A term to know is macro. It is a set of automated instructions like a program. Emailed Attachments may contain macros.

Macros can contain malicious code that will infect your computer, and give an attacker full access to your computer and network.

If you ever see a message on your screen instructing you to enable macros, refuse.

Your IT department, or IT provider, can disable macros.

At home – you can do it yourself. Find step-by-step instructions by searching the web using the search terms: Disable Macros Office.

On a Windows computer, open each Office application, choose File, Options, Trust Center, Trust Settings, and choose the option to disable all macros with notification.

On a Mac, choose Preferences from the menu in each Office application. In Word, the preferences settings will show up when you pull down the menu labeled Word. Then select Security and Privacy settings. Choose to disable macros with notification.

Forward this message to users who use their computers to work from home, so they can make sure their computers are safe. That will protect your network.

Please forward this to your friends, so they know how dangerous macros are too.

The post Stop Hidden Attacks Buried in Email Attachments appeared first on Foster Institute.

Even if a user does click a link, a good web content filter can often protect your network when user training fails.

We notified the company’s outsourced IT providers, and they determined that the web protection gateway failed and was permitting all traffic into the network. Were it not for the audit, it would still be allowing clicked links to take users to malicious websites.

This firewall appliance is a well-known brand that starts with a B, but it could be any manufacturer. Computer hardware is far from perfect. A big concern is that the firewall failed and no one knew it. As auditors, it is common to find malfunctioning security equipment. Just because all the green lights are flashing on the outside of the firewall does not mean it is working correctly.

Now is an excellent time to ask your IT professionals, even outsourced companies, to devote time to checking your firewalls, routers, wireless network access points, and other devices. They need to apply all critical security patches, verify the filtering rules, and be sure the devices are working fast without hindering the flow of your information. If you want to, have them reach out to us for more technical recommendations.

You can even update your routers and devices at home if you have some extra time. An excellent place to start is at the device manufacturer’s website. There will be instructions to download and install the most recent firmware. Look at the support site about ways you can enable supported security features in your home devices including web content filtering. Be sure to leave time to tweak the settings. Depending on how familiar you are with the settings, this process might take you ten minutes or, if things get a little crazy, it could take an hour or more at home.

Please forward this to everyone you know so they can ask their IT professionals to make sure the firewalls and other devices are up and running correctly. Let’s keep your networks safe.

The post Ask IT Pros to Check Your Routers and Firewalls appeared first on Foster Institute.

When you want privacy, one way is to encrypt your documents before you attach them to your email message.

Microsoft Office, for Windows and Mac, has a feature on the File menu called Protect Document. Choose that option, and enter a secret password.

Use a phrase such as: the chairs are in a row.

E-mail that file to your recipient.

Then, phone, or text, the password to your recipient. If you email the recipient the password, even if it is in a separate email message, whoever is reading your email messages will receive both the attachment and the secret code.

Please forward this to any of your friends who may want to send sensitive email attachments.

The post How to E-Mail Encrypted Attachments appeared first on Foster Institute.

You don’t need to know this part: There is a service called Domain Name Service, DNS, that is a massive index for the Internet. If someone in your family, or at work, types in make a wish dot com, DNS looks up those letters and finds that the Make a Wish server is at address 184.168.221.30. Since computers think in numbers, it can then take you to that website.

Your internet service provider provides you with DNS lookups. So, if someone clicks on terrible dot com or infected dot com, your computer will take you to those sites.

However, there are DNS services that will help protect you. When someone clicks on an address, those DNS servers will look up the address and, before sending you there, do its best to make sure it is a good site.

There is nothing to install, and there are no charges for the services. All you need to do is tell your computer to use the new DNS servers, and all the sites show you how to do that. Check out:

Clean Browsing

Norton ConnectSafe

OpenDNS

Quad9

Additionally, you might even notice a boost in speed!

Please forward this to everyone you know who would like added protection when they click on a link or even type in an address while surfing the web.

The post A Simple Change Can Help Protect Your Family, and It Works on Apple and Windows appeared first on Foster Institute.

NYC’s Mayor Bill de Blasio signed an executive order to establish the New York City Cyber Command. The command has developed the initiative called NYC Secure.

NYC is setting the fantastic precedence of protecting citizens, and visitors, from cyber-attacks. The system protects both iPhone and Android users.

Yesterday, I sought out and met, one on one, with the lead developer of the security app that is one component of NYC Secure. I quickly steered the conversation to the technology behind the protection mechanisms.

After conversing with this security guru, a mathematical genius, for almost an hour, I’m happy to report that the level of protection is unprecedented.

In fact, most corporations do not provide some of the powerful features built into the NYC public system.

Please forward this message to your mayor, and ask them to follow this model and protect the citizens of your city too!

The post New York City is Providing Automatic Protection for all iPhone Users, and So Can Your City appeared first on Foster Institute.

