TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Thinking Of Moving Offices Or Going 100% Remote?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Has hybrid and remote working left you and your team rattling around an office that’s too big?

If you’re now in the position of overspending on rent, utilities and cleaning, you might be thinking about downsizing to another location – or even abandoning the office completely.

That’s something that will take some planning if you want a smooth transition with minimal, expensive downtime.

Moves are always stressful, and relocating your IT systems takes a bit more thought than manhandling a desk up the stairs.

So here are our top three suggestions to make it easier to shift your IT setup to a new location.

[Read more…] about Thinking Of Moving Offices Or Going 100% Remote?

Is It Time To Ditch The Passwords For More Secure Passkeys?

Passwords are the most used method of authentication, but they are also one of the weakest.

Passwords are often easy to guess or steal. Also, many people use the same password across several accounts. This makes them vulnerable to cyber-attacks.

The sheer volume of passwords that people need to remember is large. This leads to habits that make it easier for criminals to breach passwords. Such as creating weak passwords and storing passwords in a non-secure way.

61% of all data breaches involve stolen or hacked login credentials.

In recent years a better solution has emerged – passkeys. Passkeys are more secure than passwords. They also provide a more convenient way of logging into your accounts.

Passkeys work by generating a unique code for each login attempt. This code is then validated by the server. This code is created using a combination of information about the user and the device they are using to log in.

You can think of passkeys as a digital credential. A passkey allows someone to authenticate in a web service or a cloud-based account. There is no need to enter a username and password.

This authentication technology leverages Web Authentication (WebAuthn). This is a core component of FIDO2, an authentication protocol. Instead of using a unique password, it uses public-key cryptography for user verification.

The user’s device stores the authentication key. This can be a computer, mobile device, or security key device. It is then used by sites that have passkeys enabled to log the user in.

More secure

One advantage of passkeys is that they are more secure than passwords.

Passkeys are more difficult to hack. This is true especially if the key generates from a combination of biometric and device data.

Biometric data can include things like facial recognition or fingerprint scans. Device information can include things like the device’s MAC address or location.

This makes it much harder for hackers to gain access to your accounts.

More convenient

Another advantage of passkeys over passwords is that they are more convenient. With password authentication, users often must remember many complex passwords. This can be difficult and time-consuming.

Forgetting passwords is common and doing a reset can slow an employee down. Each time a person has to reset their password, it takes an average of three minutes and 46 seconds.

Passkeys erase this problem by providing a single code. You can use that same code across all your accounts. This makes it much easier to log in to your accounts. It also reduces the likelihood of forgetting or misplacing your password, or worse, writing it down.

Phishing resistant

Credential phishing scams are prevalent. Scammers send emails that tell a user something is wrong with their account.

They click on a link that takes them to a disguised login page created to steal their username and password.

When a user is authenticating with a passkey instead, this won’t work on them. Even if a hacker had a user’s password, it wouldn’t matter. They would need the device passkey authentication to breach the account.

What Is Push Bombing And How Can You Prevent It?

In the fast-paced digital landscape, businesses both big and small face a multitude of challenges. One such emerging threat that has garnered significant attention is “push bombing.”

This practice involves bombarding a company’s push notification system with fraudulent or malicious requests, causing disruptions, overwhelming server capacities, and undermining user experiences.

Small companies, in particular, are vulnerable to the detrimental effects of push bombing as they often lack the resources and expertise to swiftly counteract such attacks.

Understanding push bombing

Push bombing refers to the deliberate act of flooding a company’s push notification system with an excessive number of requests, typically generated by automated scripts or bots.

These requests are intended to exhaust server resources, disrupt normal operations, and degrade the performance of legitimate notifications.

Push bombing can lead to a series of detrimental consequences for targeted businesses, including increased server costs, diminished user experience, loss of customer trust, and even reputational damage.

Small companies often face a unique set of challenges when dealing with push bombing attacks.

Limited budgets, scarce technological resources, and a lack of dedicated security personnel make it difficult for these businesses to respond effectively. Unlike larger enterprises, small companies may not have the financial means to invest in robust security systems or hire specialized personnel to address such threats.

Consequently, they become attractive targets for push bombing perpetrators seeking vulnerabilities to exploit.

Preventive measures for small businesses

While it may be challenging for small companies to completely eradicate the risk of push bombing, there are several key, low-cost preventive measures they can take to minimize the impact of such attacks:

Implement rate limiting: By setting thresholds for the number of push notifications allowed per second, small companies can regulate the flow of requests and prevent overwhelming their systems.

Rate limiting helps distinguish legitimate user requests from automated ones and ensures a more balanced distribution of server resources.

CAPTCHA implementation: Employing CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart) in push notification sign-up forms can effectively deter automated bots from inundating the system with fake requests.

CAPTCHAs require users to complete a challenge, thus confirming their human presence and preventing malicious activities.

Monitor traffic patterns: Vigilant monitoring of network traffic can help small companies identify abnormal patterns indicative of a push bombing attack.
Employing security tools that provide real-time alerts and anomaly detection capabilities can enable proactive response and mitigation.

