TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Online Security

Online Banking: Safety And Security Precautions

Printby Jeremy Miller, Technician
There are many avenues of attack when banking online safely. Many people simply use a computer that is attached to the Internet with little to no precautions at all. Some bank online even if they know there are issues with their computer or virus infections on their computer.

I will cover three levels of precaution that you can take to ensure your online banking information stays secure: simple, advanced, and paranoid. As the level of precaution increases, it will be more time consuming and difficult but worth it if you want to keep your online banking experience safe and secure.

Simple Precautions
To keep your information secure you must make sure that your computer is fully up-to-date with all Windows Updates and other software patches. Software vendors like Microsoft release security patches regularly to close exposed security holes in their software. Without patching hackers can use known-vulnerabilities to attack your computer.

Next you must make sure that you have anti-virus software installed and it is up-to-date with the latest virus definitions. You must also have your anti-virus run scans regularly to make sure the computer is clean of any known infections.

You should always look in the Uniform Resource Locator (URL) bar to make sure the web address you are accessing is the correct one. Also make sure that the first five characters are HTTPS.

This will ensure that your traffic is encrypted, which will make your entire web traffic look like gibberish. If your first characters are only HTTP and not HTTPS then hackers would be able to read your password in plain text.

Lastly, you must only do online banking from trusted-networks like your home network or in some cases your work network. Anyone else attached to your network has the possibility to access your bank information if they have the know-how.

To be sure you are on a secure network, you should not use online banking from public or free networks that anyone can access. When you do this you ensure that only you and your Internet Service Provider (ISP) can view your online traffic.

This will also protect you from man-in-the-middle attacks (MITM).These attacks are when a hacker is in between you and your target destination usually a router. Hackers using MITM attacks will be able to see all unencrypted traffic.

Advanced Precautions
You must ensure you are implementing all simple precautions, including a few more steps you can take to up your protection level.

Run a full virus scan before accessing your online bank account each time. Your system will be clear of known infections, plus it gives you significantly less risk of an infection since your last scan. A full scan looks at every file on your computer and checks it against a known virus database.

You can also configure Windows Firewall to prompt you before allowing traffic in or out of the computer, or you can install a software-firewall to scan your active Internet traffic.

The firewall will prompt you with pop-ups to ask if specific connections are allowed. This will allow you to approve or deny all traffic on your computer. Usually firewalls have different settings to allow you to choose the level of security this firewall will provide.

Paranoid Precautions
This is the most secure of the three and implements the previous precautions. It would be best to boot to a new operating system every time you need to access your online bank account. You need to know how to change your computers boot order and how to create a bootable USB drive or disk.

There are a number of free operating systems that you can load onto a disk or USB drive. WinPE will allow you to boot into a portable version of Windows. This will be a clean installation with no additional software installed.

You can also use the more widely available bootable Linux distributions as a clean bootable operating system to access your bank information. Ensure you are getting your distribution from a reputable vendor.

Most Linux distributions are free. Downloading a reputable vendor will ensure that there isn’t malicious software pre-loaded into the operating system.

If you are interested in enjoying a safer browser experience you can contact us and we can answer any questions or concerns as well as help you implement any of these precautions.

(Image Source: iCLIPART)

Better Passwords: Keep Your Information Secure!

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It could be your email, your pictures, or your company documents and files – whatever you have on your computer needs to protected from hackers, identity thieves, nosy employees and other cyber troublemakers.

Imagine if all of your private, personal and company information were available on the public Internet. And then, take a few minutes to follow the steps below and help make your systems more secure.

Use a different password for each important service
Make sure you have a different password for every important account you have. Hackers will steal your username and password from one site, and then use them to try to log into lots of other sites where you might have an account.

Even large, reputable sites sometimes have their password databases stolen. If you use the same password across many different sites, there’s a greater chance it might end up on a list of stolen passwords. And the more accounts you have that use that password, the more data you might lose if that password is stolen.

Giving an account its own, strong password helps protect you and your information in that account.

