TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Security

What Is Threat Exposure Management (TEM) And Why Do You Need It?

Threat Exposure Management (TEM) is an important cybersecurity tool. It helps organizations find and fix weak spots in their digital systems. TEM outsmarts hackers before they break into your network.

Importance of TEM

Cyber attacks keep getting worse. Hackers always find new ways to break in. TEM helps businesses spot problems before they become big issues.

TEM allows you to:

  • Find weak points in your network
  • Fix issues quickly
  • Reduce your risk of cyber attacks

How TEM works

TEM uses special software to scan your entire network. It finds places hackers could attack and helps you fix these weak spots.

Continuous monitoring

TEM keeps looking all the time. This way, you can find new problems as soon as they appear.

Risk assessment

TEM finds which weak spots are the most dangerous. This helps you fix the most important ones first.

Main parts of a TEM program

Asset discovery

This finds all devices and software on your network. You can’t protect what you don’t know about!

Vulnerability scanning

This looks for open weak spots in your system. It’s like checking for unlocked doors and windows in your house.

Threat intelligence

This provides insights into new hacker techniques, helping you stay informed about what to watch out for.

Remediation planning

Once you find the vulnerabilities, you need a plan to fix them. TEM helps you make good choices on how to patch these spots.

Benefits of TEM for your business

Better security

Finding and fixing weak spots makes your whole system much safer and more resilient.

Cost savings

Stopping an attack before it happens can save you a lot of money. Dealing with the aftermaths of cyberattacks often comes with expensive costs.

Peace of mind

With TEM, continuous monitoring ensures your system is always under watch. This can help you worry less about cyber attacks.

What to look for in a TEM solution

A good TEM tool should:

  • Be user-friendly, ensuring that all team members, regardless of their technical expertise, can easily navigate and utilize the tool.
  • Provide immediate results, enabling quick and effective decision-making to address potential threats as soon as they are detected.
  • Integrate seamlessly with your existing security infrastructure, enhancing overall protection by working in harmony with other security tools and systems.
  • Generate clear and comprehensible reports, presenting findings in an easily digestible format that facilitates understanding and action.

Getting started with TEM

  • Check your current security setup to understand your existing vulnerabilities and areas for improvement.
  • Find a TEM tool that fits your needs, ensuring it aligns with your security goals and integrates well with your current systems.
  • Set up the tool and start scanning your environment.
  • Make a plan to fix the weak spots you find, prioritizing the most critical issues.
  • Keep scanning and improve your security continuously, regularly updating your strategies and tools to stay ahead of emerging threats.

Want to learn more about how TEM can help your company? Contact us today for help staying safe in the digital world.

Keeping Work Devices Secure: Protecting Your Business

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It’s common practice for employees to use work laptops for personal tasks. Whether it’s checking email, scrolling through social media, or watching a quick video, many people mix business with personal activities on work devices. At first glance, it may seem harmless—but it could actually be a big security risk for your business.

A recent study revealed that 90% of employees use company laptops for non-work activities. This often includes high-risk actions like visiting unsecured websites, streaming questionable content, and even accessing parts of the dark web. Each of these activities can open the door to malware, phishing attacks, and other cybersecurity threats, putting sensitive company data at risk.

As remote and hybrid work arrangements become the norm, it’s tougher than ever to control what happens on work devices. Employees working from home or on the go are likely connecting to public Wi-Fi networks, plugging in personal USB drives, and blurring the lines between work and personal usage. Younger employees, in particular, seem more inclined to take these digital risks. This behavior makes it easier for hackers to take advantage of weak points, which can have serious consequences for businesses.

Adding to the concern, 18% of employees don’t have any cybersecurity software on their work devices, and another 7% aren’t even sure if they do. Without adequate protection, a single compromised device can be all it takes to give cybercriminals a way into your business.

Privacy is another issue to consider. A third of employees admit they’d feel uneasy knowing their employer could see their personal activities on a work laptop. This discomfort is understandable, but it highlights the need for clear policies that protect both employees’ privacy and your business’ security.

So, how can business owners address these risks? Here are a few steps that can make a big difference:

Implement Clear Policies: Make sure employees understand what’s allowed—and what isn’t—when it comes to using company devices. It’s important to outline specific guidelines that address acceptable use, privacy expectations, and potential consequences.

Strengthen Security Measures: Every company device should be equipped with up-to-date cybersecurity software. This is a straightforward but effective way to prevent threats from taking hold.

