If you have cybersecurity insurance or feel this incident could cause significant damage, consider having a forensic analysis to track down what happened.

Contact your email provider, explain what happened, and ask for help. Continue down this list while you wait for their response.

Reset your email account password immediately. If you can’t log in because someone unauthorized reset your password, try resetting it yourself. If that doesn’t work, contact your email company’s tech support.

Check if your username and old passwords have appeared on the dark web. Visit https://haveibeenpwned.com/ and similar sites to find out. Never enter your password.

Change passwords for all your accounts including social media, banking, and other sensitive accounts, especially if you’ve used the same password for multiple accounts. Someone may have access to more than just your email.

Consider using a password manager like 1Password, Dashlane, LastPass, NordPass or another to help ease the pain of having different passwords on every website from now on.

When setting up security questions, avoid real answers that are easy for a bad actor to research. When asked, “Where were you born,” you could answer something like, “The fourth crater on the moon.” Save your secret answers in a file in a random place with a random name like “socks.docx” for when you need the answers. You can encrypt the file for added safety.

Enable two-step verification for your email account. While you are at it, set up two-step verification everywhere you can, primarily on sensitive websites and services. Here is how to add MFA to your LinkedIn account for added security https://www.linkedin.com/help/linkedin/answer/544/turning-two-step-verification-on-and-off?lang=en

If you set up two step authentication so that the site or service sends you an email message for the second part of logging in, and the hacker has access your email, it defeats the purpose of MFA. Therefore, if you set up the two-step login with email as the second step, use a different secure email address.

Review your email’s “sent” folder to spot any unrecognized messages.

Look at all your email accounts in your organization to ensure there are no email forwarding or filtering rules you did not configure.

Check your websites, especially LinkedIn, for any unauthorized changes.

Set up SPF and DKIM. More information here: https://fosterinstitute.com/block-inbound-and-outbound-fraudulent-email-messages/

Watch out for remote control applications that might allow a bad actor to compromise your computer and send email messages as you.

Be aware that your computer or another computer in your organization might be hacked, enabling attackers to send messages on your behalf. Stay vigilant and take measures to protect against such incidents.

Regularly apply critical security patches to your computer. You can check for updates manually, even if automatic updates are enabled.

Ensure your anti-virus program is current and run a manual scan regularly. Using EDR or XDR services add more security.

If you use a browser to send and receive email, this is a drastic step, but consider uninstalling the browser. When you reinstall the browser, add only the plugins you need.

If you use your phone or tablet for email, they could be hacked. Apply security patches, keep them in your possession, examine the privacy settings, and lock devices when not in use.

Watch out for apps on your computer, tablet, or phone that may be harvesting your address book without your knowledge. A drastic move would be to factory reset and erase them, but be sure your important data is stored in the cloud or backed up.

Notify financial institutions that if they receive messages from you, the messages could be fraudulent.

You might want to set up a new email address to use until you feel confident your old address is safe.

If you haven’t already, freeze your credit.

Monitor your financial accounts.

Before you send out notifications, you will want to talk to an advisor who can help you know what to say.

Please forward this to your friends so that, if someone appears to hack their email account, they will know what to do to.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post What to Do if Someone Hacks Your Email Account appeared first on Foster Institute.

You can encourage them to buy, or even issue them, a small uninterruptable power supply UPS for their Internet router. Laptops have built-in battery power. If a worker has a desktop computer or other networking equipment, those devices must be on a more powerful battery backup.

If you are comparing unit run times, watts are usually a better comparison than VA. A 500W UPS, around one hundred dollars, will probably run an Internet router for between one and two hours. You can ask your IT Pro if you want more details and find out their favorite brand name. APC, Tripp Lite, and CyberPower are popular brands. (The Foster Institute does not receive any compensation for mentioning brands, nor is this an endorsement of the brands. You might find it helpful to know what products our clients find useful).

Please forward this to your friends who might benefit if their workers stay connected during a power outage.

The post Battery Backup for Your Work from Home Users’ Internet and Computers for Power Outages appeared first on Foster Institute.

More often than ever before, bad actors infiltrate organizations in a slow, methodical way. They can remain undetected for weeks, months, even years. The FBI uses the term dwell time to designate the period from when attackers infiltrate systems until you discover them. The FBI warns businesses that attackers can cause significant damage during dwell time. Bad actors quickly establish backdoors to ensure access, even if you block their first point of entry. They deploy keyloggers on systems to record keystrokes. If your cyber assets are compromised, the bad actors can potentially monitor your messages to find out when you discover their presence in your network, computers, applications, cloud resources, websites, or anywhere else.

