1. Refuse to permit tech support to access your computer to help you.

If this is your known service provider, then maybe you will decide to trust them. However, nobody else.

Last week, I connected a new well known web-cam that is highly rated. It didn’t work properly, so I called tech support. Their opening line, “I will send you a link to click, that will permit me access into your computer so that I can fix the problem.” I gently told him there was no way he was ever getting remote access. He was shocked, and had to go ask his manager what to do next…

2. Believe your anti-virus.

The camera company’s tech support rep, now with the manager with him, told me to download a special driver and run it on my computer. When I started to download the driver onto a “test” computer, my anti-virus program identified the driver as a virus. So I refused to install the driver. Without missing a beat, he said, “That’s ok, you can trust anything from us – it is safe.”

I wonder how many of their customers have been duped. Even if the tech support had no intention of infecting their customers’ computers, how can they be sure that their software isn’t already compromised without their knowledge? Never let convenience override your choice to do something reckless.

3. Never answer online quizzes.

I love my wife. One day, she was so excited to tell me what her rock band would have been called in High School. She took a quiz on Facebook that told her. I asked what her rock band would have been called. The band name generated by her filling out the online quiz including the street she grew up on, followed by her favorite pet’s name, and the name of the high school she attended. Like I said earlier, I love her so much. But please don’t ever fill out any online quizzes again – ever. You can be duped into giving away too much information. Attackers can combine the answers with other information they discovered elsewhere on the web, and it makes it lots easier for them to assume someone’s identity.

Please forward this to everyone you care about…

The post Avoid These 3 Really Good Hacker Tricks appeared first on Foster Institute.

I know – it would be so easy to blame Google. Those passwords were gathered from other “stolen password repositories” posted on the dark-web. They were originally acquired through key-loggers, social engineering, brute-force attacks, and a myriad of other ways. None of them, so far as anyone can tell, were stolen by bypassing any security on Google’s systems.

Once upon a time, imagine a situation where a company called Eulcon Inc. buys a lock from a company named Good-Lock. If an employee at Eulcon Inc. loses the key, and an attacker finds the key, and the attacker breaks into Eulcon, should they blame Good-Lock for the intrusion?

Here is what would be much more secure. What if, every time someone turned the key in the lock at Eulcon, the lock wouldn’t open yet. First, someone at Good-Lock would phone the person at Eulcon to whom the key is registered, in order to verify that they are the person who turned the key. The lock would only open for an authorized person. Potential intruders stay locked out.

This is why it is so important that all organizations set up two step login everywhere possible. Two factor auth dot org provides a list of services that support two step login. Additionally, VPNs, Windows, and other services support two step login. Configure two step login, or pay the consequences. And don’t blame Good-Lock. And don’t be like Eulcon spelled backwards.

Please forward this cyber-security info to everyone you care about.

The post Why is it not Google’s fault? appeared first on Foster Institute.

Visit two factor auth dot org (no spaces) for a list of services that already permit you to choose two step login. Each site will walk you through the process.

Google calls their service 2 step verification. Google that phrase to find instructions on Google’s site.

Forward this to everyone who you care about so that they can be more cyber-secure too.

The post Gmail Passwords Stolen, Possibly Millions of Them appeared first on Foster Institute.

The application inventory shows how many machines have a specific program installed on them, such as:

Qty – Application
18 – Adobe Flash Player version 11
22 – Adobe Flash Player version 16
79 – Adobe Flash Player version 20
29 – Mozilla Firefox version 38.0.1
99 – Mozilla Firefox version 44.0.2

Your list will be longer.

Notice that there are three versions of Adobe Flash Player and two versions of Firefox.

As you can imagine, more recent versions of software are generally the most secure. Most organizations such as Adobe and Mozilla recommend that you always use the most recent versions of their tools.

Using the most secure versions of applications is especially important for programs that interface directly to the Internet, such as Flash, Java, and your browsers.

Ask your IT Professionals to update, when possible, those kind of applications. Then, they can show you an updated application inventory report, one that shows the machines being all up-to-date. And, you’ll be able to sleep better at night.

Please forward this email message to everyone you care about…

The post Security Version 2.0 appeared first on Foster Institute.

Qty – Application
79 – Adobe Flash Player
84 – Microsoft Office Standard
99 – Mozilla Firefox
10 – WinPcap
25 – WinZip
And your list will be much longer…

To make your systems more secure, look through the list, and identify the applications that are essential to your doing business. Then, ask your IT Pro to remove anything that is not essential.

As you remove the non-essential programs, you make your network more secure. The fewer toe-holds, the more like The Bean, the more secure you will be.

Forward this…

The post Smooth and Slippery for IT Security appeared first on Foster Institute.