TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

admin

Meetings Are Making Your People Less Productive

Are you one of the many businesses that still offers your people the flexibility of remote or hybrid working?

If so, you’re probably relying on video meetings a lot more than you usually would. And that makes sense, because it feels like the easiest way to get people together at the same time.

But meetings can be a real drag for everyone at some stage. Whether you’re dealing with introverted employees who are hesitant to speak up, scheduling conflicts that make it tough to get everyone in the same virtual room, or colleagues who try to take all the credit for your brilliant ideas (the worst!), meetings can actually slow down your productivity.

So what are some simple solutions to help?

For projects that have a visual element, digital whiteboards are your new best friend. These handy tools allow for collaboration wherever, whenever, and replicate the feeling of being in an actual conference room. Plus, they don’t put anyone on the spot, so introverted employees can contribute without feeling self-conscious.

And for projects that don’t require visuals? Maybe collaborative docs could be a good alternative for you. These documents are easily shared and distributed, making it easy for team members to work together in real-time or asynchronously.

Let your team know that they don’t need to respond immediately to every notification or email. And if you really want to free up some time for deep-focus work, consider implementing a “no meetings” policy like Shopify has done.

This empowers your team to work when they’re most effective, regardless of their time zone.

When it comes to productivity, transparency is key! So have you considered prioritizing public channels over direct messages? It can be a game-changer for your team as it helps everyone understand how different individuals and teams work, and increases workers’ faith in their managers.

In fact, research shows that employees who trust their leadership are 50% more engaged at work! And when it comes to clarifying priorities, the responsibility falls on leadership. Make sure you’re coaching your direct reports and giving regular feedback. Consider consolidating work in one platform to make things simpler.

By choosing the right tools and minimizing time spent in meetings, you can increase your productivity and get more done in less time. So why wait? If we can help you get started, get in touch.

Zero-Click Malware Is The Latest Cyber Threat

In today’s digital landscape, cybersecurity threats continue to evolve. They pose significant risks to individuals and organizations alike.

One such threat gaining prominence is zero-click malware. This insidious form of malware requires no user interaction. It can silently compromise devices and networks.

One example of this type of attack happened due to a missed call. That’s right, the victim didn’t even have to answer. This infamous WhatsApp breach occurred in 2019, and a zero-day exploit enabled it. The missed call triggered a spyware injection into a resource in the device’s software.

A more recent threat is a new zero-click hack targeting iOS users. This attack initiates when the user receives a message via iMessage. They don’t even need to interact with the message of the malicious code to execute. That code allows a total device takeover.

Understanding zero-click malware

Zero-click malware refers to malicious software that can do a specific thing. It can exploit vulnerabilities in an app or system with no interaction from the user. It is unlike traditional malware that requires users to click on a link or download a file.

The dangers of zero-click malware

Zero-click malware presents a significant threat. This is due to its stealthy nature and ability to bypass security measures. Once it infects a device, it can execute a range of malicious activities including:
• Data theft
• Remote control
• Cryptocurrency mining
• Spyware
• Ransomware
• Turning devices into botnets for launching attacks

This type of malware can affect individuals, businesses, and even critical infrastructure. Attacks can lead to financial losses, data breaches, and reputational damage.

Fighting zero-click malware

To protect against zero-click malware, it is crucial to adopt two things. A proactive and multilayered approach to cybersecurity. Here are some essential strategies to consider:

Keep software up to date

Regularly update software, including operating systems, applications, and security patches. This is vital in preventing zero-click malware attacks. Software updates often contain bug fixes and security enhancements.

Put in place robust endpoint protection

Deploying comprehensive endpoint protection solutions can help detect and block zero-click malware. Use advanced antivirus software, firewalls, and intrusion detection systems.

Use network segmentation

Segment networks into distinct zones. Base these on user roles, device types, or sensitivity levels. This adds an extra layer of protection against zero-click malware.

Educate users

Human error remains a significant factor in successful malware attacks. Educate users about the risks of zero-click malware and promote good cybersecurity practices. This is crucial.

Encourage strong password management. As well as caution when opening email attachments or clicking on unfamiliar links.

Use behavioral analytics and AI

Leverage advanced technologies like behavioral analytics and artificial intelligence. These can help identify anomalous activities that may indicate zero-click malware.

Conduct regular vulnerability assessments

Perform routine vulnerability assessments and penetration testing. This can help identify weaknesses in systems and applications.

