TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

admin

How Can You Leverage The New MS Teams Payment App?

There is now another option to streamline the payment process.

Microsoft has launched the Teams Payments app. This is a new feature that allows you to request and receive payments from your customers. You do it within Microsoft Teams meetings.

The Teams Payments app is currently available in the United States and Canada. Subscribers to Teams Essentials and Microsoft 365 Business get it at no charge.

How does the Teams Payment app work?

You can get the app from the Microsoft AppStore. You add it to your Teams account and connect it to your preferred payment service. You can choose from:

  • Stripe
  • PayPal
  • GoDaddy

How do you send a payment request?

To send a payment request, you just need to open the meeting chat. Then, select the Payments icon from the messaging extensions. Then, you can fill out a simple form. It includes the amount, currency, description, and recipients of your request.

Your customers will see the same card in their meeting chat. They can click on the Pay Now button to complete their payment. You will receive a notification that your payment has been processed.

Benefits of using the Teams Payment app

It saves time and hassle. You don’t need to switch between different apps or websites. You can do everything within Teams meetings.

It increases customer satisfaction and loyalty. Your customers will appreciate the ease of paying you through Teams meetings.

It boosts your revenue and cash flow. You can get paid faster and more securely by using the Teams Payments app. You don’t need to wait for invoices or checks to clear. You can receive your money within minutes of completing a service. Either directly into your bank account or PayPal account.

It enhances your professional image and credibility. You can show your customers that you are using a reliable and trusted payment platform. You can also add a seller policy to your payment requests.

It helps you keep track of payments. With the Teams Payments App, you can track transactions in realtime. You’ll receive instant notifications for successful payments and customers receive receipts.

It’s seamlessly integrated with Microsoft 365. The Teams Payments App seamlessly integrates with Microsoft 365.

It increases productivity. Efficiency is the key to productivity. You reduce the time spent on payment-related tasks by integrating Payments into Teams.

The Teams Payments app marks a significant leap in digital business transactions. By leveraging this powerful tool, you’re simplifying payments.

How Can Your Business Be Impacted By The New SEC Cybersecurity Requirements?

Cybersecurity has become paramount for businesses across the globe. As technology advances, so do the threats. Recognizing this, the U.S. Securities and Exchange Commission (SEC) has introduced new rules. They revolve around cybersecurity. These new requirements are set to significantly impact businesses.

Understanding the new SEC cybersecurity requirements

The SEC’s new cybersecurity rules emphasize the importance of proactive cybersecurity measures. These are for businesses operating in the digital landscape.

One of the central requirements is the timely reporting of cybersecurity incidents. The other is the disclosure of comprehensive cybersecurity programs.

The rules impact U.S. registered companies, as well as foreign private issuers registered with the SEC.

Reporting of cyber-security incidents

The first rule is the disclosure of cybersecurity incidents deemed to be “material.” Companies disclose these on a new item 1.05 of Form 8-K.

Companies have a time limit for disclosure. This is within four days of the determination that an incident is material. The company should disclose the nature, scope, and timing of the impact.

It also must include the material impact of the breach. One exception to the rule is where disclosure poses a national safety or security risk.

Disclosure of cyber-security protocols

This rule requires extra information that companies must report. They report this on their annual Form 10-K filing.

The extra information companies must disclose includes:

  • Their processes for assessing, identifying, and managing material risks from cybersecurity threats.
  • Risks from cyber threats that have or are likely to materially affect the company.
  • The board of directors’ oversight of cybersecurity risks.
  • Management’s role and expertise in assessing and managing cybersecurity threats.

Potential impact on your business

Here are some of the potential areas of impact on businesses from these new SEC rules.

Increased Compliance Burden – Businesses will now face an increased compliance burden as they work to align their cybersecurity policies with the new SEC requirements.

Focus on Incident Response – The new regulations underscore the importance of incident response plans. Businesses will need to invest in robust protocols. These are protocols to detect, respond to, and recover from cybersecurity incidents promptly. This includes having clear procedures for notifying regulatory authorities, customers, and stakeholders.

Heightened Emphasis on Vendor Management – Companies often rely on third-party vendors for various services. The SEC’s new rules emphasize the need for businesses to assess vendor practices. Meaning, how vendors handle cybersecurity. This shift in focus necessitates a comprehensive review of your vendor’s security policies.

