network without your knowledge.

The Trap: A Deceptive Doppelgänger

This rogue network, set up by the threat actor, is a doppelgänger of your trusted network but with nefarious purposes.

Remember: Your device connects to the rogue access point automatically and often without alerting you at all. (see “what about passwords” below). This attack does not need you to make any mistakes to succeed, and it can happen without your knowledge.

Ten common network names threat actors can use that will often lure devices from unsuspecting users to connect include:

• xfinitywifi
• linksys
• Marriott_Guest
• Hyatt
• hhonors
• NETGEAR
• Guest
• dlink
• FreeWifi
• Home

To make it even easier to connect, there are commercially available devices that listen for the SSID name in a probe from an unsuspecting user’s device and then broadcast that name in an effort to capture the device’s connection. In that case, it doesn’t matter how unique your SSID is, an automated device can attempt to establish a connection without your knowledge. If you are technically minded, you can read the section at the bottom of this article for a detailed explanation of how probing works.

Once connected, the attacker can intercept your device’s data. This interception could be called a “Man-in-the-Middle” attack. Thanks to encryption technology, the attacks are more complicated than they used to be, but they are still possible in some circumstances. If the attacker successfully establishes the Man-in-the-Middle connection, imagine sending confidential emails, accessing your company’s financial data, or even logging into your personal banking app, all while an unseen cybercriminal is potentially recording every keystroke and data transfer.

Another serious concern is if threat actors know of undiscovered vulnerabilities that will allow them to hack into your device. This is one of the most important reasons to always apply security updates when they are released and always keep backups for the unlikely scenario of an update causing a problem on your device. Even if you applied all of your security updates, sometimes attackers know of ways to break in that haven’t been discovered by the device’s manufacturer, operating system producer, or app developer yet. Thus, there are no updates written. Bad actors can use tools to scan your device and exploit vulnerabilities quickly. Their ultimate goal would be to take control of, or pwn, your device. This isn’t always easy if you have all your updates in place, but it isn’t impossible either.

The Consequences: A Digital Pandora’s Box

The consequences from attackers successfully tricking your device into connecting to their rogue access point and exploiting vulnerabilities can range from private information exposure to significant breaches:

1. Personal Data Theft: Sensitive personal information can be stolen.
2. Corporate Espionage: Confidential business information could be compromised.
3. Identity Theft: Your digital identity could be used for fraudulent activities.
4. Network Infiltration: Once a device is compromised, it can serve as a gateway to your business’s entire network.

Prevention: Turning Awareness into Action

As executives, instructing your workers to implement security measures is crucial. Here are some actionable steps you can take in the Wi-Fi settings of your laptops, phones, and tablets:

1. Forget Networks: In your device’s Wi-Fi settings, examine the network names identified as “remembered” or “my networks.” Tell your device to ‘forget’ networks by removing them from the ‘my networks’ list, except those you use frequently. Were any of the ten listed above remembered on your device? To establish the unauthorized connection, the threat actor would need to use the name of one of the networks you leave remembered or use the device mentioned above that responds to probes for names your device sends.
2. Avoid a False Sense of Security: If your device has the “Ask to Join Networks” setting, read the fine print. The device will still join known network names without asking. The setting is usually more about asking before joining new or unknown networks, rather than known ones.
3. Turn off Wi-Fi When You Aren’t Using it: To reduce your exposure dramatically, disable Wi-Fi when you are not using it. Your device will stop probing, stop listening for access points broadcasting their name, and won’t connect to any Wi-Fi networks. Some devices have a quick shortcut to turn off Wi-Fi from an easily accessible menu, but they might turn Wi-Fi back on again after a while or when you move to a new location. On those devices, if you go into “Settings” to disable Wi-Fi, it should stay off until you manually change the setting to “on” again.

What about Wireless Passwords?

If the original remembered network you connected to, such as the coffee shop network, had no password, your device would join the network automatically and not alert you. This is a common risk with some remembered networks. You may have noticed that many hotels and some coffee shops and restaurants now require no Wi-Fi password; this is undoubtedly to reduce guest frustration and the number of calls from hotel rooms to the front desk asking for the password. The prevalence of public networks without passwords makes it especially important for you to tell your device to forget networks and be sure to forget the ones with no passwords.

However, if the “remembered” network did have a password, then to get your device to connect automatically without warning you, the threat actor will need to set the same password on the rogue access point. It is simple for an attacker to know the password for coffee shops and other networks that share the password with guests.

