Do You Know Exactly What Services Your Staff Are Signing Up For?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Whatever problem, need, or want you have… there’s a cloud application out there that can help you.

We’ve never lived in a such a rich time for problem solving. Every day, hundreds of new services launch to make our lives easier and help us be more productive.

These applications all live in the cloud. They’re known as Software as a Service – or SaaS – because you don’t load any software onto your device. You use them in your browser.

We would argue this SaaS revolution over the last 15 to 20 years has played a critical part in shaping the way we work today.

However, there’s an issue. Many businesses aren’t 100% aware of what new services their staff have signed up for. And this problem isn’t a financial one; it’s a security one. [Read more…]

“It’s dead, Jim…” Say Goodbye To Internet Explorer

After being the main entry to the Internet in the late 1990s and early 2000s, Internet Explorer (IE) is gone. In June, Microsoft dropped the web browser from support.

IE ushered in the age of connection to the world in 1995 and held a majority of the browser market share for many years. In 2014, Internet Explorer still held about 59% of the global market share, with Chrome at 21%. But just two years later, IE lost its top spot to Chrome and trailed behind another newcomer, Safari.

In 2015, the writing was already on the wall when Microsoft released a new browser, Edge. Edge was destined to take IE’s place as the official browser installed on Windows systems.

It’s inevitable, the longer technology is driving work and home life, that we’re going to lose some of our favorites. Adobe Flash Player is another technology that used to be widely used and is now gone. So, now that IE has reached its end of life (EOL), what happens next?

Microsoft Will Redirect Users to IE Mode in Edge

According to Microsoft, now that IE is officially out of support, it will redirect users. A new experience is underway. Those opening this outdated browser will instead land in Microsoft Edge with IE mode.

To ease the transition away from Internet Explorer, Microsoft added IE Mode to Edge. This mode makes it possible for organizations to still use legacy sites that may have worked best in IE.

When in IE mode, you’ll still see the Internet Explorer icon on your device. But if you open it, you’ll actually be in Microsoft Edge

Microsoft Will Be Removing Internet Explorer Icons in the Future

Microsoft isn’t yet getting rid of the IE icons that appear in places like the taskbar and Start menu on Windows. But it will in a future update. Users can expect to see those removed at some point.

Edge Will Import Browser Data from IE

What about your favorites, saved passwords, and other settings that you have in IE? Microsoft Edge will import these from Internet Explorer for you, so they’re not lost.

This will include things like your browsing history and other data stored in the browser. You’ll then be able to access these in the Microsoft Edge’s settings area.

With IE Retired, What Do You Need to Do Now?

Uninstall Internet Explorer. It’s risky to keep older technology that is no longer supported on your system.

Cybercriminals love to exploit older tools that are not receiving any security updates. This leaves an open invitation to breach your network and steal your confidential data.

The Biggest Vulnerabilities Hackers Are Currently Exploiting

Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.

The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more.

It’s like a game of “whack-a-mole” to keep your systems secure.

Without ongoing patch and update management, company networks are vulnerable. And these attacks are completely avoidable.

82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities.

What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA). Make sure to patch any of these vulnerabilities in your systems.

Microsoft Vulnerabilities

  • CVE-2012-4969: An Internet Explorer vulnerability that allows the remote execution of code.
  • CVE-2013-1331: This Microsoft Office flaw enables hackers to launch remote attacks.
  • CVE-2012-0151: This Windows vulnerability allows user-assisted attackers to execute remote code.

Google Vulnerabilities

  • CVE-2016-1646 & CVE-2016-518: These Chrome & Chromium engine vulnerabilities both allow attackers to conduct denial of service attacks.

Adobe Vulnerabilities

  • CVE-2009-4324: This is a flaw in Acrobat that allows hackers to execute remote code via a PDF file.
  • CVE-2010-1297: A Flash Player vulnerability that allows remote execution and denial of service attacks. (Flash Player is no longer supported, so you should remove it).