Impact on Investor Confidence – Cybersecurity breaches can erode investor confidence and damage a company’s reputation. With the SEC’s spotlight on cybersecurity, investors are likely to take note. This includes scrutinizing businesses’ security measures more closely. Companies with robust cybersecurity programs may instill greater confidence among investors.

Innovation in Cybersecurity Technologies – As businesses strive to meet the new SEC requirements, they will seek innovation. There is bound to be a surge in the demand for advanced cybersecurity solutions. This increased demand could foster a wave of innovation in the cybersecurity sector.

Embracing Technology: Steps To Join the 21%

In today’s rapidly evolving business landscape, the phrase “every company is now a technology company” has become increasingly relevant.

Yet, it might surprise you to learn that only 21% of businesses are truly incorporating technology into their strategic thinking in a meaningful way.

If your business isn’t part of that 21% just yet, don’t worry. Here are five ways you can take inspiration and make technology an integral part of your business strategy.

Learn from success stories

One of the first steps in embracing technology is to look at businesses that have successfully integrated it into their operations. Study their journeys to understand what they did and how it benefited them.

These success stories can serve as a wellspring of inspiration for your own tech transformation. By examining their strategies and experiences, you can gain valuable insights into the possibilities that technology holds for your business.

Find a tech partner

Navigating the complex world of technology can be challenging, especially if you’re not well-versed in it. To bridge this gap, consider finding a reliable tech partner.

A tech expert can guide you through the intricacies of technology, helping you comprehend its potential and how it aligns with your business goals.

Whether it’s consulting firms, IT professionals, or technology service providers, there are resources available to assist you on your tech journey.

Understanding the impact of technology

It’s crucial to grasp the profound impact that technology can have on your business. Your tech partner can provide you with valuable insights and ideas on how technology can enhance your operations, improve efficiency, and drive growth.

By having a clear understanding of the potential benefits, you’ll be better equipped to make informed decisions regarding technology integration.

Explore low-code or no-code solutions

You don’t need to be a computer science expert to leverage technology. Start by exploring low-code or no-code solutions that are user-friendly and require minimal coding knowledge.

These platforms allow you to create customized software applications, automate processes, and build digital solutions without the need for extensive technical skills.

By dipping your toes into these tools, you can experience firsthand how technology can streamline your operations and improve productivity.

Participate in workshops and creative sessions

Technology isn’t just about learning; it’s also about envisioning a different future for your company and your team.

Engage in workshops and creative sessions that encourage you to think outside the box when it comes to technology integration.

Collaborate with experts and fellow business owners to brainstorm innovative ideas and strategies for leveraging technology to your advantage.

These interactive sessions can help you envision how technology can shape your business’s future.

Remember, you don’t have to embark on this journey alone. There are resources, experts, and organizations like ours ready to support you every step of the way.

By taking inspiration from successful tech adopters, seeking guidance from tech partners, understanding the potential impact of technology, exploring user-friendly solutions, and participating in creative workshops, you can position your business to join the 21% of companies that are thriving in the age of technology.

Embrace the digital transformation and unlock new opportunities for growth and success. Get in touch with us, and let’s embark on this tech-driven journey together.

Hackers Don’t Take Holidays – Ransomware Is On The Rise

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Studies have shown up to a 70% increase in attempted ransomware attacks during the holiday season.

Although we may be planning for a restful holiday ahead, full of delicious food and time with loved ones, hackers are not. Their ongoing exploitation of vulnerabilities and ever-changing tactics requires you and your team to be as vigilant as ever.

Phishing attacks have reached record highs this year. Worryingly, in the third quarter of this year alone, phishing attacks skyrocketed by a staggering 173%, compared to the previous three months.

And malware? It’s not far behind, with a 110% increase over the same period.

Let’s put this into perspective. Imagine you’re on a quiet beach, enjoying the sun and the surf. Suddenly, the tide starts to rise rapidly. Before you know it, your picnic basket is floating away, and you’re knee-deep in water. That’s what’s happening in the cyber world right now.

According to a report, the ‘phisherfolk’ group were most active in August, casting out more than 207.3 million phishing emails. That’s nearly double the amount in July. September wasn’t much better, with 172.6 million phishing emails.

But who are these cyber criminals targeting? Old favorites Facebook and Microsoft continue to top the charts, with Facebook accounting for more phishing URLs than the next seven most spoofed brands combined. Block Facebook on your network.

