You can encourage them to buy, or even issue them, a small uninterruptable power supply UPS for their Internet router. Laptops have built-in battery power. If a worker has a desktop computer or other networking equipment, those devices must be on a more powerful battery backup.

If you are comparing unit run times, watts are usually a better comparison than VA. A 500W UPS, around one hundred dollars, will probably run an Internet router for between one and two hours. You can ask your IT Pro if you want more details and find out their favorite brand name. APC, Tripp Lite, and CyberPower are popular brands. (The Foster Institute does not receive any compensation for mentioning brands, nor is this an endorsement of the brands. You might find it helpful to know what products our clients find useful).

Please forward this to your friends who might benefit if their workers stay connected during a power outage.

The post Battery Backup for Your Work from Home Users’ Internet and Computers for Power Outages appeared first on Foster Institute.

Official channels report that some software giants, including at least one major cloud hosting platform, are compromised. Your suppliers and vendors might be compromised and that affects you, too, even if your systems are safe.

Some steps to take:

1. Remind all of your users that they will likely receive fraudulent email messages that look more realistic than ever. Never enter usernames, passwords, or sensitive data into any forms without checking with your IT Pros first. Never transfer money based on email messages alone.

2. If you receive an email that appears fraudulent, then phone or text the sender to discuss the authenticity. If you email the sender to ask if they sent the first message, a bad actor who compromised their email system will reply to you and say that the original message is safe. Email is less trustworthy than ever, even when you start the conversation.

3. Contact your vendors, suppliers, customers, and anyone you rely upon to ask if they are following this emergency and actively looking for breaches. Ask if they check with their suppliers to require their vigilance too. Assess your risk of one of those entities failing. Have a business continuity plan in place.

4. Many organizations are temporarily disabling SolarWinds. Nobody is sure of the extent of infiltration.

5. Ask your IT pros to implement a two-step login process wherever possible. Reset passwords. Install critical security updates. Restrict account privileges as much as possible. Uninstall all non-essential software. Be hyper-vigilant of anything that appears to be an attack. Our audits and security reviews will help your IT teams secure your systems too.

Rest assured that software giants are working round-the-clock to fight the attackers. The problem is that the attackers had a head start, so they are one step ahead. And, if an organization you rely upon is compromised, it might be too late to stop. The infected organization will need to resolve the problems. They might not realize they are compromised.

The post The SolarWinds Breach Affects You Too. Ask your IT Team to Take these Steps. appeared first on Foster Institute.

Here is how the scam works: Suppose you want to look up a company online named Super Duper, so you type the store’s name into your favorite search engine. An attacker might have purchased the top result to take you to the website superduperco.com. However, if you knew to scroll down past the paid-for-results, you would have seen that the real website is superduper.com. Attackers set up a website and named it superduperco.com.

Their deceptive site might contain malicious advertising, ask you to enter credit card numbers during checkout, or tempt you to download malicious programs and apps. They might ask you to login or reset a password, and they capture the password you type in.

If you look up a retailer in a search engine, skip past the ads and paid results. Scroll down to see real search results. Even then, be skeptical in case attackers used SEO techniques to appear at the top of the actual search results.

Please forward this to your friends to alert their users that top search engine results can be a trap.

The post Beware: Attackers Buy Top Search Engine Results to Trick You appeared first on Foster Institute.

When another family member shares a work-from-home computer, it magnifies your risk exponentially. If users already work from home using personal home computers, there are potentially cost-free steps to help protect your organization. Consider allowing them to take their work computer home. If their work computer doesn’t have wireless access, you can provide an inexpensive USB wireless adapter.

Allow your IT professionals, or IT consultants, to monitor and maintain the security of those computers. Many protection tools support remote users, so you might already have what you need.

Dedicated work computers must remain off-limits to other family members. Set a firm boundary that your workers are not authorized to use the computers for any purpose other than working.

Please forward this to your friends, so they know this cost-free way to help protect work-from-home users.

The post One Nine-Year-Old Checking her Email can Breach Your Entire Organization, and How to Protect Yourself appeared first on Foster Institute.

Step 1: Attackers compromise work-from-home users.
Step 2: They gain access to their company.
Step 3: They bite into the company to discover what’s inside.

There are so many work from home users; this is a target-rich environment.

1. You must harden remote users’ systems against attacks. Secure their connections.
2. When possible, issue laptops, so your IT team has more control over your remote users’ security.
3. Implement user training and phish testing. Please say if you’d like us to provide phish testing and online training for your users. We do all the work so your IT teams can focus on their other tasks.

