If you have cybersecurity insurance or feel this incident could cause significant damage, consider having a forensic analysis to track down what happened.

Contact your email provider, explain what happened, and ask for help. Continue down this list while you wait for their response.

Reset your email account password immediately. If you can’t log in because someone unauthorized reset your password, try resetting it yourself. If that doesn’t work, contact your email company’s tech support.

Check if your username and old passwords have appeared on the dark web. Visit https://haveibeenpwned.com/ and similar sites to find out. Never enter your password.

Change passwords for all your accounts including social media, banking, and other sensitive accounts, especially if you’ve used the same password for multiple accounts. Someone may have access to more than just your email.

Consider using a password manager like 1Password, Dashlane, LastPass, NordPass or another to help ease the pain of having different passwords on every website from now on.

When setting up security questions, avoid real answers that are easy for a bad actor to research. When asked, “Where were you born,” you could answer something like, “The fourth crater on the moon.” Save your secret answers in a file in a random place with a random name like “socks.docx” for when you need the answers. You can encrypt the file for added safety.

Enable two-step verification for your email account. While you are at it, set up two-step verification everywhere you can, primarily on sensitive websites and services. Here is how to add MFA to your LinkedIn account for added security https://www.linkedin.com/help/linkedin/answer/544/turning-two-step-verification-on-and-off?lang=en

If you set up two step authentication so that the site or service sends you an email message for the second part of logging in, and the hacker has access your email, it defeats the purpose of MFA. Therefore, if you set up the two-step login with email as the second step, use a different secure email address.

Review your email’s “sent” folder to spot any unrecognized messages.

Look at all your email accounts in your organization to ensure there are no email forwarding or filtering rules you did not configure.

Check your websites, especially LinkedIn, for any unauthorized changes.

Set up SPF and DKIM. More information here: https://fosterinstitute.com/block-inbound-and-outbound-fraudulent-email-messages/

Watch out for remote control applications that might allow a bad actor to compromise your computer and send email messages as you.

Be aware that your computer or another computer in your organization might be hacked, enabling attackers to send messages on your behalf. Stay vigilant and take measures to protect against such incidents.

Regularly apply critical security patches to your computer. You can check for updates manually, even if automatic updates are enabled.

Ensure your anti-virus program is current and run a manual scan regularly. Using EDR or XDR services add more security.

If you use a browser to send and receive email, this is a drastic step, but consider uninstalling the browser. When you reinstall the browser, add only the plugins you need.

If you use your phone or tablet for email, they could be hacked. Apply security patches, keep them in your possession, examine the privacy settings, and lock devices when not in use.

Watch out for apps on your computer, tablet, or phone that may be harvesting your address book without your knowledge. A drastic move would be to factory reset and erase them, but be sure your important data is stored in the cloud or backed up.

Notify financial institutions that if they receive messages from you, the messages could be fraudulent.

You might want to set up a new email address to use until you feel confident your old address is safe.

If you haven’t already, freeze your credit.

Monitor your financial accounts.

Before you send out notifications, you will want to talk to an advisor who can help you know what to say.

Please forward this to your friends so that, if someone appears to hack their email account, they will know what to do to.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post What to Do if Someone Hacks Your Email Account appeared first on Foster Institute.

Do you know someone who doesn’t like your organization and would like to cause harm? Can you think of anyone who may want to exploit you for money, other than a vast population of bad actors already in the world?

Even more worrisome than Inpivx is the realization that there will be more user-friendly tools to come from sources around the globe. Some attacks are already relatively easy to launch for a non-technical person, and such technologies are in an upward trend.

Remember typewriters? To move a paragraph, you had to re-type the page. Over time, typing documents became incredibly easy even for non-technical people. Creating ransomware is on the same path to easiness.
Anti-virus, firewalls, and passwords are crucial to cybersecurity. All of them are. However, if you feel that those are enough, you might be shocked if you get hacked.

How do you protect yourself? Keep patches up to date, remove all non-essential programs from computers, grant users only bare minimum privileges they need to do their jobs, use excellent spam protection, never allow users to check webmail at your organization, to name just a few. And, of course, keep those security IT Vital Systems Reviews current.

Please forward this to your friends, so they know that ransomware programs are more accessible to create than ever, even for non-technical people, so the danger is growing too.

The post You Do Not Need to Understand Computers to Make Ransomware appeared first on Foster Institute.

Tools are available to help stop the problem. YouMail and RoboKiller are two of the apps that do the job.

We do not get compensated for mentioning, nor do we endorse, those apps. We’ve just got clients who are having great luck with those tools.

Wishing you more peace and quiet!

The post How to Stop the Annoying Phone Calls appeared first on Foster Institute.

-Nay-sayers said: Although we can remotely track and remotely erase them, our programs do not protect mobile devices since manufacturers, especially Apple, block protection tools.
-Two of the companies said and even demonstrated how their tools protect mobile devices against everything from malware, such as the infamous Flexi-Spy spyware, to people attempting to break in and steal private information. Additionally, the tools can even protect devices if a user connects at a coffee shop or other public network.

The latter offerings are best. The protection software is available for people in companies, but not for families. If you want to protect your family, you will need to pretend you are a small company and buy a minimum number of licenses to purchase the tools.

Expect more details soon. For now, be excited to know that finally some security tools effectively protect mobile devices.

The post How to Best Protect Your Mobile Devices appeared first on Foster Institute.

$250,000 if they can hack the autopilot
$100,000 if they can hack the modem or tuner
$100,000 if they can hack the key fob or phone-as-a-key

Microsoft, VMWare, and other companies are offering big prizes to someone for breaking their security.

Challenges like this are an excellent way for companies to find security holes in their hardware, software, and services. Most companies offer a bounty system to pay successful attackers every day of the year.

If you want to go, or even compete, the event is March 20-22 in Vancouver. Visit CanSecWest.com.

The post Tesla Will Give a Car to a Hacker if they can Break In appeared first on Foster Institute.

If you want to find out if your passwords were released, visit his site called https://haveibeenpwned.com. If you elect to enter your email address, he will tell you if it is in the collection and give you more details.

What do you do if you are on the list? Reset your passwords. Use a password manager that will remember your passwords for you to make your life easier when you use a different password at each website from now on.

Now is a great time to enable two-step verification. A basic form of two-step verification is when you enter a username and password, and you receive a text message code to type in. Enable two-step verification on PayPal, LinkedIn, Dropbox, Facebook and every other web service you use. On each website, look for Settings > Security. You may need to dig down, but more reputable sites now support two-step verification, but you must enable the feature.

Some bad news is that, about a week ago, a tool called Modlishka shows how to break two-step verification so it isn’t that secure, but two-step verification is still more secure than a simple username password combination. If it allows, have a website use some other method than texting you a password. Using an app on your phone or calling you via a voice call are options that are often more secure than the text message. Microsoft, Google, and a service called Duo offer these options and more. Having a hardware key is even better unless your laptop users leave the key stored in the laptop case, and their password written on the bottom of the laptop.

The post 773 Million Passwords Exposed – Were You Exposed? appeared first on Foster Institute.

Encourage and provide time to your team to keep your systems up to date with all critical security patches for operating systems, Office, browsers, Flash, Java, and Reader. Ask them to show you a list, not a pie chart, of missing critical security patches. If they haven’t checked lately, this is an excellent time for them to be sure the firmware is up-to-date in the firewall and other infrastructure devices.

Thank you for all you are doing to protect against ransomware and all types of cyber threats. You are helping make the world a safer place to live and work!

The post Happy Computer Security Day! appeared first on Foster Institute.