Use Remote Management Tools: With the right tools, your IT team (or partner) can monitor devices, manage security settings, and respond to threats in real-time, regardless of where your employees are working. These tools can also help maintain a clear boundary between work and personal usage on company devices.

Educate Your Team: Help employees understand the risks of using work devices for personal activities. A little knowledge goes a long way—when people know how their behavior impacts security, they’re more likely to follow best practices.

Balancing convenience and security can be challenging. Working with an experienced IT partner like us can help you implement these measures smoothly, keeping your business secure without disrupting daily operations.

If you’d like to discuss how we can support your business in managing device security, feel free to reach out.

Cybersecurity Tips For Everyday Life

When it comes to cybersecurity, we often rely on our IT experts and installed software to protect our systems from digital threats.

From tech support to firewalls, a lot of tools and people contribute to our online safety!

In the midst of all of this, we can sometimes forget that we, too, play a critical role in guarding our systems and networks. At home or in the office, we each have a responsibility to protect the private data in our care.

Human error

Human error is actually responsible for 95% of cyberattacks. YOU are the number one threat to your own private data! You can also be its greatest defense.

How might you put yourself at risk? It can be as simple as clicking on malicious links, opening attachments from unknown senders, or sharing sensitive data by mistake. One wrong click, if your devices and systems aren’t properly equipped to defend themselves, can be disastrous.

Social engineering

Then there are social engineering attacks, which use human psychology to trick people into revealing sensitive information or taking actions that compromise security. Because they rely on you acting emotionally against your better instincts, even people who are aware of the risks can easily fall victim to social engineering attacks. It only takes one moment of weakness!

We also play a part in protecting private data whenever we brush up on our Security Awareness Training. That knowledge helps us to identify and track potential threats, which help prevent them from happening in the first place! We are also responsible for reporting suspicious activity to the appropriate teams, which can help identify and respond to attacks early on, before they cause significant damage.

They say “it takes a village,” and that rings just as true in the digital landscape of cyberspace! Together we can make the Internet a safer place to spend our time.

Always back up your data

Data loss can happen to anyone, at any time. It can be caused by a hardware failure, software corruption, malware attack, fire, theft, or simply human error. Backing up your data is crucial to protect yourself from these events. It will also save you the time, money, and stress of losing your data.

When you’re wondering what to back up on your system, the answer is simple: Save everything that you don’t want to lose. That includes personal documents, like photos, music, videos, emails, financial documents, and other memories and files that you don’t want to lose. You might also want to do this for application data, which includes settings and save files for those programs that you use frequently.

System files are essentially the applications and processes which your computer (or whatever device you’re considering) need to run. Backing up system files helps make system recovery seamless if anything happens. If a crucial file is corrupted or destroyed, it could crash your whole system irrecoverably.

Then, at least once per month, you should back up your storage files to another, separate location so you have two versions saved in case one file gets corrupted. Some cybercriminals go straight after your saved storage, hoping to excavate a large amount of data at once.

Automatic backups ensure your continued protection whether you forget or are otherwise prevented from doing it on time.

How Can Your Business Be Impacted By The New SEC Cybersecurity Requirements?

Cybersecurity has become paramount for businesses across the globe. As technology advances, so do the threats. Recognizing this, the U.S. Securities and Exchange Commission (SEC) has introduced new rules. They revolve around cybersecurity. These new requirements are set to significantly impact businesses.

Understanding the new SEC cybersecurity requirements

The SEC’s new cybersecurity rules emphasize the importance of proactive cybersecurity measures. These are for businesses operating in the digital landscape.

One of the central requirements is the timely reporting of cybersecurity incidents. The other is the disclosure of comprehensive cybersecurity programs.

The rules impact U.S. registered companies, as well as foreign private issuers registered with the SEC.

Reporting of cyber-security incidents

The first rule is the disclosure of cybersecurity incidents deemed to be “material.” Companies disclose these on a new item 1.05 of Form 8-K.

Companies have a time limit for disclosure. This is within four days of the determination that an incident is material. The company should disclose the nature, scope, and timing of the impact.

It also must include the material impact of the breach. One exception to the rule is where disclosure poses a national safety or security risk.

Disclosure of cyber-security protocols

This rule requires extra information that companies must report. They report this on their annual Form 10-K filing.

The extra information companies must disclose includes:

  • Their processes for assessing, identifying, and managing material risks from cybersecurity threats.
  • Risks from cyber threats that have or are likely to materially affect the company.
  • The board of directors’ oversight of cybersecurity risks.
  • Management’s role and expertise in assessing and managing cybersecurity threats.

