On Macs and Windows, encrypting an external drive can be as simple as right-clicking on the external drive’s icon and selecting the encryption option.

Two golden rules:

1) Be sure your files are backed up elsewhere before encrypting a drive.

2) Be sure to save the recovery key in case you forget the password.

Encrypting individual files is helpful to protect your data, but attackers can still read the filenames and deduce information. One advantage to encrypting an entire external drive is bad actors cannot see the filenames when you encrypt an entire external drive or memory stick.

I intend to make you aware of the importance of encrypting external drives and not go into technical details. So, you’re welcome to skip the following information. If you encounter errors encrypting drives in the simple method above, there are many details. For example:

Windows: One way to encrypt drives is using BitLocker. If you have Windows Home edition instead of Pro, you cannot encrypt drives, but you can unlock and use encrypted drives. All editions of Windows support the “device encryption” feature.

Macs: You can use an encryption utility called Filevault2. Alternatively, you can encrypt drives when you format them. If you have a Mac with an Apple CPU, some users experience losing access to the data on the drive after encryption. Apple will fix that soon if they haven’t already.

Hopefully, you won’t encounter any issues when you encrypt your external drives and help protect the data from anyone who steals or discovers a misplaced drive.

The post Protect Sensitive Data on USB Drives and Memory Sticks if they are Lost or Stolen appeared first on Foster Institute.

Take a few moments to have the anti-scammer conversation with those you love. Their computer screen might display Microsoft’s logo stating that there is a virus on their computer. It is a scam, and they should not phone the tech support number on their screen.

Encourage your loved ones to watch the hilarious TED talk video: ted.com/talks/james_veitch_this_is_what_happens_when_you_reply_to_spam_email

Please forward this to your friends, so they alert their trusting loved ones.

The post Protect Loved Ones from Tech Support Scams and Share this Hilarious Video appeared first on Foster Institute.

A little background information helps explain what is going on: Every device connected to a network has a serial number, called a MAC address. That address is how the network identifies the device and differentiates it from all the other devices on a network. As you can imagine, networks need to know what devices are connected. Think of what might happen if the network thought your computer was a printer. Printer paper might not come shooting out of your keyboard, knock over your coffee or smoothie, but you get the idea.

Because the MAC address uniquely identifies you for everyone else, think of the MAC address as a fingerprint for your device. Potentially, an advertiser, or someone in a public place, could use your fingerprint, in this case, your device’s MAC address, to track you, your activities, and what networks you use.

Apple, Google, and Microsoft want to help protect your privacy, so they might periodically change the MAC address on your computer to a different address. The new behavior strives to help keep you more anonymous on public networks at hotels and coffee shops. However, randomly changing MAC addresses can break essential security features, including:

1) As my friend did, you might start receiving alarming alerts that another person connected a new device to one of your websites or accounts. The warnings are concerning until you realize it is your computer reconnecting with a new unique index. After a time, you might ignore the alerts. But then you won’t know if a real attacker broke into your account with some other computer, tablet, or phone.

2) Parental controls at home fail if the safety restrictions are unique for each family device. When a youngster disconnects and reconnects to your network, sometimes they are no longer protected.

3) Your company keeps an inventory of your computers, tablets, and phones. It is challenging to keep the list current when your IT team must track three times as many devices as you have.

How do you solve this? It is possible to disable the randomization feature, but it takes time to reconfigure. Time is a precious commodity for you and your IT team too. An example of how to disable the behavior on iPhones, iPads, and Apple Watches: support.apple.com/en-us/HT211227

However, your employees or kids could change the feature back again to help them hide on your networks.

The answer to my friend’s question is that if the website tells you a date, time, and location of that person’s login, and you know you weren’t logging in from there at that time, yes, you need to be concerned. Otherwise, your experience may be because your device is disguising itself from the website. Disable the randomization feature, and the problem might go away.

Please forward this to your friends so that if they, or their IT team, cannot figure out why some of your security features are breaking, they will know to suspect their devices are rotating through MAC addresses.

If you want more technical details, a network identifies your device with an index number called a MAC address when you connect. There are more than 280 trillion possibilities for a MAC address; the odds are that nobody you know has the same number as your device. The first half of the number identifies the manufacturer; that makes it easier to find unidentified devices on a network.

Other problems you’ll notice because of rotating MAC addresses include:

4) Security tools at the office fail to work if the security tools rely on associating users with their computers, tablets, or phones. This problem affects both BYOD and company-issued devices.

5) IT Professionals can configure necessary reservations for computers, tablets, and phones. Those reservations are based on index numbers. When the index changes, the reservation stops working, and systems can fail or lose security.

6) Your websites will forget you. Some sites have a feature to Remember This Computer, so you do not need to go through as many steps each time you log in. The sites identify your devices by their index numbers. Your device will need to be re-remembered when your index changes.

