Second, ransomware, software that prevents you from accessing your information until you pay a ransom, incidences are accelerating. People still blame attackers for ransomware. Mostly thats an excuse. The solution is to be more proactive and increase security before the ransomware can attack. And test your speedy restore capability regularly, just in case.

Last, about half of the breaches we see started with some service provider. All companies that provide you with goods and services might have infections on their networks that lead to a breach of data or an interruption in their ability to serve you, which may interfere with your ability to serve your customers. If they have a connection to your network, or exchange data with you in any way, they may unwittingly do something that compromises your organizations security. Be sure your vendors and service providers are security minded and have audits by qualified independent auditors.

Forward this to all the executives you know. Together we can make the world a safer place.

The post The Three Biggest Cyber Security Trends Right Now appeared first on Foster Institute.

Almost always, the vendor or contractor had no malicious intent. Their organization’s own IT systems were not secure, and/or their team members performed actions in a non-secure way.

Be sure the service providers you use are working every day to be more secure too. Ask them about their security awareness training program. Ask them how often they are audited by independent third party firms that are interested in helping them increase their own security. If you want to, encourage them to sign up for our newsletter.

Remember, your IT security relies on their IT security too.

The post About Half of All Breaches are Caused by a Contractor or Service Provider appeared first on Foster Institute.

SDN: Software Defined Networking. This new technology is a sweeping change that organizations, such as yours, need to consider as a future direction. It is game changing and so simple.

You’ll save money, alleviate a lot of networking issues, increase security, and more.

At the very least, suggest that your IT professional, professionals, and/or third party firm look into this technology.

If you want to learn more, here is a short story intended to introduce the technology in plain English:

Meet the star of the story: Paul the pilot. He flies the newest passenger jets of your favorite airline.

Now, you become a part of the story. Imagine you paying an IT Professional to build a modern airport for your company using the latest technology. Think of Atlanta, DFW, Chicago, or the airport of your choice. The IT Pro creates a network of runways and taxiways for you.

When Paul lands safely at your airport, like at all airports, he uses the runways and taxiways to travel a dot-to-dot path from the runway to the terminal.

The way things work now: Imagine taking all the air-traffic controllers and placing them at intersections around the airport’s field. Then take away everybody’s radios and add fog so thick that nobody can see each other. There is your network! A disaster that is happening!

With this system, imagine this: A plane lands and then, at the end of the runway, there
is an aircraft controller standing on the runway that asks, “Where are you headed?”

Paul steps on the brakes, rolls down the cockpit window and says, “I need to get to Gate 23.” The controller has to think for a moment, then points to one of the taxiways and says, “Drive your plane that way!” Paul does as instructed.

After scooting down the taxiway for a while, Paul encounters another air traffic controller who reviews a table of best routes, and then points Paul towards the next step of the journey. This goes on, through all the intersections along the route, all the way to the terminal. Paul just cannot help it; he starts humming, “Do you know the way to SJO… (San Jose in the Caribbean)

Now think of dozens and dozens of aircraft moving along the taxiways and runways, slamming on the brakes, honking the airplane horns, traffic jams, and the inevitable crashes. No way, San Jose.

In this analogy, the airplanes represent packets of data. Imagine that Paul the pilot comes from (the) cloud, into your (network of) runways and taxiways, and eventually arrives at a (computer) terminal. In a similar fashion, he can leave the terminal, travel your network, and go back into the cloud, or at least into your file server.

Companies such as Cisco, D-Link, HP, Juniper, NETGEAR, etc. design, build, and sell these traffic controllers. Those switches and routers are expensive because each one has to be intelligent enough to know where next to send each data packet. They have to have good memories in order to remember where to route airplanes for best results. In addition, they are usually uncoordinated with the other devices on your network.

When a user connects to your network with their computer, an iPhone, or some other device, their information travels through your network cables of taxiways and runways to and from your servers, other computers, and the Internet cloud.

With this existing system, when someone starts listening to Internet music for peace of mind, it bogs down the whole network. Nobody notices the hacker or virus that is methodically looking for holes in your security by peeking into every computer on your network.

To top it all off, you pay lots of money for this archaic system! Drawbacks of this system, the one you use now, abound.

