Over $1 Trillion Lost To Cyber-crime Every Year

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

$1 trillion! That’s a lot of money. And it’s a figure that’s increased by more than 50% since 2018.

In 2019, two-thirds of all organizations reported some type of incident relating to cyber-crime.

You could make a sure bet this figure rose significantly last year, thanks to criminals taking advantage of the pandemic.

It’s easy to look at big figures like these and not relate them back to your own business. But here’s the thing. The average cost of a data breach to a business is estimated to be around $500,000.

[Read more…]

Phishers Lure Targets In With COVID-19 Schemes

Mark Funchion is a network technician at Tech Experts.

You may have noticed that we talk about phishing a lot. Unfortunately, phishing is an issue that will never go away and the tactics change constantly. That constant change makes it difficult, if not impossible, to eliminate as a threat.

Fortunately, there are red flags that end users can keep an eye out for.

If you get an email that answers a common demand, treat it with a high level of skepticism.

For example, a few years ago when the Nintendo Wii was hard to find and a lot of people wanted them, a lot of “Click here to buy a Wii now!” emails went out. I think you can guess how many people actually got a Wii through those schemes.

Well, it’s not Christmas, but the ongoing hot topic in the world is COVID-19 and its vaccine.

As we strive to return to normalcy, there are people who want the vaccine who do not qualify yet, are on a waiting list, or want to get it in a quick and easy way.

Attackers know this. In fact, they count on it. Phishers rely on human nature, and that is what makes it hard for the end user: you have to go against your basic human emotions.

All emails should be evaluated as if they are a phishing email. Look for the standard warning signs such as an offer that’s too good to be true, misspelled words, or if the wording of the message is a little off. Some are very obvious. Some are more subtle.

The attackers may also appear as though they are from a reputable company like a national pharmacy chain, a local doctor, or a large hospital system.

However, the typical format legitimate providers follow is that they’ll send you information on the vaccine and remind you to contact your health care professional to schedule an appointment.

Another example of the phishers’ methods is that they’ll send a link asking you to verify your information to determine eligibility (or even a link to buy the vaccine from a supplier).

Again, red flags. Take a moment to ask yourself why – when the vaccine distribution is so controlled – would a random person have a surplus of product?

These are all pretty basic ideas, but it is easy to get lax in proceeding with caution. It’s even more of a challenge to stay alert when the attacks are using current events to their advantage.

The days of free money from a “Nigerian Prince” are mostly over, but almost everything we do right now is influenced by COVID.

If and when you get the message asking you to “click here to verify your vaccine eligibility,” don’t do it. Next month, when you are hit with messages for updates on your taxes or missing money, don’t click on those either. Later this year at Christmas, don’t click on the link for the discounted, hot item everyone wants. And in 2022… rinse and repeat.

Phishing will always find a way to be relevant, and you can never let your guard down.

Please Don’t Give Everyone Access To Everything

With so many potential vulnerabilities in every business IT system, there is no “silver bullet” – no single safety measure that will let you sit back and relax, knowing your IT is safe and data is secure.

Most of the risks are ongoing and constantly changing. They need an active approach to stop your business falling victim to a data breach or malicious cyber-attack.

It would take a lot more space than is available in this newsletter to talk about all the risks you face.

So instead, we can talk about two of the most important things you can do to stay safe.

Make sure your team only has access to the data it needs

Keep an eye on who has access to what and whether they need it.

The more people have access to sensitive data, the more potential routes there are for the wrong people to get access to it.
If you give everybody access to everything, all it will take is for one account to become compromised.

And before you know it, criminals armed with malware will have access to your systems.

Just as important as this is how you manage the IT accounts of people who leave the business or change jobs internally.

For example, if an employee switches from accounting to a management job in a completely different part of the business, they probably won’t need to keep access to all the data they needed for their last role. Failing to adjust permissions only adds to your level of risk. When people leave your business, you must immediately restrict their access to your systems and data. Implement appropriate policies and processes to reduce the risk of something slipping through.

Keep your devices secure

Another important thing to watch out for is how frequently you’re installing updates on devices. This includes tablets and phones as well as computers. They must all be kept updated with the latest security patches. All it takes is one weak link for your whole business to potentially be compromised.

Make sure that you replace old devices that are no longer getting updates, or can’t support the latest versions of software. And of course, it’s also important to make sure that all devices are backed up in real time.

Consider computer and mobile device encryption. It turns the data into unreadable garbage if the wrong person gets hold of your device.

Three Trillion Minutes On Zoom (Is That Just This Week?)