So, what’s the bottom line here? The attacks are coming from everywhere, and your business could be next.

Phishing attacks are like a rising tide, and if you’re not careful, they can quickly sink your business. They target everyone – from tech giants to financial institutions, and even government agencies. The question is – are you prepared?

Take a moment to consider the authenticity of emails. Are they from a trusted source? Do they contain suspicious links? Are they asking for sensitive information?

Make sure your employees are aware of the risks. Encourage them to think twice before clicking on a link or downloading an attachment. After all, a moment’s hesitation could save your business from a devastating cyber attack. [Read more…] about Hackers Don’t Take Holidays – Ransomware Is On The Rise

Should Your Business Follow Google’s Security Lead?

Google has introduced a new security strategy – but is it right for your business?

It has put some employees on a cyber diet, restricting their internet access to limit potential threats.

On the surface, it sounds like a smart move. Google’s approach is like building a taller fence around your house to keep out burglars.

By reducing internet connectivity, they’re effectively shrinking their digital footprint and making it harder for cyber criminals to find a way in.

But is it foolproof?

Well, not exactly.

While this strategy does limit external threats, it doesn’t entirely eliminate the risk.

Think of it this way: you’ve built a towering wall around your house, but your teenager leaves the back gate open. Similarly, internal systems might remain connected to other devices that can access the internet, providing a potential entry point for cyber threats.

In other words, you can’t just focus on keeping things out.

Yes, there are very real threats from external hackers using all sorts of techniques like phishing, zero-day attacks, and malware. But the security industry often overlooks significant threats from within the perimeter.

Research shows that insider threats account for 62% of all security breaches. These insiders – disgruntled employees, careless staff, or malicious actors – often have legitimate access rights, intimate knowledge of the system, and can bypass traditional security checks. It’s like having a burglar who knows where you hide your spare key.

So, what’s the takeaway?

While Google’s strategy has its merits, it’s not a one-size-fits-all solution. Just as you wouldn’t wear shoes that are too big, your business needs a cyber security strategy tailored to fit its unique requirements. A robust cyber security strategy should focus on both external and internal threats and have measures in place to mitigate risks from all angles.

Our advice? Instead of simply following in Google’s footsteps, consider your own business’s needs and vulnerabilities. And of course, if you need help with that, get in touch.

How To Organize Your Cybersecurity Strategy Into Left And Right Of Boom

In the pulsating digital landscape, every click and keystroke echoes through cyberspace. The battle for data security rages on.

Businesses stand as both guardians and targets. Unseen adversaries covet their digital assets. Businesses must arm themselves with a sophisticated arsenal of cybersecurity strategies.

On one side, the vigilant guards of prevention (Left of Boom). On the other, the resilient bulwarks of recovery (Right of Boom). Together, these strategies form the linchpin of a comprehensive defense. They help ensure that businesses can repel attacks. And also rise stronger from the ashes if breached.

What Do “Left of Boom” and “Right of Boom” Mean?

In the realm of cybersecurity, “Left of Boom” and “Right of Boom” are strategic terms. They delineate the proactive and reactive approaches to dealing with cyber threats.

“Left of Boom” refers to preemptive measures and preventative strategies. These are things implemented to safeguard against potential security breaches. It encompasses actions aimed at preventing cyber incidents before they occur.

“Right of Boom” pertains to the post-breach recovery strategies. Companies use these after a security incident has taken place. This phase involves activities like incident response planning and data backup.

Together, these terms form a comprehensive cybersecurity strategy. They cover both prevention and recovery aspects.

Left of Boom: Prevention Strategies

User education and awareness: One of the foundational elements of Left of Boom is employee cybersecurity education. Regular training sessions can empower staff.

Robust access control and authentication: Access control tactics include:

  • Least privilege access
  • Multifactor authentication (MFA)
  • Contextual access
  • Single Sign-on (SSO) solutions

Regular software updates and patch management: Left of Boom strategies include ensuring all software is regularly updated.

Network security and firewalls: Firewalls act as the first line of defense against external threats. Install robust firewalls and intrusion detection/prevention systems that alert quickly when a breach is in progress.

Regular security audits and vulnerability assessments: Conduct regular security audits and vulnerability assessments. This helps to identify potential weaknesses in your systems.

Right of Boom: Recovery Strategies

Incident response plan: Having a well-defined incident response plan in place is crucial.

