Most Small Business Breaches Could Be Prevented

The majority of breaches that affect small and medium businesses like yours could have been prevented through the use of today’s technology. Here are 14 ways you can protect your business:

Security assessment
Establish a baseline and determine when your last security assessment was.

Spam email
Most attacks occur from infected emails. Be sure you secure your accounts. We can help you determine the right level of protection for your business.

Passwords
Set company policies surrounding passwords and external devices in your business. Examples include restricting USB drive access, screen timeout limits, enhanced password policies, and limiting user access to certain files.

Security awareness
Educate, educate,and then educate some more. Employees are the single greatest risk to an organization of a cyber breach by employees inadvertently clicking on a link in an email or downloading a file that contains the virus or ransomware.

Advanced endpoint detection and response (EDR)
Technology advancements have enhanced the traditional methods of virus protection, adding protections for fileless and script-based attacks and can even roll back systems after an attack. Give us a call at (734) 457-5000 (or email at info@mytechexperts.com) to learn more about these features and how they can replace your current virus protection software.

Multi-factor authentication
Multi-Factor Authentication is the process of requiring two modes of identity checks when logging into accounts with sensitive and personal information, such as bank accounts or social media.

This additional layer of protection can be critical in ensuring your data does not become lost.

Computer updates
Automate key software, such as Microsoft Office and OS, Adobe, and Java, to protect your network from the latest attacks. We can provide “critical update” services to your business and help you keep your business protected from these malicious sources.

Dark web research
A little known secret is the reality that many users’ login credentials have been placed for sale on Dark Web sites. Continuously monitor these sites and update credentials as needed if you find your corporate credentials up for sale to the highest bidder.

SIEM/log management
SIEM, or Security Incident & Event Management, uses data engines to review all logs from all covered devices, protecting your systems from unauthorized access.

Web gateway security
New cloud-based security products can detect web and email threats and block them – before they reach your network and users.

Mobile device security
Don’t neglect to secure your employees’ mobile devices and tablets. Many attackers target these devices, believing them to be forgotten by most businesses.

Firewall
Advanced firewall technology today enables intrusion detection and intrusion protection features. Ensure these are enabled on your corporate firewalls, and if you don’t know how, call us today.

Encryption
Encrypt files both at rest and in motion, especially on mobile devices, laptops and tablets. Cell phones are an unexpected attack vector.

Backup
Utilize multiple forms of backup, from cloud backup to on-premise and offline, further reducing the risks of a ransomware attack preventing access to your data.

Three Reasons To Regularly Test Business Systems

Protecting your business requires more time, effort and energy from your technology team than ever before.

Business systems are increasingly complex, requiring staff members to continually learn and adapt to changing conditions and new threats as they emerge.

It’s not unusual for a single ransomware incident to wreak havoc on carefully balanced systems, and this type of attack can be particularly damaging if you do not have the backup and disaster recovery procedures in place to regain critical operations quickly.

From checking for system vulnerabilities to identifying weak points in your processes, here are some reasons why it is so important to regularly test your business systems.

Business System Testing Helps Find Vulnerabilities
The seismic shift in the way business systems work is still settling, making it especially challenging to find the ever-changing vulnerabilities in your systems. Cloud-based applications connect in a variety of different ways, causing additional steps for infrastructure teams as they review the data connectors and storage locations.

Each of these connections is a potential point of failure and could represent a weakness where a cybercriminal could take advantage of to infiltrate your sensitive business and financial data. Regular business system testing allows your technology teams to determine where your defenses may need to be shored up.

As the business continues to evolve through digital transformation, this regular testing and documentation of the results allow your teams to grow their comfort level with the interconnected nature of today’s systems — which is extremely valuable knowledge to share within the organization in the event of a system outage or failure.

Experts note that system testing is being “shifted left”, or pushed earlier in the development cycle. This helps ensure that vulnerabilities are addressed before systems are fully launched, helping to protect business systems and data.

Business System Testing Provides Valuable Insight Into Process Improvement Needs
Business process improvement and automation are never-ending goals, as there are always new tools available that can help optimize the digital and physical operations of your business.

Reviewing business systems in depth allows you to gain a higher-level understanding of the various processes that surround your business systems, allowing you to identify inefficiencies as well as processes that could leave holes in your cybersecurity net.