Potential impact on your business

Here are some of the potential areas of impact on businesses from these new SEC rules.

Increased Compliance Burden – Businesses will now face an increased compliance burden as they work to align their cybersecurity policies with the new SEC requirements.

Focus on Incident Response – The new regulations underscore the importance of incident response plans. Businesses will need to invest in robust protocols. These are protocols to detect, respond to, and recover from cybersecurity incidents promptly. This includes having clear procedures for notifying regulatory authorities, customers, and stakeholders.

Heightened Emphasis on Vendor Management – Companies often rely on third-party vendors for various services. The SEC’s new rules emphasize the need for businesses to assess vendor practices. Meaning, how vendors handle cybersecurity. This shift in focus necessitates a comprehensive review of your vendor’s security policies.

Impact on Investor Confidence – Cybersecurity breaches can erode investor confidence and damage a company’s reputation. With the SEC’s spotlight on cybersecurity, investors are likely to take note. This includes scrutinizing businesses’ security measures more closely. Companies with robust cybersecurity programs may instill greater confidence among investors.

Innovation in Cybersecurity Technologies – As businesses strive to meet the new SEC requirements, they will seek innovation. There is bound to be a surge in the demand for advanced cybersecurity solutions. This increased demand could foster a wave of innovation in the cybersecurity sector.

How To Organize Your Cybersecurity Strategy Into Left And Right Of Boom

In the pulsating digital landscape, every click and keystroke echoes through cyberspace. The battle for data security rages on.

Businesses stand as both guardians and targets. Unseen adversaries covet their digital assets. Businesses must arm themselves with a sophisticated arsenal of cybersecurity strategies.

On one side, the vigilant guards of prevention (Left of Boom). On the other, the resilient bulwarks of recovery (Right of Boom). Together, these strategies form the linchpin of a comprehensive defense. They help ensure that businesses can repel attacks. And also rise stronger from the ashes if breached.

What Do “Left of Boom” and “Right of Boom” Mean?

In the realm of cybersecurity, “Left of Boom” and “Right of Boom” are strategic terms. They delineate the proactive and reactive approaches to dealing with cyber threats.

“Left of Boom” refers to preemptive measures and preventative strategies. These are things implemented to safeguard against potential security breaches. It encompasses actions aimed at preventing cyber incidents before they occur.

“Right of Boom” pertains to the post-breach recovery strategies. Companies use these after a security incident has taken place. This phase involves activities like incident response planning and data backup.

Together, these terms form a comprehensive cybersecurity strategy. They cover both prevention and recovery aspects.

Left of Boom: Prevention Strategies

User education and awareness: One of the foundational elements of Left of Boom is employee cybersecurity education. Regular training sessions can empower staff.

Robust access control and authentication: Access control tactics include:

  • Least privilege access
  • Multifactor authentication (MFA)
  • Contextual access
  • Single Sign-on (SSO) solutions

Regular software updates and patch management: Left of Boom strategies include ensuring all software is regularly updated.

Network security and firewalls: Firewalls act as the first line of defense against external threats. Install robust firewalls and intrusion detection/prevention systems that alert quickly when a breach is in progress.

Regular security audits and vulnerability assessments: Conduct regular security audits and vulnerability assessments. This helps to identify potential weaknesses in your systems.

Right of Boom: Recovery Strategies

Incident response plan: Having a well-defined incident response plan in place is crucial.

It should include things like:

  • Communication protocols
  • Containment procedures
  • Steps for recovery
  • IT contact numbers

Data backup and disaster recovery: Regularly backing up data is a vital component of Right of Boom. Another critical component is having a robust disaster recovery plan.

Forensic analysis and learning: After a security breach, conduct a thorough forensic analysis. It’s essential to understand the nature of the attack. As well as the extent of the damage, and the vulnerabilities exploited.

Legal and regulatory compliance: Navigating the legal and regulatory landscape after a security breach is important.

Cyber Security Threats Your Team Must Know About

Your employees are your first line of defense in cyber security, and their training is as crucial as the cutting-edge tools you’ve invested in. Are you overlooking this vital element?

We strongly advise you make an ongoing commitment to regular cyber security training for every single one of your team. That means keeping them up to date on the latest cyber threats, the warning signs to look out for, and of course, what to do should a situation arise.

If you’re not already doing that, arrange something now (we can help).

