TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Online Security

Cyber Security: How Safe Are You?

Jason Cooley is Support Services Manager for Tech Experts.
In 2017, Equifax, one of the largest credit bureaus in the US, suffered a data breach that exposed the names, Social Security numbers, date of birth, and some driver’s license numbers for 143 million people. An additional 209,000 people also had their credit card information exposed.

The attack was discovered on July 29th, but according to Equifax, the breach began sometime in May.

Let that sink in. One of the companies that rates credit scores and stores tons of financial information, had their data stolen for months.

Some would think that the larger the company (especially with sensitive data), the better the security. That isn’t always how it works out.

eBay, the online giant, is not immune. In 2014, 145 million user accounts were compromised.

The list goes on, and it contains some pretty big names. Target (2013), JP Morgan Chase (2014), The Home Depot, VeriSign, and even Sony’s Playstation Network (2011) have all suffered at the hands of hackers.

Don’t panic just yet, though. There are many things to consider when it comes to data security. From businesses to your personal data at home, we all obviously want to keep our private information private. While there is no foolproof way to keep yourself safe, there are some things that you should know.

 This isn’t a movie.

The Hollywood portrayal of hackers is over-the-top for many reasons. Having one person just sitting around and deciding, “Well, I think I will hack the government or this bank,” isn’t a realistic vision of reality. Most of these data breaches come due to an unknown security vulnerability. Then groups of people will try to exploit this vulnerability.

There are different needs for everyone.

While cyber security can affect everyone, you shouldn’t be overly afraid as an everyday consumer. Most well-known websites are secure and checking out with personal information is often doubled down with extra security.

Still, if you are uncomfortable, use a wallet site, such as Paypal. More and more websites offer these types of payment options, putting down yet another layer of safety to keep your financial information safe.

What about my business?

 That greatly depends on what kind of business you have. If you have a convenience store, there’s a pretty good chance your credit card processing is the only issue with data you’d ever have. Since this is typically handled by a vendor, you don’t have nearly as much to worry about.

Now, if your company stores any sensitive data (especially the personal information of others), you are going to need to step up the security.

How much do you have to lose?

 This isn’t a trick question. Really, how much do you have to lose? Financial information? Client information? As bad as it is to have your data compromised, if you run a business that deals with any sensitive customer or client information, you should not only be careful, but you should be protected.

A managed service provider, like Tech Experts, can help maintain your network and data security. This may include firewalls, blocking specific websites, and running routine checks of the security. Sensitive data, like data that can be used in identity theft, should be protected proactively. You can’t save it once it’s been taken.

Browsing The Internet In Safety

Evan Schendel is a help desk specialist for Tech Experts.
Browsing the Internet safely comes with many hurdles. Not all of them are obvious, however. These hurdles are numerous and potentially dangerous, but with the proper knowledge and mindfulness, they can be avoided quite easily.

Viruses and Spyware

The Internet is a minefield of harmful applications and criminals trying to take anything they can, but these attempts can be counteracted.

A user must always watch out for suspicious links or websites. Some websites, though legitimate-looking enough, may be spoofed or fake, hiding malicious code or something equally devious.

Hints to these websites being fake can lie in any aspect of the page, but most commonly, it is a slightly different URL or domain name, typically off by only a letter or two.

The viruses dwelling in pop-ups usually attempt to scare users into clicking their product and downloading the malware or spyware-stuffed application linked in the pop-up.

Spyware can not only steal information input while loaded onto a system, but also slows the system to a crawl and tends to be easy to pick up. Simply navigating to a poisoned web page or opening a suspicious e-mail can infect a workstation with spyware.

The real dangers lie in file-sharing sites, where any file could be dangerous. When downloading any application, evaluate it carefully and make fully sure that not only the site is legitimate, but also that the application is safe too.

Preventative measures do exist, and any workstation should have an anti-virus and anti-spyware application installed and running to prevent most malicious applications from doing any serious damage.

Phishing and Scams

Viruses aren’t the only dangers that come with browsing the Internet. Many scams plague the Internet, preying on people uneducated about their existences.

Older scams were typically through e-mail, with scammers posing as long-lost relatives or people who could offer the victim a large sum of money, but only if they helped them out with a fraction of what they claimed they could pay the victim.

While it seems silly that these scams could work, many fall prey to the empathetic connection one might have when speaking a person in apparent need. These scams, while still common, occur less and less while newer and more sophisticated traps are being developed.

Phishing attempts also come in a method previously discussed – pop-ups. These can have dangerous-looking warnings, alerting you that your machine is infected with a petrifying number of viruses and scaring the user into clicking their links or graphics.