When your IT team logs onto a server, the server’s screen looks similar to what you would experience looking at a Windows workstation’s screen. The display on the server’s screen would remind you of your desktop or laptop computer’s screen.

Your IT professionals can remove this desktop experience and produce significant benefits. Your servers need less storage space, are faster, need fewer security patches, and are more reliable. Additionally, there is a smaller attack surface for attackers to exploit. Those benefits will help you, as an executive, sleep better at night.

Your IT team will install the server’s core software, and omit all of the programs that produce the desktop experience.

For your IT team to control and configure the server, they can use a server manager program that runs on their computers. Your IT team might use Windows PowerShell or even Project Honolulu too.

Please forward this message to fellow executives who want to make changes that will help them sleep better at night and, in the future, save money too.

The post A New Opportunity for Your IT Pros to Protect your Servers appeared first on Foster Institute.

Most IT professionals will, and do, fix the printer first. They care about you and your organization. They want to ensure that your team can serve your customers.

But, postponing the repair to the firewall may significantly increase the risk of your organization experiencing a major cyber attack.

The printer being broken is a visible condition. It is possible that nobody, other than members of your IT team, knows that the firewall is broken.

Your IT team will receive approval for fixing the printer. But, if they spend time fixing the firewall first, everyone will think they are wasting time, sitting around, doing nothing.

What device or activity consumes your IT team’s time? What do they have to invest a lot of time fixing, when there are perhaps more critical, often invisible, cyber security issues that must be addressed?

If it is the printer that takes up their time, buy a spare printer. If one printer goes down, everyone can use the other printer.

Do what you need to do in order to ensure that your IT team will have time to take care of your IT security. You will reap the benefits if they stop an attack.

The post How Buying a Spare Printer can Vastly Improve Your Cyber Security appeared first on Foster Institute.

Intel advises that IT Professionals stop deploying the current versions of patches for the recently discovered security flaws in CPU chips. Find details, just updated, by searching:
Root Cause of Reboot Issue Identified Updated Guidance for Customers and Partners site:intel.com

Do not insert a space after the colon.

For most of you, deploying Microsoft patches is easy compared to managing Flash, Java, and browser updates. Oracle is releasing multiple security patches for Java SE. Additionally, if you are upgrading Chrome to the 64 bit version, Google is releasing new patches for that browser.

For executives wondering what to do at home, you may find it best to download fresh versions of any non-Microsoft browsers you use, and reinstall the most recent versions of Flash and Java, if you still use either, from https://get.adobe dot com/flashplayer/ or java dot com . Your Microsoft and/or Apple patches are likely configured to install automatically.

For both organizations and home office users, if you can remove Flash and/or Java from some or all of your computers, then you can forget about patching them. If you haven’t already, try it on a few computers. You may find that all of the websites essential to your business no longer require either. Worst case, you can re-install the most recent version.

Executives, please forward this to your IT Professionals. Be sure to, if you have not already, have a conversation with them about how aggressive you want them to be with patching. They can share the pros and cons with you. These days, an aggressive posture related to patches can increase your security dramatically, when handled properly. Provide them time to test the patches, test un-installing the patches, and then to deploy the patches in stages. They will also need to contact your cloud providers to discuss how they are handling the flaws and patches.

The post Patching Nightmare – Please Forward to Your IT Pros appeared first on Foster Institute.

Second, attackers will target, more than ever before, organizations who store protected health information. If you are in healthcare, or even if your company name makes it sound like you are in healthcare, ramp up security to unprecedented levels and have a plan of what to do when you are breached.

Third, more attackers will use trusted security software as a vector to infect networks. Attackers already infected the program called C-Cleaner, used by millions of people to, among other things, speed up slow Windows computers. C-Cleaner is a very useful, and trusted, security program. Unfortunately, this tool became a powerful attack tool when attackers took over the update server. What program, one that you trust, will attackers take over to use as a vector to hack your computer?

Please forward this to your friends who can be on the lookout too.

The post Three Serious Trends to Watch Out for in Cyber Security appeared first on Foster Institute.

A patch for Linux has been released and Microsoft plans to release a patch next Tuesday. Apple will release a patch for OSX.

For understandable reasons, many organizations are significantly behind schedule in applying patches. The patch won’t help protect your organization until the patch is applied to your computers.

A big concern is that the patch is predicted to have a major impact on performance. Estimates of the degradation in the performance range from 0% to 30%. If you have computers that are slow anyway, this will matter to you.

Additionally, this vulnerability affects computers in the cloud too. Amazon and Microsoft have announced that they are working on patching their cloud servers.

Ask IT what the status is of your patches for all of your operating systems, and make a plan for getting your patches up to date.

The post Major Flaw in Computer Processors Affects Security appeared first on Foster Institute.