MAC addresses look like FF:FF:FF:FF:FF:FF:FF:FF where each value I listed as F can be a hexadecimal digit 0,1,2,3,4,5,6,7,8,9, A, B, C, D, E, or F. If you know where to look, your phone, tablet, and computer can tell you the MAC addresses of each network interface.

The new behavior is causing lots of frustration in the cybersecurity world. This battle isn’t over yet.

The post Your Phone, Tablet, and Computer Started Hiding You – and How to Overcome the Associated Problems appeared first on Foster Institute.

Cloning a hard drive creates a second drive that looks, to a computer, identical to the source drive. If your laptop or computer gets ransomware or seems infected somehow, you can restore a cloned drive’s image to effectively reset the computer to how it was when you most recently made a clone. Additionally, if the hard drive crashes, the clone could quickly replace that drive’s functionality.

Create frequent clones of your computer’s hard disk to one or more external USB hard drives. Keep making your other backups too.

For Windows computers, Microsoft provides the System Image Creation feature. Commercial options include Shadow Protect Desktop from StorageCraft and Acronis True Image.

For Macs, options include Carbon Copy Cloner, Acronis True Image, and SuperDuper! Check compatibility with your version of OSX. Apple Time Machine is always compatible, and it is possible to boot into recovery mode to restore a drive from Time Machine, but it’s not a clone.

(We do not receive compensation for, nor do we endorse specific products. It is essential to give you examples.)

Please forward this to your friends to ensure they know cloned hard drives often permit speedy recovery of ransomed computers. If they have a clone image of a hard drive, work from home users can likely stay productive even when their computer malfunctions.

The post Prepare Now to Recover Quickly from Ransomware on Mac and Windows Computers appeared first on Foster Institute.

It makes sense that malware uses strategies to infect and hide inside of networks undetected. Here is some fascinating insight into that self-preservation: The malware related to SolarWinds attack looks for specific security related software, including a free program named WireShark, before installing itself. If Wireshark is running in Windows, the virus installation terminates itself.

Should you run WireShark on your computers 24×7? Ordinarily, IT Professions remove WireShark in case attackers installed it. Paradoxically, running WireShark will stop the initial activation of the SolarWinds attack. WireShark is not the only choice. Open this Microsoft article and use CTRL-F search for the word WireShark to see the other security related tools that will horrify some malware: https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/

But, after SUNBURST installs itself, it is too late. It doesn’t look for security related tools after installation.

This message is not a recommendation to run these applications, nor is it intended to dissuade you. If organizations start adopting this strategy to thwart cautious attacks, it will be interesting to see how malware responds.

Forward this article to your friends so they receive this insight into how bad actors strive to avoid detection and discuss implementing this unconventional approach to stopping malware installations.

The post Tips and Tricks: An Unconventional way to Protect Yourself from SolarWinds and Future Hacks appeared first on Foster Institute.

There are so many webpages about the Solar Winds attack. Here are three of the most useful. Please forward this to your IT team.

Do not let the title of this Microsoft article fool you. Microsoft explains how the attack starts and progresses, complete with diagrams. Not only is this page fascinating reading about this horrible attack, understanding the tactics helps your team protect you from future supply chain attacks:
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/

Microsoft’s recommendations about how to protect Office 365: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754

SUPERNOVA is malware that different attackers made to impersonate the SolarWinds SUNBURST attack, and it is dangerous too. SolarWinds addresses both in their comprehensive information about determining if SolarWinds installations are affected and how to protect your organization: https://www.solarwinds.com/securityadvisory

Please forward this message to other organizations you care about, especially your suppliers, so their IT Pros have three of the most useful links amongst the dozens of others.

The post Three of the Most Useful Links About the SolarWinds Attack: appeared first on Foster Institute.

SolarWinds is a well-respected organization, and many organizations utilize their products. Not enough details are known to discredit their organization. Clearly, attackers see them as valuable enough to use as an infection vector.

This is called a supply chain attack because bad actors use a trusted product in an organization’s supply chain to attack the organization. A similar well-publicized attack happened with a popular tool, with many benefits, called CCleaner. The attackers successfully compromised 2.3 Million PCs.

The CCleaner supply chain attack is an illustration of dwell time. Attackers waited five months from the time they gained access to CCleaner before they launched the attack on CCleaner users. Many computers were safe, but not 2.3 Million of them.

Remember: Just because your organization fixes a vector through which the infection came does not eliminate damage already done. As an analogy, if you were the king or queen of a castle, and you found that attackers entered your castle walls to attack your city, raising the bridge over your moat does not eliminate the attackers who already made it inside.

