TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Security

Windows 10 Creator’s Fall Update to Bring Hardened Ransomware Protection

jared-stemeye
Jared Stemeye is a Help Desk Technician at Tech Experts.

2017 has seen some of the most high-profile ransomware and cryptoware attacks to date. These incidents have demonstrated that these types of attacks can have catastrophic effects that reach far beyond the ransom demands paid to these attackers.

The cost of downtime and damage control multiplies quickly. Even more damaging is being impacted because critical infrastructure or health care services are unexpectedly unavailable for extended periods of time, consequently costing much more than any monetary value.

Microsoft has stated that they recognize the threat that these cybercrimes represent and have since invested significant yet simple strategies that are proving to be extremely effective as new attacks emerge. These new security features are now coming to all businesses and consumers using Windows 10 with the Creators Fall Update.

These advanced security features are focusing on three primary objectives:

  1. Protecting your Windows 10 system by strengthening both software and hardware jointly, improving hardware-based security and mitigating vulnerabilities to significantly raise the cost of an attack on Windows 10 systems. Meaning hackers will need to spend a lot of time and money to keep up with these security features.
  2. Recognizing that history has revealed vastly capable and well-funded attackers can find unexpected routes to their objectives. These latest security updates detect and help prevent against these threats with new advances in protection services like Windows Defender Antivirus and Windows Defender Advanced Threat Protection.
  3. Enabling customers and security experts to respond to threats that may have impacted them with newly updated tools like Windows Defender ATP. This will provide security operations personnel the tools to act swiftly with completeness of information to remediate an attack that may have impacted them.

Microsoft states this is a proven strategy that has remained 100% successful on Windows 10 S, the new secure version of Microsoft’s flagship operating system. Albeit, this version of the operating system does not allow any software from outside the Microsoft App Store to be installed.

Further, Microsoft states that even prior to the fall security updates rolling out, no Windows 10 customers were known to be compromised by the recent WannaCry global cyberattack. Despite this, Microsoft knows that there will always be unforeseeable exploits within their systems.

This is why the Windows 10 Creator’s Fall Update benefits from new security investments to stop malicious code via features like Kernel Control Flow Guard (kCFG) and Arbitrary Code Guard (ACG) for Microsoft Edge. These kinds of investments allow Windows 10 to mitigate potential attacks by targeting the techniques hackers use, instead of reacting to specific threats after they emerge.

Most importantly, Windows Defender security updates coming in this Fall will begin to leverage the power of the cloud and artificial intelligence built on top of the Microsoft Intelligent Security Graph (ISG) to promptly identify new threats, including ransomware, as they are first seen anywhere around the globe.

Though no exact date is set in stone, all of the amazing security updates detailed above will be available this Fall 2017 for free. For more information about the Creator’s Fall update beyond the security features, visit https://www.microsoft.com/en-us/windows/upcoming-features.

Is Your Network Due For A Security Audit?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Businesses always face security risks from a variety of different sources.

Performing a security audit can help you to identify where you have exposures, develop a better understanding of the security policies and controls you have in place, and catalog your IT assets.

This article presents a quick and simple guide to performing a robust security audit that will help safeguard your organization against risks.

Define the physical scope of the audit
The first major task involves determining exactly what you will audit.

For example, you may wish to focus on business processes, such as financial reporting, or asset groups, such as a specific branch office. [Read more…] about Is Your Network Due For A Security Audit?

Rules Of Thumb To Avoid An Infection

Anthony Glover is Tech Expert’s senior network engineer and service manager.

A virus can be an upsetting, expensive endeavor to deal with. A virus can wreak havoc on your personal files (like important spreadsheets or family photos) or the system files that keep your computer functioning.

These files can become corrupted, encrypted, or deleted, which makes recovery difficult or sometimes impossible.

Some less obvious viruses — the ones that might slow down your system instead of destroying it — can still affect you by stealing data and what you type on your keyboard, gaining access to your stored credit card information or important sites you use, like your bank. [Read more…] about Rules Of Thumb To Avoid An Infection

Who Should Be An Administrator On Your Network?

