If you have cybersecurity insurance or feel this incident could cause significant damage, consider having a forensic analysis to track down what happened.

Contact your email provider, explain what happened, and ask for help. Continue down this list while you wait for their response.

Reset your email account password immediately. If you can’t log in because someone unauthorized reset your password, try resetting it yourself. If that doesn’t work, contact your email company’s tech support.

Check if your username and old passwords have appeared on the dark web. Visit https://haveibeenpwned.com/ and similar sites to find out. Never enter your password.

Change passwords for all your accounts including social media, banking, and other sensitive accounts, especially if you’ve used the same password for multiple accounts. Someone may have access to more than just your email.

Consider using a password manager like 1Password, Dashlane, LastPass, NordPass or another to help ease the pain of having different passwords on every website from now on.

When setting up security questions, avoid real answers that are easy for a bad actor to research. When asked, “Where were you born,” you could answer something like, “The fourth crater on the moon.” Save your secret answers in a file in a random place with a random name like “socks.docx” for when you need the answers. You can encrypt the file for added safety.

Enable two-step verification for your email account. While you are at it, set up two-step verification everywhere you can, primarily on sensitive websites and services. Here is how to add MFA to your LinkedIn account for added security https://www.linkedin.com/help/linkedin/answer/544/turning-two-step-verification-on-and-off?lang=en

If you set up two step authentication so that the site or service sends you an email message for the second part of logging in, and the hacker has access your email, it defeats the purpose of MFA. Therefore, if you set up the two-step login with email as the second step, use a different secure email address.

Review your email’s “sent” folder to spot any unrecognized messages.

Look at all your email accounts in your organization to ensure there are no email forwarding or filtering rules you did not configure.

Check your websites, especially LinkedIn, for any unauthorized changes.

Set up SPF and DKIM. More information here: https://fosterinstitute.com/block-inbound-and-outbound-fraudulent-email-messages/

Watch out for remote control applications that might allow a bad actor to compromise your computer and send email messages as you.

Be aware that your computer or another computer in your organization might be hacked, enabling attackers to send messages on your behalf. Stay vigilant and take measures to protect against such incidents.

Regularly apply critical security patches to your computer. You can check for updates manually, even if automatic updates are enabled.

Ensure your anti-virus program is current and run a manual scan regularly. Using EDR or XDR services add more security.

If you use a browser to send and receive email, this is a drastic step, but consider uninstalling the browser. When you reinstall the browser, add only the plugins you need.

If you use your phone or tablet for email, they could be hacked. Apply security patches, keep them in your possession, examine the privacy settings, and lock devices when not in use.

Watch out for apps on your computer, tablet, or phone that may be harvesting your address book without your knowledge. A drastic move would be to factory reset and erase them, but be sure your important data is stored in the cloud or backed up.

Notify financial institutions that if they receive messages from you, the messages could be fraudulent.

You might want to set up a new email address to use until you feel confident your old address is safe.

If you haven’t already, freeze your credit.

Monitor your financial accounts.

Before you send out notifications, you will want to talk to an advisor who can help you know what to say.

Please forward this to your friends so that, if someone appears to hack their email account, they will know what to do to.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

The post What to Do if Someone Hacks Your Email Account appeared first on Foster Institute.

The attack can permit attackers to potentially eavesdrop on your network traffic and your communications, change information, delete information, and insert information, all to cause problems and cost you money.

The good news is that the attacker needs to be within range of your Wi-Fi network. They could be some distance away if they use a strong antenna or if they plant a remotely controlled device nearby.

Do two things to mitigate this danger:

First: Apply the new patches that address this issue. That can prevent the attack.

Second: Isolate your wireless network from the rest of your network. That can help reduce the damage.

Related to the first step: Apply the most recent critical security patches, often called firmware updates, to your wireless devices. The company brands of your devices should release patches. Additionally, apply patches to your operating systems and applications that use Wi-Fi networking.

Microsoft released a patch a few days ago, on October 10, as part of the expected second Tuesday of every month patches, that solves this problem on their side of the products. At home, your automatic update should have patched your Windows workstations. But you will still need to patch your wireless access point. At the office, your IT team will need to patch the computers and devices. Please give them time to do so – it can take some time. Information about the attack in general, and some of the patches, can be found at: kb.cert.org/vuls/id/228519 If the manufacturer of your devices does not produce updates, your next step might be to replace the devices with new ones.

For the second step: It is an IT Security best practice to isolate all wireless devices on your network to be away from the wired devices. For years, organizations would add wireless capabilities to their network by connecting wireless access points to the same network as your workstations and servers. That is a very dangerous practice since it can permit wireless devices, perhaps belonging to an attacker in the van outside your building, to access the wired resources on your network. In the case of this specific attack, it makes it easier for the attacker to access the data on the most protected parts of your organization’s network. Isolate all wireless devices on their own, what your IT professionals call a, filtered subnet.

As is often the case with IT Security, this will be a risk vs. expense decision. It is important that the executives of a company make the final decision about whether or not to ask IT to implement the mitigation steps. Your IT Team will appreciate your deciding, and the choice is yours since, if there is a successful cyber-attack, the executives, especially the president, CEO, and owner will suffer the most.

Please forward this to everyone you know who uses wireless networks.

The post Wireless Security is Broken & What You Need to Do appeared first on Foster Institute.

A big problem is that security patches that protect against these kinds of breaches never reach users’ Android devices because of something known as Android fragmentation. When Google releases security patches, the patches are sent to device manufacturers, who are then responsible for releasing the patches for their different models. Some do not release the patches, or do so after a long delay.

Google is taking steps to help mitigate the problem, such as scanning phones and apps to look for Gooligan code and forcing resets of credentials to Google accounts. But so far that hasn’t been enough to protect those million users that have had their accounts hacked.

So, what can you do? Always stay up to date with the latest Android versions and patches. Choose a brand that has a track record for releasing patches every 30 days. Blackberry is one of those brands, but few people use those devices. If 30 days is too long to wait, consider using the Google Pixel line of Android phones since, because Google makes the devices, patches and upgrades should be available for download immediately upon release. Note: Brand names are mentioned to provide value to you. We do not receive any kind of compensation for mentioning brands. Another strategy is to install as few apps as possible on your device. Each app is a potential security issue and many people have installed apps that they realize are not essential, and some apps are rarely, if ever used.

Please forward this to anyone you know that uses Android devices and would like to be more secure.

The post 1 Million Android User Accounts Reported Hacked appeared first on Foster Institute.

Technology companies reward this behavior by paying a bounty, yes, a bounty, to the attackers. They win the computer they hacked, win a ton of money, and get to wear a really cool jacket demonstrating their master level of expertise. Google paid one team $75,000 for finding a bug in Chrome.

How does the Pwn2Own competition help you? Because the computer and software manufacturers get to work patching the holes in their products. Soon patches will be available that, after you install them, will make your systems more secure.

Isn’t it an interesting world? Paying hackers who successfully hack products – what will we think of next?

Please post your comments below…

The post Hacking Competition Helps You appeared first on Foster Institute.

The latest version, just released, includes important security patches that you need. At the office, inform your IT Director to be sure he is aware of this emerging news, and he or she will patch the computers on your network.

Keeping applications on your computer patched with the latest updates is one of the best things you can do to protect the computers in your network. Focus first on critical security patches for Adobe Reader, Flash, Java and your browsers. Firefox is one of the most popular browsers.

Forward this message to everyone you know who wants to help their security!

The post If you use Firefox, Update it Now appeared first on Foster Institute.