TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

admin

Keep Your Smart Home From Turning Against You

Smart homes offer unparalleled convenience and efficiency. But as we embrace the convenience, it’s essential to consider the potential risks.

Recent headlines have shed light on the vulnerabilities of smart home technology, such as the story in the New York Post’s article titled “Locked Out & Hacked: When Smart Homes Turn on Owners.”

The article describes smart home nightmares. Including the new owner of a smart home that unexpectedly got locked in. The prior owner had left preprogrammed settings. Suddenly at 11:30 p.m., the home told him it was time to go to bed and locked every door in the house.

Another technology victim was a woman terrorized by lights and sounds at home. Her ex-partner was maliciously manipulating the smart technology.

As homes get smarter, how can you avoid a similar experience? We’ll explore some key strategies to protect your home and your privacy.

Secure your network

The foundation of any smart home is its network. Just as you wouldn’t leave your front door wide open, you shouldn’t neglect Wi-Fi security.

Strengthen device passwords

Avoid using easily guessable information like “123456” or “password.” Use a combination of upper and lower-case letters, numbers, and symbols.

Enable two-factor authentication (2FA)

Many smart home device manufacturers offer 2FA as an extra layer of security. This helps keep unwanted people out.

Regularly update firmware

Firmware updates are essential for fixing security vulnerabilities in your smart devices. Make it a habit to check and apply firmware updates regularly.

Vet your devices

Look for products that have a history of prompt updates and robust security features. Avoid purchasing devices from obscure or untrusted brands.

Isolate sensitive devices

Consider segregating your most sensitive devices onto a separate network, if possible.

Review app permissions

Smart home apps often request access to various permissions on your devices. Before granting these, scrutinize what data the app is trying to access.

Be cautious with voice assistants

Review your voice assistant’s privacy settings. Be cautious about what information you share with them. Many devices can be programmed to not listen by default.

Check your devices regularly

Regularly check the status and activity of your smart devices. Look for any unusual behavior.

Understand your device’s data usage

Review your smart device’s privacy policy. Understand how it uses your data.

Stay informed

Finally, stay informed about the latest developments in smart home security. Subscribe to security newsletters.

Cybersecurity Skeletons In Your Business’ Closet

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Let’s dive into a topic that might give you the chills – cybersecurity skeletons in your company’s closet.

You may not have old skeletons hidden away in the basement, but there’s a good chance of cybersecurity vulnerabilities lurking in the shadows. Just waiting to wreak havoc.

You can’t fix what you can’t see. It’s time to shine a light on these hidden dangers, so you can take action to protect your business from potential cyber threats.

Here are some of the most common cybersecurity issues faced by small and mid-sized businesses:

Outdated software: The cobweb-covered nightmare

Running outdated software is like inviting hackers to your virtual Halloween party. [Read more…] about Cybersecurity Skeletons In Your Business’ Closet

What is SaaS Ransomware? How Can You Defend Against It?

Software-as-a-Service (SaaS) has revolutionized the way businesses operate. But alongside its benefits, SaaS brings with it potential threats. When software and data are online, they’re more vulnerable to attacks. One of the latest threats to move from endpoint devices to the cloud is ransomware.

Between March and May of 2023, SaaS attacks increased by over 300%. A study in 2022 by Odaseva found that 51% of ransomware attacks targeted SaaS data.

What is SaaS ransomware?

SaaS ransomware is also known as cloud ransomware. It’s malicious code designed to target cloud-based applications and services. These include services like Google Workspace, Microsoft 365, and other cloud collaboration platforms. Here are some tips to defend your business from SaaS ransomware.

Educate your team

Start by educating your employees about the risks of SaaS ransomware. Include how it spreads through phishing emails, malicious links, or breached accounts. Teach them to recognize suspicious activities and report any unusual incidents immediately.

Enable multi-factor authentication (MFA)

MFA is an essential layer of security. Enabling MFA reduces the risk of unauthorized access. This is true, even if a hacker compromises an account’s login credentials.

Regular backups

Frequently backing up your SaaS data is crucial. Having up-to-date backups ensures that you can restore your files. You won’t need to pay the attacker’s ransom demands and you’ll get your business back up and running faster.

Deploy advanced security solutions

Consider using third-party security solutions that specialize in protecting SaaS environments.

These solutions can provide many benefits including:
• Real-time threat detection
• Data loss prevention
• And other advanced security features

Apply the principle of least privilege

Limit user permissions to only the necessary functions. By doing this, you reduce the potential damage an attacker can do if they gain access.