It should include things like:

  • Communication protocols
  • Containment procedures
  • Steps for recovery
  • IT contact numbers

Data backup and disaster recovery: Regularly backing up data is a vital component of Right of Boom. Another critical component is having a robust disaster recovery plan.

Forensic analysis and learning: After a security breach, conduct a thorough forensic analysis. It’s essential to understand the nature of the attack. As well as the extent of the damage, and the vulnerabilities exploited.

Legal and regulatory compliance: Navigating the legal and regulatory landscape after a security breach is important.

Cyber-Compliance Is Serious Business

If you’ve never experienced a cyberattack, you might not think it’s such a big deal.

Especially if you work in management, you’re so busy focusing on the so-called squeaky wheels of every day; does it really matter if you keep up with the intricacies of modern cybersecurity compliance protocol? YES!

Increased digitization across the globe plus ever-advancing cyber threats equals a constantly evolving market, and legislation that scrambles to keep up.

Why Reporting Matters in a Data Breach

Have you ever experienced a cyberattack, either aimed at you or leveled at your organization? If so, then you might already know how important it is to report the breach – and we don’t just mean to your direct managers or the police!

When a data breach happens, you are often beholden to laws detailing what, how fast and to whom you must disclose. For example, financial institutions have to notify the Federal Trade Commission within thirty days.

You typically have to disclose the breach to anyone affected too, depending on what information was stolen. Where do you work? Do you know the laws set upon your industry and role?

So not only does cyber-compliance affect your ability to protect yourself and your customers from a data breach, but that hack will affect customers’ trust in your ability to keep their personal and financial information safe.

There are also legal concerns to think about. Lawsuits can cost millions between legal fees, penalties, profit losses and disruptions to the daily workflow.

Consider that the average company spends $10K per employee on cyber-compliance, and you see why maintaining compliance saves millions – about half of what you’d spend if you let vulnerabilities lay rampantly unpatched.

Maintaining compliance isn’t just smart; it’s necessary. To foster good relationships with your customers and shareholders, and avoid fines and breaches, companies must maintain a compliant cybersecurity structure.

These regulations change over time but do so to keep up with the latest tricks up cybercriminals’ sleeves.

Our IT services include compliance as part of our all-in-one package to reduce excess labor on your end. We’ll stay up to date on changing regulations so you stay cyber-compliant!

Reporting is one of many important regulations that make you more cyber-secure. Think about it: If your bank accounts, or health records, or mailing information got leaked, wouldn’t you want to know?

It’s not just about preferences, though. Data privacy is a right in many countries across the globe. More and more, people and legislation are all pushing for better data privacy protections.

How can we keep our accounts and data private if we don’t know when a breach has occurred? If you don’t know YOUR reporting requirements, now is the time to find out! Give us a call.

Five Habits Your Smart Remote Workers Should Have

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Remote work has become a way of life very quickly, hasn’t it? Loads of businesses and their people are reaping the rewards of flexibility and convenience.

But it also brings cyber security challenges that demand your attention. Of course, this should always be a concern, but when you have employees working from home, a coffee shop, or anywhere else for that matter, you need to make sure they’re making wise decisions that put the security of your data at the forefront.

These are five habits your remote workers should adopt straight away.

Choose your work location wisely

Working from a favorite coffee shop or a picturesque park may seem like a dream come true, but it can expose you to more cyber security risks.

Over-the-shoulder attacks, where cyber criminals discreetly snoop on your screen in public spaces, might seem unlikely, but they have real potential to lead to data breaches. Employees should choose to work in quieter, more private settings to minimize this risk. [Read more…] about Five Habits Your Smart Remote Workers Should Have

Watch Out For New Big Head Ransomware Pretending To Be A Windows Update!

Imagine you’re working away on your PC and see a Windows update prompt. Instead of ignoring it, you take action. But when you install what you think is a legitimate update, you’re infected with ransomware.

Cybercriminals are constantly devising new ways to infiltrate systems. They encrypt valuable data, leaving victims with difficult choices. One such variant that has emerged recently is the “Big Head” ransomware.

The Big Head Ransomware deception

Big Head ransomware presents victims with a convincing and fake Windows update alert. Attackers design this fake alert to trick users. They think that their computer is undergoing a legitimate Windows update.

The message may appear in a pop-up window or as a notification. The deception goes even further. The ransomware uses a forged Microsoft digital signature. The attack fools the victim into thinking it’s a legitimate Windows update.