Netgear Vulnerability

  • CVE-2017-6862: This router flaw allows a hacker to execute code remotely.

Patch & Update Regularly!

These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added at https://www.cisa.gov

How do you keep your network safe from these and other vulnerabilities? You should patch and update regularly. Work with a trusted IT professional (like us) to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.

Small Businesses Are Attacked By Hackers Three Times More Often Than Larger Ones

Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want?

Didn’t think they even knew about your small business?

Well, a new report out by cyber-security firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security.

Barracuda Networks found something alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.

Why Are Smaller Companies Targeted More?

There are many reasons why hackers see small businesses as low-hanging fruit and why they are becoming larger targets of hackers out to score a quick illicit buck.

Small Companies Tend to Spend Less on Cybersecurity

When you’re running a small business, it’s often a juggling act of where to prioritize your cash. You may know cybersecurity is important, but it may not be at the top of your list. So, at the end of the month, cash runs out, and it’s moved to the “next month” wish list of expenditures.

Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus program and think that’s enough to cover them.

But with the expansion of technology to the cloud, that’s just one small layer. You need several more for adequate security.

Hackers know all this and see small businesses as an easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation.

Every Business Has “Hack-Worthy” Resources

Every business, even a 1-person shop, has data that’s worth scoring for a hacker. Credit card numbers, SSNs, tax ID numbers, and email addresses are all valuable. Cyber-criminals can sell these on the Dark Web. From there, other criminals use them for identity theft.

Here are some of the data that hackers will go after:

  • Customer records
  • Employee records
  • Bank account information
  • Emails and passwords
  • Payment card details

Small Businesses Can Provide Entry Into Larger Ones

If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies, including digital marketing, website management, accounting, and more.

Vendors are often digitally connected to their client’s systems.

This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus.

Small Business Owners Are Often Unprepared for Ransomware

Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organizations experienced ransomware attacks.

The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.

Nine Tips To Keep Mobile Devices Safe

The reality is, mobile devices are less safe than desktop computers. Boosting security on such devices is essential if you use them in business.

Information on your team members’ mobile devices is no longer limited to just phone numbers and contacts. They now contain much more significant data, such as emails, passwords, and other account details.

That’s why keeping those mobile devices secure is key to shielding your reputation and minimizing the risk of losing money.

Fortunately, you can implement robust safety measures to protect your smartphones and tablets. This article will cover the nine best practices in improving cybersecurity on mobile devices.

Establish a sound security policy

Before issuing tablets or smartphones to your teams, create an effective usage policy. Define rules about acceptable use and determine the penalties for violating them.

Your employees must be aware of the security risks and measures that can help them reduce the risks. They should know that they are the first line of defense against cybercrime.

Ensure the operating system is up to date

Updating Android and iOS operating systems improve overall user experience, but their most significant role is in addressing security vulnerabilities.

Therefore, install updates as soon as the developer rolls them out to reduce exposure to cybersecurity threats.

Enable password protection

A complex password or PIN can help prevent cybercriminals from accessing mobile devices. Besides using alphanumeric combinations, you can also use facial or fingerprint recognition, depending on what suits your employees.

If you opt for digits and letters, don’t share the combination with people outside your company. On top of that, be sure that your staff doesn’t store them on their phones. Unmarked folders and physical wallets are a much safer option.

Only install business apps

Lenient download policies can allow your team members to install non-business apps. Downloading such apps might seem harmless, but they are also infamous for their harmful advertising codes and many other threats.

To mitigate this risk, tell your employees they can only download and use apps necessary for their roles.

Avoid public Wi-Fi

Your team may need to use public Wi-Fi networks in emergencies to send crucial emails or schedule a meeting. However, connecting to such networks can expose confidential company information to cybercriminals using the same network.

The easiest way to minimize this risk is to provide a high-quality Internet plan that features roaming services for your remote workers.

Leverage phone tracking

Losing company-issued mobile devices is unfortunate, but it’s not the end of the world.