Keep software up to date

Ensure that you keep all software up to date. Regular updates close known vulnerabilities and strengthen your defense.

Track suspicious account activity

Put in place robust monitoring of user activity and network traffic. Suspicious behavior can be early indicators of an attack. One example to watch for is several failed login attempts. Another is access from unusual locations.

Develop an incident response plan

Prepare and practice an incident response plan. It should outline the steps to take in the event of a ransomware attack. A well-coordinated response can mitigate the impact of an incident. It can also aid in faster recovery. The sooner your team can respond, the faster business gets back to normal.

Collaboration Tools Are GREAT. But Are They A Security Risk?

In today’s digital age, workplace collaboration tools and messaging apps such as Slack, Teams, and Zoom have become indispensable.

They’ve revolutionized the way we work, making communication with colleagues a breeze, facilitating seamless file sharing, and allowing for productive meetings without the hassle of commuting.

The ability to discuss even the most sensitive of topics from the warmth and safety of our homes seems like a dream. However, every silver lining has a cloud.

While we see these tools as productivity enhancers, cybercriminals see them as gateways to potential vulnerabilities. The very platforms that have been champions for our productivity are simultaneously creating a playground for cyber threats.

It’s alarming to realize that, for instance, while Slack employs encryption, it does not have end-to-end encryption. The reason behind this? To provide companies with an overview of their internal communications.

Moreover, if you’ve jumped on the WhatsApp bandwagon for business, beware. This popular app has been a victim of numerous social engineering attacks. And Telegram? It’s steadily climbing the list of hotspots for cyber attackers. These threats have ushered in a new form of cyber-attack known as Business Communication Compromise (BCC).

Think of it as the menacing relative of the widely recognized Business Email Compromise (BEC).

Shockingly, a 2022 Data Breach Investigation Report highlighted that a staggering 82% of data breaches stem from human errors. Just one misguided click on a deceitful phishing email, and your prized communication channels become a hotbed for these cyber rogues.

But there’s hope! Here are some measures to safeguard your digital spaces:

Establish robust access controls. Ensure that only authorized individuals can access your platform. Even basic protocols like multi-factor authentication can act as formidable barriers against intruders.

Adopt stringent data loss prevention techniques. Opt for systems that provide end-to-end encryption and have capabilities to remotely wipe data from misplaced or stolen devices.

Educate your team. Regular training sessions on best practices for handling sensitive information can make all the difference.

Your security is our priority. If you need guidance on fortifying your digital defenses, we’re here to assist.

Is AI Really For You, Or Are You Jumping On The Bandwagon?

Do you ever find yourself asking, “What is all this hype about AI?”

If so, you’re not alone.

The buzz around artificial intelligence (AI) and its potential to revolutionize every aspect of our lives is inescapable. But how can you navigate through the noise and truly harness the power of AI to meet your business’s big goals?

It’s a question that keeps many business leaders awake at night.

Imagine being able to predict market trends before they happen, or to streamline your operations with almost exact precision. This isn’t some far-off dream; it’s the promise of generative AI.

But there’s a lot of speculation around AI. Right now, it’s uncertain, so… should you simply wait and see what happens?

Of course not!

In fact, now is exactly the time to start exploring generative AI for your company.

Sitting back isn’t an option when your rivals could be leveraging this technology to gain a competitive edge. Yes, there’s a lot to learn and understand, but isn’t that part of the thrill of doing business in the 21st century?

But one thing to keep in mind amidst the excitement, is not to lose sight of your core aims, goals, and cultures. What good is a new AI system if it doesn’t align with the way your business behaves? While the world of AI may seem like uncharted territory, some classic rules still apply.

Will you implement it? Will it generate revenue? Can it reduce your costs? Will it boost productivity? If not, perhaps it’s not the right move for your business right now.

The hackers are using AI, too

With the advancement of AI comes new developments for bad actors to weaponize, too.

Artificial intelligence has become incredibly powerful. We can create animated avatars of ourselves with just a facial scan. A few words in the right search engine can generate beautiful imagery and art.

You can even find AI to write entire book chapters (although, they don’t always make much sense).

Unfortunately, cybercriminals have learned how to code entirely new malware in significantly less time than it takes to build by hand.

Usually, malware takes up to an hour to code. Not ChatGPT: the chatbot can code phishing scams honed to lure in more victims, and it can do it in mere minutes.

