TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

What Is Microsoft’s New Security Copilot?

It can be challenging to keep up with the ever-evolving cyber threat landscape. Companies need to process large amounts of data as well as respond to incidents quickly and effectively. Managing an organization’s security posture is complex.

That’s where Microsoft Security Copilot comes in. Microsoft Security Copilot is a generative AI-powered security solution. It provides tailored insights that empower your team to defend your network. It also works with other Microsoft security products.

Microsoft Security Copilot helps security teams:

  • Respond to cyber threats
  • Process signals
  • Assess risk exposure at machine speed

A big benefit is that it integrates with natural language. This means you can ask questions plainly to generate tailored guidance and insights. For example, you can ask:

  • What are the best practices for securing Azure workloads?
  • What is the impact of CVE-2024-23905 on my organization?
  • Generate a report on the latest attack campaign.
  • How do I remediate an incident involving TrickBot malware?
  • Security Copilot can help with end-to-end scenarios such as:
  • Incident response
  • Threat hunting
  • Intelligence gathering
  • Posture management
  • Executive summaries on security investigations

How does Microsoft Security Copilot work?

You can access Microsoft Security Copilot capabilities through a standalone experience as well as embedded experiences available in other Microsoft security products.

Copilot integrates with several tools, including:

  • Microsoft Sentinel
  • Microsoft Defender XDR
  • Microsoft Intune
  • Microsoft Defender Threat Intelligence
  • Microsoft Entra
  • Microsoft Purview
  • Microsoft Defender External Attack Surface Management
  • Microsoft Defender for Cloud

You can also use natural language prompts with Security Copilot.

Should you use Microsoft Security Copilot?

The pros:

  • Advanced threat detection
  • Operational efficiency
  • Integration with Microsoft products
  • Continuous learning
  • Reduced false positives

The considerations:

  • Integration challenges
  • Resource requirements
  • Training and familiarization

The Bottom Line

Microsoft Security Copilot marks a significant advancement in the world of AI-driven cybersecurity solutions. This cutting-edge system boasts an enhanced ability to detect threats in real-time, greatly improving operational efficiency. Additionally, its wide-ranging integration capabilities make it an extremely versatile tool in the cybersecurity arsenal.

These features render Microsoft Security Copilot an especially attractive option for businesses that are intent on strengthening their digital defense mechanisms.

The decision to implement Copilot in your organization should be tailored to your specific business requirements. It’s important to weigh factors such as your current cybersecurity infrastructure, the resources at your disposal, and the level of commitment your organization is willing to make towards ongoing training and adaptation of this sophisticated AI tool.

Be Careful When Scanning QR Codes

QR codes are everywhere these days. You can find them on restaurant menus, flyers, and posters. They’re used both offline and online. QR codes are convenient and easy to use. You just scan them with your smartphone camera. You’re then directed to a link, a coupon, a video, or some other online content.

With the rise in popularity of QR codes comes an unfortunate dark side. Cybercriminals are exploiting this technology for nefarious purposes. Scammers create fake QR codes. They can steal your personal information. They can also infect your device with malware or trick you into paying money.

It’s crucial to exercise caution when scanning QR codes. This emerging scam highlights the potential dangers lurking behind those seemingly innocent squares.

The QR code resurgence

QR codes were originally designed for tracking parts in the automotive industry. They have experienced a renaissance in recent years as a result, and they’re used as a form of marketing today.

They offer the convenience of instant access to information. You simply scan a code. Unfortunately, cybercriminals are quick to adapt. A new phishing scam has emerged, exploiting the trust we place in QR codes.

How the scam works

The scammer prints out a fake QR code. They place it over a legitimate one. For example, they might stick it on a poster that advertises a product discount or a movie.

You come along and scan the fake QR code, thinking it’s legitimate. The fake code may direct you to a phishing website. These sites may ask you to enter sensitive data such as your credit card details, login credentials, or other personal information.

Or scanning the QR code may prompt you to download a malicious app. One that contains malware that can do one or more of the following:

  • Spy on your activity
  • Access your copy/paste history
  • Access your contacts
  • Lock your device until you pay a ransom

The code could also direct you to a payment page. A page that charges you a fee for something supposedly free.

Tactics to watch out for

Malicious codes concealed: Cybercriminals tamper with legitimate QR codes. They often add a fake QR code sticker over a real one. They embed malicious content or redirect users to fraudulent websites.

