Why Should You Use Different Passwords For Different Accounts?

It’s common to have multiple online accounts for social media, online shopping, banking, and more. While having different accounts makes our lives more convenient, it also presents a security risk if we use the same password for all of them.

This is because if a hacker gains access to one of our accounts, they can potentially gain access to all of them if we use the same password. This is why it’s crucial to have different passwords on different accounts.

Having different passwords on different accounts is one of the most basic but important steps you can take to protect your online security.

By using unique passwords, you reduce the risk of a hacker gaining access to all of your accounts if they manage to crack one password. This is particularly important for accounts that contain sensitive information, such as online banking or medical records.

One reason why people tend to use the same password for multiple accounts is because it’s easier to remember.

However, there are ways to create strong and unique passwords without having to remember them all. One option is to use a password manager.

A password manager is a tool that generates and stores unique passwords for each of your accounts. All you have to do is remember one master password to access the password manager. Some popular password managers include BitWarden, Dashlane, and 1Password.

Another way to create strong and unique passwords is to use a passphrase instead of a single word. A passphrase is a combination of several words that are easy for you to remember, but difficult for others to guess. For example, instead of using the password “password123” you could use a passphrase like “MyDogate2BonesToday!”

It’s important to note that having different passwords is not enough to ensure complete security. It’s also important to use strong passwords that are difficult to guess or crack.

This means avoiding common words, phrases, or personal information that could be easily guessed.
Instead, use a combination of upper and lowercase letters, numbers, and symbols.

In addition to having different and strong passwords, it’s also important to update them regularly. This is because if a hacker gains access to an old password that you no longer use, they can still potentially use it to gain access to other accounts if you’ve used the same password for multiple accounts. It’s recommended to update your passwords every six months to a year.

One thing to keep in mind is that while having different passwords on different accounts is important, it’s not the only step you should take to protect your online security. It’s also important to enable two-factor authentication whenever possible.
Two-factor authentication adds an extra layer of security by requiring a second form of authentication, such as a code sent to your phone or an app.

While it may seem daunting to remember multiple passwords, password managers can help significantly.

By taking these basic steps, you can greatly reduce the risk of a security breach and protect your sensitive information online.

Do You Know Exactly What Services Your Staff Are Signing Up For?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Whatever problem, need, or want you have… there’s a cloud application out there that can help you.

We’ve never lived in a such a rich time for problem solving. Every day, hundreds of new services launch to make our lives easier and help us be more productive.

These applications all live in the cloud. They’re known as Software as a Service – or SaaS – because you don’t load any software onto your device. You use them in your browser.

We would argue this SaaS revolution over the last 15 to 20 years has played a critical part in shaping the way we work today.

However, there’s an issue. Many businesses aren’t 100% aware of what new services their staff have signed up for. And this problem isn’t a financial one; it’s a security one. [Read more…]

How To Protect Your Online Accounts From Being Breached

Stolen login credentials are a hot commodity on the Dark Web. There’s a price for every type of account from online banking to social media. For example, hacked social media accounts will go for between $30 to $80 each.

The rise in reliance on cloud services has caused a big increase in breached cloud accounts. Compromised login credentials are now the #1 cause of data breaches globally, according to IBM Security’s latest Cost of a Data Breach Report.

Having either a personal or business cloud account compromised can be very costly. It can lead to a ransomware infection, compliance breach, identity theft, and more.

To make matters more challenging, users are still adopting bad password habits that make it all too easy for criminals. For example:

  • 34% of people admit to sharing passwords with colleagues
  • 44% of people reuse passwords across work and personal accounts
  • 49% of people store passwords in unprotected plain text documents

Cloud accounts are more at risk of a breach than ever, but there are several things you can do to reduce the chance of having your online accounts compromised.

Use multi-factor authentication (MFA)

Multi-factor authentication (MFA) is the best method there is to protect cloud accounts. While not a failsafe, it is proven to prevent approximately 99.9% of fraudulent sign-in attempts, according to a study cited by Microsoft.

When you add the second requirement to a login, which is generally to input a code that is sent to your phone, you significantly increase account security. In most cases, a hacker is not going to have access to your phone or another device that receives the MFA code, thus they won’t be able to get past this step.