Please forward this to your friends so they realize their remote users must be more secure than ever, and attackers target them indiscriminately.

The post Your Work From Home Users are Like a Box of Chocolates appeared first on Foster Institute.

You’ll make your computer less attractive to attackers, and it limits the window during which they can attack. You have nothing to lose, and you might even reduce your power bill!

Please forward this to all of your friends, so they know this simple step to protect themselves.

The post Power Down to Boost Security appeared first on Foster Institute.

The work they do is often so complicated, yet they make it look easy. Unless you are a high-tech executive, it can be difficult to appreciate how sometimes your team accomplishes a miracle.

In some organizations, the only time the IT team gets noticed is when something technology-related stops functioning correctly.

IT pros, by nature, need to invest more than 40 hours a week to keep up with rapidly changing technology. That doesn’t include responses to the helpdesk crises and completing the projects assigned to them.

Executives reading this newsletter already feel compassion for and support their IT teams. But just in case you know an executive who doesn’t, or the gift slipped their mind, please forward this message to them. And why not add an IT Appreciation Day to company calendars?

Happy Holidays – and you deserve a bunch of credit too!

The post Remember to Give Your IT Pros a Holiday Gift appeared first on Foster Institute.

The leak exposed a tremendous amount of information about you, your personal and work history, your interests and hobbies, current and past contact information, and more all gathered and stored in one package. If someone knows your email address, they could immediately know your birthdate if you ever entered that date into a social media profile.

The data might also include your religion, financial information, members of your family, buying preferences, and more. It is alarming that your information is now more readily available than ever. Even more disturbing is that interested parties can access your data all in one place. Do you read the privacy policies when you install applications or sign up for services? You often agree that they can share some or all of your information with third parties. Those third parties may be data aggregation companies, called enrichment companies. This leak’s source was an Elasticsearch server. It contained data from two data enrichment servers called People Data Labs and OxyData.

What should you do? Now, more than ever, watch for fraudulent messages that seem very legitimate. Consider an example if your data set includes your phone provider. Social engineers might pretend to be your phone provider. They will demonstrate that they know real towns where you’ve lived. They’ll add legitimacy by including your accurate birthdate, one of your hobbies, and potentially your credit history. On the flip side, people that have your information can impersonate you to organizations. They might reset a password or change your listed email address so they can access your protected accounts. They might be more successful at tricking your relatives and friends into clicking a link because they’ll recognize personal details.

Use different passwords at different websites. Enable two-step verification as suggested and described in prior newsletters. Warn your friends that they must be more vigilant than ever for frauds and scams, even when the contact seems to know all about them.

The post A Huge Data Leak Exposed Your Personal Information appeared first on Foster Institute.

If you want to find out if your passwords were released, visit his site called https://haveibeenpwned.com. If you elect to enter your email address, he will tell you if it is in the collection and give you more details.

What do you do if you are on the list? Reset your passwords. Use a password manager that will remember your passwords for you to make your life easier when you use a different password at each website from now on.

Now is a great time to enable two-step verification. A basic form of two-step verification is when you enter a username and password, and you receive a text message code to type in. Enable two-step verification on PayPal, LinkedIn, Dropbox, Facebook and every other web service you use. On each website, look for Settings > Security. You may need to dig down, but more reputable sites now support two-step verification, but you must enable the feature.

Some bad news is that, about a week ago, a tool called Modlishka shows how to break two-step verification so it isn’t that secure, but two-step verification is still more secure than a simple username password combination. If it allows, have a website use some other method than texting you a password. Using an app on your phone or calling you via a voice call are options that are often more secure than the text message. Microsoft, Google, and a service called Duo offer these options and more. Having a hardware key is even better unless your laptop users leave the key stored in the laptop case, and their password written on the bottom of the laptop.

The post 773 Million Passwords Exposed – Were You Exposed? appeared first on Foster Institute.

Encourage and provide time to your team to keep your systems up to date with all critical security patches for operating systems, Office, browsers, Flash, Java, and Reader. Ask them to show you a list, not a pie chart, of missing critical security patches. If they haven’t checked lately, this is an excellent time for them to be sure the firmware is up-to-date in the firewall and other infrastructure devices.

Thank you for all you are doing to protect against ransomware and all types of cyber threats. You are helping make the world a safer place to live and work!

The post Happy Computer Security Day! appeared first on Foster Institute.