Your Business Is Already Under Attack

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Ransomware is big business. It’s one of the fastest growing online crimes. Cyber criminals are targeting small and medium sized companies as well as non-profits and government agencies.

It’s the computer crime where your data is encrypted so you can’t access it unless you pay the ransom fee.

The really scary part is that it’s unlikely you’d realize you were under attack from ransomware until it was too late.

Cyber criminals hide in your network for between 60 to 100 days before they strike. During that time they’re checking out your network, identifying vulnerabilities, and preparing what they need to hit you with the attack.

[Read more…]

Windows 10: Don’t Skip Your Automatic Updates

Mark Funchion is a network technician at Tech Experts.

Windows Automatic Updates: a simple feature with a name that puts you at ease. Windows is the operating system installed on most of our home and business PCs, and as we often mention, malicious individuals try to make our lives miserable by attacking those systems.

Windows, by default, is set to automatically update and protect itself from new viruses and exploits, which is a great feature.

Granted, some updates may be flawed and may need to be removed, but you can prevent those updates from installing. What’s more important than the errant glitch or bug is keeping your PC up-to-date.

However, how many of you have come in the morning and been greeted with a message that your update failed and changes were being undone?

Then, after a lengthy wait, your system restarts and says it will try again later. Most of us ignore that message. Sometimes, repeatedly.

Microsoft deploys small updates as well as large feature updates, so if you put it off for too long, you won’t only be behind on updates but possibly entire versions. Windows 10 has had ten major updates total since 2015, and there are usually two feature updates released per year.

The four most recent versions are 1909, 2004, 20H2, and now 21H1 – and we’ve seen some computers get stuck as far back as Versions 1903 or 2004.

Version 1903 was released in May 2019 and Version 2004 was released in May 2020; if your updates are that far behind, that’s a lot of time spent vulnerable.

That long of a timeframe means the smaller updates that often work, even when the larger versions fail, are no longer produced. Over time, we have seen systems not only stop operating completely, but left in a state unable to perform certain tasks.

One example we’ve encountered is a problem where users on old Windows versions are no longer able to connect to Office 365 with Outlook.

That means having to use the web-based version, which many do not prefer, or trying to fix the update installation errors.

This is where having a managed service provider such as Tech Experts can help. We follow and encounter these issues and know that simple things such as a particular audio driver or a permissions error can cause these update problems.

We manage your updates and take a proactive approach to resolving them before they impact your daily work. When an update needs some manual tweaking, we can schedule a time convenient to you to resolve these issues, often before you’re even aware of them.

Our service extends beyond just these updates, but like a house, if the foundation of your PC (the operating system) is not strong, then every other part is weakened.

We also inspect the rest of your system on a regular basis to keep you protected. Tech Experts can stay on top of these things – from updates to exploits and bugs to enhanced security measures – and guide you in the right direction as a more informed user.

When Was Your Last Permissions Review?

When was the last time you reviewed who in your business has access to which documents?

Do you know who has access to your documents? Or can everyone access everything?

You may need to make some changes. You see, the more people that have access to your business documents, the less secure they are.

Let’s imagine for a moment that one of your people opens a very convincing email, supposedly from a supplier.

The email contains a document to download, which they do, because it’s from a supplier, right? They can trust it.

What your employee didn’t notice was that the email signature was missing or that the email address wasn’t the same as it usually is.

And the document they downloaded has now installed malware on their device.

They don’t notice the malware because it all looked legit and nothing obvious has happened. They continue their working day unaware.

While they’re working, the malware is working too, in the background. It’s accessing and copying all of the data that your employee has access to.

You might get lucky and stop this malware before it enters your network and takes everything, but if your employee already has access to everything, well, it’s gone. Although this isn’t a malicious act on behalf of the employee, they’ve essentially caused a huge data breach that could kill your business.

And this scenario doesn’t even need the malware to become a reality. One day, a member of your team might decide they’d like to make a little money by stealing your valuable data.

By giving everyone access to everything, you’re making it too easy – and too tempting – for them.

So, if you haven’t already done this, I suggest that this week you make it a priority to sit down and work out who needs access to which files and documents and restrict access to absolutely everything.

Keep your own document detailing who has access to what. And update it whenever anyone joins the business or changes roles.

This is also a great way of protecting your data when somebody leaves, because you can see exactly what you need to revoke access to.

If you already restrict access, when was the last time you reviewed it?

Are people able to access files they no longer need? And are there people who could benefit from access to more documents to complete their role?

Yes, that’s a lot to think about. But once you have a detailed document to work from, regular reviews are pretty simple and definitely worth your time.

Please give us a call if you’d like to go over the shares and permissions on your network.

Microsoft Is Working On Windows 11 Update Release

Later this year, the Windows 10 era will officially come to an end with the release of Windows 11.

The latest version of the OS promises a raft of new features that will offer a “Next Gen” experience.