Luke Gruden is a help desk technician for Tech Experts.

In the world of computers, administrators have access to everything in Windows. Having administrator rights allows you to download anything, change any policy, and even change registry entries in Windows. An administrator has enough control over Windows to radically change how it works, even break Windows permanently.

So, who should be an administrator? The answer is different depending on the environment and work being done. In general, the administrator account should only be used by a person who is very experienced and knowledgeable in computers, like a professional IT tech. An inexperienced person with an administrator account could permanently damage the operating system or even destroy the computer itself on accident.

A user that has admin (administrator) rights, even without being in the core files, could still cause unintentional harm to the computer. This can happen because malicious files can be accidentally downloaded and ran and, when you run a program as an admin, you give that program the rights to change your computer inside and out. Malicious programs run by an admin can ruin entire networks of computers. This, sadly, has happened to many businesses.

Domain Networks

On a domain network where many computers are connected to a server, there should be a very small amount of administrators. Ideally, just one. The more people with admin rights, the more likely the wrong program ran by the wrong person can ruin an entire building of computers or an entire business. This is usually how cryptoware spreads.

For domain networks, only professional IT techs should be administrators. The risk is too great to have someone accidentally change a policy or spread an infection that can do irreversible damage to all the computers on the network.

Business Computers

A computer used for business should be treated with more security and care as to make sure no avoidable threats harm or compromise the device. Confidential data and work can be stolen if the wrong websites are visited or by downloading the wrong software on a business computer.

For a business computer user, you might want to consider using a normal account and only use the admin account in extreme situations where recovery needs to be done. If your IT tech has access to the admin account, they can make sure that only best practices and the proper programs are implemented on that profile.

Home Computers

Computers that are used for everyday activities that do not have confidential work data should still be choosy on who has admin access. Having children or teens freely exploring the Internet and downloading odd programs or messing with the internal settings of Windows could potentially cause serious issues.

Home computers should have an admin user with a solid knowledge of computers who will be wary of suspicious websites and programs. More inexperienced users should not run admin accounts.

Generally, the best rule of thumb for admin accounts is that they should be granted to people who can handle the responsibility. Those with less experience or less important needs should have accounts with limited access.

However, if a business or network is bigger, it’s even more important than the only people granted admin privileges are their professional IT team or those who have experience. The title of administrator should be looked as one with responsibility in doing what is best for a computer, a server, and a business network.

2017 Will See Worst Cyber Attacks To Date

jared-stemeye
Jared Stemeye is a Help Desk Technician at Tech Experts.

At least, according to cybersecurity experts.

There were around 500 million people with personal information leaked and over $2 billion stolen or lost in damages between 2015 and 2016 alone – and, chances are, you heard of at least one of the many high-profile data breaches during this time. Experian, Target and Yahoo all experienced massive data breaches within the past two years.

Beyond the private sector, government agencies such as the Office of Personnel Management (the bureau in charge of background checks on all government employees) were hit with cyberattacks, causing data leaks of over 22 million individuals who had undergone federal screening.

These numbers are quite alarming as top cybersecurity firms and analysts agree 2017 will see even more data breaches through the creation of ever-evolving and sophisticated malware.

Size Doesn’t Matter
In the cyber world, there are few things being bought and sold faster than data. Personal records, financial information, and even intellectual property are being distributed and exchanged for money or other data – and business is booming.

Organizations of all sizes were not fully aware of how this deeply embedded malware could potentially be infecting their systems without their knowledge until just recently.

The prevalence of zero-day attacks was not fully understood either. This has allowed attackers to prepare and disseminate virtually undetectable software to perform data dragnets across many networks, big and small.

It would be naïve to assume that all the data breaches occurring are currently exposed and being corrected. This is even truer for smaller, community-driven businesses that may have little to no persistent network security monitoring.