Prioritizing these process improvements helps identify any crucial needs that can bring significant business value, too. This process of continuous improvement solidifies your business systems and hardens security over time by tightening security and allowing you to review user permissions and individual levels of authority within your business infrastructure and systems.

Business System Testing Allows You to Affirm Your Disaster Recovery Strategy
Your backup and disaster recovery strategy is an integral part of your business.

Although you hope you never have to use it, no business is fully protected without a detailed disaster recovery plan of attack — complete with assigned accountabilities and deliverables. It’s no longer a matter of “if” your business is attacked but “when”, and your technology team must be prepared for that eventuality.

Business testing allows you to review your backup and disaster recovery strategy with the parties that will be engaged to execute it, providing an opportunity for any necessary revisions or adjustments to the plans.

Whether a business system outage comes from a user who is careless with a device or password, a cybercriminal manages to infiltrate your systems or your business systems are damaged in fire or flood, your IT team will be ready to bring your business back online quickly.

Regularly testing your business policies and procedures and validating your disaster recovery plan puts your organization in a safer space when it comes to overcoming an incident that impacts your ability to conduct business.

The complexity of dealing with multi-cloud environments can stymie even the most hardened technology teams, and the added comfort level that is gained by regular testing helps promote ongoing learning and system familiarity for your teams. No one wants to have to rebuild your infrastructure or business systems from the ground up, but running testing procedures over time can help promote a higher level of comfort within teams and vendor partners if the unthinkable does occur.

What Are The Newest Phishing Attacks?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Phishing is a term adapted from the word “fishing.” When we go fishing, we put a line in the water with bait on it, and we sit back and wait for the fish to come along and take the bait. Maybe the fish was hungry. Perhaps it just wasn’t paying attention. At any rate, eventually a fish will bite, and you’ll have something delicious for dinner.

How Does Phishing Work?
This is essentially how cyber phishing works. Cybercriminals create an interesting email, maybe saying that you’ve won a $100 gift certificate from Amazon. Sound too good to be true? Find out! All you have to do is click the link and take a short survey.

Once you click the link, a virus is downloaded onto your system. Sometimes it’s malware, and sometimes it’s ransomware. Malware includes Trojans, worms, spyware, and adware. These malicious programs each have different goals, but all are destructive and aimed at harming your computers. [Read more…]

Using Wireless Printers? Here’s How to Secure Them

With some reports estimating over seven million incidents of cybercrime and online fraud occurring in 2018, it would be a mistake to discount the risks associated with using a wireless printer.

After all, any time data is transmitted wirelessly, there is a chance it could be intercepted. When you think about all the sensitive information that is printed in your company, this threat may then seem quite real.

Try the following tips to minimize the risk of a security vulnerability associated with wireless printing:

Use WPA2
This security certification program essentially password protects your print job capabilities just as you would require login credentials to access wireless internet.

By controlling access to your wireless printers, you can also monitor who is printing what and detect when someone attempts to gain unauthorized access to your systems.

Keep Security Software Updated
Many printers come with some form of built-in security, but the installed version can only be effective for so long.

Regularly check for more updated versions of your printers’ security software and install them as they become available to be protected from the latest threats.

Use Data Encryption
Just as your emails and other document sharing methods are encrypted during transmission, you should make sure your printer data is encrypted as well.

This ensures that, if the information is intercepted by a nefarious third-party, they will not be able to decode the stolen data. This is especially important for printers you use to print checks.

Train Your Staff in Printer Protocol
No matter what measures you take to secure your wireless printers, they won’t be as effective if your staff doesn’t know how to properly use equipment or keep protection programs up to date.

Provide training to your employees about safe printing practices.

These tips don’t just apply to large businesses; the threat of a security breach through wireless printing systems can affect small businesses and even individuals just as easily.

With a little forethought and effort however, you can greatly decrease these risks to be able to print without fear.

Four Questions Every CEO Needs To Ask About Cybersecurity

Leaders in every organization need to make identifying and addressing their cybersecurity needs a top priority. You can begin by starting a conversation between your IT service company and employees at all levels of your company about information security and how best to protect sensitive data, but you need to know the right questions to ask. Here are four questions to ask to get the discussion started and moving in the right direction.

How informed is your team about the vulnerability to and potential impact of cyber attacks on your company?

It’s important to assess the current awareness of everyone in your business about cyber threats and the potential damage from data breaches. It’s likely that everyone has heard of the many well-publicized breaches that have occurred over the last several years, but possibly haven’t considered them within the context of your company.