Here’s a quick overview of what you can expect to see in Windows 11 when it is rolled out:

A totally redesigned Start Menu & taskbar
Unlike all prior versions of Windows, Windows 11 will feature a centered Start Menu and taskbar, making it aesthetically similar to ChromeOS. In addition to that, the Start Menu on the new OS won’t come with the live tiles you’re accustomed to. Instead, it will use static icons for all Microsoft Store apps.

If you decide you don’t want your Start Menu centered, you can revert to more traditional Windows Left Aligned menu quickly and easily, and you’ll also be able to choose from among three different Start Menu sizes.

Explorer improvements
Windows 11 will include the same File Explorer that you’re used to, but it’s getting a much needed facelift and a variety of improvements. Most of these are aesthetic in nature and designed to give File Explorer a sleeker and more modern look, with new icons and rounded corners.

Snap and widgets
Windows 11 sports four different Snap layouts, allowing you to choose between them, or switch from one to another at will. In addition to that, Microsoft is also introducing Widgets, which appears to be the successor to Window’s 10’s “News and Interests” feature. It utilizes your browsing history to create a custom news feed that updates constantly.

In addition to those things, you’ll find virtual desktop support, HDR support for color-managed, apps, a modernized, redesigned device manager, and a whole lot more.

Although there are bound to be kinks and growing pains when Windows 11 is initially released, we’re looking forward to seeing all this in action. Change is coming.

Do You Have A Business IT Strategy?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

As a business owner, you already know the importance of strategy and planning.

Without it, you have no aim, no goals, and really, no direction.

While you probably spend a lot of time working on your strategy every month, quarter, or year, how much of that time is spent on your business’s IT strategy?

If the answer is “not very much”, it’s time to change that.

Your business’s IT is one of your most powerful, crucial tools in growing your business, keeping your team productive, and giving your customers a great impression of your company. [Read more…]

Human Error: The Reason Why Cybercriminals Love Email

Mark Funchion is a network technician at Tech Experts.

Defending your data network against viruses, malware, ransomware, and other threats is a never-ending battle. Some attacks can be very sophisticated, using extremely complex techniques to try and exploit even the most secure networks. However, the vast majority of threats to your network – over 80% – are delivered through a very basic method: email.

Email is a common tool that many of us use constantly at work. Oftentimes, we use it without giving much thought to what we’re doing or what we’re opening.

It’s normal for co-workers, clients, or new prospects to communicate and share files with us via email. The file can be a document, spreadsheet, PDF, etc., but the fact is that it’s common and repetitive to us.

Like anything we do frequently, we can develop muscle memory. Think about the program guide on your TV – you probably navigate the menus without thinking. After an update or a provider switch, those menus can change and you might click the wrong buttons out of habit. No harm there.

But consider making the same mistake when a document is sent to you. The message arrives, and you briefly glance at who it’s from. Maybe you recognize them, maybe you don’t. You see an attachment, and you open it out of habit. The file is infected, and in less than a second, the damage has begun.

Like it or not, the people who are attacking your systems are running a business. Like any business, they are concerned with the return on their investment. Developing high-end, sophisticated attacks takes time and skill, which is expensive to do.

However, minimal skill is required to send an email – and that process can be replicated to hundreds of thousands of users with a simple click of a button. And almost everyone working today might accidentally open an email with little to no thought.

For small businesses, having a firewall, an email filter, and anti-virus software is a must. We can help install and maintain that infrastructure. Unfortunately, the methods that attackers use to slip under your defenses are always changing.

It is important that you and your staff – the end users who do the clicking – still do your part and remain vigilant. Attackers send such a high percentage of attacks through email because of that human element. It works.

It’s essential that you fight your muscle memory and treat email like physical mail. Look at what is being sent, who it is from, and if there is anything attached. If anything seems off, do not open it. Always err on the side of caution.

Also, if you do open something you shouldn’t, it’s better to notify your IT department or provider of a potential issue so they can look at what you were sent.

Often, I have observed someone get a suspicious message, open it, notice something is not right, then forward it to a co-worker for help. By sending the message on, there is a potential to increase the scope of damage done.

Those looking to do harm and steal information will always try the path of least resistance. All the security in the world can’t stop an intruder if you open the door for them.

The same caution you take at home when an unexpected knock is heard should be how you handle all email. Consider the source and content, and if you have doubts, don’t open the message. Delete it.

Malware will never be fully eradicated – cybercriminals will make sure of that – but you can do your part to make sure you do not infect your PC or business.

Think You’re Covered For Ransomware? Best To Double Check

On May 9, European insurance giant AXA announced it will no longer provide support for ransom payments made to hackers.

While AXA appears to be the first insurer to deny ransom payments, the move could signal an impending shift in ransomware insurance coverage.

The AXA announcement comes as ransomware attacks prove an increasingly lucrative business model.

For instance, victims paid an estimated $350 million in ransom payments in 2020, over 300 percent more than in 2019. In recent high-profile cases, Colonial Pipeline paid attackers $4.4 million, and CNA Financial Corporation paid a whopping $40 million.

Meanwhile, cyber criminals continue to attack organizations across critical sectors. While the FBI and other security experts warn against paying ransoms, companies face devastating losses and even interruptions to critical care.