Make your password hard to guess
“password.” “123456.” “My name is Inigo Montoya. You killed my father. Prepare to die!” These examples are terrible passwords because everyone knows them – including potential attackers.

Making your passwords longer or more complicated makes them harder to guess for both bad guys and people who know you.

Complex and lengthy passwords can be a pain – the average password is shorter than eight characters, and many just contain letters. Analysis shows that only 54 percent of passwords include numbers, and only 3.7 percent have special characters like & or $.

One way to build a strong password is to think of a phrase or sentence that other people wouldn’t know and then use that to build your password.

For example, for your email you could think of a personal message like “I want to get better at responding to emails quickly and concisely” and then build your password from numbers, symbols, and the first letters of each word—“iw2gb@r2eq&c”.

Don’t use popular phrases or lyrics to build your password—research suggests that people gravitate to the same phrases, and you want your password to be something only you know.

Keep your password somewhere safe
Research shows that worrying about remembering too many passwords is the chief reason people reuse certain passwords across multiple services.

But don’t worry – if you’ve created so many passwords that it’s hard to remember them, it’s OK to make a list and write them down. Just make sure you keep your list in a safe place, where you won’t lose it and others won’t be able to find it.

If you’d prefer to manage your passwords digitally, a trusted password manager might be a good option. Many web browsers have free password managers built into them, and there are many independent options as well.

Steps To Secure Your Social Media Strategy

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Keeping your internal network secure is one of the top jobs of IT consultants like Tech Experts. You don’t want confidential company or client data to show up on the web.

But what happens when you start marketing your company on social media sites? How do you keep your company secure?

In general, cyber criminals aren’t stupid. They troll sites like Facebook and Twitter, looking to take advantage of useful information employees naively post.

A policy that educates your employees on the “Do’s and dont’s” of social media posting can save your company an enourmous amount of aggravation.

Here are a few steps to include in a social media policy to ensure social media is conducted in a secure manner. It’s important to have a solid policy if you want to ensure that your network and data remain safe from potential social media threats.

Watch where you click
Almost all social media postings contain links to other content. This is the sweet spot hackers are targeting. They place innocuous links to virus and spyware programs, or even worse, hijacked accounts of your friends and business associates.

You should tell employees involved in your social media efforts not to click on any suspicious links. If they receive links from friends that seem uncharacteristic, it’s a good idea to not click on them.

Update privacy settings
Social media sites constantly update and change security settings on their networks, leading to unexpected exposure of information you might not want indexed on the web. It’s a good idea to ensure that all of your profile information is private, and that you regularly review your privacy settings.

Don’t share personal information
This might seem obvious to you, but there are still unsuspecting users out there who share too much of their personal information on social sites. Remember, social media is all about being social. Pretty much everything you share can be viewed by others. The last thing you want is an identity thief accessing your contact information and other personal data.

Log in using HTTPS
HTTPS is a web protocol that ensures the data sent between your computer and a web site is secure and encrypted. Many social sites like Facebook, Twitter, and Google Plus support HTTPS, and you should ensure that you use it.

To use HTTPS, you simply put an S at the end of the usual http address in the URL bar of your browser. I.e., https://facebook.com will open a more secure version of Facebook. By using HTTPS you can eliminate Man-in-the-Middle attacks and other similar types of phishing.

They key thing to remember: If you don’t know them, they aren’t your friend. You’ll be miles ahead if you treat social media interactions like you do real life interactions. You wouldn’t offer a stranger your cell phone number or home address until you knew them well. The same precautions apply to your social media accounts.

Secure Online Accounts Without Sacrificing Ease Of Use

by Jeremy Miller, Technician
The Internet allows us to do so much, such as: buy things, research information, and share just about anything. There is and will always be someone out there that is going to take advantage of Internet users in one way or another.

Keeping that in mind, most places on the Internet use password authentication, this is both good and bad. It is good because you are required to enter credentials that you originally provided to enter a protected area of a website.

This may keep your data safe from most people with malicious intent. However, most people are not perfect at remembering passwords, especially complex passwords, so most people end up using the same password for many websites. This is a bad choice.