The Cost
Per the non-profit online security analysts Online Trust Alliance (OTA), approximately 82,000 cybersecurity incidents impacting more than 225 organizations worldwide were reported in 2016.

“As the majority of incidents are never reported to executives, law enforcement or regulators, the actual number of incidents causing harm combining all vectors including DDoS attacks could exceed 250,000,” OTA said.

Given this, it is well known by those affected that data breaches are expensive – and the longer the breach takes to discover, the more these costs can compound.

“If a breach took a long time to be found, then something about the existing infrastructure made it hard to discover the weakness sooner. That calls for rearchitecting the infrastructure, typically an expensive and time-consuming project. But that imperative is not always heeded,” says OTA. However, the cost of notifying victims and hiring security consultants to investigate, identify, and fix the problem can cost a company a lot more.

This is only the beginning as the costs of such an attack continue to rise when downtime, lost productivity, and the resulting lost revenue are considered.

Today’s Need For Cyber Defense
The scale of small business networks is becoming more complex as even basic technologies evolve.

Cloud deployment, fluid transfer of data across multiple devices, and the incorporation of all things Internet have made it increasingly difficult for your everyday office worker to navigate and detect threats.

For the attackers, though, nothing has changed. Malware will keep infecting these new systems and attackers will keep hunting for data to steal. “Cyber-attacks and cyber-defense is not a battle of attrition, it’s an arms race,” Ray Rothrock, CEO of Red Seal Security Analytics, says.

It is important to always be ahead in this race and, for businesses, it is becoming increasingly evident that having a full-time cybersecurity team at the ready is necessary for a fluent and successful operation.

Drawbacks To The “Smart” World

We have mentioned ransomware and viruses many times. It’s something that can be seen daily without much effort. Everywhere you look, a computer is hacked and held for ransom. The user ends up losing everything in most scenarios.

However, in today’s world, we have more than just laptops and desktops. What if someone hacked your fancy new “smart” device? If someone took over or locked you out of your phone, then what would be your next move? What if they locked your home devices like your thermostat or refrigerator? The technological world can sometimes cause quite a panic.

The first question to address is a pretty big concern: How in the world does this even happen? With poor security standards, it’s not the most difficult job for those with malicious intent. In the most recent scenario released, a thermostat was hacked by adding files remotely and setting them to run in the background.

The operating system on the device did not check the security or contents of any files processed and ran the ransomware, which then requested money. In this case, if the victim did not pay, the temperature would be locked at 99F degrees.

Sadly, this is just one example. While not all malware attacks on smart devices may cause this type of concern, others are no better. Some other attacks will actually store data on the infected devices, then perform DDOS attacks against unsuspecting victims.

Small apps and programs that can be used for phishing can also find their way onto devices and be completely unknown to the user.

Fixes have rolled out over time for some of the bigger concerns, but there always seems to be something new. With these on your network, it’s not a big step to get to your actual files and programs on your PC either.
Currently, not everyone has a smart appliance in their home. That said, smart phones have obviously worked their way to the larger majority. We all download apps for one reason or another to make the phone better serve us. A wave of people will flock to the latest craze and download the most popular apps. In these scenarios, there are often “fakes” as well. These will offer some form of related service or product but will also bundle in malicious code. This code has all sorts of capabilities. Some may send texts without the owner’s knowledge. Other times, it’s possible to have information stolen. The possibilities are sometimes frightening.

So what can be done in the world of smart devices encroaching on all sides of life? In terms of larger devices and appliances, there isn’t room for removal and clean-up on the user side.

Developers are both the ones at fault and the ones that will find solutions ahead of time for the worst infections and hacks. Phones can have anti-malware programs run to help prevent data breaches, however. Most will come with a manufacturer version, but it’s always best to explore options to ensure you are protected.

Even if your smart devices don’t store information vital to you, they can still act as a gateway to anything else on your network.

As such, your office area or business workstation may fall victim soon after. Since these are the real powerhouses that hold your programs, data, and backups of other devices, it’s imperative to keep these clean and functional. Luckily, there are teams such as the one at Tech Experts that are able to identify and neutralize a threat. That alone adds peace of mind in a sometimes uncertain “smart” world.