Cybersecurity best practices, combined with following recommended steps when an attack does occur, may provide the best protection.

Ransomware insurance coverage

Cyber insurance has become a hot topic as organizations scramble to protect themselves against losses resulting from cyber-attacks. In addition to ransom negotiations and payments, typical policies also cover legal costs, as well as costs for forensic analysis, data restoration and communications related to the breach.

However, even before the AXA announcement, many cyber insurance companies had begun to ask more from the companies they insure.

For instance, some insurers require policy holders to complete certain basic security steps. Others have begun to charge a coinsurance or limit payment to a percentage of the loss incurred.

To pay or not to pay

This evolution in cyber insurance reflects more than a move by insurers to manage their own risk. The FBI and other government agencies, as well as many cybersecurity experts, warn against paying ransoms. Researchers at cybersecurity provider Kaspersky explain that paying a ransom provides no guarantee that organizations will recover their data intact.

More importantly, paying the ransom encourages attackers to carry out more attacks. And some experts suggest that carrying cyber insurance actually makes organizations more attractive targets. Clearly, companies cannot depend on insurers to continue to shoulder the bulk of the cyber risk.

Best practices to protect against ransomware attacks

While cyber insurance still provides significant benefits, organizations must focus on cybersecurity best practices to defend against ransomware. Some of those best practices include:

Regular backups – Conduct regular data backups, including system images. Keep multiple copies of the backups, including a copy not connected to the network. And make sure to test the backups.

Keep systems and software up to date – Apply security updates to software, firmware and operating systems when they become available. This includes antivirus and other security solutions.

Develop and review an incident response plan – Having a detailed plan in place before a security incident occurs greatly increases the chance of a successful outcome.

Conduct regular cybersecurity training – While organizations can, and should, implement technology solutions, employees remain a key line of defense against cyber-attacks. Make sure users know how to recognize phishing attempts, share files safely and secure home offices.

Address third party risks – Look into the security practices of the vendors with which you do business to ensure they do not put your company at further risk.

Carefully regulate access controls – Give users only the access they need to the services and data necessary to perform their jobs. This proves even more important in a remote work environment.

A Love Letter To Microsoft Teams

We’re massive fans of Microsoft Teams, and believe it has huge advantages for most of the businesses that we support.

We all know that successful businesses have great teamwork. And with everything that’s happened over the last year, Teams has been the number one app to keep everyone working together.

Microsoft brought it out almost four years ago, in 2017. It was their answer to alternative platforms such as Slack that let you collaborate and communicate more effectively.

However, because Teams integrates with the rest of the Microsoft 365 platform, it has a real edge over Slack (the deep integration is AWESOME!).

If you’re using Slack, it also means you can cut down on yet another monthly expense and take advantage of the enterprise level security features Teams has. Here are the three things we most love about it:

Project management

Teams allows you to focus in on just the project you’re currently working on.

Information is partitioned into separate channels, so you can view messages, documents and meetings just related to a specific project.

That removes the hassle of wading through an inbox full of noise and clutter. And it’s surprising how productive that kind of focus can make you.

Easy communication

No need just to rely on email anymore. With Teams, you can post messages in channels, again with the context of the project you’re working on. It’s easy to get the attention of any colleague by giving them a @Mention. You can also arrange one to one or group video calls easily.

The interface makes it easy

Microsoft has done a really good job here. It’s intuitive and easy to use. It’s so easy to find the information you are looking for and to move between different projects. Even if you’ve never used Teams before, the interface is so intuitive you’ll pick it up right away.

If you’re not using Microsoft Teams in your business and you’d like to learn more about how it can help you better communicate internally with your team (and externally with your clients), give us a call at (734) 457-5000, or email us at info@mytechexperts.com.

Did You Know… Alexa Doubles Up As A PA?

Alexa is great for many things. She always reminds us when it’s time to take the dinner out of the oven. She gives an accurate weather forecast. And she definitely has a good grasp of our music tastes.

But did you know she can be even more useful than that? She can help with your work life and make you more productive.
If you give Alexa access to your contacts and calendar, she can make it faster to call colleagues, schedule meetings, and find someone’s contact details and email address.

She can also give you reminders for appointments and meetings, which is perfect when your head is down and you’re losing track of time.
You can also use a great service called Zapier to connect your Alexa to hundreds of other apps – some of which you may use for work already.

What are you waiting for?

Whether you’re working from home or the office, making Alexa work harder for you will make your life easier.

How Much Of Your Business Can Be Automated?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Automation is transforming the way the world works.

Businesses of all sizes are embracing huge advances in technology to help them get things done on autopilot.

Implemented well, automation will help reduce your staff’s workload, increase efficiency, reduce costs, boost the quality of customer service, and help you use new data and insights to optimize performance.

The benefits will be felt by customers as well. As your competitors start to transform their businesses through automation, expectations can quickly change. If you don’t adapt, you risk falling behind and losing customers.

Here are three of the main areas that are ripe for automation in many businesses. [Read more…]