Five Things You Should Never Do On A Work Computer

Whether you work remotely or in an office, the line between personal and work tasks can become blurred when working on your company computer. If you’re in front of a computer for most of your time during work, then it’s not unusual to get attached to your desktop PC.

Over time, this can lead to doing personal things on a work computer. At first, it might just be checking personal email while on a lunch break. But as the line continues to get crossed, it can end up with someone using their work computer just as much for personal reasons as work tasks.

In a survey of over 900 employees, it was found that only 30% said they never used their work PC for personal activities. The other 70% admitted to using their work computer for various personal reasons.

Some of the non-work-related things that people do on a work computer include:

  • Reading and sending personal email
  • Scanning news headlines
  • Shopping online
  • Online banking
  • Checking social media
  • Streaming music
  • Streaming videos/movies

It’s a bad idea to mix work and personal, no matter how much more convenient it is to use your work PC for a personal task during the day. You can end up getting reprimanded, causing a data breach at your company, or possibly losing your job. Here are several things you should never do on your work PC.

Save personal passwords in the browser
Many people manage their passwords by allowing their browser to save and then auto-fill them. This can be convenient, but it’s not very secure should you lose access to that PC.

When the computer you use isn’t yours, it can be taken away at any time for a number of reasons, such as an upgrade, repair, or during an unexpected termination.

If someone else accesses that device and you never signed out of the browser, that means they can leverage your passwords to access your cloud accounts.

Store personal data
It’s easy to get in the habit of storing personal data on your work computer, especially if your home PC doesn’t have a lot of storage space. But this is a bad habit and leaves you wide open to a couple of major problems:

Loss of your files: If you lose access to the PC for any reason, your files can be lost forever.

Your personal files being company-accessible: Many companies have backups of employee devices to protect against data loss. So, those beach photos stored on your work PC that you’d rather not have anyone else see could be accessible company-wide because they’re captured in a backup process.

Visit sketchy websites
You should assume that any activity you are doing on a work device is being monitored and is accessible by your boss. Companies often have cybersecurity measures in place like DNS filtering that is designed to protect against phishing websites.

This same type of software can also send an alert should an employee be frequenting a sketchy website deemed dangerous to security (which many sketchy websites are).

You should never visit any website on your work computer that you wouldn’t be comfortable visiting with your boss looking over your shoulder.

Allow friends or family to use it
When you work remotely and your work computer is a permanent fixture in your home, it can be tempting to allow a friend or family member to use it if asked. Often, work PCs are more powerful than a typical home computer and may even have company-supplied software that someone wouldn’t purchase on their own.

But allowing anyone else to use your work computer could constitute a compliance breach of data protection regulations that your company needs to adhere to.

Just the fact that the personal data of your customers or other employees could be accessed by someone not authorized to do so can mean a stiff penalty.

Additionally, a child or friend not well-versed in cybersecurity could end up visiting a phishing site and infecting your work device, which in turn infects your company cloud storage, leaving you responsible for a breach.

At least 20% of companies have experienced a data breach during the pandemic due to a remote worker.

Turn off company-installed apps like backups and antivirus
If you’re trying to get work done and a backup kicks in and slows your PC down to a crawl, it can be tempting to turn off the backup process. But this can leave the data on your computer unprotected and unrecoverable in the case of a hard drive crash or ransomware infection.

Company-installed apps are there for a reason and it’s usually for cybersecurity and business continuity. These should not be turned off unless given express permission by your supervisor or company’s IT team.

The Security Problem Of John’s “Other” Laptop

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Love it or hate it, Working From Home is huge and here to stay.

As a nation, we’ve really embraced the changes forced upon us by the pandemic. Many businesses have become more flexible with a mixture of office-based workers, hybrid workers and fully remote workers.

We had no idea that we could change so much, so quickly, did we? Work just doesn’t look the same as it did in 2019.

And because of that, cyber security in 2022 doesn’t look the same either. When you have people working away from your office, you need to take additional security measures to keep your data safe.