This is the first step to developing an educational initiative to get everyone up to speed on the problem and identifying the at-risk areas in your system. After that, you can begin to develop a chain of communication to take immediate action in case of a breach and set protocols and expectations for response times. A fast and effective response is critical to limiting data exposure.

What are the specific risks to your infrastructure and what are the best steps to take to address them?

Remember that the threat isn’t limited to just hackers. Many breaches occur because employees click on a link in a phishing email, leave a password lying around where it’s easily seen, or by unknowingly becoming a victim of a social engineering scam by giving it to someone over the phone who is impersonating a company employee.

Then you can begin to identify the resources needed to protect your data, including third-party security software and updated equipment. Simply informing your employees of the threat of such low-tech risks can greatly increase your cybersecurity.

How many security incidents are detected in your systems in a normal month or week, what type are they, and how were others informed about them?

You should have a system in place to detect, monitor, analyze, and record any type of potential security incident no matter how small or seemingly insignificant, and disseminate that information to the appropriate personnel, or perhaps to all employees to raise awareness. You should discuss enhanced alerting and monitoring with your IT professionals.

Does your company have an incident response plan? How effective is it, and how often do you test it?

The only way you can quickly react to prevent or limit the damage from a breach is to have a clearly defined response plan in place. It should document how everyone in your company should react in the event of an emergency. This plan should be available to all employees. It should be tested on a regular basis, at least once each quarter, and updated whenever significant changes are made to your IT infrastructure.

Cyberattacks are just a fact of life these days, and that’s not going to change anytime soon. But by asking your team the right questions, starting a dialogue about how to address the threat, raising awareness and implementing training, and having a response plan in place, although you’ll never completely eliminate them, you can reduce your risks significantly.

What Can Companies Do To Prevent Privacy Violations?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Whether it’s physical, virtual, or in the cloud, discovering and blocking sophisticated threats in the network is at the forefront of every company’s mind.

However, businesses are finding that more and more data violations are taking place when network security centers on the edge of the network are not giving equal protection to the network itself.

Security at the perimeter of the network has received most of the attention from data protection companies.

What many internet service providers and businesses have neglected is protecting what lies within the network. What can your company do to solidify your network and protect you from hackers on the inside? [Read more…]

Watch Out For This Overlooked Threat In Your Business

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

With the risk of being hit by hacking, malware, and other forms of cyber-crime so high, most organizations go to great lengths (and expense) to protect their networks and infrastructure.

However, one major security risk that’s being overlooked is the printer!

All too often, print falls beyond IT teams’ field of view and is left hanging in an abyss ready and waiting for hackers to take advantage.

Here are some interesting statistics: According to research that was conducted by the Ponemon Institute, 64 percent of IT managers are suspicious that their printers have been infected with some form of malware; however, just 54% of organizations include printers in their security strategy.

With organizations placing all eyes firmly on network security, the major threats that are posed by printing devices that are directly connected to these networks are all too often completely overlooked.

So, what actions can you take to reduce the risk of print-related breaches? [Read more…]

Five Ways To Prepare For, Respond To, And Recover From A Cyberattack

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

When we asked businesses about cybersecurity threats, breach points, policies, company readiness, and recovery, we were surprised at the responses that we received.

The most frightening response of all was the following: “We have no formal process for assessing readiness to deal with a cyberattack of any sort.”

Hindsight is always 20/20 – how many times has something happened that you could have and should have prevented?

Here are five ways to prepare every company for a cyberattack:

[Read more…]

The Best Ways To Deal With Security Threats

Jason Cooley is Support Services Manager for Tech Experts.

Only several weeks into 2018 and computer security has been a huge topic of discussion.

The Meltdown and Spectre discovery at the beginning of the year put people on notice. Any device with a modern processor could have potentially been affected.

While wide-scale vulnerabilities like Meltdown and Spectre are not common, it has brought some much needed attention to the potential of an attack.

Security vulnerabilities happen in many different ways, through different methods. There have been both hardware and software related issues that could have left a person open to an attack. Designed to steal data or infect your system, neither are hassles that anyone wants to spend time dealing with.

Hardware vulnerabilities are fewer and farther between when compared to software issues.

Software always has updates and upgrades or new programs for new uses. Because of the nature of software in a traditional Windows setting, many programs have access to file systems and other sensitive system information.