The brief inconvenience of using that additional step when you log into your accounts is more than worth it for the bump in security.

Use a password manager for secure storage

One way that criminals get their hands on user passwords easily is when users store them in unsecured ways, such as in an unprotected Word or Excel document or the contact application on their PC or phone.

Using a password manager provides you with a convenient place to store all your passwords that is also encrypted and secured. Plus, you only need to remember one strong master password to access all the others.

Password managers can also autofill all your passwords in many different types of browsers, making it a convenient way to access your passwords securely across devices.

Review your privacy settings

Have you taken time to look at the security settings in your cloud tools? One of the common causes of cloud account breaches is misconfiguration. This is when security settings are not properly set to protect an account.

You don’t want to just leave SaaS security settings at defaults, as these may not be protective enough. Review and adjust cloud application security settings to ensure your account is properly safeguarded.

Don’t enter passwords when on public Wi-Fi

Whenever you’re on public Wi-Fi, you should assume that your traffic is being monitored. Hackers like to hang out on public hot spots in airports, restaurants, coffee shops, and other places so they can gather sensitive data, such as login passwords.

You should never enter a password, credit card number, or other sensitive information when you are connected to public Wi-Fi. You should either switch off Wi-Fi and use your phone’s wireless carrier connection or use a virtual private network (VPN) app, which encrypts the connection.

Use good device security

If an attacker manages to breach your device using malware, they can often breach your accounts without a password needed. Just think about how many apps on your devices you can open and already be logged in to.

To prevent an online account breach that happens through one of your devices, make sure you have strong device security. Best practices include:

  • Antivirus/anti-malware
  • Up-to-date software and OS
  • Phishing protection (like email filtering and DNS filtering)

Should You Monitor Your Remote Workers?

At the end of last year, Microsoft announced it would be adding increased employee surveillance to Microsoft Edge.

The changes mean admins can access compliance monitoring through the browser, such as seeing which files have been printed or copied to USB devices.

Machine learning is being used to increase this visibility of what’s happening to sensitive files. But how will this impact employees? Will they feel that their privacy is being invaded? Will it cause trust issues? And do you think this is an appropriate level of monitoring when people have proved that remote work can be just as productive – if not more – than working from the office?

Our advice would be not to buy into this increased employee surveillance, unless you want to damage the delicate trust you’ve no doubt worked hard to build with your team.

There are other, more open ways to help your people get their work done. For example, there are plenty of tools that help limit distractions like notifications or temporarily block apps and websites to allow better focus. Your employees can choose to activate these to aid their productivity when they need a boost.

You’ll find some within your Microsoft 365 subscription – that means more tools at no extra cost.

If you want some suggestions personalized to your business, give us a call.

Online Shopping Tips From Stay Safe Online

The following tips have been taken from the Stay Safe Online group, which is dedicated to helping us all stay safe when using the Internet.

We thought they were very good tips to also keep in mind as you get back into the swing of things after the holiday break.

Think before you click

Beware of emails, texts or other promotions that seem “off” or encourage you to urgently click on links. If you receive an enticing offer, do not click on the link. Instead, go directly to the company’s website to verify the offer is legitimate. If you can’t find it on their website, report the scam to your email provider as a phishing attempt. Remember: if it seems to good to be true, it probably is.

Do your homework

Fraudsters are fond of setting up fake e-commerce sites. Prior to making a purchase, read reviews to hear what others say about the merchant. Check trusted sources, like the Better Business Bureau, as well.

In addition, look for a physical location and any customer service information. It’s also a good idea to call the merchant to confirm that they are legitimate.

Consider your payment options

Using a credit card is much better than using a debit card; there are more consumer protections for credit cards if something goes awry. Or, you can use a third party payment service instead of your credit card. There are many services you can use to pay for purchases – like Google Pay – without giving the merchant your credit card information directly.

Watch what you give away

Be alert to the kinds of information being collected to complete your transaction. If the merchant is requesting more data than you feel comfortable sharing, cancel the transaction.