This is the happy conclusion: You, all the wiser after reading this story, tell your IT Pro to investigate the implementation of SDN: Software Defined Networking.

Then your wise IT Pro will move all the traffic controllers to a control tower, lift the fog so it is a bright sunny day, and provide radio communications so everybody can function as a team. Teamwork between your network devices is like striking oil! Synergy that is.

The key to all of this is the controller. The controller watches the traffic and tells the devices on the network what to do. Every step of the way, there is a signal that tells Paul where to steer next.

Faster – If Paul is carrying lots of music, then because music uses a great deal of data, he is directed to a special taxiway for music.

Prioritize Data – If a passenger is not feeling well, Paul gets priority and is expedited to the gate to provide a high quality of service (QOS).

Security – If there is an unruly passenger aboard, called a hi-hacker, Paul is directed to pull over so that the local S.W.A.T. team can storm the plane.

Save Money – Cisco, and other vendors may not like it, but your switches and routers
become inexpensive because they no longer have to be “intelligent.” They are generic, can be any brand, just as long as they listen to the controller.

Coordination – the seventh habit of successful people! Your devices now listen to an intelligent controller that has a clear view of all of the planes in the airport and can make things work right.

From an IT Pro point of view, this is perhaps oversimplified, but for an executive – I hope you found this very useful for understanding the next step in networking technology – and why you need to be planning for Software Defined Networking.

If you want to speak a little Geek, tell your IT Pros, who may already know all about this: The data pathways (the runways and taxiways) make up the Data Plane. The controller communication travels on the Control Plane using a protocol such as OpenFlow to send out instructions to the Forwarding Plane that contains routing information.

Moreover, all of those signals travel across the regular network connections that are in place now.

Are your IT Pros are aware of the emerging technology called Software Defined Networking?

Please post your comments below…

The post Know About this IT Networking Strategy Change appeared first on Foster Institute.

It is easy to become numb about the news of stolen passwords. In the biggest discovery, so far, more than 420,000 websites have been hacked – and they are just finding out about it now. What if yours is one of the 1.2 billion stolen passwords?

Changing passwords frequently helps – but it is an inconvenience. Today is a good time to do it anyway – especially for banking, medical, and the most important sites.

Password managers can help you – they remember your passwords for you so you can have a different password at every site. Therefore, you only need to remember one password, the password to your password manager. Choices abound including LastPass, DashLane, Roboform and many others. There are “enterprise” versions to use in your company, and they are inexpensive.

Yes, there is a tiny risk that an attacker might breach the password manager, so you may decide to keep your banking credentials in your head, but use the password manager for other sites.

Perhaps the best solution is “multi-factor authentication” also known as “2-step” verification. Then you may not even care if someone else knows your password. An example of this solution: You enter a username and password into a web site, and then your mobile phone buzzes and tells you to enter the code such as 777888 to complete the login process.

Now an attacker would need to steal your mobile phone too before they could log on with your username and password. Obviously, if the attacker is in another country, then it is more difficult for them to steal your phone.

DropBox, PayPal, Google Apps, and many other sites already support multi-factor authentication – you just have to “turn it on.” See https://www.google.com/landing/2step/ to set up your Google account’s 2-step verification.

However, even multi-factor solutions are not perfect. One example, among many others, is how it was possible to bypass PayPal’s multi-factor authentication if you logged into EBay first.

By the way, in case you have eaten there, P.F. Chang’s published a list of restaurant locations that may have been breached: http://pfchangs.com/security/#locations

Change your passwords, get a password manager if you want to, and inquire about multi-factor authentication at the websites that contain your sensitive data.

Please post your comments below…

The post What to Do About Your Passwords appeared first on Foster Institute.

Discussing this with a chief executive last week, he expressed that his phone needs to be able to fit into his pocket in order for the phone to be useful. That makes a lot of sense.
In my experience, temporarily switching to a larger phone with a six-inch screen, just as an experiment, became permanent. With big fingers, and eyesight affected by experiencing more and more birthdays, the larger screen is a wonderful thing!

Perhaps with perfect timing, that phone fell on the ground last night and the screen cracked. Moments later, I ordered a replacement despite the scratches caused to my left ear. If the new iPhone 6 with the larger screen were already shipping, it would have been very tempting to order it instead.