Fake promotions and contests: Scammers often use QR codes to lure users into fake promotions or contests. When users scan the code, it may direct them to a counterfeit website.

Malware distribution: Some malicious QR codes start downloads of malware onto the user’s device.

Tips for safe QR code scanning

Verify the source: Verify the legitimacy of the code and its source.

Use a QR code scanner app: Use a dedicated QR code scanner app rather than the default camera app on your device.

Inspect the URL before clicking: Before visiting a website prompted by a QR code, review the URL.

Avoid scanning suspicious codes: Trust your instincts. If a QR code looks suspicious, refrain from scanning it.

Update your device and apps: Keep your device’s operating system and QR code scanning apps up to date.

Be wary of websites accessed via QR code

Don’t enter any personal information on a website that you accessed through a QR code. This includes things like your address, credit card details, login information, etc. Don’t pay any money or make any donations through a QR code.

Insights from the 2023 Annual Cybersecurity Attitudes and Behaviors Report

We are living in an era dominated by digital connectivity. As technology advances, so do the threats that lurk in the online world.

Often, it’s our own actions that leave us most at risk of a cyberattack or online scam. Risky behaviors include weak passwords and lax security policies, as well as thinking “This won’t happen to me.” This is why human error is the cause of approximately 88% of data breaches.

The National Cybersecurity Alliance and CybSafe publish a report on cybersecurity attitudes and behaviors. The goal is to educate both people and businesses on how to better secure their digital landscapes.

This year’s study surveyed over 6,000 people across the U.S., Canada, the U.K., Germany, France, and New Zealand. The survey asked about several things including knowledge of cybersecurity risks, security best practices, and challenges faced.

The report reveals some eye-opening insights, including how people perceive and respond to cyber threats as well as what they can do to improve their cybersecurity posture.

We are online… a lot

It’s no surprise that 93% of the study participants are online daily. The logins we create continue to expand, as well as those considered “sensitive.” Sensitive accounts hold personal information that could be harmful if stolen.

Nearly half (47%) of the study’s respondents have ten or more sensitive online accounts. This amplifies risk, especially if people are using the same password for two or more of those accounts.

Online security makes people frustrated

Most people (84%) feel that online security is a priority. But as many as 39% feel frustrated, and nearly the same amount intimidated. It can seem that you just can’t get ahead of the hackers. Just over half of people thought digital security was under their control. That leaves a whole lot that don’t think so.

But that is no reason to let down your defenses and become an easy target. There are best practices you can put in place to safeguard your online accounts that work, including:

  • Enabling multi-factor authentication on your accounts
  • Using an email spam filter to catch phishing emails
  • Adding a DNS filter to block malicious websites
  • Using strong password best practices

People need more access to cybersecurity training

One way to reduce human errors associated with cybersecurity is to train people. The survey found that just 26% of respondents had access to cybersecurity training.

It also broke this down by employment status. We see that those not actively employed are most lacking. Even those employed can use more training access and encouragement. Just 53% report having access to cybersecurity awareness training and using it.

Employers can significantly reduce their risk of falling victim to a data breach by improving their security awareness training.

Cybercrime reporting is increasing

Over a quarter (27%) of survey participants said they had been a victim of cybercrime. The types of cybercrimes reported include:

  • Phishing (47%)
  • Online dating scams (27%)
  • Identity theft (26%)

Millennials reported the most cybercrime incidents. Baby Boomers and the Silent Generation reported the fewest.

No matter where you fall in the generations, it’s important to adopt security best practices and be vigilant about your online security.

How Can A Data Breach Cost Your Company For Years?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

The repercussions of a data breach extend far beyond the immediate aftermath. They often haunt businesses for years.

Only 51% of data breach costs occur within the first year of an incident. The other 49% happen in year two and beyond.

The unseen costs of a data breach

The First American Title Insurance Co. case is a good example.

The 2019 cybersecurity breach at First American serves as a stark illustration. It reminds us of the far-reaching consequences of a data breach. In this case, the New York Department of Financial Services (NYDFS) imposed a $1 million fine.

Cybersecurity sites announced the fine in the fall of 2023. The company’s fine was for failing to safeguard sensitive consumer information. This is one example of how costs can come long after an initial breach.

[Read more…] about How Can A Data Breach Cost Your Company For Years?

Are You Really Ready To Upgrade To Windows 11?

So, you’re thinking about upgrading your business to Windows 11? That’s a smart move because this update comes with some cool features that can boost your productivity.