It also creates infected attachments that try to give the hacker remote access to your machine. Hackers will be able to really hone their scam messages using AI that has quantitative knowledge about what works best.

They can fine-tune their ability to detect exploitable vulnerabilities on your systems. Who knows what threatening idea they’ll have artificial intelligence machines make a reality for them next?

Users need to be careful engaging with nascent technology and stay abreast of new developments that the good guys are working on, so that we can all stay ahead of cybercriminals no matter what they dream up next.

Eight In 10 Businesses Were Targeted With Phishing In The Last Year. Was Yours?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Despite all the buzz about high-tech threats like ransomware and malware, good old phishing has held on to its title as the number one trick in a cyber criminal’s toolkit.

Phishing is when someone tries to trick you into giving them your personal information, like your password or credit card number. They do this by sending you emails or text messages that look like they’re from a real company.

According to the latest annual cyber breaches survey, 79% of businesses were targeted with a phishing attempt in the past year. And if your employees aren’t trained in cyber security awareness, 1 in 3 of them are likely to fall for a phishing attack. Scary!

You might be thinking, “Sure, it’s bad, but it can’t be that bad, right?” Well, let’s break down the consequences of a successful phishing attack.

[Read more…] about Eight In 10 Businesses Were Targeted With Phishing In The Last Year. Was Yours?

Planning Digital Transformation? Don’t Forget Your Team

Have you heard of the term “digital transformation?” It’s where you introduce new technology across every part of your business, to help you sell more, deliver better customer service and be more efficient/profitable.

That word ‘transformation’ sounds impressive, doesn’t it? It’s like your business is a caterpillar, ready to emerge from its cocoon as a dazzling, tech-savvy butterfly.

But hold on a minute, let’s not forget about the most important part of this metamorphosis – your people.

Yes, you read that right. It’s not technology that should be at the heart of any digital transformation… it’s people.

Businesses often make the mistake of getting caught up in the whirlwind of “cool new tech” and forget about the human element. How many times have you heard of a company rolling out a major new software system, only for their employees to struggle with the change?

The truth is, the success of any digital transformation hinges on your team’s buy-in. You can have the most cutting-edge technology in the world, but if your people hate using it, it’s going to fail.

So how do we put people first in digital transformation? It starts with communication. Your team needs to understand why change is happening and how it will benefit them. This isn’t just a one-time announcement, but an ongoing two-way conversation.

Next, you need champions. These are individuals at all levels of the business who are enthusiastic about the change and can help others get on board. Enthusiasm is contagious!

And finally, you need to break down silos. The digital world thrives on collaboration, and your business should too. If departments are working in isolation, you’re not harnessing the full potential of your team or your technology.

Let’s not forget about the role of AI in all this. Generative AI systems, such as ChatGPT, have been making waves in the media, highlighting the importance of the human element in the digital transformation debate. After all, technology should serve people, not the other way around.

The pace of technological advancement is dizzying, no doubt about that. But amidst all the change, one thing remains constant – the importance of putting people, processes and culture at the center of your digital transformation.

If we can help you with any kind of technology project, just give us a call.

Learn How To Spot Fake LinkedIn Sales Bots

LinkedIn has become an invaluable platform for professionals. People use it to connect, network, and explore business opportunities. But with its growing popularity have come some red flags. There has been an increase in the presence of fake LinkedIn sales bots.

These bots impersonate real users and attempt to scam unsuspecting individuals. This is one of the many scams on LinkedIn. According to the FBI, fraud on LinkedIn poses a “significant threat” to platform users.

Lets delve into the world of fake LinkedIn sales bots. We’ll explore their tactics and provide you with valuable tips. You’ll learn how to spot and protect yourself from these scams. By staying informed and vigilant, you can foster a safer LinkedIn experience.

Identifying fake LinkedIn connections

Social media scams often play on emotions. Who doesn’t want to be thought of as special or interesting? Scammers will reach out to connect. That connection request alone can make someone feel wanted. People often accept before researching the person’s profile.

Put a business proposition on top of that, and it’s easy to fool people. People that are looking for a job or business opportunity may have their guard down. There is also an inherent trust people give other business professionals. Many often trust LinkedIn connections more than Facebook requests.

How can you tell the real requests from the fake ones? Here are some tips on spotting the scammers and bots.

Incomplete profiles and generic photos

Fake LinkedIn sales bots often have incomplete profiles. They’ll have very limited or generic information. They may lack a comprehensive work history or educational background. Additionally, these bots tend to use generic profile pictures. Such as stock photos or images of models.