Uninstall unneeded applications

The more applications on a device, the more vulnerabilities it has. Many users download apps then rarely use them. Yet they remain on their device, vulnerable to an attack.

Only download apps from official app stores

Be careful where you download apps. You should only download from official app stores. And always keep your apps updated using your device’s app store application.

Do You Still Believe In These Common Tech Myths?

Is it okay to leave your smartphone charging overnight? Do Macs get viruses? And what about those 5G towers? What’s going on with those?

Common tech myths can often lead to misunderstandings. They can even hinder your ability to fully use various tools and devices.

Let’s debunk some of the most common tech myths that continue to circulate and explore the truth behind them.

Myth 1: Leaving your device plugged in overnight damages the battery

First is one of the most persistent tech myths. Leaving your device plugged in overnight will harm the battery life. But this myth is largely outdated.

Modern smartphones, laptops, and other devices have advanced battery management systems.

These systems prevent overcharging. Once your device reaches its maximum charge capacity, it automatically stops charging. So, feel free to charge your gadgets overnight without worrying about battery damage.

Myth 2: Incognito mode ensures complete anonymity

While incognito mode does provide some privacy benefits, they’re limited.

For example, it mainly prevents your device from saving the following items:
• Browsing history
• Cookies
• Temporary files

However, it does not hide your activities from your internet service provider (ISP). Nor from the websites you visit.

Myth 3: Macs are immune to viruses

Another prevalent myth is that Mac computers are impervious to viruses and malware. It is true that Macs have historically been less prone to such threats compared to Windows PCs. This does not make them immune.

It’s true that in 2022, 54% of all malware infections happened in Windows systems and just 6.2% happened in macOS. But as of January 2023, Windows had about 74% of the desktop OS share to Mac’s 15%. So, it turns out the systems aren’t that different when it comes to virus and malware risk.

The data shows the infection rate per user on Macs is 0.075. This is slightly higher than Windows, at 0.074. So, both systems have a pretty even risk of infection.

Myth 4: More megapixels mean better image quality

When it comes to smartphone cameras, savvy marketing sometimes leads to myths. Many people believe that more megapixels equal better image quality. This is a common misconception.

Other factors, in addition to megapixels, play a significant role, such as:
• The size of individual pixels
• Lens quality
• Image processing algorithms
• Low-light performance

A camera with a higher megapixel count may produce larger images. But it does not guarantee superior clarity, color accuracy, or dynamic range. When choosing a smart-phone or any camera, consider the complete camera system.

Boost Your Team’s Engagement With Better Tech

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

The stresses and pressures of the cost of living crisis are hitting many people hard. That makes employee engagement more of a challenge than ever.

As a business, you might be finding it hard yourself. It may not be possible to offer salary rises that keep pace with inflation.

And at the same time, you might be asking more of your people or making changes to the workplace that are hard for some to adjust to.

The last thing you want is to lose good people just when you need everyone firing on all cylinders.

That’s why some of the most effective engagement strategies right now involve relieving the stress and tedium of repetitive tasks and removing workplace frustration – with the added benefit that you become more efficient in the process. [Read more…] about Boost Your Team’s Engagement With Better Tech

Fake Software Ads Used To Distribute Malware

Google is most people’s first port of call for help or information online – something cyber criminals are using to their advantage.

Specifically, they are targeting Google ads, impersonating campaigns for popular software such as Grammarly, Slack, Ring, and many others. This is nothing to do with those companies, but to the untrained eye they look like the real deal… which is how they’re tricking people into clicking the ads.

If you’re not using an ad blocker, you’ll see promoted pages at the top of your Google search results. These look almost identical to the non-promoted, down page organic search results, so you or your people could easily be tempted to click.

It’s a complicated scam. Criminals clone the official software websites, but instead of distributing the genuine product, when you click download they install ‘trojanized’ versions. That’s geek speak for malware that disguises itself as real software.

Google is working to protect us by blocking campaigns it’s able to identify as malicious. But criminals have tricky ways around that too.

Ads first take you to a benign-looking website – which the crooks have created. This then redirects you to a malicious site that convincingly impersonates a genuine page. That’s where the malware lurks waiting for a click, beyond Google’s reach.

Worse, in many cases, you’ll still get the software you’re trying to download, along with a hidden payload of malware. That makes it harder to tell that your device or network has been infected and may give the malware longer to do its job.

To stay protected, train your team about the dangers and make sure everyone is on the lookout for anything that doesn’t seem quite right.

