One of our best clients has adopted the strategy of telling their employees, “Don’t be afraid to lose your phone. It is ok to lose it.” In fact, the company buys insurance on the phones, and even tells the employees it is ok to break phone.

They want their workforce to realize the phone is “a replaceable tool they use to access the irreplaceable security of data.”

This results in the worker complying with the direction, “If you think you lost your phone, contact IT immediately.”

Furthermore, the policy works. For more than a year now, each time an employee misplaces their phone, they notify IT immediately. IT then locks the phone remotely and causes the phone to start emitting a “screaming baby” sound.

Usually the phone is located in moments, and if not, IT proceeds to perform a remote wipe of the data on the device.

Though there are many facets to mobile security, one of the most important parts is getting your workers to notify IT as soon as they lose a device. What a great solution!

The post Executives tell Employees – It is OK to lose your phone appeared first on Foster Institute.

More often, the executives have administrative level permissions to access everything on the network and, additionally, the executive has a weak password. If an executive demands administrative access to a network, create two user accounts for the executive. One of the accounts is for day-to-day work and the administrative account is only for resetting passwords, deleting users, and whatever else the executive wants to do on occasion.

Any users who have administrative access should not have access to a web browser or to email. Avoid exposing administrative users to those common and dangerous attack vectors.

Please post your comments on this blog.

The post Are you rolling out the welcome mat to attackers? appeared first on Foster Institute.

There was no sensitive data on the iPad, just in case something like this ever happened. Security features are enabled anyway.

When I arrived hours later the receptionist said they hadn’t heard anything about any missing devices. I checked and now Find my iPhone showed the device’s location to be about 30 miles away, complete with an address and a satellite view of a residence.

I asked if they had any idea why my iPad would be at such and such address. The helpful person at the desk said, “Can you wait a moment? I need to call the owner of my company.”

I was told that the address was that of an employee whom they’d had other problems with before. They informed me that, after the phone call, the owner had actually driven to the home, recovered the iPad, and terminated the person on the spot. Hopefully the owner isn’t the kind of terminator that Arnold Schwarzenegger portrayed in the Sci-Fi movie. I told them not to fire the guy—maybe he is just trying to feed his family and losing his job wouldn’t help him. It was just nice to know I’d have the iPad back soon.

Your device can tell you, “I’ll be back!” with that thick German accent, “Ahl be bock!”

Turn on a locating service for your device today.

Please post your comments on this blog.

The post Be sure to enable device tracking on your mobile devices appeared first on Foster Institute.

They drop this in the trash and nobody really notices. Even when they come back to retrieve the goods from the trash, nobody pays much attention then either.

Watch the garbage practices at your organization!

Please post your comment on this blog.

The post A surprising way employees steal from you appeared first on Foster Institute.

Physical security even includes examining how prepared you are from major weather incidents to becoming prepared if someone comes into your organization with a gun. Locks are examined, practices of your team members, security policies, security alarm response time, and the effectiveness of video security CCTV cameras. Even the lighting around your building at night is important to have examined. Physical security auditors frequently have more than 200 checkpoints to examine so you can feel more confident that you are prepared.

The more prepared you are, including both IT and physical security, the better you will survive, and hopefully protect against, a breach of some kind. Not only that, you may be required by regulations to be audited for physical security.

Please post your comments on this blog.

The post The importance of physical security audits appeared first on Foster Institute.

To me, one of the most shocking facts is that companies do not control their Internet access. There are wonderful web tools out there that will allow you to:

• Track who’s going to what sites
• Log employee activity in case you ever need evidence in a lawsuit
• Selectively block groups and/or individual users from accessing specific categories of sites

I find that the main reason companies do not use these tools is that the blocking scenario makes executives choose between yes to allow or no to block. Deciding between yes and no is easy when you’re thinking about some categories of sites. But there will always be several sites that are difficult to come to agreement about.

In order to get over the hump, it is important to start blocking the sites that everyone can agree to block. And if you have final say at your company, then you can decide which site you want to block. The point is, if you can’t decide on specific categories, you don’t have to block them right now. Just by setting up these tools, they increase your security. More and more websites are being infected with malware and that can result with you and your users becoming infected to something known as a drive-by download. These tools will do their very best to protect you from drive-by downloads.

Contact your IT department today and ask them to enable Internet blocking, logging, and tracking.

Please post your comments on this blog.

The post Should you block your employees from accessing social media? appeared first on Foster Institute.

There are easy to access tools that allow even unsophisticated criminals to monitor your traffic if you go through a hotel’s network. When you use one of the 3G services, this equipment doesn’t work anymore. Not to say that the 3G connection is totally secure, but all things being equal, it is almost always more secure than a WiFi or plug-in Ethernet port at a hotel.

Then there is speed. So many hotels have very limited bandwidth, and when the hotel is full of hotel guests using the Internet service, everything slows to a crawl. When your traveler whips out their 3G card, they may find that the access is much faster—especially if they are not in a fringe coverage area, and not in a very congested city.

Please share your experiences and post your comments on this blog.

The post For traveling users, wireless 3G is better than hotels appeared first on Foster Institute.

