On Macs and Windows, encrypting an external drive can be as simple as right-clicking on the external drive’s icon and selecting the encryption option.

Two golden rules:

1) Be sure your files are backed up elsewhere before encrypting a drive.

2) Be sure to save the recovery key in case you forget the password.

Encrypting individual files is helpful to protect your data, but attackers can still read the filenames and deduce information. One advantage to encrypting an entire external drive is bad actors cannot see the filenames when you encrypt an entire external drive or memory stick.

I intend to make you aware of the importance of encrypting external drives and not go into technical details. So, you’re welcome to skip the following information. If you encounter errors encrypting drives in the simple method above, there are many details. For example:

Windows: One way to encrypt drives is using BitLocker. If you have Windows Home edition instead of Pro, you cannot encrypt drives, but you can unlock and use encrypted drives. All editions of Windows support the “device encryption” feature.

Macs: You can use an encryption utility called Filevault2. Alternatively, you can encrypt drives when you format them. If you have a Mac with an Apple CPU, some users experience losing access to the data on the drive after encryption. Apple will fix that soon if they haven’t already.

Hopefully, you won’t encounter any issues when you encrypt your external drives and help protect the data from anyone who steals or discovers a misplaced drive.

The post Protect Sensitive Data on USB Drives and Memory Sticks if they are Lost or Stolen appeared first on Foster Institute.

If you are going to terminate someone, then if possible, do so on the afternoon before his or her day off.

If you terminate an employee on a day before a normal workday, then that firing changes the ex-worker’s daily routine the next day. He may spend time, when he would normally have been working, seething over what he may consider an unfair termination. His temper may boil over when he adopts the idea that his manager is attacking his family by preventing him from being able to support his loved ones. His rage may grow out of control. There is a slight chance he will dress up for work, go to the workplace, and perform some violent act that everyone will regret.

You have seen it on the news.

If you choose to terminate a person at closing time on the day before their scheduled day off, such as on a Friday afternoon for many office workers, then you might reduce the likelihood of the employee acting out on their rage. The ex-worker was going to be staying home the next day anyway; that is their routine schedule. Their anger could possibly diminish during those normal days off.

There is no guarantee that this will protect your life and the lives of the other workers at your workplace, but you may feel a responsibility to do everything in your power that might help safeguard your workplace.

This tip is provided by our specialist for the, “What to Do if a Gunman Enters Your Office” program. He specializes in Hostage Rescue by S.W.A.T. teams. The program shows attendees exactly why the odds of survival in these dangerous situations are actually in their favor. Participants gain a sense of security, not panic. Please say if you would like more information about bringing the training experience to your workplace so that you and your team members can sleep better at night.

What to Do if a Gunman Enters Your Office

Please post your comments below…

The post Reduce Your Risk of a Workplace Shooter appeared first on Foster Institute.

It is easy to become numb about the news of stolen passwords. In the biggest discovery, so far, more than 420,000 websites have been hacked – and they are just finding out about it now. What if yours is one of the 1.2 billion stolen passwords?

Changing passwords frequently helps – but it is an inconvenience. Today is a good time to do it anyway – especially for banking, medical, and the most important sites.

Password managers can help you – they remember your passwords for you so you can have a different password at every site. Therefore, you only need to remember one password, the password to your password manager. Choices abound including LastPass, DashLane, Roboform and many others. There are “enterprise” versions to use in your company, and they are inexpensive.

Yes, there is a tiny risk that an attacker might breach the password manager, so you may decide to keep your banking credentials in your head, but use the password manager for other sites.

Perhaps the best solution is “multi-factor authentication” also known as “2-step” verification. Then you may not even care if someone else knows your password. An example of this solution: You enter a username and password into a web site, and then your mobile phone buzzes and tells you to enter the code such as 777888 to complete the login process.

Now an attacker would need to steal your mobile phone too before they could log on with your username and password. Obviously, if the attacker is in another country, then it is more difficult for them to steal your phone.

DropBox, PayPal, Google Apps, and many other sites already support multi-factor authentication – you just have to “turn it on.” See https://www.google.com/landing/2step/ to set up your Google account’s 2-step verification.

However, even multi-factor solutions are not perfect. One example, among many others, is how it was possible to bypass PayPal’s multi-factor authentication if you logged into EBay first.