Enabling Android Phone Tracker, Find My Phone on iOS, or other device-tracking software can help locate your lost smartphones. Some programs also enable you to remove data on your stolen devices remotely.

Installing these apps takes a couple of minutes and gives you much-needed peace of mind. With it, even if your staff loses their mobile device, cybercriminals are less likely to get their hands on the content.

Use mobile device management (MDM)

For even more security, you may want to integrate with a reliable MDM. It’s an excellent way to separate personal and business information while allowing your team members to set up robust security measures on their devices.

In most cases, cloud-based software is the most affordable, flexible, and manageable type of MDM. Many platforms let you check out device information, update and manage apps, configure your devices, create restrictions, and remove content remotely.

Screen messages

Cybercriminals frequently employ SMS phishing to trick your team into clicking dangerous links. They pose as someone credible, asking your staff to share confidential information.

If your employees encounter such messages, they should delete them or alert the IT department. Another great idea is to avoid opening the SMS and block the sender.

Practice blocking and whitelisting

Many threats can compromise your company due to employee errors. For example, a team member may not realize they’re downloading a malicious app that allows thieves to steal data from their mobile devices. Blocking and whitelisting can enable you to protect your employees from these risks by determining which sites and apps are safe.

Who’s To Blame For A Cyber Security Breach?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We all know what a huge danger a cyber security breach can be for a business. And just how many businesses are being breached right now. You hear about it on the nightly news and read about it almost daily in the newspaper.

In truth, we hate having to write this. We don’t want to feel like we’re scaring you or sound all doom and gloom! But it’s really important that you’re fully aware of the risk to your business if you suffer a breach.

Last year, the number of reported data breaches rose 68% compared to 2020.

And while it’s a good idea to implement the right cyber security tools to help reduce the risk of an attack, it’s practically impossible (or definitely unworkable) to give your business 100% protection from attack by only using software tools. You also have to manage the human element of data protection. [Read more…]

Six Technology Tools You Shouldn’t Use Any Longer

One constant about technology is that it changes rapidly. Tools that were once staples, like Internet Explorer and Adobe Flash, age out. New tools replace those that are obsolete. Discontinued technology can leave networks vulnerable to attacks.

While older technology may still run fine on your systems, that doesn’t mean that it’s okay to use. One of the biggest dangers of using outdated technology is that it can lead to a data breach or infection.

Outdated software and hardware no longer receive vital security updates. Updates often patch newly found and exploited system vulnerabilities. No security patches means a device is a sitting duck for a breach.

Approximately one in three data breaches are due to unpatched system vulnerabilities.

Another problem with using discontinued technology is that it can leave you behind. Your business can end up looking like you’re in the stone ages to your customers, and they can lose faith and trust.

Important reasons to keep your technology updated to a supported version are:

• Reduce the risk of a data breach or malware infection
• Meet data privacy compliance requirements
• To keep a good reputation and foster customer trust
• To be competitive in your market
• To mitigate hardware and software compatibility issues
• To enable employee productivity

Older systems are clunky and get in the way of employee productivity. If you keep these older systems in use, it can lead to the loss of good team members due to frustration.

49% of surveyed workers say they would consider leaving their jobs due to poor technology.
Following is a list of outdated technology tools that you should replace as soon as possible. Are any of these still in use on your home computer or within your business?

Internet Explorer

Many moons ago, Internet Explorer (IE) used to be the number one browser in the world. But, over time, Google Chrome and other browsers edged it out. Including its replacement, Microsoft Edge.

Microsoft began phasing out IE with the introduction of Microsoft Edge in 2015. In recent years, fewer applications have been supporting use in IE. The browser lost all support on June 15, 2022.

Adobe Flash

Millions of websites used Adobe Flash in the early 2000s. But other tools can now do the animations and other neat things Flash could do. This made the tool obsolete, and Adobe ended it.

The Adobe Flash Player lost all support, including security updates, as of January 1, 2021. Do you still have this lingering on any of your computers? If so, you should uninstall the browser plugin and any Flash software.