But here’s the thing, it’s not as simple as clicking a button and SHAZAM, you’re on Windows 11. You need a plan, or you might end up with some messy downtime and confused employees.

Before you get all excited about Windows 11, check which of your current PCs can handle the upgrade. Some older machines might not meet the system requirements, and you don’t want any surprises down the road.

If you need to replace some computers, make sure you budget for that as part of your upgrade plan.

Most of your software that works on Windows 10 should play nice with Windows 11, but don’t take that for granted.

Look at all the software your business relies on to make sure it won’t freak out with the new operating system (OS). Some software might need updates to get along with Windows 11, so keep an eye on that too.

Whenever you’re making a big change that affects your team, you’ve got to have a plan. It’s your roadmap to success. So, what should your upgrade plan include?

  • Clear and honest communication with your team about the upgrade
  • Training sessions to show your employees the ropes of the new OS
  • Help for your managers to guide their teams
  • A timeline for when the upgrade will happen, and all the communication and training that goes with it
  • A plan to handle any bumps in the road and any resistance you might encounter
  • A resource to help your team with any questions or issues they have after the upgrade

Alternatively, team up with an IT support partner (like Tech Experts) to make sure everything goes smoothly and to take the weight off your shoulders!

Don’t go solo on this one; it’s best to have IT pros in your corner. If something goes wrong during the upgrade and you’ve done it yourself, it might take a lot longer to get things back on track. Let experts like our team handle it. We know what we’re doing.

Upgrading to Windows 11 can supercharge your business, but only if you plan.

If you’d like help to make the change as smooth as can be, get in touch.

Unlocking Business Potential With Generative AI: A Guide For Non-Technical Business Owners

In an age where technology continually reshapes the landscape of how we do business, staying informed and adaptable is key. As a non-technical business owner, you might have heard about the buzz surrounding generative AI, but what exactly is it, and more importantly, how can it benefit your small business? This article breaks down the essentials of generative AI and provides practical ways to integrate this innovative technology into your business strategy.

Understanding generative AI

Generative AI refers to artificial intelligence that can generate new content, from written text to images, and even music. This technology, powered by sophisticated algorithms, learns from existing data to create original, realistic outputs. The most common examples you might have come across include chatbots, image generators, and content creation tools.

Enhance customer service with AI chatbots

One of the most immediate applications of generative AI for small businesses is through AI chatbots. These virtual assistants can handle customer inquiries, provide product recommendations, and offer support 24/7. This not only improves customer satisfaction but also frees up your staff to focus on more complex tasks. Tools like OpenAI’s GPT-3 have made creating these chatbots more accessible than ever.

AI-generated content boosts online presence

Creating engaging content consistently can be a daunting task for many business owners. Generative AI comes to the rescue by assisting in generating blog posts, social media updates, and even marketing copy. Tools like Jasper or Writesonic can help you craft compelling content that resonates with your audience, saving you time and resources.

Personalizing customer experiences

Personalization is a key differentiator in today’s market. Generative AI can analyze customer data to create personalized recommendations, tailored emails, and targeted advertising campaigns. This level of personalization can significantly enhance customer engagement and loyalty.

Streamlining operations with automated processes

Generative AI can also play a pivotal role in streamlining business operations. For instance, AI can automate invoice generation, schedule appointments, and even manage inventory. This not only increases efficiency but also reduces the likelihood of human error.

Exploring creative possibilities with AI generated designs

For businesses that rely on creative outputs like graphics, marketing materials, or product designs, generative AI offers a world of possibilities. Tools like DALL-E or Canva’s Magic Write can generate high-quality images and designs based on your specifications, providing a cost-effective alternative to hiring designers.

Understanding the limitations and ethical considerations

While generative AI offers numerous advantages, it’s important to be aware of its limitations and ethical implications. AI-generated content may require human oversight to ensure accuracy and relevance. Additionally, issues around data privacy and intellectual property rights in AI-generated content are important to consider and navigate carefully.

Generative AI is not a distant, high-tech dream but a tangible tool that small businesses can leverage today to drive growth, enhance efficiency, and create engaging customer experiences. By understanding and integrating this technology into various aspects of your business, you can stay ahead in a competitive market.

As you explore generative AI options, remember that the key is to use these tools as a complement to human creativity and expertise, not a replacement. Embracing AI smartly can unlock new horizons for your business and pave the way for future innovations.

Start small and experiment with AI tools relevant to your business needs. Whether it’s enhancing customer service, content creation, or operational efficiency, the journey into the world of generative AI promises to be both exciting and rewarding for forward-thinking business owners.