By the way, in case you have eaten there, P.F. Chang’s published a list of restaurant locations that may have been breached: http://pfchangs.com/security/#locations

Change your passwords, get a password manager if you want to, and inquire about multi-factor authentication at the websites that contain your sensitive data.

Please post your comments below…

The post What to Do About Your Passwords appeared first on Foster Institute.

This blog is aimed at non-technical executives and owners, and this “technical” release is so that you can forward this to your IT Pros. Forward it to every one you care about “not getting hacked” because you and they may already be.

The good news is – you can “turn off the vulnerability” like a light switch.

Credit for this alert goes to our resident Citrix and VMware “Virtualization Guru.” He explains:

A security flaw has been found in all versions of Internet Explorer and this flaw has already been exploited by cyber criminals. At this time, no patch has been provided by Microsoft.

This excerpt from the Microsoft article explaining the exploit provides the pertinent facts:

“…The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website…”

Customers should protect their own Windows computers from this flaw by following these steps:

• Open a Command Prompt window (hold the Windows key on your keyboard and type “r”, then type CMD in the “Open:” box





• In the Command Prompt window that opens up, type the following (it’s probably easiest to copy and paste from this blog): regsvr32 -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”

As mentioned before, Microsoft has not made public a patch to fix the bug. When a patch is made available, install the patch and then reverse the above command, running cmd admin, by re-registering the vgx.dll file: regsvr32 “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”

Please post your comments below….

The post As if Heartbleed Wasn’t Enough, Here is Another Emergency: appeared first on Foster Institute.

The secret is to use Windows 8 but make it look like you are using Windows 7. Everybody’s happy, you have the huge power, speed, and security of Windows 8. Maybe nobody will ever know you upgraded.

Be sure to have your IT pro go into that “tiled interface” one time, right-click the programs you want to use, and choose “pin to taskbar.”

Remember to ask your IT Pro to start by upgrading one computer to Windows 8, iron out any bugs – and there may be no bugs, and then your IT Pro can upgrade the rest of your machines.

Use this tip to reduce the resistance your users may have about moving from Windows 7 to Windows 8.

Please post your comments below…

The post Use Windows 7 with Windows 8’s Benefits appeared first on Foster Institute.

What to do:

First: Ask your web application designer to patch OpenSSL if your site uses OpenSSL (about 85% do). Consider telling them to “get new keys” for your site in case your old keys are already stolen.

Second: Reset your passwords on the websites on which you care to keep your information secure. Know that the web site’s you’ve been visiting may have already been compromised, and will remain compromised until those sites fix the problem. Once they fix the problem, you need to reset your password again.

LastPass created a tool that will allow you to see if a site is susceptible to Heartbleed. Visit: LastPass

Websites, perhaps including yours, that use encryption, may be completely vulnerable. Attackers can access the “keys” that are used to securely lock your data during transit. Once the attacker has the keys, they can read sensitive data from your site and use the keys to bypass your protection. Without getting technical, this relates to sites that use the “s” as in https:\\websitename.com vs. sites that aren’t encrypted http:\\websitename.com

Additionally, until the websites that you visit apply their fixes too, your information will be vulnerable too. This includes shopping sites, banking sites, and other sites that you trust. Not only do the sites need to patch the security holes, they need to register for brand new “keys.”

Please post your comments below ….

The post Heartbleed Hack Impacts You Too appeared first on Foster Institute.

If you would rather just watch the video, it is here:

While the “most secure way” would be to remove the existing drive, destroy it with smashing, chemicals, drill holes, huge magnetic fields that make the drive unusable, etc. If your data is super-sensitive, then destroy the drive. Period.

But what if you want to donate the computer such that the receiving organization doesn’t need to buy a new hard drive (and/or you don’t need to buy a new drive either)?  As you probably know, when you “delete files” from a hard drive, the files aren’t really gone. We have tools that will allow us, in most cases, to recover the deleted files.

The most important thing here is that you feel comfortable that you can remember all the places where you have sensitive data, then there is a way to cleanse a drive. An example of a place you may not think of erasing data is in something Windows uses called the Paging File. Think of it as a small “notepad” where Windows jots stuff down when working. The Paging file may contain a little bit of data; or not. And, with normal use of the computer, the data will probably be overwritten soon anyway. Unless you suspect someone is going to perform a forensic analysis on the drive, you have little to be concerned about.