Windows 7 and Earlier

Windows 7 was a very popular operating system, but it’s now gone the way of the dinosaur. Replacements, Windows 10 and Windows 11, are now in widespread use. The Windows 7 OS lost support on January 14, 2020.

While it may still technically run, it’s very vulnerable to hacks. Microsoft Windows OS is also a high-value target for hackers. So, you can be sure they are out there looking for systems still running this obsolete version of Windows.

macOS 10.14 Mojave and Earlier

Because of the cost of iMacs and MacBooks, people tend to hang onto them as long as possible. Once these devices get to a certain point, updates no longer work. This leaves the hardware stuck on an older and non-supported macOS version.

If you are running macOS 10.14 Mojave or earlier, then your OS is no longer supported by Apple, and you need to upgrade.

Oracle 18c Database

If your business uses Oracle databases, then you may want to check your current version. If you are running the Oracle 18C Database, then you are vulnerable. Breaches can easily happen due to unpatched system vulnerabilities.

The Oracle 18C Database lost all support in June of 2021. If you have upgraded, then you’ll want to keep an eye out for another upcoming end-of-support date. Both Oracle 19C and 21C will lose premiere support in April of 2024.

Microsoft SQL Server 2014

Another popular database tool is Microsoft’s SQL. If you are using SQL Server 2014, then mainstream support has already ended. And in July of 2024, all support, including security updates will stop.

This gives you a little more time to upgrade before you’re in danger of not getting security patches. But it is better to upgrade sooner rather than later. This leaves plenty of time for testing and verification of the upgrade.

Get Help Upgrading Your Technology & Reducing Risk

Upgrades can be scary, especially if everything has been running great. You may be afraid that a migration or upgrade will cause issues.

We can help you upgrade your technology smoothly and do thorough testing afterward. Schedule a technology review today.

Helpful Tips For Keeping Your Cloud Storage Organized

Cloud file storage revolutionized the way we handle documents. No more having to email files back and forth. No more wondering which person in the office has the most recent copy of a document.

But just like the storage on your computer’s hard drive, cloud storage can also get messy. Files get saved in the wrong place and duplicate folders get created.

When employees are sharing the same cloud space it’s hard to keep things organized. Storage can be difficult to keep efficient.

Disorganized cloud storage systems lead to problems. This includes having a hard time finding files. As well as spending a lot of extra time finding needed documents.

Has your office been suffering from messy cloud storage? Does it seem to get harder and harder to find what you need?

Use a Universal Folder Naming Structure

When people use different naming structures for folders, it’s harder for everyone.

They often can’t find what they need. It also leads to the creation of duplicate folders for the same thing.

Map out the hierarchy of folders and how to name each thing. For example, you might have departments” as an outer folder and nest “projects” inside.

With everyone using the same naming system, it will be easier for everyone to find things. You also reduce the risk of having duplicate folders.

Keep File Structure to 2-3 Folders Deep

When you have too many folders nested, it can take forever to find a file. You feel like you must click down one rabbit hole after another. When people need to click into several folders, it discourages them from saving a file in the right place.

To avoid this issue, keep your file structure only two to three folders deep. This makes files easier to find and keeps your cloud storage more usable.

Use Folder Tags or Colors for Easier Recognition

Many cloud file systems allow you to use color tagging on folders. Using this can make a folder or group of folders instantly recognizable. This reduces the time it takes to find and store files.

Don’t Create Folders for Fewer Than 10 Files

The more folders people have to click into to find a document, the more time it takes. Folders can quickly add up as employees create them, not knowing where a file should go.

Use a rule for your cloud storage that restricts folder creation to 10 files or more.

This avoids having tons of folders with less than a handful of files in them. Have someone that can act as a storage administrator as well.

This can then be the person someone asks if they’re not sure where to store a file.

Promote the Slogan “Take Time to Save it Right”

We’re all guilty from time to time of saving to something general, like the desktop on a PC. We tell ourselves that we’ll go back at some point and move the file where it should be.