While you wait, here are some urgent cyber threats to address right away:

Admin attack

Email addresses like “info@” or “admin@” are often less protected due to perceived low risk. But several teams may require access to these accounts, making them an easy target. Multi-factor Authentication (MFA) can double your security. Even if it seems tedious, don’t neglect it.

MFA fatigue attacks

MFA can feel intrusive, leading employees to approve requests without scrutiny. Cyber criminals exploit this complacency with a flood of fake notifications. Encourage your team to meticulously verify all MFA requests.

Phishing bait

Phishing remains a top threat. Cyber criminals mimic trusted sources with deceptive emails. Teach your team to inspect email addresses closely. Implementing a sender policy framework can also enhance your protection.

Phishing scams are attempts to trick you into revealing your personal information, such as passwords, credit card numbers, or Social Security numbers.

Scammers often send emails or text messages that appear to be from legitimate companies, such as banks, credit card companies, or government agencies. They may also create fake websites that look like real websites.

The three most common phishing scams are:

  • Fake shopping websites, which sell counterfeit products – or even sell nothing at all. They collect your credit card information to sell to other hackers.
  • Romance scams to trick people into falling in love, so they’ll be more willing to send money.
  • Social media scams that either impersonate real people, or invent new personas entirely.

Other common internet scams include:

  • Investment scams (yes, people still fall for these every day) that promise victims high returns on their investments, but the investments are actually fake.
  • Tech support scams which claim to be a tech support company, but then charge for unnecessary services or steal personal information.
  • Lottery and sweepstakes scams tell people that they have won a lottery or sweepstakes, but they need to pay a fee to claim their prize.
  • Charity scams impersonate legitimate charities and ask for donations.

Cyber security training doesn’t have to be tedious. Try simulated attacks and think of them like an escape room challenge—fun yet enlightening. It’s about identifying vulnerabilities, not fault-finding.

Don’t exclude your leadership team. They need to understand the response plan in case of a breach, much like a fire drill.

If you receive an email, text, or call from someone who is asking for your personal information or money, be suspicious! Don’t click on anything until you verify the sender is who they say they are!

Is Your Team Suffering From Cyber Security Fatigue?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Recently, we’ve seen a concerning trend among businesses: cyber security fatigue.

It’s a phenomenon that occurs when people become overwhelmed and desensitized to the constant barrage of cyber threats and security alerts they face on a daily basis.

You may be thinking, “My business is too small to be a target for cyber criminals.”

Unfortunately, that couldn’t be further from the truth. In fact, small businesses are often targeted precisely because they are seen as easier targets.

Cyber criminals know that small businesses don’t have the same resources as larger corporations, making them more vulnerable to attacks.

So, how can you tell if your business is suffering from cyber security fatigue? Here are a few signs to look out for: [Read more…] about Is Your Team Suffering From Cyber Security Fatigue?

A Four-Day Week Doesn’t Mean Four-Day Security

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Are you one of the many companies around the world that’s looking at a four-day working week? Perhaps you’ve already made the leap.

Or, do you find that your team takes more time off during the summer months?

For lots of businesses, it’s never going to work. But those that have tried it have generally found it to be hugely positive. It improves your employees’ experience, making them more loyal, engaged, and productive.

It can help to attract and retain better talent, while improving your brand reputation. And let’s not ignore the cost savings of shutting down the office for an extra day.

But it has to be done right. Forcing people to cram the same amount of work into fewer hours could be a recipe for burnout and exhaustion.

That can lead to corners being cut, which in turn could lead to a cyber security disaster. Even if processes aren’t being intentionally skipped, human error due to a lapse in concentration becomes inevitable. [Read more…] about A Four-Day Week Doesn’t Mean Four-Day Security

These Everyday Objects Can Lead To Identity Theft

You wouldn’t think a child’s toy could lead to a breach of your personal data. But this happens all the time.

What about your trash can sitting outside? Is it a treasure trove for an identity thief?

Many everyday objects can lead to identity theft.

Old smart phones

Our smartphones and tablets have become extensions of ourselves, storing a vast amount of personal information. If lost, stolen, or compromised, these devices can provide unauthorized access to sensitive data, including emails, contacts, financial apps, and social media accounts.

Make sure you clean any old phones by erasing all data or destroying the device.

Wireless printers

Protect wireless printers by ensuring you keep their firmware updated. You should also turn it off when you don’t need it.