Zoom calls… Teams meetings… Google Meets… whichever tech platform your business uses*, do you ever get to a Friday evening and feel a bit “over Zoomed?” Especially if you then have ANOTHER Zoom arranged with friends or family?

According to estimates, over three trillion minutes will be spent on Zoom this year. That’s about 5.5 million years!

As much as they’re a pain when you have them all day, video calls really do help us be productive and get things done while we’re working remotely.

76% of all employees use video calling for remote work, according to some stats we’ve been reading. Three quarters of those say it makes them more productive. 41% of employers believe video calls lead to better engaged teams.

How to feel less “over Zoomed” then… here are three suggested rules that have worked well for us.

1. Do a tech test before every meeting: Check your video and sound are working. Zoom has a test call facility at www.zoom.us/test

2. Never meet unless you have a written agenda: And put the agenda on screen using screen share. This stops meetings from dragging on.

3. Stand up, especially if you’re the organizer: This is good for real life meetings, too. When you stand for a meeting, your body will give you feedback when the meeting’s dragging. Standing desks are a great idea for productivity and keeping energy levels high.

* Side note: Do you remember in the old days (2018) when people used GoToMeeting for video calls? Or the really, really old days (2017) when we used Skype?

Microsoft 365 Is The Best Thing For Staff Productivity

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Pandemic + Work From Home = relying on technology more than ever before.

The tools available in Microsoft 365 have developed to help us stay productive wherever we’re working.

If you’ve been using Microsoft’s software for years, now’s a good time to discover new features.

If you haven’t started exploring yet, you’re missing out on loads of ways to boost productivity and make your life easier. Here are some of the main things to explore.

Microsoft Teams
Teams has made communication and collaboration even more effective than traditional ways of working face-to-face. [Read more…]

Handle Your Email With Care (Even With A SPAM Filter)

Mark Funchion is a network technician at Tech Experts.

A lot of the communication we do today is by email. Naturally, that makes it a favorite avenue for malicious individuals to attack your system. A SPAM filter can help considerably, however nothing is 100% effective – and there is a fine line between “too aggressive” and “not aggressive enough.”

Turning up the aggressiveness of the filter may stop the bad mail while at the same time improperly labeling legitimate messages as SPAM. Even with a SPAM filter, you should handle your email with care.

Here are a few tips to potentially save you from opening a message or attachment that is nefarious in nature.

The first rule is “just don’t do it.” It is tempting to just click that link or open that attachment.

You may even do it without a second thought. Scam emails can be very sophisticated, and they will often look like they are real.

Before you do anything, take a moment and consider a few things. If you are sent an attachment from someone you don’t know, never open it. If the fishy attachment or email is from someone you do know but it was not expected, reach out the sender to make sure they actually sent it.

Next, don’t jump the gun on clicking links that are sent to you. Links are easy to manipulate; they can be made to look legitimate, but they’ll actually take you to a different site or start downloading a program or virus.

With links, there are two things you can do.

First, you can open a browser and go directly to the site to bypass all links. This is the safest option, especially when you get an “urgent alert” about your account that “requires immediate action.”

If you can’t go to the page directly through the website, you can hover your cursor over the link. A box will pop up previewing the destination you’re actually being sent to.

If a link looks strange and doesn’t match the company website, don’t click on it. Also, look closely at the link as it may look just like a real one at first glance. Unless you are 100% sure the link is legitimate, do not click on it.

Another giveaway is that the message is poorly written with a lot of grammatical errors. If the message sounds like whoever wrote it doesn’t use English as their first language (and it is not from a foreign company you do business with), delete the message. Do not open or click on anything in the message.

The last point is that it’s usually not a good idea to unsubscribe from scam emails.

This may seem counterintuitive, but when you unsubscribe, you usually put your email address in to confirm you no longer want these messages.

Unfortunately, that lets the scammer know your email address is active. They will continue to send emails to this account or may sell it off as an active email.

Rather than unsubscribe from the email, block the sender. They will not know your email is active, and if they do send another message to you, it will not be received.

SPAM filters are great and they are essential. Still, remember that they are not 100% effective. Even with protection in place, it is wise to proceed with caution.

Take a moment to look for signs that the message is not from who it seems. These few seconds can save you a lot of time and money by avoiding disaster.

Make Remembering Passwords A Thing Of The Past

Using weak passwords is risky. So is using the same password across different services.

If you do this, it means that once somebody has your email address and password, they’ll find it incredibly easy to access your other accounts.

This can wreak havoc on your digital life and within your business. And the damage can spill over into serious real-world inconvenience too.