You only need to fill out required fields at checkout and you should not save your payment information in your profile. If the account autosaves it, go in and delete the stored payment details after the purchase.

Keep tabs on your bank and credit card statements

Be sure to continuously check your accounts for any unauthorized activity. Good recordkeeping goes hand-in-hand with managing your cybersecurity.

Another tip for monitoring activity is to set up alerts so that if your credit card is used, you will receive an email or text message with the transaction details.

A Quick Refresher On How To Keep Your Business Safe

If you connect it, protect it

As more and more technology becomes a part of our personal and business lives, the line between our online and offline self has become increasingly blurred. Stay Safe Online reminds us that any device we connect to our home and business network needs to be protected and each has some amount of risk associated with the connection. So all of our smart thermostats, TVs, doorbells, alarm systems, and refrigerators need to have the appropriate protection policies in place.

Securing devices at home and at work

The global pandemic has removed the boundaries between “home” and “work” as much work was completed while at home. Remote work was already well on it’s way to becoming the new normal of work the adoption of the strategy was accelerated. With devices connecting from both our home and our physical workspace, this has opened the doors to a different kind of cybersecurity concern and how you can protect both.

Securing Internet-connected devices in healthcare

More and more healthcare facilities, from senior living to urgent care centers, are using Internet-connected devices in the day-to-day care of their patients. Tele-medicine has quickly emerged as a way for patients to receive care and doctors to give it as a result of COVID-19, but this opens both patients and providers to unique cybersecurity challenges. Strong passwords and encrypted Wi-fi will help to keep data secure.

Human Error: The Reason Why Cybercriminals Love Email

Mark Funchion is a network technician at Tech Experts.

Defending your data network against viruses, malware, ransomware, and other threats is a never-ending battle. Some attacks can be very sophisticated, using extremely complex techniques to try and exploit even the most secure networks. However, the vast majority of threats to your network – over 80% – are delivered through a very basic method: email.

Email is a common tool that many of us use constantly at work. Oftentimes, we use it without giving much thought to what we’re doing or what we’re opening.

It’s normal for co-workers, clients, or new prospects to communicate and share files with us via email. The file can be a document, spreadsheet, PDF, etc., but the fact is that it’s common and repetitive to us.

Like anything we do frequently, we can develop muscle memory. Think about the program guide on your TV – you probably navigate the menus without thinking. After an update or a provider switch, those menus can change and you might click the wrong buttons out of habit. No harm there.

But consider making the same mistake when a document is sent to you. The message arrives, and you briefly glance at who it’s from. Maybe you recognize them, maybe you don’t. You see an attachment, and you open it out of habit. The file is infected, and in less than a second, the damage has begun.

Like it or not, the people who are attacking your systems are running a business. Like any business, they are concerned with the return on their investment. Developing high-end, sophisticated attacks takes time and skill, which is expensive to do.

However, minimal skill is required to send an email – and that process can be replicated to hundreds of thousands of users with a simple click of a button. And almost everyone working today might accidentally open an email with little to no thought.

For small businesses, having a firewall, an email filter, and anti-virus software is a must. We can help install and maintain that infrastructure. Unfortunately, the methods that attackers use to slip under your defenses are always changing.

It is important that you and your staff – the end users who do the clicking – still do your part and remain vigilant. Attackers send such a high percentage of attacks through email because of that human element. It works.

It’s essential that you fight your muscle memory and treat email like physical mail. Look at what is being sent, who it is from, and if there is anything attached. If anything seems off, do not open it. Always err on the side of caution.

Also, if you do open something you shouldn’t, it’s better to notify your IT department or provider of a potential issue so they can look at what you were sent.

Often, I have observed someone get a suspicious message, open it, notice something is not right, then forward it to a co-worker for help. By sending the message on, there is a potential to increase the scope of damage done.

Those looking to do harm and steal information will always try the path of least resistance. All the security in the world can’t stop an intruder if you open the door for them.

The same caution you take at home when an unexpected knock is heard should be how you handle all email. Consider the source and content, and if you have doubts, don’t open the message. Delete it.

Malware will never be fully eradicated – cybercriminals will make sure of that – but you can do your part to make sure you do not infect your PC or business.