Why It’s Important To Change Your Router’s Default Log-in

Mike Simonelli is a network technician for Tech Experts.

It’s a pretty common scenario: a small business wishes to add Wi-Fi to its existing network infrastructure. A quick trip to the nearest big-box store reveals several Wi-Fi capable routers or access points to choose from. Grabbing up the mid-priced model, the business owner heads back to the shop and uses the included Ethernet cable to plug the new device into an existing switch and, just like that, instant Wi-Fi.

There are a couple of concerns regarding the above scenario that the savvy business owner should be having. The first and most obvious: “I plugged it in and now everyone with a laptop has unrestricted access to my network.” How do you control who can connect to your Wi-Fi?

The answer is to enable a wireless security protocol on the router or access point. WEP is an acronym for Wired Equivalent Privacy (or Wireless Encryption Protocol) and it was designed to provide the same level of security as that of a hard-wired Ethernet connection.

Because wireless networks broadcast messages using radio waves, they are subject to eavesdropping. WEP provides security by encrypting the data to protect it as it is transmitted from one point to another. Almost all wireless devices will support WEP and instructions for enabling it on a particular device should be readily found in the documentation.

Enabling WEP will keep people without the correct password off your Wi-Fi and also prevent unauthorized eavesdropping of network traffic.

Another often overlooked concern is changing the default credentials that are needed to login and administer the new wireless device.

I can’t tell you how many times that I’ve connected to a wireless network and browsed to the default gateway I was assigned (normally something like http://192.168.0.1) and typed in “admin” and “password” on the login form that is presented and gained access to the router’s configuration.

The username “Admin” and the password “password” are typically the default credentials as they come pre-configured on Linksys routers, as well as some other brands.

If these credentials work, then potentially anyone can have unrestricted access to your router’s configuration. At this point, no wireless security protocol such as WEP will protect you since it can simply be turned off in the router’s administration interface.

Worse yet, an intruder can set his/her own password and change the admin password to something else. Once this happens, usually the only way to regain access to your own Wi-Fi network is to factory reset the device, which removes all of your configurations.

The bottom line – never leave a wireless device at its default settings when you connect it to your network. By taking the time to follow these simple guidelines, you will make your wireless device a worthwhile addition to your infrastructure, as well as making your network that much more secure.

If you have any questions during your router set-up or if you’d like to find out how to increase your office’s security using your current router, give Tech Experts a call at (734) 457-5000, or email support@mytechexperts.com. We’d be happy to help.

Guest WiFi: Improves Security And Customer Satisfaction

Mike Simonelli is a network technician for Tech Experts.

One of the first things I look for when I enter any establishment is the WiFi network. My laptop needs it. My phone needs it. I need it. It comes as a shock to me in the rare circumstance that I can’t find one or, worse yet, when I do find one but I am denied the network password.

Usually when this happens, I am there as a consumer. This annoyance is even more frustrating for people that are visiting for business such as vendors, consultants, and clientele.

Such people rely on Internet access to communicate with their own offices via e-mail and instant messaging or remote access to product databases and other information.

These frustrations can be avoided by the addition of a guest WiFi network and can even benefit your own existing WiFi network. Adding a guest network to an existing WiFi infrastructure can be a cost effective way to improve the overall security and privacy of your network.

wifiSegregating your network will keep your workstations, servers, printers, and other network devices secure while keeping your clients, vendors, and other guests off your main network. Allowing visitors unrestricted access to your company’s primary WiFi network can be a costly mistake. These unmanaged mobile devices can carry all types of sophisticated malware, trojans, viruses, and network probes, just waiting for a chance to attack your network.

Keeping these devices segregated to their own guest network will, at the least, add a layer of protection to your own equipment.

Not only will a guest network keep visitors off your primary WiFi, but it will also keep you from having to give out your primary network’s password to a multitude of strangers. A complex, never changing password can be used for your employees, while a short and simple password can be given out to guests upon arrival, and then changed frequently.