Many companies will set passwords on networks and hopefully don’t write the password on dry-erase boards in the meeting room. Even if the passwords are configured at the company, and users do not know the password since the IT Professionals configure their computers, if an attacker is able to access one computer, in-person or remotely, there is a chance they can run a script to find out the wireless password for the company. This is why some companies use enterprise-level Wi-Fi authentication that does not rely on a shared password.  Or, attackers can use social engineering to successfully trick a user into providing the network password. If a user’s device doesn’t detect any anomalies between the rogue access point and the access point it is used to connecting to, the user will not be alerted they are connecting to a rogue access point, and their device will connect automatically.

An exception that might generate an alert is when there is a discrepancy between the security settings of the known network and the one to which the device is trying to connect. An example is when the rogue access point does not have a password, but the remembered network does. In this case, some devices will prompt you: “Are you sure you want to join this network?” The default button, “join,” is preselected. Unless you are on the lookout for this kind of message and know the seriousness, you might click “join” and not think anything of it. Sometimes, the device will connect and not alert the user but will quietly list the word “open” or “insecure” under the network name on the list of networks under settings. Most people do not periodically look at the Wi-Fi settings, so the label often goes unnoticed. Even if a user does notice the label, there is a good chance the attacker already probed for weaknesses and exploited any vulnerabilities they discovered.

However, if you ever see a prompt asking you to re-enter a password, that is a huge red flag, and you need to assess the situation carefully to determine if your device is attempting to connect to a rogue access point with an inaccurate password.

And to be sure you don’t have a false sense of security, remember that devices do not prompt the user if the security settings of the new network match those of the remembered network, and the device will quietly automatically connect even if it’s a rogue access point.

What about a VPN?

A Virtual Private Network (VPN) is a technology that encrypts data as it moves to and from your device. This encryption can prevent attackers from reading your data. However, it’s important to note that a VPN doesn’t protect you from attackers who scan for unpatched vulnerabilities, search for open ports, and exploit weaknesses on your device. Even if you use a VPN, you’re still vulnerable to such attacks. Follow the instructions above to help ensure your online safety.

Final Thoughts: Balancing Convenience with Caution

In today’s fast-paced digital world, convenience often beats caution. However, in the realm of cybersecurity, this trade-off can have dire consequences. As leaders, our role extends beyond making decisions; it includes understanding and mitigating the risks associated with the technology we use every day. Stay safe, stay informed, and lead your organization confidently in this digital age.

Technical Details About the Probing Process

For the more technically minded, here is more information about the probing process. When we say that devices are constantly probing, they are, and the probing might be once every 15 to 60 seconds. The probing frequency can vary, for example, if you put your device in low battery mode.

In addition to devices probing, know that Wi-Fi access points, including rogue access points attackers use, broadcast their network name, a process called beaconing, sometimes as often as ten times every second. The rate of beaconing is usually configurable by your IT Professionals.

If you look at “available networks” in “settings” on your device, you might notice that the list takes a few seconds to build because your device is cycling through multiple Wi-Fi frequencies, listening for the beacons.

An interesting setting not everyone is familiar with on wireless access points is that you can instruct the access point to be “hidden.” If you do, then the access point will not send out beacons. However, hidden networks, while not broadcasting their SSID, will still respond to direct probes that contain their SSID name. So, as soon as your device sends out a probe looking for the remembered hidden network, which it does regularly, as described above, the access point will respond, and your device will connect. Just because a network you “remembered” is hidden at your home or office doesn’t affect a threat actor’s ability to lure your device into connecting to their rogue access point, even if the hacker’s access point is not hidden.

Additionally, to reduce the delay in connecting, your device will send immediate probes in certain circumstances, such as when it wakes from sleep, when you open your laptop’s lid, or if you just disabled airplane mode. Your device will quickly find access points, even rogue ones, especially if they are “remembered.”

A significant benefit to attackers of your device probing periodically, such as every 15 to 60 seconds, is when the attacker doesn’t already know the network names your device has remembered. The attacker tools wait for the probe, then know the name, and the rogue access point automatically claims to have that network’s name. This is a very powerful way for attackers to capture as many unsuspecting users as possible without needing to predict the names of remembered networks.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

Disclaimer: The information provided in this blog is for general informational purposes only. Technology changes constantly, and some of this information might become obsolete or incorrect. We do not endorse or receive compensation for mentioning products, services, or brand names. Any outbound links provided are for your convenience and to get you started, but we cannot guarantee the security or safety of those external websites. Conducting your research and making an informed decision about any products or services mentioned here is essential. We shall not be held responsible for any actions taken based on the information provided.

The post Outsmarting the Invisible Threat: How Cyber Attackers Hijack Your Wi-Fi Connections and How to Protect Yourself appeared first on Foster Institute.

This so-called cyber-flashing is a growing problem with Apple’s AirDrop feature and Android’s Nearby Share feature that allow you to send and receive images, videos, and files from other users nearby.

