When your IT team logs onto a server, the server’s screen looks similar to what you would experience looking at a Windows workstation’s screen. The display on the server’s screen would remind you of your desktop or laptop computer’s screen.

Your IT professionals can remove this desktop experience and produce significant benefits. Your servers need less storage space, are faster, need fewer security patches, and are more reliable. Additionally, there is a smaller attack surface for attackers to exploit. Those benefits will help you, as an executive, sleep better at night.

Your IT team will install the server’s core software, and omit all of the programs that produce the desktop experience.

For your IT team to control and configure the server, they can use a server manager program that runs on their computers. Your IT team might use Windows PowerShell or even Project Honolulu too.

Please forward this message to fellow executives who want to make changes that will help them sleep better at night and, in the future, save money too.

The post A New Opportunity for Your IT Pros to Protect your Servers appeared first on Foster Institute.

Most IT professionals will, and do, fix the printer first. They care about you and your organization. They want to ensure that your team can serve your customers.

But, postponing the repair to the firewall may significantly increase the risk of your organization experiencing a major cyber attack.

The printer being broken is a visible condition. It is possible that nobody, other than members of your IT team, knows that the firewall is broken.

Your IT team will receive approval for fixing the printer. But, if they spend time fixing the firewall first, everyone will think they are wasting time, sitting around, doing nothing.

What device or activity consumes your IT team’s time? What do they have to invest a lot of time fixing, when there are perhaps more critical, often invisible, cyber security issues that must be addressed?

If it is the printer that takes up their time, buy a spare printer. If one printer goes down, everyone can use the other printer.

Do what you need to do in order to ensure that your IT team will have time to take care of your IT security. You will reap the benefits if they stop an attack.

The post How Buying a Spare Printer can Vastly Improve Your Cyber Security appeared first on Foster Institute.

First, IT Professionals need to know that the boss is always right. If the executives say that they do not want to use passwords, then that settles it. Of course, IT Pros should make recommendations, but let the boss decide. IT Pros need to document the executive’s decisions, especially decisions that go against what the IT Pro feels is best, and move on. They should not bring them up again. If bosses feel unsupported in the decisions they make, the IT Pro will soon be looking for a new job.

Second, bosses get frustrated when they feel a project is moving slower than they believe it should move. It is necessary to keep them up to date on existing projects. Otherwise, the boss may decide to hire someone else that they perceive as being able to bring more value and get things done. IT Pros need to send the boss a monthly, if not weekly, bulleted list of completed, current, and planned projects; even small ones. If the boss even hints that they would like to know more about a project’s progress, the IT Pro needs to jump on reporting that. A verbal conversation is often faster and much more effective than an IT Professional writing and re-writing a long defensive email.

Third, IT Pros need to ask the boss how they can improve their service to the organization. They need to ask how IT fits into the big picture, and ask how they can support the business strategies. They need to listen and do what the boss says to do. They need to have that conversation every month or so. They need to ask themselves what they would want if they were in the boss’s shoes.

Many IT Pros are confident that, and maybe they are, so valuable to an organization that they would never be fired. The only thing that feeling guarantees is that there will be no advance warning to the termination, because the executives of an organization don’t want to risk any kind of retaliation from an IT Professional that feels so indispensable.

Forward this to all IT Professionals that you care about.

The post IT Professionals: 3 Things IT Professionals Must Do to Avoid Being Fired appeared first on Foster Institute.

Immediately change your password on Facebook.

If you haven’t done so, and every Facebook user should do this, turn on login approvals.

Go to Facebook dot com slash help and find the box at the top of the page named: Ask a question. Enter these words: How do I turn on login approvals.
Then follow the instructions.

Next, again at Facebook dot com slash help and, in the search box, enter: report an imposter account. The guide literally walks you through the process of what to do.

Please forward this to anyone you know who uses Facebook.

The post If Someone Impersonates You on Facebook appeared first on Foster Institute.

An Australian Web Security Specialist, Troy Hunt, has compiled a database containing usernames that have been stolen in hacks and then published or sold. Some people use his site to look up their own email address or username.
His website is haveibeenpwned dot com. (In this case, Pwned refers to a condition of someone else having access to your login credentials.)

At his site, people enter their email address or any usernames they’ve used for online logins. Sometimes, they look up addresses of their family members. If there is a hit, the details of the breach are displayed on the site.

Even if not on the list, there is no guarantee that person’s credentials haven’t been stolen, but it still helps to know.

If you ever suspect that your login credentials to any website have been exposed, it is very important that you reset the password on that site, as well as any other sites where you may have used the same password.

There are other strategies to protect yourself. Enabling two-step-logon is very important these days since it can thwart attackers who know your username and password. Using a password manager, as opposed to letting your browser store passwords, can help make password security more convenient, but it still needs to be used carefully. These strategies are explained in detail elsewhere in this blog.

Forward this to anyone who might want to know if their username and password has been hacked…

The post How to Find Out if Your Password Might Have Been Hacked appeared first on Foster Institute.

Due to more than 35 instances of Samsung Galaxy Note 7 phones exploding, Samsung has recalled the 2.5 million devices.

Fortunately, none of the explosions happened in an airliner. Yet. And may it please never, ever, happen.

Will the ban be enforced and, if so, how? Do all Samsung device owners know which model they have?

Are we all gambling with our lives when we fly on planes with phones that might explode? Will the airlines deny use of other Lithium battery operated devices to make things easier to enforce? If you cannot take phones with you on a business trip, is this a new business opportunity for someone to rent phones to travelers arriving at airports?

The post “This is Your Captain Speaking – No Samsung Phones Allowed” appeared first on Foster Institute.

At a client’s office this week, one of the IT Professionals had an interesting idea. He can configure two-step logon to contact him, not the consultant, for login verification.

If you configure this at your office, here is how it would work: First, the consultant would enter their username and password to login to your network. Then, an app on your smartphone would indicate that the outsourced consultant is trying to gain access. Then, you will be able to choose to allow or deny the consultant’s login attempt.

This IT Professional wants to know, in real-time, when someone is attempting to log on to his network. If you use this arrangement, you will have the capability to permit them or deny them access each and every time.

It is an interesting idea.

The post A Way to Control Consultant Access – Every Time appeared first on Foster Institute.

As demonstrated last week, attackers attempt to guess usernames and passwords on systems in an attempt to gain access to those computers.

The most concerning part, since your network is already under attack, is that one or more of the attempts might have been successful.

Those thousands of unsuccessful login attempts on a computer are, in a way, reassuring because the attacker was having difficulty finding a combination that worked.

The reason that some computers have fewer attack attempts can be because an attacker successfully gained access after a smaller number of guesses.

This is often the case since the attacks are automated so an attacker will not usually get tired of trying. Once one of the tries is successful, then that’s when the attacker stops guessing usernames and passwords. At that point, they already have access.

Have your internal, or outsourced, IT Pro examine failed logon attempts and see if the usernames seem random like the list published last week. If the usernames are similar to those on that list, then that’s an indication that an attacker was attempting to gain access. If there are a small number of attempts, then that attacker may have gained access to the computer.

Now that’s concerning.

Please forward this to your friends and associates so that they can be more aware of how to protect the security of their organization.

The post How To Know if a Password Attack Succeeded appeared first on Foster Institute.