Supply chain attacks are one of many reasons to eliminate as much software as possible at your organization. If a program is not essential, remove it asap. SolarWinds is vital for many organizations.

Please forward this to your friends so they can alert their IT departments to address this situation, and know to remove all non-essential software from all computers.

The post Emergency Update if Your IT Team Uses SolarWinds Products, and How to Protect Against Supply Chain Attacks appeared first on Foster Institute.

Here is how the scam works: Suppose you want to look up a company online named Super Duper, so you type the store’s name into your favorite search engine. An attacker might have purchased the top result to take you to the website superduperco.com. However, if you knew to scroll down past the paid-for-results, you would have seen that the real website is superduper.com. Attackers set up a website and named it superduperco.com.

Their deceptive site might contain malicious advertising, ask you to enter credit card numbers during checkout, or tempt you to download malicious programs and apps. They might ask you to login or reset a password, and they capture the password you type in.

If you look up a retailer in a search engine, skip past the ads and paid results. Scroll down to see real search results. Even then, be skeptical in case attackers used SEO techniques to appear at the top of the actual search results.

Please forward this to your friends to alert their users that top search engine results can be a trap.

The post Beware: Attackers Buy Top Search Engine Results to Trick You appeared first on Foster Institute.

The attacker does not need to know any passwords; they do not even need a username. They plug in a cable, and 3 seconds later, they’ve completely compromised your network. An attacker posing as a visitor, a copier repair person, or a member of a cleaning crew can all compromise your organization. They can steal sensitive information, install ransomware, and can shut down operations entirely. They bypass the majority of, if not all, of your other protections because now they’re a Domain Administrator.

This exploit is so severe that the Department of Homeland Security directed all federal agencies to apply the patch in accordance with the Federal Emergency Directive 20-04.

Take these three steps ASAP:

First, ask your IT team if they’ve backed up your Domain Controller servers and applied Microsoft’s patches that address the Zerologon exploit CVE-2020-1472. They must do this immediately. Be compassionate if they’ve not. IMPORTANT: Realize that if an attacker already took over a network, the patch doesn’t help.

Second, if you have Domain Controllers using operating systems older than Windows Server 2008 R2, your IT professionals must shut them down for good. Be sure to migrate any mission-critical services to other servers.

Third, does your organization rely on third parties to support you? What if one of your major suppliers, a distributor, or your biggest customer falls prey to an attack? Prepare your organization now for an interruption of their operations. Be sure their executives know about this flaw and these three steps. You do not want a catastrophe at their organization to domino and cause a disaster for you, even though you’ve protected your systems.

Additional steps:

Inform your work-from-home team members that, in some cases, the attacker can take over your network using a VPN connection. Do you have an armed guard at every work-from-home user’s home to watch visitors? Of course not. But your entire organization might rely on their security. What if a teenager’s friend feels like playing around, experimenting, with this new cool exploit on a mom or dad’s computer?

The patches only protect you from attacks from Windows devices. If an attacker accesses a network port or cable with a non-Windows machine, the attacker can still take control of your network. Microsoft will release a second patch on February 9, 2021. Ask your IT team to configure alerts now to monitor security log events 5827 thru 5831 to see when connections are allowed or denied.

The average time for IT Professionals to apply critical security patches is five months, but you need to help yours be above average. Ask them what you can do to help them have time to test and install all critical security patches within 14 days or sooner. They might want to have a patch management tool. They might need more time to devote to applying updates.

Confirm that your IT Team disconnects or disables all unused Ethernet ports, including those in conference rooms. Lock doors to any offices and conference rooms that contain active Ethernet ports. Train everyone to be proactive and remove opportunities for anyone, including guests and repair people, to plug a device into a network port.

Keep in mind that 911 systems, airlines, governments, and every organization that you depend on are at risk for Zerologon exploit CVE-2020-1472 until they take action too.

Please forward this to fellow executives you care about so they can support their IT Professionals successfully backing up servers and applying the emergency patch.

The post Attackers Can Take Control of Your Network in Three Seconds, and How to Stop Them appeared first on Foster Institute.

When another family member shares a work-from-home computer, it magnifies your risk exponentially. If users already work from home using personal home computers, there are potentially cost-free steps to help protect your organization. Consider allowing them to take their work computer home. If their work computer doesn’t have wireless access, you can provide an inexpensive USB wireless adapter.

Allow your IT professionals, or IT consultants, to monitor and maintain the security of those computers. Many protection tools support remote users, so you might already have what you need.

Dedicated work computers must remain off-limits to other family members. Set a firm boundary that your workers are not authorized to use the computers for any purpose other than working.

Please forward this to your friends, so they know this cost-free way to help protect work-from-home users.

The post One Nine-Year-Old Checking her Email can Breach Your Entire Organization, and How to Protect Yourself appeared first on Foster Institute.