If you choose to purchase an iPhone 6, will you opt for the new larger screen or prefer to stick with the normal screen? And why?

The post New Big Screen iPhone appeared first on Foster Institute.

• First of all, they’ve either qualified as a “Competent Toastmaster” (Competent Communicator) or have similar skills.
• Do you make the mistake of thinking the best person to present is the person who created a process? Or the person who is responsible for attendees to take action? You’d better make sure that person has excellent presentation skills if you expect for them to hold an audience’s attention.
• In my experience, 9 out of 10 presenters, especially from IT, use verbal crutches such as fillers constantly.
  • Sometimes 25% of their presentation is made up of “uh” fillers.
  • Qualified presenters know that using a pause is far better than using fillers such as: “Uh”, “Um,” “You know,” “ And,” “Well,” “ah,” “er,” “like,” “actually,” “basically,” “exactly,” etc.
  • Do you know what’s interesting? The presenter will often have no idea they are using fillers.
• Attendees generally gain more from a presentation when the presenter knows how to make regular eye contact—with everyone in the room—that is not too long or too brief.
• Qualified presenters—if they are using PowerPoint, Keynote, or some other presentation tool —know to never read, and preferably, not even use bullet points during a presentation. The bullet points can be on handouts before, during, or after the presentation.
• Qualified presenters know to speak in the affirmative so they avoid saying, “do not think of a green popsicle.”
  • What did you think of? Right… a green popsicle.
  • That’s why when a presenter says, “Do not use USB drives,” some of the attendees will swear they heard the presenter say to use USB drives.

There are many books on the basics of presentation. Just make sure your presenter is qualified via the presentation skills, has already presented at least 100 successful presentations, is able to take questions on the fly, knows how to end on time, and—perhaps most important of all—is intimately familiar with the topic on which they present.

Please post your comments on this blog.

The post What is a qualified presenter? appeared first on Foster Institute.

• Live “in person” presentations by a qualified presenter capture attendees’ attention and will improve their security awareness dramatically more than attending a web meeting.
• It is easy for a qualified presenter to keep attendees’ undivided attention for 90 minutes and increase their security awareness significantly.
• Qualified presenters know how to “read” the audience to know when to speed up or slow down, to use specific people’s names if that person starts to doze off since they were up all night with their newborn baby, etc.
• Require your qualified presenter to use live demonstrations. Nothing can replace “seeing the process in action.”
• Live presentations provide a unique opportunity for attendees to experience the reactions of their peers—and especially the reactions of the mangers they report to.
• Live presentations make it easier for attendees to ask questions and have them answered immediately. Usually when one person asks a question, several other people had the question too, so they benefit from the answer as well.

I’ve presented both online and in person many times. Experience has shown that in almost every case you will have a higher ROI with live training. ROI is measured based on feedback from my clients who say the live presentations dramatically increase user retention and they feel that retention provides the organization with increased protection against social engineering attacks.

Please post your comments on this blog.

The post Are live presentations best for Security Awareness Training? appeared first on Foster Institute.

• Provide 60 minutes maximum to help avoid losing attention.
• You can lose attendees’ attention before the meeting even starts.
• Attendees may choose to multi-task during the presentation anyway.
• If you have a qualified presenter, then videotaping a live presentation is generally better than recording a web meeting. Viewers often feel the presenter’s recorded presentation is more interesting than a web meeting.
• Experience with other organizations strongly suggests that your ROI will be better via a live presentation. Users “get it.”
• If you do choose to present a web meeting and/or video recorded live presentation, I suggest you notify the remote attendees ahead of time that they will be required to fill out an answer form (basically a test) afterwards. This may encourage them to pay even more attention during the presentation.

Next time I will focus on using a live presenter as the delivery method.

Please post your comments on this blog.

The post Is video best for Security Awareness Training? appeared first on Foster Institute.

It is imperative that all of your users learn about common dangers and follow best practices. Require them all to attend the training courses you provide. Next time we’ll focus on the best delivery methods.

Please post your comments on this blog.

The post Make Security Awareness Training mandatory appeared first on Foster Institute.