These links or graphics can lead down a dangerous path, including giving the scammers your credit card information or worse.

In the event a pop-up like this occurs, do not panic or give in.

If it is a pop-up, close the window and make certain you click nothing else on the page. If it is a re-direct to a suspicious page, close that as well, and immediately scan the system for any viruses or spyware just to be safe.

No computer is untouchable, but best practices and well-implemented safety measures can make a computer system much more secure, letting you browse the Internet without fear.

In addition to anti-virus programs, constant system updates and application patches can keep any potentially dangerous backdoors or vulnerabilities covered and safe.

With all of this information kept in mind, falling prey to viruses, spyware, and scams will be far less likely and sites will seem much safer.

Five Keys For Small Business Preventive Security Measures

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We continually mention the importance of network and password security for small businesses for good reason. The increasing security threats and cases of security breaches in both large and small enterprises show that we are more at risk than ever before of suffering a security violation.

Regulated entities such as medical offices (HIPAA) and financial institutions (FINRA) are especially susceptible to breachs and security incidents.

Prevention is always better than cure. To this end, here are five security measures you should start putting in place today.

Limit lateral data transfers
One of the biggest contributors to internal data breaches is a lack of employee knowledge of security issues. It’s important to protect strategically important information and data by limiting who has access to it.

Furthermore, you can employ network segmentation to reduce any unnecessary communication between internal and external networks.

Ensure machines and devices are updated
Internal breaches can result from the use of unprotected machines. Without being aware, employees may download malware or ransomware.

However, this may not be a problem if the software and operating systems on the machines are up to date.

Keeping all devices and the accompanying software and security structures up to date will make a significant contribution to protecting your systems.

Monitor activity to identify suspicious activity
Sometimes, a security breach may not involve any employees. Network administrators should ensure the latest monitoring software is in use to monitor behaviors and immediately detect anything that looks amiss.

Cyber criminals are aware of these types of activities and often conceal themselves deep in the network to exploit the system over a prolonged period of time.

Even if you miss the threat the first time, the monitoring system will provide meaningful insights that will help you recognize foul play.

Ensure robust passwords are in place
When it comes to system passwords and login procedures, you can always improve. In addition to the more traditional text-based password access, you should also ensure you have more up-to-date security mechanisms in place such as fingerprint access and smartcards. These are much more challenging for cyber criminals to replicate.

Embrace cyber insurance policies
No system can be completely safe from a cyber attack. Criminals are getting smarter and smarter, and what appears to be an impenetrable system one day can be infiltrated the next.

For this reason, you may wish to take out cyber insurance to cover any costs you incur if things do go seriously wrong.

Yahoo! And The Hack Heard ‘Round The World

Evan Schendel is a help desk specialist for Tech Experts.
In the age of Russian super-hackers and nationwide credit reporting agencies with pitiful security, what could be safe? One thing is for sure – not Yahoo!.

In September of 2016, Yahoo! released the news that 500 million accounts were hacked in the latter half of 2014. That news severely impacted Verizon’s business deal to buy them out, but they only lowered the price by $350 million USD to a total of $4.48 billion USD.

Three months after this business deal was done and the prior hack had been announced, Yahoo! let the nation know that approximately 1 billion accounts had been hacked in 2013. Verizon was not pleased, to say the least.

Just recently, Yahoo! released even more grave information.

In the earlier part of October, Yahoo! bumped the number of affected accounts up to 3 billion. This estimate encompasses every single Yahoo! account, including its subsidiaries like Tumblr and Flickr. That is a lot of data – and if you had any accounts (even unused) linked to these websites dating back to 2014, you could have even had the information sold.

The cybersecurity firm InfoArmor has reported some of this information has been sold on the dark web, a small part of the web not indexed by search engines.

The group selling this information has sold the data to three sources, two of which are known spammers. All paid upwards of $300,000 USD.

With this information, reused passwords from past accounts can be the largest risk, as many people recycle the same password(s) for all of their various online accounts. While no financial information was stolen, security questions, dates of birth, and backup emails were taken.

All of this can be used for not only breaking into the Yahoo! account in question, but also any other accounts with similar information.

A good course of action from here on would be to, as you should, never reuse passwords, and change any existing passwords you feel might be in danger. Ensure that no shady happenings have occurred with any accounts, up to and including bank accounts.

The information sold was reportedly utilized to spy on a range of US White House and military officials, alongside Russian business executives and government officials.

With this information kept in mind, a document was released stating that four men were indicted, two of whom were Russian intelligence officers working for the Russian Federal Security Service. Which is, ironically enough, an agency dedicated to aiding foreign intelligence agencies track cybercriminals.