Once attackers know you’ve discovered their infiltration, that triggers them to move forward with their next phase, often contacting you to demand a ransom. Sometimes they threaten severe consequences if you attempt to recover your system in any other way than paying them. Since they are in your systems, you must take the threats seriously.

Establish a protocol for workers to communicate suspicions in some method other than email.

Even your IT department must avoid emailing each other questions such as, “I received an alert that someone is resetting an administrator password. That’s odd. Is that you?” Instead, they must communicate by mobile phone or radio.

If you suspect a breach and contact us, consider phoning. If you must email, use a personal account outside of your company account, and use a phone or some device other than a company computer’s keyboard to send the message.

I’m not talking about when users receive a phishing message. I’m talking about if they receive a phishing message that includes customer account information, if an important file is missing or won’t open, or if they receive an unexpected login request on a website or to open a file. IT needs to investigate these early-warning signs.

Please forward this to other executives who you care about to establish a mobile hotline number for users to reach the IT team to report suspicious activity. Help avoid triggering attackers’ responses before your IT team has time to react and, hopefully, mitigate a potential cybersecurity disaster.

The post If You Get Hacked, Do Not Email Anyone About It appeared first on Foster Institute.

Believing that small to mid-size businesses are not targets helps business owners and executives sleep better at night. The thought is comforting.

However, the reality is that instead of choosing targets based on organization size, the majority of attackers choose soft, easy to breach, targets. In particular, that category includes work-from-home computers.

In our consulting business, we’re seeing many firms suffer major breaches that originate at an unsuspecting work-from-home user’s computer.

Please forward this to your friends so they know that it may feel comforting to believe attackers only go after the big companies, that belief is putting their organization at tremendous risk.

The post Be Smart and Avoid This Comforting Belief appeared first on Foster Institute.

• They may be married and have a family
• Introverted with a close group of friends
• Often learned to program at a young age
• College educated, often in electronics, IT, or physics
• No social media accounts – to avoid drawing attention
• Believe that soft drugs, such as marijuana, help them work

Notice that the Secret Service doesn’t specify a gender.

Please forward this to your friends, so they know their adversaries a little bit better.

The post A Hacker Profile – Who Are They? appeared first on Foster Institute.

Step 1: Attackers compromise work-from-home users.
Step 2: They gain access to their company.
Step 3: They bite into the company to discover what’s inside.

There are so many work from home users; this is a target-rich environment.

1. You must harden remote users’ systems against attacks. Secure their connections.
2. When possible, issue laptops, so your IT team has more control over your remote users’ security.
3. Implement user training and phish testing. Please say if you’d like us to provide phish testing and online training for your users. We do all the work so your IT teams can focus on their other tasks.

Please forward this to your friends so they realize their remote users must be more secure than ever, and attackers target them indiscriminately.

The post Your Work From Home Users are Like a Box of Chocolates appeared first on Foster Institute.

To help address the security problems, Zoom now offers a reward for anyone who finds a way to break in. The payoff, for bad actors and researchers, is enormous. A sobering thought is that maybe the attackers already have full control over Zoom. However, they might have complete control over GoToMeeting, Microsoft Teams, Skype, TeamViewer, WebEx, and any other virtual meeting platform. I certainly hope not.

Zoom is Making Improvements

Zoom says they’ve configured the system to avoid sending meetings through China’s servers. Otherwise, the Chinese government might require disclosure of your communications.

If you use Zoom on a Mac, then if a bad actor has your computer, they could take over your camera and microphone. Additionally, Zoom exposed information that could reveal Windows passwords. Zoom says they fixed those problems.

After Consumer Reports raised red flags, Zoom improved its privacy policy and practices. Zoom still has problems. A notable issue is that there is no end-to-end encryption during meetings. Security best practices dictate protection from each participant to every other.

You and Other Companies can Help Protect Meetings

For example, if you permit your users to record the meeting, encourage them to password protect the recordings, especially if they upload them to a cloud storage service. Otherwise, anyone with access to the recording can play it back.

Require passwords and require waiting rooms per new default settings. The goal is to stop intruders from interrupting a Zoom meeting with disruptive or disgusting content.

Configure the meeting so that only the host can share their screen. Then intruders cannot share theirs.