They then unknowingly download and execute the ransomware onto their system. From there, the ransomware proceeds to encrypt the victim’s files.

Victims see a message demanding a ransom payment in exchange for the decryption key.

Here are some strategies to safeguard yourself from ransomware attacks like Big Head:

Keep Software and Systems Updated: Big Head ransomware leverages the appearance of Windows updates. One way to be sure you’re installing a real update is to automate.

Verify the Authenticity of Update: Genuine Windows updates will come directly from Microsoft’s official website or through your IT service provider or Windows Update settings.

Backup Your Data Regularly: Back up your important files. Use an external storage device or a secure cloud backup service. Backups of your data can allow you to restore your files without paying a ransom.

Use Robust Security Software: Install reputable antivirus and anti-malware software on your computer.

Educate Yourself and Others: Stay informed about the latest ransomware threats and tactics. Educate yourself and your colleagues or family members.

Use Email Security Measures: Put in place robust email security measures. Be cautious about opening email attachments or clicking on links.

Enable Firewall and Network Security: Activate your computer’s firewall. Use network security solutions to prevent unauthorized access to your network and devices.

Disable Auto-Run Features: Configure your computer to disable auto-run functionality for external drives.

Be Wary of Pop-Up Alerts: Exercise caution when encountering pop-up alerts especially those that ask you to download or install software. Verify the legitimacy of such alerts before taking any action.

Keep an Eye on Your System: Keep an eye on your computer’s performance and any unusual activity. If you notice anything suspicious, investigate immediately.

Have a Response Plan: In the unfortunate event of a ransomware attack, have a response plan in place. Know how to disconnect from the network. Report the incident to your IT department or a cybersecurity professional.

Avoid paying the ransom. In most cases, it is against federal law to pay a ransom to hackers.

Cyber Security Threats Your Team Must Know About

Your employees are your first line of defense in cyber security, and their training is as crucial as the cutting-edge tools you’ve invested in. Are you overlooking this vital element?

We strongly advise you make an ongoing commitment to regular cyber security training for every single one of your team. That means keeping them up to date on the latest cyber threats, the warning signs to look out for, and of course, what to do should a situation arise.

If you’re not already doing that, arrange something now (we can help).

While you wait, here are some urgent cyber threats to address right away:

Admin attack

Email addresses like “info@” or “admin@” are often less protected due to perceived low risk. But several teams may require access to these accounts, making them an easy target. Multi-factor Authentication (MFA) can double your security. Even if it seems tedious, don’t neglect it.

MFA fatigue attacks

MFA can feel intrusive, leading employees to approve requests without scrutiny. Cyber criminals exploit this complacency with a flood of fake notifications. Encourage your team to meticulously verify all MFA requests.

Phishing bait

Phishing remains a top threat. Cyber criminals mimic trusted sources with deceptive emails. Teach your team to inspect email addresses closely. Implementing a sender policy framework can also enhance your protection.

Phishing scams are attempts to trick you into revealing your personal information, such as passwords, credit card numbers, or Social Security numbers.

Scammers often send emails or text messages that appear to be from legitimate companies, such as banks, credit card companies, or government agencies. They may also create fake websites that look like real websites.

The three most common phishing scams are:

  • Fake shopping websites, which sell counterfeit products – or even sell nothing at all. They collect your credit card information to sell to other hackers.
  • Romance scams to trick people into falling in love, so they’ll be more willing to send money.
  • Social media scams that either impersonate real people, or invent new personas entirely.

Other common internet scams include:

  • Investment scams (yes, people still fall for these every day) that promise victims high returns on their investments, but the investments are actually fake.
  • Tech support scams which claim to be a tech support company, but then charge for unnecessary services or steal personal information.
  • Lottery and sweepstakes scams tell people that they have won a lottery or sweepstakes, but they need to pay a fee to claim their prize.
  • Charity scams impersonate legitimate charities and ask for donations.

Cyber security training doesn’t have to be tedious. Try simulated attacks and think of them like an escape room challenge—fun yet enlightening. It’s about identifying vulnerabilities, not fault-finding.

Don’t exclude your leadership team. They need to understand the response plan in case of a breach, much like a fire drill.

If you receive an email, text, or call from someone who is asking for your personal information or money, be suspicious! Don’t click on anything until you verify the sender is who they say they are!