To finalize, remember to keep safety measures on all your accounts and protect yourself from email fraud or spam to the best of your ability. Only sign up for accounts on legitimate websites and, when you do create an account, use a unique password for that site. For sites with sensitive information, elect to use two-factor authentication when possible.

That way, when a company’s security is pushed back in lieu of other things, you can serve as a second defense for yourself.

Helpful Tech Tips To Prevent Phishing

jared-stemeye
Jared Stemeye is a Help Desk Technician at Tech Experts.

Many of us have clicked on an email that appeared authentic, but was not. Those fortunate enough to identify any suspicious elements before an attachment is opened or a link is clicked are the lucky ones. But, sometimes, we don’t notice those little things and click things we shouldn’t.

These trick emails are one method of an effective scheme called phishing, run by cybercriminals to get information about you or your company. Even worse, this information is then bought and sold to the highest bidder to do with it as they wish.

At best, an ad agency might send some extra spam emails your way. At worst, your identity may be stolen or your company’s network may be left exposed for all sorts of trouble.

Fortunately, there are many things you and your workplace can do to avoid these phishing attempts.

Tips for Employers

Just asking employees to watch out for suspicious-looking emails doesn’t drive home the urgency of phishing.

Find recent news reports to share with your workforce. When an organization makes the front page for a data breach (usually because an employee opened an infected email), you can explain how something like that could happen to your organization. It’s well-timed, newsworthy, and will be on forefront your employee’s mind.

The best thing to do as an employer is to implement a program that encourages security awareness, education, and behavior modification.

Changing up how you deliver that message to employees can be quite helpful. Start with a monthly email, memo, or bulletin. Switch it up with in-person, individualized meetings. Using different approaches will help your message resonate with more employees. It is common to need to communicate a message multiple times for it to stick with everyone.

Tips for Employees

Social media can be your worst enemy. Social networks are abundant with personal information, putting it right at the fingertips of cybercriminals.

Do not post any birthdays, addresses, or any other personal information on these websites. We know many domain and personal accounts use these for passwords despite the easy availability. Even with privacy settings maxed, there is always a way for cyber criminals to obtain the information.

Additionally, cybercriminals are getting more creative, especially with phone numbers. It is becoming very common for criminals to call high-risk employees and ask for information. For example, some of these “phishers” will call and pretend they are from their company’s help desk and need to reset account credentials or “require verification” from the user.

When in doubt, don’t give anything out. If something seems off or you don’t know the person, ask for their contact information and look into it. In these cases, it’s better to be cautious than courteous.

Overall, phishing isn’t going anywhere and it should be incorporated into all online security training for workplaces. As long as people use social networks and email continues to be a primary workplace communication channel, phishing will be a top choice for cybercriminal’s data theft. Protect your business and your employees. You can always contact Tech Experts at (734) 457-5000 if you’d like an in-depth review of any suspicious email you may have received.

Gone Phishing! How To Spot A Phishing Scam

If you are a user that has been around for a while, there is a pretty good chance you’ve been targeted with a phishing scam. You may have a long lost relative in another country who left you millions – and all the executor of the estate needs is your banking information to send you your inheritance! Or a prince of a small country is trying to move some of his fortune and escape to America – and if you can help, you will be rewarded!

These are some oldies-but-goodies, however phishing scams have and will continue to get better and smarter.

There was a time when phishing scams almost always came filled with poor grammar, spelling errors, and writing that just seemed a little off. While these still exist, things have become harder to detect.

These scammers are always looking for your personal information. There are a few ways they can do this, but most of them begin with email spoofing, where a sender will mask their actual email address with a familiar one.

If it isn’t a spoofed email, it may come from an address that is very close to that of a known and trusted sender. This could have an extra letter or even just a period to try to trick you into completing whatever task they are using in an attempt to get your information. This could be something as simple as a link to “family photo” or video and it could very well open your system to different vulnerabilities.

Something like a keylogger, a program that tracks your keystrokes, can be almost undetected while also gathering your online banking or credit card information.

Lately, phishers and scammers have pulled out all the stops. There have been cases where phishers will not only spoof an email, but also documents. These can look pretty real, so take a close look.

A new long-shot, big-payoff scam is to spoof an email address of a financial institution to try to intercept money from home purchases. This is done with forged documents and a fake email. While it’s a long shot for something that big to happen, do big business in-person or through trusted secure communications.

What to watch for:

When you have email communication from a known sender that doesn’t quite add up (or doesn’t sound like them), don’t assume they’re just having an off day. One example: if you know your family member shares all of their photos on Facebook, would they really email you a link with little to no writing in the email?