Even before we’d heard the word “Coronavirus,” many of us were working from home now and then. Checking emails on the weekend. Finishing up a project in the evening. Getting a head start on your week.

Now, Working From Home has to be taken more seriously. If any of your staff works anywhere away from the office, there’s a chance they’re taking unnecessary risks with your data. [Read more…]

Is Your Business Secure? Top Three Ways To Protect Your Company

Effective cybersecurity is not a “one size fits all” solution but needs to take into account the unique needs of your particular business.

That said, however, there are three key things you can do to immediately safeguard your business at a basic level.

Automate software updates

Let’s be real. We all forget things sometimes. Even something as important as updating the software on our devices. And sometimes it’s not even a “forget” but an “I don’t have time right now for my device to be down.” But automating updates and setting them to process during off-hours can be the difference between a successful and unsuccessful breach.

Educate your employees

Employees are the number one point of failure in any cybersecurity event. A recent report from Kaspersky Labs found that 90% of corporate data breaches occur as a result of social engineering attacks on employees – not the providers.

Use the Cloud

Many of us used to say that it was “too risky” to be in the cloud. That our data was “safer” here on-site where I can control access to every bit of the network. However, over the years, we have learned that using cloud solutions is actually more secure than on-site solutions and here’s why: cloud providers have a higher level of certification needed in order to prove the level of protection required of a cloud solution.

Cloud providers know it is imperative that their solution be the most secure solution available and any blemish can be a make or break problem for the longevity of their business. As such, they make it their business to know and keep up with the ever-changing cybersecurity world and work to implement the latest protections across their entire networks.

Last year was a record-breaking year for cyberattacks, with Colonial Oil, JBS, and even Buffalo Public Schools. The time to update your security protocols is now before you fall victim. Schedule your audit today and keep your business safe.

Three Scary Questions To Ask About Your Data On Your Staff’s Phones

More and more businesses encourage staff to use their own personal cell to access company data.

It’s very convenient and cost effective for everyone. Isn’t that the point of having all your data and apps in the cloud? You can access anything anywhere on any device.

But there are downsides. Any time someone accesses business data on a device that you don’t control, it opens windows of opportunity for cyber criminals.

Here are 3 scary questions to ask yourself.

What happens if someone’s phone is lost or stolen?

What’s a pain for them could be a nightmare for you. Would you be able to encrypt your business’s data or delete it remotely? Would it be easy for a stranger to unlock the device and access the apps installed?

What happens if someone taps a bad link?

Lots of people read their email on their phone. If they tap on a bad link in a phishing email (a fake email that looks like it’s from a real company), is your business’s data safe?

Despite what many people think, phones can be hacked in a similar way to your computer.

What happens when someone leaves?

Do you have a plan to block their ongoing access to your business’s apps and data? It’s the thing many business owners and managers forget when staff change.

If you haven’t already, create a cell phone security plan to go with your general IT security plan. Make sure everyone in your business knows what it is and what to do if they suspect anything is wrong.

If you need a hand, don’t forget that a trusted IT security partner (like us) can give you the right guidance.

Your Business Is Already Under Attack

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Ransomware is big business. It’s one of the fastest growing online crimes. Cyber criminals are targeting small and medium sized companies as well as non-profits and government agencies.

It’s the computer crime where your data is encrypted so you can’t access it unless you pay the ransom fee.

The really scary part is that it’s unlikely you’d realize you were under attack from ransomware until it was too late.

Cyber criminals hide in your network for between 60 to 100 days before they strike. During that time they’re checking out your network, identifying vulnerabilities, and preparing what they need to hit you with the attack.

[Read more…]

Please Don’t Give Everyone Access To Everything

With so many potential vulnerabilities in every business IT system, there is no “silver bullet” – no single safety measure that will let you sit back and relax, knowing your IT is safe and data is secure.

Most of the risks are ongoing and constantly changing. They need an active approach to stop your business falling victim to a data breach or malicious cyber-attack.

It would take a lot more space than is available in this newsletter to talk about all the risks you face.