If a profile looks too perfect or lacks specific details, it could be a red flag. Genuine LinkedIn users usually provide comprehensive information.

Impersonal and generic messages

One of the key characteristics of fake sales bots is their messaging approach. It’s often impersonal and generic. These bots often send mass messages that lack personalization. They may be no specific references to your profile or industry. They often use generic templates or scripts to engage with potential targets.

Excessive promotional content

Fake LinkedIn sales bots are notorious for bombarding users. You’ll often get DMs with excessive promotional content and making unrealistic claims. These bots often promote products or services aggressively. Usually without offering much information or value.

Inconsistent or poor grammar and spelling

When communicating on LinkedIn, pay attention to the grammar and spelling of messages. You may dismiss an error from an international-sounding connection, but it could be a bot.

Fake LinkedIn sales bots often display inconsistent or poor grammar and spelling mistakes. These errors can serve as a clear sign that the sender is not genuine. Legitimate LinkedIn users typically take pride in their communication skills.

Unusual connection requests and unfamiliar profiles

Fake LinkedIn sales bots often send connection requests to individuals indiscriminately. They may target users with little regard for relevance or shared professional interests.

Be cautious when accepting connection requests from unfamiliar profiles. Especially if the connection seems unrelated to your industry or expertise.

Satellites Are Safe In Space…But Not Cyber-Space!

Yes, satellites are indeed vulnerable to cyberattacks.

As sophisticated technologies, satellites are not immune to the risks posed by cyber threats. While they operate in space, they are still managed and controlled through ground stations on Earth, making them susceptible to various types of cybervulnerabilities.

Think about it…

Like any computer system, satellites can be infected with malware or viruses, affecting their functionality and data integrity. They can also be overwhelmed with excessive traffic, causing temporary or permanent disruptions, like any other DDOS attack.

Attackers can also send false signals or information to satellites, leading to incorrect data processing or navigation errors.

Imagine if a company’s computer systems crash, or there’s a big cyber-attack, or a natural disaster like a flood or fire strikes their office.

With a well-thought-out plan in place, you (and your coworkers)can quickly get back on your feet, minimize the damage and continue serving customers.

The disaster recovery plan includes things like data backups, so important information doesn’t get lost forever. It also outlines who’s in charge of what during the crisis, so everyone knows what to do.

If hackers gain access to the ground stations or satellite control systems, they may be able to manipulate or disrupt satellite operations. Intercepting that communication signal could expose sensitive information!

While less common, physical attacks on satellites or their infrastructure in space can also occur, leading to a loss of functionality.

If someone successfully hacked a satellite, it could impact critical services such as communication, navigation, weather forecasting and national security.

For this reason, space agencies, satellite operators, government organizations and other stakeholders are continuously working to enhance satellite cybersecurity measures and stay ahead of potential threats!

Do you have a disaster recovery plan?

Having a disaster recovery plan might seem like extra work, but it’s a smart and responsible thing to do.

It helps keep the company running smoothly even when bad things happen, and it shows that you’re ready for anything! So, just like how we prepare for unexpected situations in our daily lives, companies need to have a disaster recovery plan to be ready for anything that comes their way.

It’s like having an emergency kit ready for unexpected disasters. Just like how we keep a flashlight, some snacks, and first aid supplies handy for emergencies, a disaster recovery plan is a strategy for what to do when major problems occur that disrupt operations.

A disaster recovery plan also ensures that you have a safe place to work from in case their usual office is unavailable (like, say, if a global pandemic were to strike?).

When something major happens, it’s normal for people to panic. A disaster recovery plan that has been routinely tested, updated and studied will save you from the panic, and headache, of what to do when the worst goes down.

Instead, you’ll be back to business as usual in no time.

Is Your Team Suffering From Cyber Security Fatigue?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Recently, we’ve seen a concerning trend among businesses: cyber security fatigue.

It’s a phenomenon that occurs when people become overwhelmed and desensitized to the constant barrage of cyber threats and security alerts they face on a daily basis.

You may be thinking, “My business is too small to be a target for cyber criminals.”

Unfortunately, that couldn’t be further from the truth. In fact, small businesses are often targeted precisely because they are seen as easier targets.

Cyber criminals know that small businesses don’t have the same resources as larger corporations, making them more vulnerable to attacks.

So, how can you tell if your business is suffering from cyber security fatigue? Here are a few signs to look out for: [Read more…] about Is Your Team Suffering From Cyber Security Fatigue?