This is especially true if identity theft is involved, or if they’ve managed to break into your social media or bank accounts.

Data breaches happen every day. And once your passwords and email addresses are out there, you never know whose hands they’ll end up in (many get sold on something called the
Dark Web, a kind of hidden internet for criminals).

But what can you do to keep your passwords safe and your digital accounts secure?

Use a password manager
Instead of scratching your head to come up with a new password for each account, use a password manager to automatically generate long, random, strong passwords.

It’ll also remember them for you. You only need to remember one password… the master password to access the password manager.

The best password managers let you customize how long your passwords are, and what kind of characters they should include. And will keep them 100% safe while still giving you easy access across all your devices.

We can set you up with an Enterprise Password Manager (the one we use) and train you and your team on how to best use it – simply get in touch!

Turn on multi-factor authentication (MFA)
As well as setting up a password manager, turn on multi factor authentication (MFA) wherever possible. When you log in to your accounts, you’ll need to enter an additional security code as second means of keeping your account secure.

These codes can be sent to you by text message or email. Better still, you can set up an authentication app on your phone that refreshes with unique codes every few seconds. Some applications also support a hardware security key that you plug into your computer or that displays security codes that rotate every 60 seconds.

Multi-factor authentication is available on most software and is considered a highly effective tool against hackers.

Even if they’ve got your login details they can’t get in without your phone.

We recommend you implement this for all apps your staff use.

After an initial bit of discomfort, they’ll soon get used to it. We can guide you and your team through the whole process – just give us a call!

Would You Know If You Were Being Smished?

Ooof… you’d hope so, right? Sounds uncomfortable.

But push away whatever image that word has put in your head, and turn your attention to your mobile phone.

Smishing is the text message version of phishing.

What’s phishing again? It’s where criminals send you an email, pretending to be someone else (like your bank), to try to get sensitive information from you.

Yes, these cyber criminals really are resourceful. And the more ways there are to try and infiltrate your data, the more they’ll use different platforms.

Just like with phishing, smishing attempts are not always as easy to spot as you might think.

Most of them pretend to be sent from a recognized business – like your network provider, for example – rather than just a random number. Some look like they’ve come from someone you know personally.

They’ll ask you to click a link to take an action like checking your monthly bill, updating your account information, or maybe to pay a bill. It’s usually the kind of message you would expect to see from that business.

But if you click that link… you’ve potentially given them access to your device. And that means they may have access to your data, passwords, and any other information stored on your phone.

Terrifying.

Protecting yourself is really similar to the way you’d deal with a phishing attempt on your email:

• Never click on any links unless you’re certain the sender is who they say they are

• If you’re unsure, contact the company (or person) on their usual number to check

• And if an offer seems too good to be true, it usually is (sorry, you didn’t really win that competition you never even entered)

Consider this our number one most important golden rule: Never click a link if you’re not expecting it. Wait to verify it with the sender first.

Is Your Business Data Encrypted?

Encryption can be a confusing subject for most people.

Is it a good thing or a bad thing?

We understand the confusion. Thanks to the surge in ransomware, you could be forgiven for thinking that encrypting data is definitely a bad thing. After all, if it’s encrypted, how on earth will it be usable?

However, when you encrypt your own data, you’re adding a level of protection to it. It means that should it be stolen; it’ll be unusable to anyone else.

But less than 50% of companies have standardized end-to-end encryption set up. While they have some level of encryption, they don’t have a documented standard that covers every area of their business.

And it’s not only hackers and other cyber criminals that could benefit from a business’ lack of data encryption. Lost or stolen devices put that data at risk too.

When you consider that a laptop is stolen every 53 seconds, it’s leaving businesses more vulnerable than they should be.

Microsoft 365 automatically encrypts business data by default. But if you have no other encryption set up across your applications and files, it’s time to speak to your IT support partner.

If we can help you, please don’t hesitate to get in touch.

Three Ways That Technology Has Transformed Businesses

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Breakthroughs in technology have torn apart old ways of working, as new alternatives have become impossible to ignore.

Here are three examples of ways that technology has transformed businesses everywhere.

Instant customer service
As new methods of communication have emerged, businesses have been able to significantly increase the quality and availability of the customer service they offer.

Instead of relying on face-to-face meetings or telephone calls to answer customer questions, businesses can now help through immediate online channels like live chat.

This is convenient for many customers, as they can talk at the exact moment they need help. It allows them to get immediate answers to their questions without needing to navigate telephone menus or book an appointment.

[Read more…]