 

Reader’s Note: This article was written entirely by AI using the prompt “write a newsletter geared toward non-technical business owners about how to use generative AI in their small businesses.” This is a technology that goes beyond automation and the AI we used to know. It can create, content, solutions, and possibilities before unimaginable. The landscape of small business marketing is evolving rapidly. The integration of AI technologies is reshaping strategies for growth. Small businesses are turning to GenAI to enhance their marketing efforts. Despite how useful AI can be, it isn’t a replacement for human review, tweaking and approvals.

Online Security: Addressing The Dangers Of Browser Extensions

Browser extensions have become as common as mobile apps. People tend to download many and use few. There are over 176,000 browser extensions available on Google Chrome alone. These extensions offer users extra functionalities and customization options.

While browser extensions enhance the browsing experience, they also pose a danger. Which can mean significant risks to online security and privacy.

The allure and perils of browser extensions

Browser extensions are often hailed for their convenience and versatility. They are modules that users can add to their web browsers. They extend functionality and add customizable elements.

From ad blockers and password managers to productivity tools, the variety is vast. But the ease with which users can install these extensions is a weakness. Because it also introduces inherent security risks.

Key risks posed by browser extensions

Many browser extensions request broad permissions. If abused, they can compromise user privacy. Some of these include accessing browsing history and monitoring keystrokes. Certain extensions may overstep their intended functionality. This can lead to the unauthorized collection of sensitive information.

Users often grant permissions without thoroughly reviewing them. This causes them to unintentionally expose personal data to potential misuse.

There are many extensions developed with genuine intentions. But some extensions harbor malicious code. This code can exploit users for financial gain or other malicious purposes. These rogue extensions may inject unwanted ads. As well as track user activities or even deliver malware.

These extensions often use deceptive practices. They make it challenging for users to distinguish between legitimate and malicious software.

Extensions that are no longer maintained or updated pose a significant security risk. Outdated extensions may have unresolved vulnerabilities. Hackers can exploit them to gain access to a user’s browser. As well as potentially compromising their entire system. Without regular updates and security patches, these extensions become a liability.

Some malicious extensions engage in phishing attacks. As well as social engineering tactics. These attacks can trick users into divulging sensitive information.

This can include creating fake login pages or mimicking popular websites. These tactics lead unsuspecting users to unknowingly provide data. Sensitive data, like usernames, passwords, or other confidential details.

Best practices for browser extension security

Download extensions only from official browser marketplaces. Such as those connected with the browser developer (Google, Microsoft, etc.). These platforms have stringent security measures in place. This reduces the likelihood of encountering malicious software.

Before installing any extension, carefully review the permissions it requests. Be cautious if an extension seeks access to unusual data. Such as data that seems unrelated to its core functionality. Limit permissions to only what is essential for the extension’s intended purpose.

Regularly update your browser extensions. This ensures you have the latest security patches. Developers release updates to address vulnerabilities and enhance security. If an extension is no longer receiving updates, consider finding an alternative.

It’s tempting to install several extensions for various functionalities. But each added extension increases the potential attack surface. Only install extensions that are genuinely needed. Regularly review and uninstall those that are no longer in use.

Use reputable antivirus and anti-malware software. This adds an extra layer of protection against malicious extensions. These tools can detect and remove threats that may bypass browser security.

Stay informed about the potential risks associated with browser extensions. Understand the permissions you grant. Be aware of the types of threats that can arise from malicious software. Education is a powerful tool in mitigating security risks.

Don’t stay in the dark about your defenses. We can assess your cybersecurity measures and provide proactive steps for better protection. Give us a call today to schedule a chat.

Unlocking The Power Of Encryption For Your Small Business: Safeguard Your Digital Assets

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Keeping sensitive business data safe is a top priority. When you’re managing a team of employees that use PCs, phones, and tablets, the importance of encryption can’t be stressed enough.

Encryption is a secret code for your digital information. It scrambles your data into an unreadable format, and only someone with the right “key” can unscramble and access it. Think of it as a lock and key system for your digital assets, ensuring that even if someone gains unauthorized access to your devices or data, they can’t make head nor tail of it without the key.

Your business likely stores tons of sensitive information, from financial records to customer data. Encryption ensures that even if a device is lost or stolen, your data remains safe and confidential.