If a hacker obtains your password, they may be able to access any site on which you use that password or a similar password. The best Internet practices are to use a different complex password for each website.

Complex passwords are passwords that contain upper and lower case letters, numbers, special characters, and they must not resemble any dictionary word.

An example of a bad password is: love, password, P@ssw0rd. A good example of a complex password would be: ”n$)M1@x{1_5” 65”.

Password cracking has come a long way from brute-force dictionary based attacks, which allow a hacker to guess your password using a computer and wordlists. The use of complex passwords has become a necessity for anyone wanting to keep their information secure.

The best way to solve this conundrum is to implement a password manager. I have tried many password managers and have found the best results to be with LassPass password manager.

It is a feature rich password manager that is very secure. LassPass does not store or even know what your password is.

You can add LassPass as a browser extension or an app on your computers or mobile devices. You will only have to remember your password to LassPass to access any password protected websites.

Once LassPass is installed you simply visit a website that requires a login, such as your webmail or Facebook. Once you enter your username and password LassPass will ask if you would like to remember it.

If you choose yes it will auto fill out the information required to automatically login to the website the next time you visit it.

LassPass can also store secure encrypted notes that work great for bank logins. Most banks have a multi-stage login which is where you enter your username and password on different pages.

You can store your usernames, passwords, account numbers, and card numbers in secure notes for ease of access. All of your passwords can be accessed from any platform and any device.

LassPass also provides users with many tools that make using the LassPass password manager better such as: password generators, automatic form filling with the ability to have multiple identities, easily backup the data to local storage, on-screen keyboard to prevent key loggers, ability to share information via email, and most importantly two-factor authentication.

A two–factor authentication device allows you to use a password and a device such as a USB flash drive, YubiKey©, or Google Authenticator App to authenticate.

This improves your security because you have to have the second credential. Since that is in your possession, a cyber criminal would have to actually steal your device to hack your passwords.

Once you start to use LassPass as a password manager you will not want to return to remembering passwords or creating weak password that are easy to remember.

Give us a call to talk about improved security for your online accounts. We can help you setup the password manager and teach you how to use it. This is another way to make sure that your identity does not get compromised.

The Best Ways To Protect Yourself From Malware

By Tech Experts Staff
Users who bring their computers in to repair malware infections invariably ask the same question: “Why didn’t my antivirus stop me from getting viruses?”

So, you’re probably wondering, “If having antivirus software on my computer won’t protect me from viruses, what will?”

The fact of the matter is that while computer users are told they have to have antivirus on their PCs or risk getting infection, a machine can still get a virus despite antivirus software being installed.

Antivirus not foolproof
Antivirus software is designed to help prevent your system from becoming infected, but it isn’t foolproof. Antivirus software is constantly updated, but can be out of date for hours or even a day or two when a new infection is discovered.

Virus definitions are used to detect viruses and prevent them from gaining access to your computer. Automatic updates in antivirus software like Vipre download the updated definitions to protect your computer.

It’s the time period between when a new virus or malware is released, and the software companies can update the definitions, that your system is vulnerable.

How to protect from malware
Although no antivirus software, even the most expensive versions, offers guaranteed virus protection, antivirus software is a must have. We’ve seen a number of infections where clients have said that they were on legitimate sites at the time the infection hit their computer.

Even legitimate websites have the chance of malware being coded into them by hackers, causing that website to send the malware onto your computer.

So, the absolute best thing you can do is to have antivirus software installed.

The next best step is to be cautious about what you are looking for on the Internet. Many times, users looking for “free” items on the Internet don’t suspect that they might as well be searching for free viruses.

Hackers are crafty – targeting people looking for free downloads is an easy way to spread an infection.

Some of the most common risky items to search for are “screensavers,” “free games,” “work from home,” and “taxes.”

With the search terms shown here, it’s easy to see how computer users could easily be tricked into downloading a file or application that was laced with a virus.

Cautious browsing
The second step to preventing infections on your computer is a combination of common sense and caution.