Trash can

Identity theft criminals aren’t only online. They can also be trolling the neighborhood on trash day. Discarded items in your trash can reveal personal information that identity thieves can exploit. Dumpster diving is a common tactic used to extract valuable data, such as bank statements, credit card receipts, or pre-approved credit offers.

Always shred or destroy any documents before disposing of them, even those that may not seem sensitive at first glance.

It’s also wise to invest in a cross-cut shredder, which provides better protection compared to strip-cut shredders.

USB sticks

You should never plug a USB device of unknown origin into your computer. This is an old trick in the hacker’s book. They plant malware on these sticks and then leave them around as bait.

Old hard drives

When you are disposing of an old computer or old removable drive, make sure it’s clean. Just deleting your files isn’t enough. It’s best to get help from an IT professional to properly destroy your old computer hard drive.

We have a special drive crushing tool at Tech Experts – just let us know if you need some drives recycled.

Physical documents

Physical documents, such as bank statements, bills, medical records, and tax documents, contain a wealth of personal information. Disposing of them carelessly or leaving them unattended can be an open invitation to identity thieves.

Always shred sensitive documents before discarding them, especially those containing financial or personally identifiable information. Furthermore, consider digitizing important documents and securely storing them on encrypted devices or cloud platforms with strong authentication measures.

Children’s IoT devices

You should be wary of any new internet-connected kids’ devices you bring into your home. Install all firmware updates and do your homework.

ATMs

This is called skimming. Malicious actors can use hidden devices on ATMs or card readers to steal your card information during transactions.

Identity theft can have devastating consequences, impacting both your personal and financial well-being.

Safeguarding physical documents, securing mail, keeping wallets and purses safe, protecting mobile devices, and properly disposing of personal trash are essential steps in minimizing the risk of identity theft. Remember, vigilance and informed decision-making are key.

Protecting Your Small Business: IT Security Tips

Small businesses are increasingly reliant on technology to manage their operations. From storing customer data to conducting financial transactions, businesses of all sizes rely on information technology (IT) to keep their operations running smoothly.

However, this reliance on technology also makes small businesses vulnerable to cyber attacks and data breaches. In this article, we’ll discuss some key IT security tips that small business owners can use to protect their companies from cyber threats.

Keep software up-to-date

One of the simplest ways to improve IT security is to ensure that all software is kept up-to-date. Software updates often include security patches that address vulnerabilities and other issues that could be exploited by cybercriminals. By keeping software up-to-date, you can help to reduce the risk of cyber attacks and protect your company’s data.

Use strong passwords

Passwords are the first line of defense against unauthorized access to your business’s digital assets. It’s important to use strong passwords that are difficult to guess or crack.

Passwords should be at least twelve to 16 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. To help remember passwords, consider using a password manager, which can generate and store strong passwords for you.

Limit access to sensitive data

Not all employees need access to all data. Limiting access to sensitive data can help to reduce the risk of data breaches.

Consider implementing a least privilege access model, where employees only have access to the data they need to perform their jobs. Additionally, consider implementing two-factor authentication, which requires a second form of identification beyond a password to access sensitive data.

Train employees on IT security best practices

Human error is a leading cause of cyber attacks and data breaches. Employees who are unaware of IT security best practices can inadvertently put your business at risk.

It’s important to train employees on IT security best practices, such as how to identify phishing scams, how to create strong passwords, and how to safely use company devices.

Implement a firewall

A firewall is a network security system that monitors and controls incoming and outgoing network traffic. Firewalls can help to prevent unauthorized access to your company’s network and data. Consider implementing a firewall to help protect your business from cyber threats.

Back up data regularly

Data backups are essential for protecting your business’s data in the event of a cyber attack or hardware failure.

Backups should be performed regularly and stored securely, preferably off-site or in the cloud. This can help to ensure that your business can quickly recover from a cyber attack or other data loss event.

Consider cyber insurance

Cyber insurance can help to protect your business in the event of a data breach or cyber attack. Cyber insurance policies can help to cover the costs associated with data recovery, legal fees, and other expenses related to cyber attacks. Consider consulting with an insurance professional to determine if cyber insurance is right for your business.

IT security is a critical component of small business operations. By implementing these IT security tips, you can help to protect your business from cyber threats and data breaches.

Protecting your business’s data is an ongoing process that requires vigilance and attention to detail. By staying up-to-date on IT security best practices and implementing robust security measures, you can help to ensure the long-term success of your small business.

If you have any questions about IT security or would like to discuss your business’s IT security needs, please don’t hesitate to contact us.