And there are loads of other benefits too. Lots of industries have strict regulations regarding data security and privacy (think HIPAA). Encryption helps you stay compliant, avoiding expensive fines and legal troubles. [Read more…] about Unlocking The Power Of Encryption For Your Small Business: Safeguard Your Digital Assets

Notifications: Striking A Balance At Work And Home

Notifications have become a part of our daily lives. Whether it’s the ping of a new email, a message from a colleague on Teams, or a meeting reminder on your calendar, these little nudges constantly battle for our attention.

But are we reaching a tipping point with notifications?

According to recent research, the answer might be a big “YES”. The study revealed that the ping, ping, ping of notifications from collaboration tools is not only a distraction at work but is also taking a toll on our precious work-life balance.

So, why are notifications becoming a nuisance, and what can we do about it?

We’re living in the era of collaboration tools. From video conferencing to project management platforms, we rely on these tools to stay connected and productive.

But… the more tools we use, the more notifications flood our screens. During the traditional 9-5, the constant barrage of notifications can derail focus and productivity.

But what’s annoying is when notifications creep into our downtime. One in three workers report that notifications outside of working hours have spiked over the past year.

As a society, we’ve created a situation where notifications disrupt our relaxation and family time.

A third of young workers aged 21-34 struggle to fully enjoy time with loved ones due to work notifications. And that may put you at risk of losing your best people.

Here’s our three step take on tackling the notifications dilemma:

First, set clear boundaries. Make it understood that messages should be replied to within working hours. Practice what you preach by not sending messages outside of your own working hours (schedule-send where possible).

Second, reduce tool overload. Evaluate the collaboration tools you use. Streamline where possible.

Third, empower your employees. Teach them to use do not disturb, and how to mute non-urgent notifications.

While technology has revolutionized the way we work, it shouldn’t come at the cost of our wellbeing and personal time. If we can help you and your team strike a better balance, get in touch.

Top Data Breaches Of 2023: Numbers Hit An All-time High

The battle against cyber threats is an ongoing challenge. Unfortunately, 2023 has proven to be a watershed year for data breaches. Data compromises surged to an all-time high in the U.S.

The last data breach record was set in 2021. That year, 1,862 organizations reported data compromises. Through September of 2023, that number was already over 2,100.

In Q3 of 2023, the top data breaches were:

• HCA Healthcare
• Maximus
• The Freecycle Network
• IBM Consulting
• CareSource
• Duolingo
• Tampa General Hospital
• PH Tech

Let’s look at the main drivers of this increase.

The size of the surge

Data breaches in 2023 have reached unprecedented levels. The scale and frequency of these incidents emphasize the evolving sophistication of cyber threats as well as the challenges organizations face in safeguarding their digital assets.

Healthcare sector under siege

Healthcare organizations are the custodians of highly sensitive patient information. As a result, they’ve become prime targets for cybercriminals and hackers looking to exploit personal information.

Ransomware reigns supreme

Ransomware attacks continue to dominate the cybersecurity landscape. The sophistication of this threat has increased.

Supply chain vulnerabilities exposed

Modern business ecosystems have an interconnected nature. This has made supply chains a focal point for cyberattacks. The compromise of a single entity within the supply chain can have cascading effects.

Emergence of insider threats

The rise of insider threats is adding a layer of complexity to cybersecurity. Organizations must distinguish between legitimate user activities and potential insider threats.

IoT devices as entry points

The proliferation of Internet of Things (IoT) devices has expanded the attack surface. There’s been an uptick in data breaches originating from compromised IoT devices.

Critical infrastructure in the crosshairs

Critical infrastructure has emerged as a prime target for malicious actors seeking to wreak havoc and sow chaos. From power grids and transportation systems to financial institutions and healthcare facilities, the vital systems that underpin modern society have found themselves squarely in the crosshairs of cyber attackers.

The role of nation-state actors

Nation-state actors are entities sponsored or supported by governments to engage in cyber activities, including espionage, sabotage, and other malicious actions, often for political, economic, or strategic purposes.

These actors operate with the resources, capabilities, and backing of a nation-state, allowing them to conduct highly sophisticated and coordinated cyber campaigns.

Nation-state actors are increasingly playing a role in sophisticated cyber campaigns. They use advanced techniques to compromise sensitive data and disrupt operations.

The need for a paradigm shift in cybersecurity

The surge in data breaches underscores the need to rethink cybersecurity strategies.

Collaboration and information sharing

Collaboration among organizations and information sharing within the cybersecurity community are critical. Threat intelligence sharing enables a collective defense against common adversaries.