Encourage people to scroll down the Google results until they find the official domain of the company they’re looking for, and make it a policy that people seek permission before downloading any software – no matter how innocent it may seem.

You could also consider using an ad blocker in your browser. That will filter out any promoted results from your Google search for some extra peace of mind.

For help and advice with training, software policies and network security give us a call.

Six Immediate Steps You Should Take If Your Netflix Account Is Hacked

Netflix is one of the most popular and well-known streaming services. The platform has become an essential part of many people’s daily entertainment routines. Unfortunately, like any online service, Netflix accounts can be vulnerable to hacking.

You might not think something as benign as Netflix could represent a security risk to your business. In most cases, your company laptop (as well as any devices your spouse or children might use) are connected to the same home network as your streaming services. This gives cyber-criminals an easy way to gain a foothold into your equipment.

Hackers take advantage of “phishing overload.” Once they breach your account, they’re usually quiet for a bit, hoping you’ll mistake the Netflix suspicious login warning for a fake.

Here are some things to do right away if you fear your account is hacked:
1. Go to the Netflix site & try to log in.
2. If you can log in, change your password immediately.
3. If you can log in, remove any strange payment methods
4. Contact Netflix support and let them know that you think you’ve been compromised (don’t skip this step).
5. Watch your bank statements.
6. Change the password for other accounts that used the same one as your Netflix account.

Is Your Online Shopping App Invading Your Privacy?

Online shopping has become a common activity for many people. It’s convenient, easy, and allows us to buy items from the comfort of our homes. But with the rise of online shopping, there are concerns about privacy and security.

Not all shopping apps are created equally. Often people get excited and install an app without checking privacy practices. Apps can collect more data from your smartphone than you realize. Whether you use your phone for personal use, business use, or both, your data can be at risk. So can your privacy.

Recently, security experts found a popular shopping app spying on users’ copy-and-paste activity. This app was tracking users’ keystrokes, screenshots, and even their GPS location. This raises the question: Is your online shopping app invading your privacy?

SHEIN is the app in question, and it’s a popular shopping app with millions of users. According to reports, researchers found the app collecting data from users’ clipboards. This included any text that users copied and pasted. This means that if the user copied and pasted sensitive information, the app would have access to it.

Including things like passwords or credit card numbers.

Not only that but the app was also found to be tracking users’ GPS location. SHEIN was also collecting data from device sensors, including the accelerometer and gyroscope. This means that the app was able to track users’ movements. As well as collecting information about how they were using their device.

The app’s developers claimed that the data collection was for “optimizing user experience.” A very vague explanation that’s used by other app developers as well.

The developers stated that the collected data was only used for internal purposes. But this explanation wasn’t enough to please privacy experts. Those experts raised concerns about the app’s data collection practices.

This isn’t the first time people caught an app grabbing data without users’ knowledge. Many popular apps collect data from their users, often for targeted advertising purposes.

The popularity of the shopping app Temu has been exploding recently. Since the app appeared in a Superbowl Ad in 2023, people have been flocking to it.

But Temu is another shopping app with questionable data collection practices. Some of the data that Temu collects includes:

  • Your name, address, phone number
  • Details you enter, like birthday, photo, and social profiles
  • Your phone’s operating system and version
  • Your IPS address and GPS location (if enabled)
  • Your browsing data

Here are some tips to protect your privacy when using shopping apps.

Know what you’re getting into (read the privacy policy)

Yes, it’s hard to stop and read a long privacy policy. But, if you don’t, you could end up sharing a lot more than you realize.

Turn off sharing features

Turn off any data-sharing features you don’t need in your phone’s settings, such as location services. Most smartphones allow you to choose which apps you want to use it with.

Remove apps you don’t use

If you’re not using the app regularly, remove it from your phone. Having unused apps on your phone is a big risk.

Research apps before you download

It’s easy to get caught up in a fad. You hear your friend talk about an app, and you want to check it out. But it pays to research before you download.

Shop on a website instead

You can limit the dangerous data collection of shopping apps by using a website instead. Most legitimate companies have an official website.

Learn How To Fight Business Email Compromise

A significant cyber threat facing businesses today is Business Email Compromise (BEC). BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report the threat.

What is business email compromise (BEC)?

BEC is a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individuals. They especially target those who perform wire transfer payments.

BEC attacks are usually well-crafted and sophisticated, making it difficult to identify them. The attacker first researches the target organization and its employees online. They gain knowledge about the company’s operations, suppliers, customers, and business partners.