While it may not be common knowledge as to what is and is not safe to click on while on the Internet, really what it comes down to is using common sense. There’s no such thing as a free lunch, even on the Internet – if it seems to good to be true, it probably is. It’s very important while browsing the Internet that you do not click on anything that just catches your eye. Many times, people have a tendency to click on ads, and because of this, ads have a high risk of containing malware. Don’t click on ads!

The second part, be cautious refers to everything you are doing that involves the connection to the Internet.

If you are using email, make sure you were expecting an email from the person sending it. Opening forwarded emails is a bad habit.Many viruses attach themselves to email accounts and send a lot of spam and forwarded messages which unsuspecting users click on and mistakenly download a virus onto their machine.

So to sum everything up, you should always have antivirus software installed on your computer and keep it up to date.

Even if you think you are a computer pro, keyloggers and many other items can get into your computer and run in the background undetected sending away your private information.

Always use common sense and extreme caution as to what you click on. Nothing is free and you don’t ever know for sure who or what is on the other end of that email you just happened to get in your inbox.

If you think you may have a virus or malware on your computer, or just want it checked for safety’s sake, give us a call or bring your computer in and we can check it out.

It is all too common to see viruses on machines but not actually see anything different on the computer other than it “running a little slow.”

Why You Should Avoid Using A Debit Card When Shopping Online

If you shop online (and these days, who doesn’t?),  you’ll want to make sure you use a credit card instead of a debit card to protect yourself from online scams and rip offs.
The biggest advantage credit cards offer is a buffer for payment. By law, your maximum loss if your credit card number is stolen is $50, and most credit card companies and banks will cover the entire cost.
When you use a debit card, the funds come directly out of your bank account, which means you might have trouble disputing the charge if you get scammed or if you are not happy with the product or service you purchased.
Here are some other tips to make shopping online safer:

Research your merchant before buying. The Federal Trade Commission maintains a web site (www.consumer.gov) that provides many buyer’s guides, lists of tips, and links to helpful resources.

Make sure you are on a secure web site before you give your name, address or credit card details. Look for a padlock or a key symbol in the bottom corner of your screen.
Never send your credit card number in an e-mail because it can easily be stolen.
Frequently check your credit card statements for suspicious entries. If you spot anything strange, contact your credit card company immediately to question the charge.
Call the company before placing an order. See if a real person answers the phone and how difficult it is to get someone live. Ask for their return policy for damaged or inadequate goods, expected delivery dates, shipping and handling fees, and after-purchase support.
Think before you buy. If the online advertisement or junk e-mail offer sounds too good to be true, it probably is!
If you have any reason to be suspicious, you are better to err on the side of NOT buying.
Watch for hidden extras added on at checkout such as postage and packing costs, and handling fees.
VAT and customs charges for goods from overseas can add greatly to the final cost, so double check your order before you hit the final submit button.
Read the company’s privacy policy carefully. Make sure you uncheck any boxes giving the vendor permission to sell or share your information with other vendors, especially your email address.

Security Risks Of Employee Owned Devices

Employees using their own mobile devices for work may seem like a good idea at first – it’s less expense for you, the employer, and they can also make employees more productive.

However, it also means that you are allowing potentially unsecure devices to access your company’s data. The solution? An effective IT security policy that balances personal freedom to use these devices and your need to secure important business information.

As technology continues to become more affordable and accessible to consumers, it’s an inevitable fact that employers will see more and more of their employees using  their own personal devices such as laptops and mobile phones to access the company’s IT system.

This can be a dangerous thing. Since these devices aren’t company owned and regulated, you have limited access and control over how they are used. Employees could download all sorts of malware and viruses on their devices and pass the infection along to your IT system when they access it.

The solution: a comprehensive IT security policy. It’s important that you find a compromise between the freedom of the employee to use the device as desired and your need to keep your IT system safe from viruses and other threats to your data’s security.