Have you ever installed software of some sort? Do you recall being prompted to allow the software to make changes to your computer? These privileges, while necessary to run the software, give the software the right to access and make changes to your system.

Typically, this is fine, especially with a trusted software company behind what you are using.

It would be nearly impossible to examine all potential areas of a program to see if there was any possible flaw or vulnerability that could be exploited.

Coding for software can get very in-depth and there are millions of characters involved.

As with all technology, it is constantly changing. A message telling you “software updates are available” is almost certainly something you have seen before. These changes can add functionality, but a lot of times, they are doing so much more.

Take Windows, for example. With millions of devices running on some version of Microsoft’s operating system, finding Windows security vulnerabilities are a priority for developers and the people behind the malicious attacks alike.

Microsoft is a tech mainstay, and one of the biggest players in business, and they are definitely not immune to having flaws that could leave you at risk.

There is good news, however.

Microsoft is constantly updating and patching their operating systems to close any potential flaws that are discovered. Those “annoying” Window’s updates? They are potentially protecting you from data theft.

Does waiting on updates when turning on your computer leave you feeling frustrated? That update may save your computer from malicious software.

Hackers and others behind malicious activities and data theft often find new ways in on existing systems, making updates necessary to fix the newly discovered flaws.

When it comes to security, the best thing for you and your computer is to stay up-to-date on those security updates and patches.

This creates a problem for older operating systems. When Microsoft stops updating an operating system, any discovered flaws remain unfixed. This has recently happened with Windows XP and Windows 7 will soon join the list.

Also keep in mind that out-of-date web browsers, such as Google Chrome and Microsoft Edge, can leave you at risk. Productivity software, like Microsoft Office, because of the way it operates and accesses both the system and network, has great attack potential when not properly updated and patched.

So, outside of the operating system, what other software should you keep up-to-date?

All of it. It is definitely better to be safe than sorry when it comes to your computer and personal data, so play it safe and keep it up-to-date.

Windows Updates: Allow Them, Don’t Block Them

Ron Cochran is Help Desk supervisor for Tech Experts.

One of the first things you should do when purchasing a new computer (or rehabilitating an older computer) is to make sure the operating system is up-to-date with the latest security patches. In some cases, people disable the automatic updates and this can cause a whole host of issues.

Microsoft regularly puts out security patches, as well as other patches for their software. These patches are applied through the automatic update process. When that process is disabled, this means your computer hasn’t received the latest updates from Microsoft. Because your updates are halted, the system vulnerabilities that Microsoft engineers have found have not been repaired on your system.

You may remember the WannaCry Ransomware attack or, by now, heard of the most recent news of the Intel CPU flaw with Meltdown and Spectre. These two vulnerabilities, if exploited, can wreak havoc on an affected computer.

An affected system could suffer circuit issues, data corruption, system instability, and even data theft. There are always going to be people doing nefarious things when it comes to computers and the Internet, but the engineers behind your operating system and your antivirus company will always be on top of a fix for the vulnerability as soon as it is discovered.

Did you know that Microsoft releases most Windows Update patches on “Patch Tuesday” – the second Tuesday of each month? This keeps automatic system reboots to a minimum and also assists managed service providers like Tech Experts in ensuring that all of their clients’ servers and workstations have the latest software and security patches installed.

At home, you can set your Windows Updates to the “Automatic” option. That way, your system will automatically check for Windows Updates every 24 hours or so if the computer is connected to the Internet.

If you’re thinking to yourself, “I just use my home computer for browsing DIY pages, listening to music, and sending emails. Why would anyone want to get into my computer?,” reconsider how much personal information is actually stored.

It may seem as though your computer wouldn’t hold much useful information, but a hacker only needs a few passwords, an email address, phone number, and address to potentially gain access to cell phone accounts, shopping site accounts, tax information, and even banking and credit card accounts.

Even if the hacker isn’t looking for personal information like that listed above, they could still use your computer to send spam emails to other computers all over the world, slowing down your computer and Internet and causing a whole slew of issues for other computer owners.

Keeping your operating system up-to-date with the latest updates and security patches, keeping your anti-malware and anti-virus software updated and running on a regular basis, and adding robust security settings to your router and firewall will help keep all of these vulnerabilities behind closed doors. At least, until the software engineers can create and deploy the patches and updates to block access to them.