TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Internet

Do You Have Internet Privacy At Work?

Luke Gruden is a help desk technician for Tech Experts.
Sometimes, when there’s a break or the work day is slow, it can be tempting to check on a couple different websites. In doing this, would anyone know what websites were visited? Other than the people around, who else would know what sites might have been visited? It may come at a surprise that there could be many different people later on – or even immediately – that find out about the websites that were visited.

It is common for workplaces to have a firewall that prevents certain websites from being visited. Along with blocking certain websites, firewalls usually keep track of all the different websites that have been visited and by who.

Any time a website is visited that has been blacklisted (blocked), this usually triggers an alert to the IT department or management, so they can look over who tried to connect to a blacklisted site. From there, if IT or management feel it is necessary, they could look over the entire history of websites that were visited by a user or a group of users.

Now, let’s say for some odd reason that the business does not have a firewall or other device that keeps records of websites visited – could websites that were visited still be discovered?

Well, the computer someone uses also keeps records of websites that they have been visiting, which can be accessed by IT.

Some clever users might be able to remove their footprints from their workstation computer, but they may not have access to something like that.

There is another way that websites visited from a workplace can be tracked without a firewall or looking into the computer files.

If the websites visited warrant any legal action or an investigation is happening at the company, the ISP (Internet Service Provider) can release any and all records of websites visited and exact information of what was done. There is no way to get around this as you need an ISP to use the internet.

There are even more ways to find out what websites are being visited than what was mentioned here. In short, if someone at the office is using the work Internet, it is more than possible that every website visited is being kept track of in one way or another.

If you follow the rules of your workplace and visit only the type of websites allowed by the work place, you shouldn’t have much to worry about. As a rule of thumb, you should only visit sites and do things that you don’t mind the public or workplace knowing about. If you ever see “NSFW” (Not Safe for Work), do not visit or have anything to do with it while on the work Internet.

Only surf the Internet when you are allowed to surf the internet. Don’t visit websites or open emails where the main site or email sender is unknown. With these tips in mind and a better awareness of how a person can be tracked on a business network, you can make better choices while on the company’s Internet.

What Can I Do To Strengthen My Wifi Signal?

A weak WiFi signal in certain areas of your house could limit where you do your work and enjoy your entertainment activities, such as streaming films music or playing online games. This is actually a common issue with a couple of relatively easy fixes that will improve your wireless Internet connection throughout your house.

The first option is to replace the antenna on your router with a taller one. If your router has a built-in antenna, you can likely add an external one and see a marked increase in signal quality. There are two main types of antennae: omnidirectional and directional. An omnidirectional antenna transmits in all directions, while you can point a directional antenna where you need to strengthen the signal without making it easier for others to latch onto your WiFi. The other alternative to improve your wireless signal is to install a range extender, particularly if the area that requires the strongest signal is behind thick walls or is relatively small.

Should Your Business Get A Backup Internet Connection?

With most business operations tied to the Internet, it is important to consider a backup plan in the event that your Internet connection goes down.

A host of things can cause issues with Internet service from natural disasters to provider caused issues, and unfortunately, those are beyond your control.

Choosing whether or not your business should have a backup Internet connection, however, is within your power.

You should first identify how much your business depends on the Internet for its operations when making this decision. In other words, could your business operate, if the Internet was to go down for a few hours without suffering a significant monetary loss? What about for a few days?

Chances are that your business would at least operate at a disadvantage without another way to access the Internet. If that is not the case, deliberating about backup connections may not be your best use of time.

For the rest of the business world, however, the real question lies in what kind of backup Internet connection you should seek.

Most experts will agree that it is wise to have your backup connection one notch lower than your primary one.

For instance, if your primary Internet connection is fiber, your secondary connection could be a T1 line. If your primary is a T1 line, try DSL or cable for your secondary.

That way, you’re not making a huge downward leap such as from fiber to dial-up, and your employees wouldn’t be at too much of a disadvantage.

This approach also takes into account your business’ budget. Your secondary connection will be a little less expensive than your primary while still being somewhat close in capability.

You’ll also need to make sure that your firewall has the capability to support more than one Internet connection. Most of the firewalls we recommend to clients include this as an option; however, the consumer grade routers sold at big box stores rarely offer this as an option.

Another important feature is to make sure your firewall can automatically detect outages, and switch Internet connections to keep you up and running without manually having to switch connections.

Older Internet Explorer No Longer Supported

Microsoft recently made the announcement that it will no longer offer support for Internet Explorer versions prior to Explorer 11.