Heads Up: Hackers Are Exploiting Email Forwarding Rules

Mark Funchion is a network technician at Tech Experts.

The ways in which hackers attack accounts are endless, and a lot goes into keeping your accounts both safe and usable.

A newer attack style that is being used (and one we have personal experience with resolving) is the manipulation of email forwarding rules.

Email forwarding rules are rules that are set up in your inbox to forward a message to another mailbox as soon as it arrives.

The danger for the email owner is that these rules can also clean up after themselves by deleting the message, preventing a copy of the forward from showing in the “Sent Items” folder, and deleting the message from the “Deleted Items” folder.

If a hacker takes advantage of this, then all your email will be sent to and read by someone you do not even know.

Think about the items in your inbox, especially the ones that are sensitive and/or confidential. Can you risk there being a period of time where your messages are being forwarded without your knowledge?

Also, as the hackers are good at cleaning up and hiding their tracks, you need someone with the experience and expertise to resolve this for you if it does occur.

One of the big dangers with this attack style is that changing your password or adding two-factor authentication will not stop the current breach once the rule is in place.

Forwards will continue to be sent because the rule is not password dependent. It’s the same with two-factor authentication; if you enable this after the rule is in place, it will not do you any good.

There are steps that can be taken to prevent these types of attacks, however most of them are not settings that an end user would be familiar with.

It’s important to not allow forwarding to occur to email addresses outside of your domain, and relatedly, it’s a good idea to allow the full sync of settings between the web client and the local desktop client.

For example, Office 365 by default will not sync these settings, so if someone gains access to your email and creates a forward on the web page, you and your IT department will not see it if they look in your Outlook client on your local computer.

These rules can be hidden if the hacker knows what they are doing. This means a quick open-and-check-if-a-rule-exists is not sufficient. Steps need to be taken to make sure there are no rules, not just a lack of visible rules.

Checking for these rules if there is a suspected breach is critical because of another potential problem: if you do a password reset on another account that you are concerned about (for example, your bank because you use the same password), that email with details gets forwarded to the hacker and they may be able to gain access to that account.

Hackers will continue to evolve as they need to. As this exploit is discovered and procedures are put in place to mitigate their effect, the next exploit will be used and the cycle will start again. Having a partner to help you navigate through all these potential issues is essential.

Being aware of these exploits, watching for new ones, and making necessary changes to keep your business safe is a big part of what Tech Experts does.

Handling these concerns is part of our core business, giving you the peace of mind to handle your core business.

Everyone On Your Team Needs Cyber Security Training. Including You!

Every good business leader knows that training is essential for a highly productive team.

But have you ever considered giving your staff cyber security training? You really should.

What is it?

It’s about increasing their awareness of the ways that criminals try to break into your IT system, and the devastating consequences if they do.

So, they’d learn:
• How to spot the different types of fake emails and messages, and what to do with them
• The risk of social engineering by email, phone, or text message
• Why we use basic security tools such as password managers and multi factor authentication (where you generate a code on another device)

By holding regular cyber security training sessions, you can keep everyone up to date. And develop a great culture of security awareness. It’s another layer of protection to help ensure that your business doesn’t become part of a scary statistic (one small business is hacked every 19 seconds).

As the company owner, it’s critical you do the training, too.

You’ll be one of the most targeted people in the business, as you probably have access to all the systems, including the bank account.

If you don’t already have cyber security training in place, we’d love to help. Give us a call at (734) 457-5000, or an email to info@mytechexperts.com.

Could One Well-intended Click Take Down Your Business… From The Inside?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Not many owners and managers realize this… but the biggest data security risk to your business is actually your team.

We’re not talking malicious damage. But rather, them being caught out by cyber criminals.

It only takes one click on one bad website, and your business can be compromised. It really can be that simple.

Hackers target staff to try to install malware on your devices. Then they can try to extort money, corrupt files, or steal your sensitive business data.

In some cases, this can cause such extreme damage to your business that it makes genuine recovery very hard. Trust us when we say you want to avoid it at all costs.

Fortunately, there are a few things you can do to help protect your business from this kind of attack. And you’re probably already doing some of them. [Read more…]