Will viruses and other malware contribute to injuries and deaths? Imagine diagnostic imaging machines, like X-rays and CAT Scanners, exposing patients to too much radiation due to a virus. Traffic lights not functioning properly, especially on a highway with high speed limits, could lead to a horrible crash.  Emergency services may already be delayed in their response due to computer malfunctions. The airline industry has plenty to worry about. What if trains fail to stop and crash into another train or the end of the line?

Apparently the Spanair diagnostic computer does not connect to the Internet so the infection likely came from an infected USB device, CD-ROM, or some other form of removable media.

Just last month, control systems manufacturer Siemens, who manufactures control systems, warned that malware called Stuxnet is spreading through infected USB devices to penetrate industrial control systems. I wonder if there are any control systems at nuclear power plants infected yet.

More and more regulations and laws are forcing organizations to wake up to the fact that IT security is very important.

Business executives and IT professionals alike must realize:Viruses and other malware do not necessarily make themselves obvious for the simple reason that, if you know a computer is infected, you are likely to have a qualified IT professional fix the problem.

• Anti-virus programs do not always catch all viruses
• Firewalls are not perfect either
• End users can, accidentally or on purpose, bypass some of the best security you set up

How many more people will need to die, how much more money will be lost, before people become aware of the importance of IT security?

Please post your comments on this blog.

The post A virus possibly contributed to a fatal passenger jet crash appeared first on Foster Institute.

We rushed home and drove all night long after being told that his chance of survival was small. Thankfully, he will make a full recovery. That’s after pharmacy personnel defibrillated him, started CPR, rushed him to the ER and then the OR where they cracked open his chest and performed a triple bypass.

You know what? He is the right weight for his 6’1” height. He quit smoking years ago, and cut back on drinking. He exercises and is strong as a horse. He eats well. And his doctor told him it was heartburn.

I bet after surviving this event he gives up red meat and drinking all together and doubles his exercise routine. I see the same things with CEO’s, Presidents, CFO’s, and other executives if their company survives an IT security breach. Sometimes it is too late, and the recovery is no fun.

Why does it take a life changing event to get us to pay attention to do the things we know we should be doing?

For me, PLEASE tell your friends—and the person you see in the mirror two pieces of advice:

1. If you feel chest pain, demand an EKG and don’t leave the doctor until you get one (or call 911—gets you right past the waiting lines at the ER!)
2. If your last IT security audit was more than 12 months ago—it is time for another!

Before it is too late.

The post Two crucial pieces of advice for executives appeared first on Foster Institute.

First, there was the problem that Twitter’s server had a password set to “password.”   Executives would find news of their own server passwords being so weak as inexcusable!  Then, there was another breach that was caused by several user blunders including using the same password at both gmail and hotmail.

Do any of your users, or you, use the same password at more than one site?  Change them. Get a password manager such as RoboForm or MyPasswordManager. A password manager remembers all your passwords for you – all you need to remember is your password to the password manager. Not perfect security, but a whole lot more secure than using the same password at more than one site! Protect yourself.

The post How Twitter was hacked appeared first on Foster Institute.

There is a wonderful product on the market that will make backups of your computer quickly and easily. The problem is, a criminal can use this product to steal your information. This is supposed to be a short sales video, and I want you to consider how you would feel about the video if a criminal used this to steal your computer’s information: http://www.youtube.com/watch?v=S-aHtWOYGvg

And, in their support, I see this as a very useful tool for home users who never back up their computers – and risk losing years of precious photos of their family. I bought one for myself to show to executives and recommend for people who do not make backups because they feel backups are too much trouble. This is a great tool in your hands for use on your own computer.

There are other ways cyber criminals can steal your data, but you can slow them down if you never leave your computer unattended and logged in if you store any private information such as credit card numbers, banking information, social security numbers, etc.  In Windows, you can use the key combination “windows-L” to lock your screen. You need a secure password.  That makes it more difficult, though not impossible, to steal your data.

Summary: Great tool in your hands; horrible tool for hackers to use against you.

The post Easily steal the information from a computer appeared first on Foster Institute.

• Installing a program, toolbar, browser plug-in, or any other tool without the IT manager’s permission on your computer
• Writing your password down where someone could find it
• Using a password that would be easy for someone to figure out
• Experimenting in windows with screen savers, screen colors, desktop settings, and other non-work-related activities
• Putting a family photo on  your computer as a background

• Calling the IT department to “hold your hand” over the phone while you restart your computer to solve the same problem they have helped you fix 20 times
• Calling the IT department to ask them to support your personal software that isn’t approved by the company
• Not taking time to learn to use your applications correctly, and taking 3 times longer to perform a task through “this is the way my coworker showed me” instead of learning the fast proper way to accomplish a task
• Use your laptop on the road to connect to insecure wireless networks at airports, hotels, coffee shops, etc.
• Plugging in a USB device or inserting a CD/DVD that IT hasn’t checked for viruses, spyware, and other dangers
• Copying company data to removable media that might be lost – exposing the company to liabilities and damages
• Acting as if you are stupid just to prove “this computer/software is too hard to use” when, in reality, you are perfectly capable of using the computer/software if you wanted to
• Eating food near your computer and gumming up the keyboard with spills, crumbs, etc.
• Connecting to the Internet using a personal device (phone, laptop modem, etc) at work to bypass the company monitoring and blocking tools
• Forwarding an e-mail you received that has a political or other message from your company account. When an e-mail leaves from your company account, someone might think your company holds that position or opinion
• Interfering with the corporate security steps by aborting anti-virus scans, interrupting installations of patches and updates, or answering “yes” if prompted with any message similar to, “Is it ok if this program performs a risky behavior?”
• Giving out your password to anyone, including your boss, manager, or IT professional for any reason
• Sending confidential information in text or attachments via an unencrypted e-mail message. Even if the recipient is authorized to see the content, e-mail is insecure and can be easily intercepted along the way
• Seeing a security risk and not reporting it immediately to your supervisor
• Bringing a computer from home and connecting it to the network at work
• Using your home computer to connect to the office network without a trained professional making sure your home computer is secure
• Connecting to your office from a hotel or internet café computer – since those computers are often infected with viruses and spyware
• Allowing a guest to use your computer or your phone/PDA
• Allowing a guest to connect to your wired or wireless network
• Storing company data on your laptop – even if it is a company laptop – unless you have full disk encryption and are using a strong secure secret key
• Using a proxy site to bypass the organization’s Internet filtering software and view an unauthorized site
• Letting a stranger, visitor, or even another employee into the server room without permission from IT and/or the president of the company
• Employers not taking the proper steps to protect the data of their employees, vendors, and customers
• Employers not providing adequate training and testing to ensure computer users are competent in security and productivity
• Calling the IT department to whine about how terrible the new secure password policy is instead of accepting the reality that fighting cyber-crime is everyone’s job
• Feeling it is your right to be able to use organizational resources for any task you choose
• Not having an organizational Acceptable Usage Policy that everyone is aware of
• Not following an organizational Acceptable Usage Policy
• Answer people’s IT related questions when you don’t know what you are talking about
• Ask IT advice from someone who isn’t qualified to answer
• Thinking “it is ok as long as I don’t get caught” when using a computer to do something wrong
• Seeing an indication on your computer that it may be infected, such as the computer slowing down, and not reporting it to IT
• Opening attachments in e-mail messages even if you weren’t expecting the attachments
• Ever sending a message you’d be embarrassed for someone else at the company to read

If you want to, please add your comments to the blog posting below. This will help the graduate student who is working on this study.

The post What dangerous behaviors do users regularly engage in using company owned computer equipment? appeared first on Foster Institute.