Never use a personal meeting room ID for scheduling meetings. Use the default setting to generate a meeting ID randomly.

Alert users to expect fraudulent email meeting invitations attempting to trick users into typing their Zoom username and password.

Enable two-step login requirements to protect accounts even if a bad actor does discover usernames and passwords.

Or, you could ditch Zoom all together. Options include FaceTime, Signal, Teams, and many others. But who knows which one could get hacked? No matter how secure it is, all it takes to destroy security is for one person on the call, or an attacker with remote access to their computer, to record the conversation using third party screen recording software.

To help protect your Zoom meetings, watch other videos that concisely cover the security settings available in a paid Zoom account, configuring the two-step login feature, and a run-through of paid account settings so you can follow along:

Zoom Security – Set Up Two-Step Login

Zoom Security Settings – The Concise Details

Zoom Security – Follow Along to Set Settings

The post Zoom Security Issues – Protect Yourself appeared first on Foster Institute.

To help prevent an attacker logging into your Zoom account, enable two-step login. Once activated, then when you log in, you’ll enter your password along with a separate numerical code. Rather than sending the code as a text message, Zoom uses a more secure approach and requires you to use a passcode generator app. To configure two-step login, go into your account settings. Scroll down until you see the word Admin in the left-hand column, click on Advanced and then click the security option. Scroll down the main window until you see Sign in with Two-Factor Authentication. Enable the option. Sign out of Zoom and sign back in to complete the installation. Follow the prompts to associate your authentication app with Zoom.

When you schedule a meeting, for Meeting ID setting, select Generate Automatically. I’ll explain why soon, know that you need to keep your Personal Meeting ID private except for a few people you trust.

Zoom permits you to choose whether or not to require passwords for your meetings. In most cases, you should require a password. As long as someone gets the meeting notice you send them, they won’t even need the password because the password gets imbedded into the meeting invitation. However, embedding the passphrase inside the invitation exposes you to a risk. If an unauthorized person obtains the invitation, they too can authenticate to your meeting without needing to know the password.

One of the best security features is a tool called Waiting Room. Tomorrow’s tool will show how to set it up quickly. Be sure to sign up for our newsletter to receive the links for a powerful experience tomorrow and a concise video on Monday morning.

The post Make your Zoom Secure appeared first on Foster Institute.

USB: A new ploy is bad actors mailing USB devices, appearing to be from your company to your users. Once plugged in, they can open up a channel that permits unauthorized remote control and capturing keystrokes, including passwords.

Fake Login Prompts: Remind your users to beware of login screens when they don’t expect them. Attackers create persuasive prompts that ask your users passwords for their logon, VPN, or Microsoft Office 365 login, and more. Sometimes the windows tell the user that their connection dropped, and to provide credentials to reestablish their link. Your Users must ignore those prompts and notify your IT team immediately.

Fraudulent websites and apps: Sites may have useful coronavirus information, but they also contain malicious attack software that strives to infect computers. Attackers create bad apps offering online statistics, tracking of the virus spread, and more.

Please forward this to your friends so they can alert their users too.

The post Alert Your Team – USB Devices, Login Prompts, and Apps appeared first on Foster Institute.

You may have heard that Netflix agreed to reduce the picture quality of movies in the UK to reduce the load on the Internet. What’s that have to do with your company? Prepare a contingency plan now. Something easy to change is to instruct your workers to ask their family members to please download their movies at night rather than streaming the videos during work hours. That way, their family can watch their downloaded movies during the daytime without using up your workers’ remote network speed.

If your remote workers use VPN connections, and they experience slow speeds, your IT team can enable something called split tunneling. Then, if they aren’t already, your workers’ computers take a shortcut directly to the Internet without going a long way around through your primary office location’s firewall first. That trades speed for security, so executives have to make the decision, but the change might be worth it if your workers cannot work otherwise. There are other strategies too. Know that recorded video and audio conference calls will make it through even when a real-time conference is so slow it fails.

Other customers explain that the cellular towers in their area are so overloaded that phone calls get dropped, and voices are sometimes garbled beyond understandability. That’s when text messages, though less convenient, will be your plan B. At least text messages will usually go through even with weak or slow connections.

Please forward this message to your friends so they can have a plan in place at their company in case an Internet or cell phone traffic jam interferes with their business.

The post Plan Now for Slow Internet and Dropped Phone Calls appeared first on Foster Institute.