Yes, you get prompted to decline or accept the image, but you cannot unsee the preview image in the prompt.

To protect yourself on your Apple device, Click on Settings, General, and AirDrop to choose Receiving Off, Contacts Only, or Everyone. I recommend you select Receiving Off. Temporarily enable receiving when you wish to exchange photos. Apple provides a detailed explanation of AirDrop at https://support.apple.com/en-us/HT204144

To protect yourself on an Android device, choose Hidden your Nearby Share settings. The steps will differ depending on your device and version: Settings, Connected Devices, Connection preferences, Nearby Share, and choose Hidden. Or your device might have you go to Settings, Google, Devices & Sharing, Nearby Share, and set Use Nearby Share to Off. You can learn more about Nearby Share at https://support.google.com/android/answer/9286773?hl=en

Bad actors strive to find ways to affect users of any brand and type of device and service. Please forward this to your friends, so they don’t receive shocking images via AirDrop or Nearby Share!

The post How to Avoid Receiving Disturbing Photos via Apple AirDrop and Android Nearby appeared first on Foster Institute.

The exploits may come in the form of attempts to get you to transfer money to a friend, someone threatening to send out defamatory information about you unless you pay them not to, or phony messages attempting to acquire some personally identifiable information from you.

Be sure to alert your family members that it could be a forgery, even if an email message appears to be from you. Family members should verbally speak to you if there is ever a concern about any communications that are purportedly from you. No one should ever respond to a suspicious email or text message.

Know that legitimate text messages claiming to be from organizations are usually from a five to six-digit source such as 26096. If the text message is from a phone number they don’t recognize, even if the digits are all run together, like 4105550009, there is a good chance the text is fraudulent.

Additionally, there are crucial steps you must take to help protect your devices, including iPhones, iPads, Android phones and tablets, laptops, desktop computers, and all of your devices. Keep the devices locked up when they are not in your possession. If someone gains physical access to your device, it is possible that they can steal information, both your history and real-time now and into the future.

Be sure to apply critical security updates to the operating systems and browsers when prompted. But watch out for fake requests. Update alerts should never come via email or text message; those are bogus and dangerous.

Avoid connecting to public WiFi networks in coffee shops, airports, and hotels. Using your phone as a hotspot is much safer. A VPN protects your privacy but doesn’t prevent attackers from targeting your device on the network.

Avoid using a family computer to do your online banking, connect to your office, or type sensitive information. Attackers seek to infect work-from-home computers, and family computers are often the most vulnerable. Use your laptop or computer dedicated to you so that another family member doesn’t accidentally install malware for attackers to monitor your keystrokes, take control, or dwell inside, waiting for you to log in to your office.

There are so many steps to take, and, primarily, you must have a heightened awareness that you are at an increased risk of attacks as a high net-worth individual. Consider having a cybersecurity advisor to guide you and your team as you increase your security. Be sure they hold top-level cybersecurity certifications, including CISSP, CEH, and CISA, to help you receive the best guidance.

Please forward this to your friends so that they are extra vigilant too.

The post Attackers are Targeting High Net Worth Individuals appeared first on Foster Institute.

Last week we discussed the extreme importance of segmenting the VPN connections to protect your network in case a bad actor compromises a VPN user’s computer. While your IT team is segmenting the VPN users away from the rest of your network, they have an opportunity to perform other segmentation to help secure your network. For example, talk with them about segmenting your VoIP phone system away from your computer network. If an attacker breaks into your phone system, they aren’t necessarily able to access your HR files and customer records because the data is in a different segment.

Two cautions:

First, do not let plans to create multiple segments delay your team in isolating the VPN connections ASAP to help protect your network if an attacker compromises a remote worker’s computer.

Second, Creating too many segments can create a network management burden. Five to ten filtered segments can add security for even small networks. Some organizations segment networks for computers in different buildings, business departments, remote locations, etc., and need even more.

Common segments include, and you can ignore the numbers because IT professionals know about those for you:
10.1.1.0 – Primary Network
10.1.2.0 – VPN Connections
10.1.3.0 – VoIP (Voice over IP) phones
10.1.4.0 – Security Cameras, air conditioning system, fire alarm system, etc.
10.1.5.0 – Wireless Network
10.1.6.0 – A strongly filtered segment for old computers that use unsupported operating systems until you upgrade, replace, or remove those instances.

Please forward this to your executive friends so they can communicate with their IT professionals about splitting their network into filtered segments to help stop hackers from installing ransomware and stealing data.

The post Protect Your Organization’s Computers Even If A Bad Actor Hacks Your Phone System or Smart Devices appeared first on Foster Institute.