It is also only through Explorer 11 that users can receive updates for the following operating systems: Windows 7, Windows 8.1, and Windows 10. While this does not prevent users from continuing to turn to Internet Explorer for their browsing needs, it does serve as a call to action for optimum usability and security while surfing the web.

Without up-to-date security patches, devices are at risk of malware and other forms of malicious attacks.

In addition to such security risks, users who continue to use unsupported versions of Explorer may lose Independent Software Vendor (ISV) support or encounter compliance issues.

The company also outlined how Explorer users can update to the latest version, at no extra charge. People who use Internet Explorer (IE) can be roughly divided into three categories: Enterprise users, small to medium businesses, and home PC users. Each groups has a slightly different means to upgrade to Explorer 11; however, their experience should be hassle free.

Albeit, some small-to-medium business owners have expressed concerns about their line-of-business (LOB) application having a dependency on a particular Explorer version. Microsoft has addressed this concern by integrating an Enterprise Mode into Explorer 11 that allows backward compatibility with web applications specifically designed for previous versions of Explorer.

Smaller businesses, whose software does not depend on previous IE versions, can upgrade through Automatic Updates or contact a Certified Microsoft Partner like Tech Experts for assistance.

Home PC users could see an automatic upgrade to Explorer 11 via Automatic Updates.

Still, if the home PC upgrades are set to ‘off’, updates to Explorer 11 will have to be done manually through the Control Panel and the Check for Updates button under the Windows Update tab.

Internet Security: Beware Of “Malvertising”

Michael Menor is Vice President of Support Services for Tech Experts.

As if Internet use wasn’t already troubled with cyber perils, users now have to add “malvertising” to the list of things from which they need to protect themselves.

“Malvertising,” like the name suggests, means “ads that contain malware.” Some mal-ads aren’t dangerous unless you click on them – but others can do “drive-by downloads,” sneaking their malware onto your computer simply because you’re viewing the page on which the ad appears.

While most malvertising is on websites, it can also show up on other ad-displaying apps, such as Facebook, Skype, some email programs, and many games.

The reason that malvertising is more of a problem than other malware approaches is that it can be spread through online advertising delivery networks like Google DoubleClick to legitimate sites that users routinely visit, like the New York Times, Huffington Post, and Yahoo, as well as routinely-used mobile apps that show ads. Malware-bearing ads can be “injected” either by hacking ads at the provider end or by buying and providing mal-ads. In most cases, there’s no way for a user to tell just by looking that an ad has been compromised.

The Potential Damage
The dangers of advertising-delivered malware are the same as those from malware you get any other way. Malware can steal account usernames and passwords, bank and credit card information, and other sensitive data.

It can encrypt your data and “hold it for ransom.” It can, in turn, infect other computers on your network and turn your computer into a “zombie,” spewing out spam and malware to the Internet.

July_2015_MalvertisingLike other viruses and malware, malvertisements take advantage of security vulnerabilities on users’ computers and mobile devices. These may be anywhere from the operating system, to web browsers and other applications, to add-ons and extensions like Java, JavaScript, and Flash.

How do you know if your computer has been infected by malware? One sign is that your web browser shows unexpected pop-ups or seems to be running slower. But many malware infections remain “stealthy,” possibly even eluding anti-malware scans.

Legitimate ad creators and ad delivery networks are working on ways to detect and prevent malware from getting into the digital ads they serve. Otherwise, people have even more reason to not look at ads or block ads entirely.

But, assuming it can be done, this won’t happen for a year or more. The burden is on companies and individuals to do their best to protect their networks, computers, and devices.

What Can Companies and Users Do?
Although malvertising is a relatively new vector, the best security practices still apply; if you’re already doing things right, keep doing them. But what does “doing things right” look like?

  1. Avoid clicking on those ads, even accidentally.
  2. Maintain strong network security measures. Next generation firewalls at the gateway can often detect malware payloads delivered by ads, block the ads entirely, and/or detect communication from already-infected devices.
  3. Regularly backup systems and critical files so you can quickly restore to a pre-infected state if your systems and data are compromised.
  4. Deploy endpoint security software on every device so that it’s protected on and off the network.
  5. Ensure that all operating systems and client software (especially web browsers) are fully patched and up to date.
  6. If you suspect a computer has been infected, stop using it for sensitive activities until it’s been “disinfected.” Again, many security appliances can help you identify and quarantine infected devices.

It’s unfortunate that even more of everyday Internet use is potentially unsafe, but the steps to fend off malvertising are essentially security precautions that companies and individuals should already be following.

Does Your Company Need An Internet Usage Policy?