This issue multiplies when you have many people sharing the same cloud storage space. Files that aren’t where they belong add up fast.

This makes it harder for everyone to find things.

Promote the slogan “take time to save it right” among the staff. This means that they should take the extra few seconds to navigate where the file should be to save it.

This keeps things from getting unmanageable. If you use a file structure that’s only 2-3 folders deep, then this should be easier for everyone to abide by.

What To Do If You Lose Your Laptop (Or Other Device)

So, you’re in the car on the way home from the coffee shop, basking in the glow of consuming your triple-shot, low-foam, extra-hot pumpkin-spice latte when you suddenly realize your laptop has gone missing.

You drive back like the caffeinated lunatic you are, only to discover no one has turned it in.

What do you do?

That depends on what precautions you have (or haven’t!) taken.

First, if you’ve properly encrypted your data, password-protected the access to your device and shut down and logged off all key applications, you’ve got a bit more time to respond.

But the next thing to do, whether or not you’ve taken those precautionary measures, is to notify your IT support company that you’ve lost your device.

That will allow them to change passwords and lock access to applications and data a thief may gain access to via your unprotected laptop.

They can also remotely wipe your device to make sure no one will be able to gain access to the data stored on your computer. (Which is also why it’s critical to back up your data on a daily basis!)

Next, change all the passwords to every website you log into, starting with any sites that contain financial data (your bank account) or company data.

If your laptop contained medical records, financial information, or other sensitive data (like social security numbers, birthdays, etc.), then you need to contact a qualified attorney to understand what you may be required to do by law to notify individuals who may be affected.

Quite simply, an ounce of prevention is worth a pound of cure, so make sure you’re engaging with your IT support company to encrypt and back up your data, as well as put remote monitoring software on all mobile devices.

Set a pin-code lock or password requirement to access a device after ten minutes of inactivity and get into the habit of logging out of websites when you’re done using them.

Some other tips to keep your laptop safe:

Use strong passwords, change passwords frequently, and avoid setting up automatic sign-ins. This will make it more difficult for thieves to log on to your computer and access your personal information.

Don’t write down your passwords. If you must write your passwords down, don’t keep the list close to your laptop (for example, on a sticky note kept in your laptop bag).

Never leave your laptop in an unlocked car or conference room.

Never leave your laptop in plain sight in your locked car. Lock it in the trunk and make sure no one sees you put it there.

Carry your laptop in something other than a laptop bag. This may seem unusual, but a laptop bag makes it very obvious to thieves that you are carrying a laptop. Use something more inconspicuous, such as a backpack or messenger bag.

Always keep your laptop in your sight. Don’t leave a meeting or a conference room without your laptop – always bring it with you. You never know who could have access to that room, even if you’re only gone for a few minutes.

Be especially diligent when traveling – airports are a common place for laptop theft. Also be careful in taxis, hotel rooms, restaurants, and coffee shops.

If your laptop is stolen, you’ll want to make sure you have the make, model, and serial number so a complete report can be filed. Keep this information in your desk at work or at home.

Finally, if you store important data on your laptop, make sure it is being backed up! Most workers store their data on a company server, where it is protected and backed up.

If you’re a mobile worker, backups are extra important since you don’t have the security of a server-based backup system.

How Often Do You Need To Train Employees On Cybersecurity Awareness?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

You’ve just completed your annual phishing training where you teach employees how to spot phishing emails. You’re feeling good about it, until about 5-6 months later when your company suffers a costly ransomware infection because someone clicked on a phishing link.

You wonder why you seem to need to train on the same information every year yet still suffer from security incidents.

The problem is that you’re not training your employees often enough.

People can’t change behaviors if training isn’t reinforced regularly. They can also easily forget what they’ve learned after several months go by.

So, how often is often enough to improve your team’s cybersecurity awareness and cyber hygiene? It turns out that training every four months is the “sweet spot” when it comes to seeing consistent results in your IT security. [Read more…]