So instead, we can talk about two of the most important things you can do to stay safe.

Make sure your team only has access to the data it needs

Keep an eye on who has access to what and whether they need it.

The more people have access to sensitive data, the more potential routes there are for the wrong people to get access to it.
If you give everybody access to everything, all it will take is for one account to become compromised.

And before you know it, criminals armed with malware will have access to your systems.

Just as important as this is how you manage the IT accounts of people who leave the business or change jobs internally.

For example, if an employee switches from accounting to a management job in a completely different part of the business, they probably won’t need to keep access to all the data they needed for their last role. Failing to adjust permissions only adds to your level of risk. When people leave your business, you must immediately restrict their access to your systems and data. Implement appropriate policies and processes to reduce the risk of something slipping through.

Keep your devices secure

Another important thing to watch out for is how frequently you’re installing updates on devices. This includes tablets and phones as well as computers. They must all be kept updated with the latest security patches. All it takes is one weak link for your whole business to potentially be compromised.

Make sure that you replace old devices that are no longer getting updates, or can’t support the latest versions of software. And of course, it’s also important to make sure that all devices are backed up in real time.

Consider computer and mobile device encryption. It turns the data into unreadable garbage if the wrong person gets hold of your device.

Is Your Business Data Encrypted?

Encryption can be a confusing subject for most people.

Is it a good thing or a bad thing?

We understand the confusion. Thanks to the surge in ransomware, you could be forgiven for thinking that encrypting data is definitely a bad thing. After all, if it’s encrypted, how on earth will it be usable?

However, when you encrypt your own data, you’re adding a level of protection to it. It means that should it be stolen; it’ll be unusable to anyone else.

But less than 50% of companies have standardized end-to-end encryption set up. While they have some level of encryption, they don’t have a documented standard that covers every area of their business.

And it’s not only hackers and other cyber criminals that could benefit from a business’ lack of data encryption. Lost or stolen devices put that data at risk too.

When you consider that a laptop is stolen every 53 seconds, it’s leaving businesses more vulnerable than they should be.

Microsoft 365 automatically encrypts business data by default. But if you have no other encryption set up across your applications and files, it’s time to speak to your IT support partner.

If we can help you, please don’t hesitate to get in touch.

Would Your Business Survive The 4 Beer Test This Christmas?

So, it’s unlikely you’ll be having a traditional office Christmas party this year. Thank COVID, you party-pooper.

But I’m sure at least some of your team will find a way to celebrate together over a few beers after work one day.

And that’s why it’s worth asking if your business can pass the four beer test.

What’s that? Four beers is about the stage where people start to “relax” so much, they start to forget the important stuff. Like picking up their laptop bag when they leave the bar or restaurant.

Laptops and mobile devices get left in bars and restaurants all the time, especially on dark winter nights like these.

Thing is – depending on your IT setup, a lost laptop can either be a minor inconvenience. Or a complete disaster.

How can you tell which? By asking these 3 questions:

• Is it encrypted?
• Is it password protected?
• Can the data be wiped remotely?

If it’s a “yes” to all three, you can relax. It’s annoying you’ve lost your device… but your business’s data is safe. No one can access it.

And if you can’t positively answer all three, there’s a problem. These days, the loss of data is a much bigger deal than the loss of a device.

If you’re not 100% sure you can answer all 3 questions with a big fat YES… then give us a call. We can check for you.

The New Normal COVID-19 Office Security

With continued WFH policies and multiplied COVID-19 scams and threats, the importance of good cyber security stands out. Indeed, with a workforce that is highly dependent on digital services for the foreseeable future, the new normal COVID-19 office security is necessarily stronger, more vigilant, and more dispersed.

Yet, a lot of questions remain unanswered. For example, will behavioral surveillance be part of the new normal? As organizations plan to implement contact tracing, privacy advocates voice their concerns.

Given the uncertainty, we expect to see these non-intrusive measures with clearly defined benefits coming to the new normal.

Thermal cameras for passive temperature checking
The advantages of temperature detection for a business COVID-19 strategy include early discovery and reporting leading to early isolation and treatment.