Scott Blake is a Senior Network Engineer with Tech Experts.

With the growth and expansion of the Internet, it is important to make sure that your business has a policy in place to protect its assets.

Depending on your business, an Internet Usage Policy (IUP) can be long and drawn out or short and to the point.

An IUP will provide your employees with guidelines on what is acceptable use of the Internet and company network. IUPs not only protect the company, but also the employee.

Employees are informed and aware of what is acceptable when it comes to websites and downloading files or programs from the Internet.

When employees know there will be serious consequences for breaking the IUP, such as suspension or termination of employment, companies tend to notice a decrease in security risks due to employee carelessness.

You will need to make sure your IUP covers not only company equipment and your network, but also employee-owned devices such as smart phones and tablets. You may be surprised at the number of employees that feel they do not have to follow the IUP because they are using their own device to surf or download from the Internet.

Make sure you address proper usage of company-owned mobile devices. Your business may have satellite employees or a traveling sales force. Even when they are away, they need to be aware they are still representatives of the business and must follow the business IUP.

After all, it would not go over well if your sales staff was giving a presentation to a prospective client and suddenly, “adult content” ads popped-up on the screen because one of your employees was careless in their web habits.

The downloading of files and programs is a security risk in itself. Private, internal company documents and correspondence downloaded from your company’s network can become public, causing unrepairable damage.

On the same thought, employees downloading from the Internet open your company’s network up to malware attacks and infections.

There are a lot of hackers that prey upon the absent-minded employee downloading a video or song file by hiding a piece of malware within the download. Once the malware makes it into your network, there’s no telling what damage it can cause.

As for non-work related use of the company network and Internet, make sure your employees know there is no expectation of personal privacy when using the company’s network and Internet connection.

Make it well-known that the network and Internet are in place to be used for work purposes only. Improper use of the network can reduce bandwidth throughout the company network.

This includes all mobile devices owned by the company. This way, your employees know that no matter where they are they still must follow the guidelines of the IUP.

Make sure all of your employees sign the IUP and fully understand what it is they are signing. Make sure you answer any and all questions they may have.

This will help clear up any confusion your employees may have. This way, there can be no excuses as to why the IUP was broken.

Whenever you update the IUP, make sure you have all of your employees sign and understand the new additions and/or changes to the IUP. It may seem like overkill, but you’ll be glad you did if you ever run into any violations of your company’s IUP.

For assistance in creating Internet Usage Policies or if you have any questions, call the experts at Tech Experts: (734) 457-5000.

Coming Of “Edge:” Microsoft’s New Browser

Up until now, Internet Explorer’s successor has been secretly referred to as Project Spartan during Microsoft’s development stage. At the Microsoft Build 2015 Developer Conference, the project name was finally announced as the company’s newest browser: Edge.

The name was already familiar to those in the know because Project Spartan’s page-rendering engine was known as Edge, but now the name has been elevated to describe the product as a whole.

For those who have had difficulties with Internet Explorer, this new browser is long overdue, but Edge should turn their frowns into smiles because it is much faster and more compatible with modern web standards.

Edge joins its competitors, like Firefox and Chrome, in the use of extensions and actually uses the same JavaScript and HTML standard code.

This means that Microsoft’s new browser can easily adopt its competitor’s extensions. In fact, Joe Belfiore, Microsoft’s VP of Operating Systems Group at Microsoft, demoed a couple of extensions at the conference. However, you won’t see the extensions feature in Windows 10 until later this year.

Cortana, Windows 10’s Siri-like virtual voice assistant, makes an appearance in Edge as well. When needed, Cortana shows up in a blue circle in the browser’s toolbar to relay pertinent information related to the landing page, such as directions to a local business or contact information.

Edge users can also summon Cortana for assistance and extra info by right-clicking on text selections to find out more.

Another Edge feature is the new-tab page, a remnant from Internet Explorer with a few tweaks. When Edge users open a new tab, the page displays thumbnail icons for the most frequently visited sites. It also allows users to reopen closed tabs and makes many suggestions for apps and videos and facilitates access to weather or latest sports scores.

Edge also provides the option to view pages in a reading mode free of distractions such as images and advertisements. Users can even make annotations, such as highlights and notes, on webpages for sharing or storing as an image. Microsoft’s new browser also comes with coding support and will function the same across all platforms. Until Edge is formally released, users can test it on non-critical PCs by downloading Windows 10 and joining the Windows Insider Program.