The process of erasing the drive is two steps: First delete all of your sensitive information on the drive, using the normal methods you already use to delete files.  Second, use a program that will write jumbled information over and over on top of the “now blank because you erased the files” parts of the drive. An example command is, “SDelete -c -p 3” That makes it very difficult, practically impossible, to recover the data that you erased.

One program that can help do this is DBAN from www.dban.org. We’ll focus on a different program called SDelete from www.sysinternals.com.   WARNING: Always Backup Important Data Twice SDelete has option switches. You can learn more in the SDelete help section if you want, or by watching the video I created for you here: How to Securely Erase a Hard Drive

Here are common uses:

To write over areas that are supposedly “clean” but may contain old data use, or in other words, write random data over the entire drive except where files are stored and don’t delete any existing files : SDelete – c You can run that program more than once if you want to “be extra sure” the data remanence is deleted. Replace the 3 with however many times you want to write the random data: SDelete -p 3 -c

That may be enough to meet your needs. If you are interested, here are more examples:

If you want SDelete to delete files you specify and then write random data where just those files existed before, and if you know how Windows names folders, then you can substitute whatever path you want in the command below.  Be careful because the path indicated below will obliterate everything you have stored in your “my docs” folder and all the folders below: SDelete -p 3 -s c:\mydocs\*.*

To Completely Sanitize Drive D: SDelete -p 3 –s -c D:\*.*

WARNING: Each pass may take a long time

Please post your comments below…

The post Annihilate Sensitive Data appeared first on Foster Institute.

Ask your IT professional to update your firmware. They may need to disable remote administration, but some of them rely on that service. Tell them you want to be protected from the brand new “Moon Worm.”

Please forward this to all of your friends who may be infected and post your comments below – this is for real.

The post Linksys products – if you use them at home or work – you may be vulnerable to an attack appeared first on Foster Institute.

Remember that, even when you have a Mac, you still need to be just as careful as everyone else to protect your IT Security.

Please forward this to your friends and post your comments below…

The post Attn: There is a Serious Mac Virus Circulating Right Now appeared first on Foster Institute.

By the way, here is a short 2 minutes and 40 seconds video that explains this: 

Is the bank kidding? Reduce security? Really? One of the reasons you have security is to protect against attackers gaining access to your online banking!

Often, banks tell IT to disable protections so you don’t experience technical difficulties. If your security measures mistakenly identify the bank as an attacker, the online banking may not work right.

Two key points:

1. The bank is simply passing along instructions from the company that provides the electronic banking services to the bank. This isn’t the bank’s idea.
2. It isn’t just banks. Some of our customers have insurance software providers, medical applications, voice enabled tools, etc, telling our customers to reduce security on some of the customer’s machines.

So what do you do when a vendor tells your IT Pros to lower your defenses? You tell your IT person to keep security in place and to open up the bare minimum that the banking functions need in order to operate properly.

Tight restrictions are the key. Your IT Professionals know that they can still protect users when the users visit other web sites, and still set a browser exception just for the bank’s site. Your IT Professionals understand about reducing security only on source and destination locations (in this case, between your network and the bank) in order to provide more leeway during online banking communications but still restrict other communications.

Sometimes banks recommend that you set up a separate computer to use only for banking. See: Should Executives Buy a Second Computer for Banking?

There is a chance your IT Professional may elect to configure a “virtual computer” inside one of the workstations so you don’t need to buy another machine. The same posting, Should Executives Buy a Second Computer for Banking?, includes information about a third strategy too.

In a perfect world, 100% of the companies that provide software applications to banks (and elsewhere) will invest the time to make their applications function properly with strong security still in place.

But vendors are incentivized to produce “inexpensive” software. Things will get better when enough Executives, like you, start understanding this problem, and demanding better service!

If you haven’t already, ask your IT professionals if your banking applications mandated any kind of reduced security settings. Your IT Pros will be happy you started this discussion. They want to keep your network secure and sometimes don’t want to interrupt you and respect your dedication to your own tasks.

Please forward this to your friends and post your comments below…

The post The Bank Tells Us To Disable Security! appeared first on Foster Institute.