Steps such as having employees run mobile device management (MDM) software on their devices is one of many actions you can take to lessen the risk of security breaches. You may also want to implement applications and software that check and screen for malware, both for laptops and mobile devices. And don’t forget that while Android seems to have a bigger problem with malicious software, Apple isn’t exactly virus-free, either.

Employees have a right to use their personal devices as they see fit, but not at the expense of important company information stored in your IT system. Running a tight ship in terms of security is an effective way to protect your business interests and your sensitive company data.

If you are interested in knowing more about developing a concrete and effective IT security policy for personal device use as well as general system access, please don’t hesitate to give us a call so we can sit down with you and discuss a custom security blueprint tailored for your company’s network.

New Year’s Resolutions For Problem Free Computing

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Even though we’re a few weeks into the new year, it’s not too late to take a look at your company’s network and make a few resolutions for better computing in 2012. Here are a few suggestions.

Better backups – now!
Implement a better, more reliable backup system to ensure your critical business data is properly protected. If you’re still using tape drives or not employing the latest professional-grade backup software, there’s no bigger New Year’s resolution that you should have.

You should have both an onsite and offsite backup of your data that allows you to restore files fast. Your backup should also be image-based, not just file-based.

Data loss can happen from human error, hardware/software failure, fire, flood, theft or other disaster. Every hour that you’re without your critical business information could cost you thousands of dollars.

Check out the cloud
Is cloud computing is right for you? In many cases, parts of your IT infrastructure can easily be put in the cloud to save you money and give you better service. It is important to talk to someone who can honestly assess your situation and tell you the pros and cons of making the switch to the Cloud. It’s not for every business but it’s worth exploring closely.

Dump the old PCs
I know that no one really likes spending money on new computers but think about how much unproductive time your staff spends waiting for their slow machines.

You can get an entry-level business desktop now for as little as $600, and speed upgrades to newer machines are very reasonably priced. What’s the cost of staff sitting around waiting for their computer or dealing with computer problems?

Upgrade your server
New servers are light years ahead of the ones made three, four and five years ago. Your company is less productive and less profitable with a server that slows everyone down.

Change your passwords
Most businesses regularly have employees leave, including those who were involved with supporting the computer network. Changing passwords regularly will improve security and protect your valuable customer and business data.

Perform a security review
We’re seeing all sorts of increased threats from hackers these days and you need to make sure your security approach is up to date. There are many parts to your security that you should examine including password strength; anti-virus software; and getting a strong firewall that will prevent intrusions, attacks and other malicious activity.

Keep up with your preventive maintenance
Downtime and annoying IT problems can be prevented with regular maintenance on your computers and network. If you’re not doing this now, it’s time to start!

Start the year right with a full audit of your network to develop your IT plan for the year.

Our top of the line network audit is a 27-point review of the security, performance and reliability of your network, and includes a full hardware and software inventory, plus checks on the health of your server, firewall, and network backup.

Industry Standard Security Best Practices

Network security is a must in any network, but when it comes to a business network, there are a number of security standards and best practices that ensure you have control over your network.

Businesses in certain industries secure. Many different companies require different security standards; one organization for instance is the PCI (Payment Card Industry). The payment card industry has very a strict network security standard.

The below practices are fairly strict and will offer you a great deal of control and protection against data theft and network intrusion.

Modem
We will start from the outside edge of your connection of your network and work our way in from your modem on into client workstations.

The modem is probably the simplest device on the network – you can’t really secure it (beyond performing regular updates), but some ISP’s feature a built in firewall in the modem. This can be turned on or off to work in conjunction with your company’s firewall.

Firewall
The next item to take a look at is your router/firewall. Generally you would have a router that offers several ports you can connect to via a direct Ethernet connection as well as WiFi access.

This firewall will add another layer of protection for when your network connects to the Internet. When configured properly, you would block all unauthorized network connections. As far as protecting the WiFi goes you are best to enable MAC filtering.

Each piece of network hardware has a unique identifying numerical code, called a MAC address. Filtering by MAC lets you set up WiFi so that only devices you explicitly define are allowed to connect to your network.