• A snapshot image of your servers every 15 minutes so, if a server crashes, you are able to quickly restore to 15 minutes before.
• The ability to, during the night, use available bandwidth to copy your data offsite to a secure data center in case something devastating happens at your site.
• In some cases, the capability to actually perform as a “crashed server” so your users can keep working even if a server crashes.

Generally, the business continuity appliances are sold and maintained by IT consultant firms in your area. The Barracuda is an example of an appliance you can get directly. Some examples of devices can be found at www.connectwise.net and www.barracudanetworks.com.

I encourage you to contact your local IT consultants to see what business continuity appliances they offer. Please post your comments on this blog.

The post A data backup strategy for your company appeared first on Foster Institute.

Executives often want to know what steps to take when they purchase a new computer.

1. You may want to have a qualified IT professional help you reinstall the Windows 7 operating system without all the extra programs that come installed with the computer these days. Often, those programs are only for a 30 day free trial and the extra bloat just bogs down your whole computer. I like having a clean computer from the beginning.
2. Install a quality anti-virus program. If you are going to connect to the office, let a qualified IT professional from the office set up your client to the enterprise anti-virus / anti-malware / software firewall package they use.

   If the machine is strictly for your own personal use, you may choose to use Kaspersky, McAfee, Symantec, Trend Micro, or whatever your qualified IT professional is most familiar with using.

   Caution—there are many “download” programs on the internet that are really viruses so purchasing the boxed copy if often your best bet.

   Additionally, get the whole suite including the software firewall—not just anti-virus. Be sure to choose “update” before installing when prompted during the installation process since the CD will be older than the current version.

   You may need to edit settings for specific programs you “know are ok” if the firewall marks them as suspicious and restricts their activity. Just make sure you don’t accidentally enable a “bad” program to damage your computer.Schedule automatic full system scans daily—or at least weekly. They can happen during the night if you don’t want the scan to slow your computer down.

   Keep an eye on the automatic updates to be sure they are being applied as soon as they are released.

3. Backup. If you take time to understand it, image backup is the “way to go” for primary backups. Be sure to apply the updates regularly. Products include Ghost, True Image from www.acronis.com and ShadowProtect Desktop.

   As with any backup software, it is important to enable encryption of the media. That way, if anyone ever gets your backup drive, they won’t be able to read any of the private information without your password.

   After installing your image backup software on your new computer, always perform a backup and restore. This is “less dangerous to test” on a new computer since you do not have lots of your important data on the machine yet.

   I like the “Lights out Restore” option that works with many computers so you don’t need the product CD to boot if your computer crashes as long as the primary part of the hard drive still functions. Be sure to test Lights Out Restore before you actually need it since this feature does not always work with every computer.

   You may have at least 2 backup drives and alternate using them each time you backup.

   Additionally, you may also choose to augment your image backups to your USB drives with an online service such as www.sosonlinebackup.com in case you lose your laptop and your backup drives.

4. If you plan to give away your old computer, you will want to erase all of your data from the hard drive. It is best for a qualified IT professional to do this for you. Please read these helpful tips if you would rather do it yourself.
5. I also strongly encourage you to enable the full disk encryption on the laptop—hopefully it comes with that capability—Most computers do these days. You may want the help of a qualified IT professional to help you configure this option.
6. Regularly apply your Microsoft Patches—just be sure to use the “Check for Updates” option in Windows 7 instead of ever responding to an e-mail telling you to “get this update.” The e-mail is bogus and the “update” it refers to is most likely a virus.

   Microsoft normally releases patches on the second Tuesday of every month—and sometimes during the middle of the month. Note that the “automatic updates” setting is not always reliable—so checking manually is a good idea.

   Always have a good image backup before installing patches You always have a good backup anyway—right?

7. Computer manufacturers offer a way to get updates to their utilities and drivers too. The main computer manufacturer patches to get are the ones that say they are a “critical security update.”
   Be sure to make backups before installing the patches – I’ve had manufacturer patches mess up my computer but was always able to restore back to where I was before. Applications need to be up to date as well.

The care and feeding of a new computer these days can be involved, and the more solid a foundation you start with, the longer your computer will serve you well.

Please post your comments on this blog.

The post Follow these 7 steps when you buy a new computer appeared first on Foster Institute.

This company, like many, had separate networks for e-commerce and for administration. The IT professional had been telling his CEO that the organization was “compliant” based on the security of the office administration network—not the IT systems that actually process, store, and transmit credit card information.  He pretended to be shocked that he needed to secure the computers and network that actually handle the credit card data.

As IT professionals, it is important to know what we are talking about when we answer a CEO’s question. Especially if a wrong answer could lead to the CEO facing fines, lawsuits, and even the failure of a business. If we don’t know, the proper response is, “I do not know but I will find out.”

As a C-level executive, business owner, and as a manager, it is important to understand that, unfortunately, some IT professionals will tell you that you are compliant with specific regulations when they really don’t know.

I want to extend my gratitude to the IT professionals who do act responsibly!

Please post your comments on this blog.

The post Can you trust your IT professional’s answer? appeared first on Foster Institute.