Advanced temperature detection technology is not a substitute for medical grade FDA approved thermometers. The advantage of an advanced thermal camera system is that it can pick out personnel with abnormal body temperatures in heavy traffic areas to be assessed later by a professional with medically approved equipment.

These systems use an HD video camera and thermal camera side by side looking at the same field of view. The resulting video and metadata output, when combined with advanced artificial intelligence, gives sensible temperature data on multiple objects simultaneously.

Some systems employ facial detection technology paired with a face database and a high temperature detection alarm. They can identify up to 16 targets with a temperature accuracy of .54° F and come with an easy to use interface.

In-office security cameras
Also likely to become more common, in-office security cameras provide a video record of events. They function as a tool to answer concerns about what happened if a COVID-19 behavioral complaint surfaces. The societal resistance to surveillance will likely be counter-balanced by the desire to maintain a safe work environment.

Plexiglas barriers
Plexiglas® extruded acrylic sheets promote both worker and consumer safety to help control the spread of the virus.

Sneeze guards made from Plexiglas make sense. So, it is logical to see their use extended in the office to create barriers between closely seated workers. We’ll see them in other areas to promote social distancing.

Health questions
The CDC recently issued guidance recommending that employers actively encourage sick employees to stay home. Interpreting this guidance, the EEOC confirmed that the rules of the ADA and the Rehabilitation Act continue to apply but do not prevent employers from following guidelines from the CDC and other public health authorities regarding COVID-19.

Per the EEOC’s guidance, employers may ask employees who report feeling ill at work, or who call in sick, questions about their symptoms to determine if they may have COVID-19. In addition, they may require employees to stay home if they have COVID-19 symptoms, screen applicants for symptoms of COVID-19, delay the start date or withdraw the offer of an applicant with symptoms.

Thus, employers may find it necessary to ask employees about their symptoms. They might require notification of high body temperatures, and request disclosure of recent proximity to individuals who have tested positive for COVID-19. In doing so, they must be mindful to do it consistently and avoid discriminatory use of the results.

To simplify the process and avoid collecting unnecessary information, employers may simply ask employees to stay home if they show certain symptoms, rather than asking them about the specific symptoms they have.

Work from home security
The WFH new normal creates multiple security challenges that must be addressed. From simple provisioning issues like shredders for employees handling sensitive documents to updated incident response plans, new circumstances demand new security responses.

For example, the company’s business continuity plan should be updated to address new fail-over and backup procedures. Also, the difficulty of securing and verifying credentials in a remote environment will encourage the use of multifactor authentication.

In addition, with less physical oversight of employees, organizations may need to focus more on user activity. Access logs and user behavior analysis come to mind. Increased threats require increased employee education. And, employees also need to know how to report security risks or threats through all the currently used communication channels (in addition to email).

How To Set Up And Maintain A Secure, Remote Work Environment To Overcome The COVID19 Pandemic

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

“We are in this together.” We can’t say that enough. It’s not you, and I, but US.

Information technology and communications providers are considered essential services in this unprecedented time, and we take our role seriously. We are here to help, and we ask you (no, implore you) to reach out with any technology-related questions as you work to transition from a central office to a remote employee environment.

As you prepare (or maybe you already have transitioned) for remote work environments, many of which will need to be done by the individual who will be working there, we developed this list of 10 things to keep in mind to secure a remote work environment on the fly.

Invest in antivirus software for all employee devices
Yes, technically it is your employee’s devices and these are usually outside of the typical IT circle. But with these circumstances coming about quickly, there may not have been time to follow your normal procurement cycle to get the specific equipment your employees need to remain productive while working from home. That means they will be working from their own device, and they may or may not be as cognizant of your security measures.

So a good rule of thumb is to work to ensure that all employees utilize antivirus software. Many ISPs (Internet service providers) also offer free antivirus software with their service, and we would encourage you to take full advantage. There are several ways you can handle this and we invite you to give us a call to see what will work best for your organization. [Read more…]