Any “company” asking for any personal information or passwords through email should also raise red flags. While this might seem obvious if the email address doesn’t match, a spoofed email address can make this trick easier to fall victim to.

Also, be wary of anyone asking for your bank account number via email. Even if it is legitimate, there are other ways to send this information. Protect yourself by choosing a more secure method of communication.

What to do:

If something seems off, research it. If you get a weird email requesting something or asking you to click on a link, don’t assume it’s safe. If it’s from someone you know, ask them if they did send it.

If you are the one “sending,” check your Outbox or Sent folder. This is a good indication if the email came from you or someone you know.

Rules Of Thumb To Avoid An Infection

Anthony Glover is Tech Expert’s senior network engineer and service manager.

A virus can be an upsetting, expensive endeavor to deal with. A virus can wreak havoc on your personal files (like important spreadsheets or family photos) or the system files that keep your computer functioning.

These files can become corrupted, encrypted, or deleted, which makes recovery difficult or sometimes impossible.

Some less obvious viruses — the ones that might slow down your system instead of destroying it — can still affect you by stealing data and what you type on your keyboard, gaining access to your stored credit card information or important sites you use, like your bank. [Read more…] about Rules Of Thumb To Avoid An Infection

Anti-Virus: It’s Worth Protecting Yourself

Ron Cochran is a senior help desk technician for Tech Experts.

You can have any machine — from the latest and greatest, to the old dinosaur in the corner — but if you don’t have virus protection, your latest and greatest machine might soon run like that dinosaur in the corner.

All of your sensitive images, documents, billing information, and passwords are subject to infection. No matter how careful you are, there is always something that slips through the cracks.

Often, users say, “I have such and such subscription,” or “I don’t click on anything I don’t know,” but the people spending countless hours causing havoc on computer users will always find new and sneaky ways to infect computers.

Viruses can be attached to images or links on websites. They can also be renamed to look like something that you should install. Once inside your computer, they are hard to track down even by a seasoned computer technician.

Viruses very rarely remove anything from your computer. Instead, they have a tendency to add things that can record your activities on your computer. A person could install a silent program that will start recording your keystrokes triggered by keywords; it can also take a screenshot or record email addresses and passwords. Most of the time, they don’t need to even gain access back to your computer to report the data.

They can have an email sent from your computer and Internet connection without you knowing it. That email, secretly sent from you to them, would contain your information (keystrokes, clicks, etc.).

By now, you have heard of the “crypto virus” and all of its variants. There are many solutions out there, but select few offer “zero-hour” infection reversal, however it’s something that businesses can especially benefit from. Let’s say you accidentally encrypt your machine; it would then be inaccessible until you pay the ransom to unlock your files.

Protection that offers infection reversal can revert your system back to its state right before you were infected and it would be like you never infected by the virus at all. This feature is part of Webroot Secure Anywhere, which is something we can provide.

Viruses not only help people steal your data, but they can also delete or corrupt files, degrade system performance, and make your computer run slower.

Viruses can also prevent programs from working and they can use your email to send out copies of itself to your contacts and other users. Sometimes, they can disable your computer from starting up by corrupting your BIOS firmware.

A couple of the main things that you’ll notice once you’re infected is that your system could run slower and you’ll receive all kinds of fake pop-ups, ads, warnings from “Microsoft,” etc. These type of files are referred to as “scareware” and the makers feed on the fear that you might lose your data, so you’ll pay them to “unlock” your system or “remove” the virus.

Again, we go back to protection. If you had virus protection, then it’s likely that would stop it before it even established itself inside your computer.

There are a few things you should do, if you haven’t already: get some sort of whole computer protection (such as Webroot), have restore points saved on your operating system, have a backup of your operating system install saved on some sort of external media, and save your documents, pictures, and videos to an external source.

When you find yourself in a predicament where you have to wipe an entire computer to remove an infection, you’ll be glad you took the time to prepare for the worst.

The Importance Of Having Ad-Blockers

Luke Gruden is a help desk technician for Tech Experts.

Every day, millions of people go online and go to a familiar website, just to get an advertisement pop-up that disrupts their online experience.

Ads are a way of life for many websites to generate profit from viewers visiting their website and, when clicked, these ads can take a person to another website, usually for their product.

While annoying and harmless when used as intended, issues in this system start to happen when the intentions of an “advertiser” go beyond just advertisement.

There are malicious people on the Internet utilizing advertisements to leave our computers and information vulnerable for theft and abuse.

Some advertisements will come in as scareware trying to pressure people into calling their number or download a harmful program.