The scammer pretends to be a high-level executive or business partner. Scammers send emails to employees, customers, or vendors.

These emails request them to make payments or transfer funds in some form.

The email will often contain a sense of urgency, compelling the recipient to act quickly. The attacker may also use social engineering tactics. Such as posing as a trusted contact or creating a fake website that mimics the company’s site. These tactics make the email seem more legitimate.

According to the FBI, BEC scams cost businesses about $2.4 billion in 2021.

These scams can cause severe financial damage to businesses and individuals. They can also harm their reputations.

How to fight business email compromise

BEC scams can be challenging to prevent. But there are measures businesses and individuals can take to cut the risk of falling victim to them.

  • Educate employees
  • Enable email authentication
  • Deploy a payment verification processes
  • Check financial transactions
  • Establish a response plan
  • Use anti-phishing software

Get ready for the unexpected

If your business suffers an email compromise or a ransomware attack tomorrow, do you have a contingency plan in case of any disasters? The unexpected can happen anytime, and small businesses can get hit particularly hard.

Here are ten helpful tips to get ready for anything:

  1. Create a contingency plan
  2. Maintain adequate insurance coverage
  3. Diversify your revenue streams
  4. Build strong relationships with suppliers
  5. Keep cash reserves
  6. Build strong outsourcing relationships
  7. Check your financials regularly
  8. Invest in technology
  9. Train employees for emergencies
  10. Stay up to date on regulatory requirements

Thinking Of Moving Offices Or Going 100% Remote?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Has hybrid and remote working left you and your team rattling around an office that’s too big?

If you’re now in the position of overspending on rent, utilities and cleaning, you might be thinking about downsizing to another location – or even abandoning the office completely.

That’s something that will take some planning if you want a smooth transition with minimal, expensive downtime.

Moves are always stressful, and relocating your IT systems takes a bit more thought than manhandling a desk up the stairs.

So here are our top three suggestions to make it easier to shift your IT setup to a new location.

[Read more…] about Thinking Of Moving Offices Or Going 100% Remote?

Is It Time To Ditch The Passwords For More Secure Passkeys?

Passwords are the most used method of authentication, but they are also one of the weakest.

Passwords are often easy to guess or steal. Also, many people use the same password across several accounts. This makes them vulnerable to cyber-attacks.

The sheer volume of passwords that people need to remember is large. This leads to habits that make it easier for criminals to breach passwords. Such as creating weak passwords and storing passwords in a non-secure way.

61% of all data breaches involve stolen or hacked login credentials.

In recent years a better solution has emerged – passkeys. Passkeys are more secure than passwords. They also provide a more convenient way of logging into your accounts.

Passkeys work by generating a unique code for each login attempt. This code is then validated by the server. This code is created using a combination of information about the user and the device they are using to log in.

You can think of passkeys as a digital credential. A passkey allows someone to authenticate in a web service or a cloud-based account. There is no need to enter a username and password.

This authentication technology leverages Web Authentication (WebAuthn). This is a core component of FIDO2, an authentication protocol. Instead of using a unique password, it uses public-key cryptography for user verification.

The user’s device stores the authentication key. This can be a computer, mobile device, or security key device. It is then used by sites that have passkeys enabled to log the user in.

More secure

One advantage of passkeys is that they are more secure than passwords.

Passkeys are more difficult to hack. This is true especially if the key generates from a combination of biometric and device data.

Biometric data can include things like facial recognition or fingerprint scans. Device information can include things like the device’s MAC address or location.

This makes it much harder for hackers to gain access to your accounts.

More convenient

Another advantage of passkeys over passwords is that they are more convenient. With password authentication, users often must remember many complex passwords. This can be difficult and time-consuming.

Forgetting passwords is common and doing a reset can slow an employee down. Each time a person has to reset their password, it takes an average of three minutes and 46 seconds.

Passkeys erase this problem by providing a single code. You can use that same code across all your accounts. This makes it much easier to log in to your accounts. It also reduces the likelihood of forgetting or misplacing your password, or worse, writing it down.

Phishing resistant

Credential phishing scams are prevalent. Scammers send emails that tell a user something is wrong with their account.

They click on a link that takes them to a disguised login page created to steal their username and password.

When a user is authenticating with a passkey instead, this won’t work on them. Even if a hacker had a user’s password, it wouldn’t matter. They would need the device passkey authentication to breach the account.