Once you have MAC filtering in place, you can also encrypt network traffic and use a long secure password. Since the clients on the network will not need to type this password in all the time, it is best to make a complex password containing both capital and lower case letters, numbers, and symbols.

Another option to further increase security when it comes to WiFi connections is to set the access point to not broadcast it’s SSID. This will make it look to the normal person as if there is no wireless connection available.

Server
There are a lot of features that can be enabled at the server to further improve network security. The first item to review is the group policy. Group policy is part of the server operating systems that allows you to centrally manage what your client workstations have access to and how.

Group policies can be created to allow or deny access to various locations on your users’ desktops. You can get as granular as defining a group policy that sets standards on user passwords.

By default, Windows Server 2008’s password policy requires users to have passwords with a minimum of 6 characters and meet certain complexity requirements.

While these settings are the defaults, generally 8-10 characters is recommended as well as mixing upper and lower case letters, numbers, and special symbols. An example of a complex password might be @fF1n!ty (Affinity). This password would meet all complexity requirements and is fairly easy to remember. Passwords should also be forced to reset every so many days. A good time period is roughly 30 days.

One other possible option is to have firewall software installed on the server itself to regulate traffic in and out of the server.

The nice thing about having a firewall on the server itself is that you have the ability to log failed connections to the server itself as well as what that connections is and where it was coming from.

This feature alone gives you a lot more control over the network. For example if you noticed in the firewall logs on the server that a connection you didn’t want getting through was making it to the server you can go back and edit policies on the router/firewall to attempt to further lock down your network from that point as well as blocking it at the server.

One final quick thought on server security is physical security.

Generally it is a good practice to have the server physically locked in a room that only specific people have access to. If you really wanted more control as well you can have the server locked using a system that logs who comes in and out of a room via a digital keypad and their own passwords.

When it comes to your workstations, employees should only be logging into the workstation via their domain login and not using the local admin login.

This will allow you to centrally control via group policy what they can access like stated above. You can also configure roaming profiles so that if someone was to steal a physical workstation they would not have access to any company information as it would all be stored on the server and not that workstation – which is another great reason to have your server locked up.

Employee logins to workstations should also have account lockout policies in place so that if a user attempts to login too many times with an incorrect password, the server would lock them out on that workstation for a time period set by the administrator. One other item you could have in place for various employees is specific time periods their credentials will allow them to log into the systems.

One final step in network security is having good antivirus software installed on your workstations and your server. A compromised machine can be giving your passwords and information away to hackers making it possible for them to waltz right into your network undetected.

You are best protected by having as many of the above security steps configured and working properly on your network.

Determine what your network needs, evaluate the practice after it has been in place for a month and make the proper adjustments to ensure your network is safe. You should also preform regular security audits.

If you would like to see how secure or unsecure your network is give us a call and we can perform a network security audit for you and let you know where you stand!

Featured Article Written By:
Tech Experts

How To Shop Online More Safely And Securely

These tips can help you determine that you’re shopping at a secure and trustworthy website.

Look for signs that the business is legitimate. Buy only from reputable stores and sellers. Here are some ways to check.

Find out what other shoppers say. Sites like Epinions.com or BizRate have customer evaluations which can help you determine a company’s legitimacy.

Look for third-party seals of approval. Companies can put these seals on their sites if they abide by a set of rigorous standards such as how personal information can be used. Two seals to look for are the Better Business Bureau seal, and the TrustE certified privacy seal.  If you see the seals, click them to make sure they link to the organization that created them. Some unscrupulous merchants will put these logos on their websites without permission.

Look for signs that the website protects your data. On the web page where you enter your credit card or other personal information, look for an “s” after http in the web address of that page. This shows that the web page is encrypted. Encryption is a security measure that scrambles data as it traverses the Internet.

Also make sure there is a tiny closed padlock in the address bar, or on the lower right corner of the window.

Use a filter that warns you of suspicious websites. Find a filter that warns you of suspicious websites and blocks visits to reported phishing sites. For example, try the SmartScreen Filter included in Internet Explorer.

Keep your web browser updated.

It helps protect you when you shop online.