Scareware is a common pop-up that thousands have fallen victim to – giving up Social Security numbers or access to bank accounts, allowing malicious connections to their computers, leaving networks vulnerable and infected, and more.

Some advertisements, if not filtered by a website correctly, can actually contain viruses and infections that don’t allow a person an opportunity to protect their own browser and computer.

These infections usually leave spyware and trojans that try to steal your information from your computer.

Surprisingly, the websites with these sorts of advertisements may have never intended for you to fall victim to scareware or other infections.

Usually, websites with these ads tend to be smaller websites using an advertisement agency that does not fully screen all the advertisements they are receiving, allowing malicious people to send their harmful information out onto the Internet.

There is a very simple solution to these real threats: ad-blocking software. If you use Firefox or Google Chrome, there are two good options that you can attach to your browser.

The first option is Adblock Plus, which is a common choice that works well. There is also uBlock Origin that uses less processing power than Adblock Plus that also blocks most advertisements. Both of these options will go a very long way in protecting your computer.

If you are using Internet Explorer or Microsoft Edge, these web browsers do not support add-ons and have weak advertisement blocking capabilities.

Firefox and Chrome on their own, even without add-ons, are more secure than Internet Explorer. If you have not switched to Chrome or Firefox, I highly recommend you make the change soon.

The installation processes for Adblock Plus and uBlock Origins are very straightforward and easy on Chrome and Firefox. You can Google the ad-blocker you want to use and go to either the Chrome web store or Add-ons For Firefox, based on which browser you are using.

Keep in mind that this isn’t a substitute for anti-virus. Ad-blocking extensions for your browser simply help to block the things that could become nasty infections.

For a more protected computer, you should absolutely use both anti-virus and ad-blockers.

If you need help setting up ad-block software or have questions, you can always contact Tech Experts.

Stay safe and remember to use ad-blocking software to keep your Internet experience safe.

Virtual Private Networks: What, Who And Why

jared-stemeye
Jared Stemeye is a Help Desk Technician at Tech Experts.
In our modern world, it is tough to come by anyone born within the last two generations who doesn’t use a smart phone, tablet, or other personal computing device daily.

With the ongoing tech revolution comes continuous news of hacked users, mass data collection, and online tracking reported by mainstream news outlets.

This is the reason Virtual Private Networks (VPNs) are becoming a necessity as computer users conduct more and more of their day-to-day lives online.

What Is A Virtual Private Network?
A VPN is a group of computers or networks linked together over an Internet connection. All the information sent or received over the Internet is automatically encrypted when connected to a VPN.

Typically, VPN services offer the highest forms of encryption to protect said data, providing peace of mind for anyone conducting personal or business-related tasks where sensitive information may be present.

As the technology has evolved, VPN applications have become very easy to install and operate. Many of the popular personal-use VPN software developers have made it as simple as installing the app and turning the VPN service on.

Premium VPN services even allow users to choose to mask their IP address, making it appear as though you are accessing the Internet from an entirely different country, which can be quite useful if you do not like your web activity tracked by ad-targeting websites like Facebook or YouTube or your Internet Service Provider.

Who Most Commonly Uses VPNs?
Many different individuals and organizations use VPNs for varying reasons, but the need for a strong layer of security is the fundamental purpose for everyone.

From a business standpoint, VPNs can be easily set up and maintained so that employees can securely access company resources and tools from anywhere on any network or Internet connection without the fear of having sensitive information intercepted.

Further, this encompasses all aspects of a business’ need for security of payroll information, employee and customer information, scheduling, and any other confidential company documentation.

The population of personal VPN users has expanded dramatically in the past year. VPNs are the perfect solution for frequent travelers and those who value their privacy, which has become increasingly difficult to maintain.

Why Should You Use a VPN?
Most of us consider ourselves law-abiding “digizens,” using networks for entertainment, communication and knowledge – but other net users may not be so nice or trustworthy.

A VPN can protect you by concealing your web activities from those with prying eyes under layers of encryption that makes all of your web traffic nearly impossible to intercept or track.

This is especially relevant if you are a frequent user of public Wi-Fi networks, such as your favorite lunch spot or coffee shop. The act of accessing vital information on your devices through a public network is easier than most realize.

Given this, I highly recommend the use of a VPN for your daily Internet use, whether it is personal or professional.

Joining the privatized world of VPNs is an easy and extremely beneficial process.

VPN providers are generally friendly and typically on hand to help should a problem arise.

If you are just getting started with VPNs, consider acquainting yourself more in-depth through a Google search of the top VPN applications and their different features.