Is Someone Using Your WiFi? Here’s How To Find Out

There’s no doubt about the convenience of using wireless in your home or office. However, you don’t want just anybody hopping on your WiFi, using your network, and breaching its security. Having a unique password doesn’t mean you are immune to this problem.

If you ever notice that your connection is much slower than usual, it’s worth taking a peek at just how many devices are connected to your wireless network.

You can download and install a program aptly called “Who Is on Your WiFi” to know if there are other people connected to your hot spot who should not be. The free version is sufficient to detect intruders, but there are also paid versions with extra features like text notifications, audit logs, etc.

Once you install the application, all you have to do is follow the tutorial to run a scan of your network and review information about devices that are linked to your connection.

Initially, you may not recognize which MAC and IP addresses correspond with which device, but there’s an easy way to identify them. Turn off all of your devices, then turn them on one by one. If you only have one known device connected to your WiFi, and the “Who Is on Your WiFi” application is showing more than that device, it’s a safe bet someone is sharing your Internet connection. Take the appropriate measure of immediately changing your wireless password and only share it with family or designated individuals you want to have it.

For future scans, you can label each of your devices as something easily recognizable, such as My Phone or Dad’s Laptop, to facilitate the identification of intruders.

How The “Internet of Things” Will Affect Small Business

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Just when you thought you had the Internet mastered, something new crops up on the horizon.

One of the newest advances that will likely revolutionize the world is the Internet of Things (IoT).

If you haven’t heard of this, you’re not alone, but this idea is fast becoming a realization. Simply put, the IoT refers to how it is possible to remotely control and monitor just about anything via sensors and, of course, your Internet connection – from opening your home’s garage door from your office to the level of dog food remaining in your pooch’s bowl.

This concept recently gained definition at Apple’s Worldwide Developer Conference when the company unveiled two applications for iOS8.

The first was the HealthKit app, which lets users keep up with health and fitness data without wearing an actual tracker. The other was the HomeKit that can remotely control electronic devices like lights and cameras at home. [Read more…] about How The “Internet of Things” Will Affect Small Business

Online Safety: Is Your Website Secure?

Michael Menor is Vice President of Support Services for Tech Experts.

For all too many companies, it’s not until after a breach has occurred that web security becomes a priority.

While more than a few examples of recent breaches may leap to mind, know that these aren’t exclusive to big name retailers who accept credit cards. If you have a website for your business, you may be at risk.

As more and more business is done using the World Wide Web, websites themselves have become increasingly attractive to cybercriminals.

Websites are such a lucrative target for an attack because not only are there so many sites to attack, but an overwhelming majority of all websites can be easily exploited by some of the most common vulnerabilities.

Attackers, no longer driven by notoriety and ideology, have focused more on techniques that allow them to profit from their illegal activities.

Exploited sites allow the theft of credit card data, financial information, identities, intellectual property, and anything else cyber criminals can get their hands on.

The integrity of the company’s internal network can be affected as well if the website provides access to it.

There are many online services that allow anyone to create a webpage in under ten minutes.

Unfortunately, these quick solutions also make it easier for attackers. Without proper training and knowledge, many of these sites are left with multiple vulnerabilities. A few of these vulnerabilities will be discussed.

The Heartbleed Bug is a vulnerability that allows attackers to obtain confidential data such as usernames, passwords, emails, and even proprietary company data and communications.

Even if you think you might be protected because you use encrypted forms of communication, you’re not safe. Attackers will be able to eavesdrop into your communications and steal data from beneath you.

Like Heartbleed, one of the most prominent vulnerabilities affecting web applications is cross site scripting (XSS).

This vulnerability can allow an attacker to hijack web communications. The attacker may target a vulnerable website by tricking the user into submitting sensitive information or performing a privileged action within the target website’s web controls.

Application Denial of Service attacks have rapidly become a commonplace threat for doing business on the Internet — more proof that Web application security is now more critical than ever. Denial of Service attacks can result in significant loss of service, money and reputation for organizations.

Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services.

Denial of Service attacks are centered on the concept that by overloading a target’s resources, the system will ultimately crash.

An HTTP Denial of Service attack can also destroy programming and files in affected computer systems.

In some cases, HTTP DoS attacks have forced Web sites accessed by millions of people to temporarily cease operation.

Websites that can be compromised pose a serious risk and thus serious preventative measures should be taken to combat it.

Scrambling to fix the problem after the fact is costly, stressful, and can potentially result in legal action. Breaches also cause damage to your company’s image and brand, which may be permanent.

Know your vulnerabilities and don’t rely on ten-minute-or-less website creators to keep you safe.

If it’s too good to be true, it probably is.