In addition, you can configure your equipment to only broadcast the network ID of your guest network and keep your primary network ID a secret, adding an additional layer of security.

Finally, some of the higher-end WiFi access points and routers will allow you to limit the amount of bandwidth that is allocated to your guest network or control the type of traffic that is allowed to pass through it. Doing so will prevent your visitors from inadvertently bringing your network to a halt with bandwidth-hogging traffic such as streaming video and torrent downloads.

If your business is already allowing visitors access to the primary WiFi network, then there is simply no downside to configuring a second WiFi network for guests, especially if your wireless hardware already supports the option.

Doing so will make your network more secure by allowing you to keep the network IDs and passwords a secret, as well as make it easier for your visitors to connect. Once connected, your guests can then be limited as to how much of your resources they can use, ensuring that your normal business operations aren’t interrupted.

If you have any questions about WiFi permissions or how you can increase both security and customer satisfaction in one go, contact us today by calling (734) 457-5000.

(Image Source: iCLIPART)

Do You Have Internet Privacy At Work?

Luke Gruden is a help desk technician for Tech Experts.
Sometimes, when there’s a break or the work day is slow, it can be tempting to check on a couple different websites. In doing this, would anyone know what websites were visited? Other than the people around, who else would know what sites might have been visited? It may come at a surprise that there could be many different people later on – or even immediately – that find out about the websites that were visited.

It is common for workplaces to have a firewall that prevents certain websites from being visited. Along with blocking certain websites, firewalls usually keep track of all the different websites that have been visited and by who.

Any time a website is visited that has been blacklisted (blocked), this usually triggers an alert to the IT department or management, so they can look over who tried to connect to a blacklisted site. From there, if IT or management feel it is necessary, they could look over the entire history of websites that were visited by a user or a group of users.

Now, let’s say for some odd reason that the business does not have a firewall or other device that keeps records of websites visited – could websites that were visited still be discovered?

Well, the computer someone uses also keeps records of websites that they have been visiting, which can be accessed by IT.

Some clever users might be able to remove their footprints from their workstation computer, but they may not have access to something like that.

There is another way that websites visited from a workplace can be tracked without a firewall or looking into the computer files.

If the websites visited warrant any legal action or an investigation is happening at the company, the ISP (Internet Service Provider) can release any and all records of websites visited and exact information of what was done. There is no way to get around this as you need an ISP to use the internet.

There are even more ways to find out what websites are being visited than what was mentioned here. In short, if someone at the office is using the work Internet, it is more than possible that every website visited is being kept track of in one way or another.

If you follow the rules of your workplace and visit only the type of websites allowed by the work place, you shouldn’t have much to worry about. As a rule of thumb, you should only visit sites and do things that you don’t mind the public or workplace knowing about. If you ever see “NSFW” (Not Safe for Work), do not visit or have anything to do with it while on the work Internet.

Only surf the Internet when you are allowed to surf the internet. Don’t visit websites or open emails where the main site or email sender is unknown. With these tips in mind and a better awareness of how a person can be tracked on a business network, you can make better choices while on the company’s Internet.

Protecting Your Business From DDoS Attacks

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

A Distributed Denial of Service (DDoS) attack prohibits access to a computer resource. This kind of assault rarely happens alone but rather occurs in waves once an attacker realizes they have been successful in the first attempt.

Using the same method of attack on a business’ computer system, such cyber-attackers can then overwhelm and suppress Internet facing websites and applications, which can greatly hinder the ability to conduct business as normal.

In order to safeguard against DDoS attacks, small businesses must first recognize they’re potential targets, especially since there has been a recent rise of such assaults on small businesses in the past year.

While the motivation behind such an assault can be difficult to understand, they happen for a wide variety of reasons. Attackers may seek to hold systems hostage in an extortion attempt, or the attack may not be motivated by the prospect of financial gain at all. [Read more…] about Protecting Your Business From DDoS Attacks