Two-factor authentication (2FA): Implementing 2FA for push notification subscriptions can add an extra layer of security. By requiring users to verify their identities through a secondary authentication method, such as SMS codes or email confirmations, small companies can significantly reduce the risk of unauthorized subscriptions by bots.

Collaborate with security experts: Small companies can benefit from partnering with reputable cybersecurity firms or consultants.

These experts can assist in conducting security assessments, implementing protective measures, and providing guidance on responding to push bombing attacks, thus augmenting the company’s overall security posture.

As digital threats continue to evolve, it is crucial for small companies to remain proactive in safeguarding their push notification systems against push bombing attacks.

By implementing preventative measures such as rate limiting, CAPTCHAs, traffic monitoring, 2FA, and seeking professional guidance, small businesses can fortify their defenses and mitigate the risks associated with push bombing.

As technology advances, it is essential for companies of all sizes to prioritize cybersecurity to maintain the trust and confidence of their customers, ensuring smooth operations and sustained growth in an increasingly digital world.

The Transformative Power Of Cloud Computing For Small Businesses

Small companies face numerous challenges, including limited resources, budget constraints, and the need to stay technologically relevant. Thankfully, advancements in technology have leveled the playing field, empowering small businesses with tools and solutions that were once only accessible to larger enterprises.

One such technology that has revolutionized the way businesses operate is cloud computing.

Cost savings

Traditional on-premises IT infrastructure can be expensive for small businesses, requiring significant upfront investments in hardware, software licenses, and maintenance.

Cloud computing offers a more cost-effective alternative. With cloud services, small businesses can leverage scalable resources and pay only for what they use, eliminating the need for infrastructure investments.

Collaboration and remote work

The ability to collaborate effectively is essential for small businesses to thrive.

Cloud computing facilitates seamless collaboration by providing a centralized platform accessible to employees from anywhere with an internet connection.

Cloud-based tools such as project management systems, document sharing platforms, and real-time communication apps enable teams to work together efficiently, regardless of their physical location.

This capability is especially valuable for small businesses with remote workers or distributed teams, fostering productivity and efficiency.

Data security

Protecting sensitive business data is a critical priority. Cloud computing offers robust security measures, including data encryption, regular backups, and advanced authentication protocols.

Storing data in the cloud reduces the risk of data loss due to hardware failures, theft, or natural disasters.

Cloud service providers typically have dedicated security teams and advanced threat detection systems, ensuring a higher level of data security than many small businesses can achieve on their own.

Flexibility and accessibility

Cloud computing provides small businesses with unparalleled flexibility and accessibility. Employees can access critical business applications and data from any device with an internet connection, enabling remote work and enhancing productivity. This flexibility also extends to the ability to quickly scale resources up or down based on business needs.

Cloud-based services also ensure that software and applications are regularly updated, eliminating the burden of manual updates and ensuring access to the latest features and security enhancements.

Competitive advantage

Adopting cloud technology can provide small businesses with a significant competitive advantage.

It allows smaller companies to access enterprise-level tools, applications, and infrastructure that were once exclusive to larger organizations.

This leveling of the playing field enables small businesses to innovate, streamline operations, and deliver enhanced customer experiences.

Cloud computing has emerged as a transformative technology for small businesses, offering a wide array of benefits, including scalability, cost efficiency, enhanced collaboration, data security, and improved flexibility.

By embracing cloud services, small businesses can leverage the power of advanced IT infrastructure without the burdensome costs and complexities associated with traditional on-premises solutions.

The cloud empowers small businesses to compete effectively, drive innovation, and achieve growth in an increasingly digital and interconnected world.

A Four-Day Week Doesn’t Mean Four-Day Security

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Are you one of the many companies around the world that’s looking at a four-day working week? Perhaps you’ve already made the leap.

Or, do you find that your team takes more time off during the summer months?

For lots of businesses, it’s never going to work. But those that have tried it have generally found it to be hugely positive. It improves your employees’ experience, making them more loyal, engaged, and productive.

It can help to attract and retain better talent, while improving your brand reputation. And let’s not ignore the cost savings of shutting down the office for an extra day.

But it has to be done right. Forcing people to cram the same amount of work into fewer hours could be a recipe for burnout and exhaustion.

That can lead to corners being cut, which in turn could lead to a cyber security disaster. Even if processes aren’t being intentionally skipped, human error due to a lapse in concentration becomes inevitable. [Read more…] about A Four-Day Week Doesn’t Mean Four-Day Security

What Is App Fatigue And Why Is It A Security Issue?

The number of apps and web tools that employees use on a regular basis continues to increase. Most departments have about 40-60 different digital tools that they use. 71% of employees feel they use so many apps that it makes work more complex.

Many of the apps that we use every day have various alerts. We get a “ping” when someone mentions our name on a Teams channel. We get a notification popup that an update is available. We get an alert of errors or security issues.

App fatigue is a very real thing and it’s becoming a cybersecurity problem. The more people get overwhelmed by notifications, the more likely they are to ignore them.
Just think about the various digital alerts that you get.

They come in:

  • Software apps on your computer
  • Web-based SaaS tools
  • Websites where you’ve allowed alerts
  • Mobile apps and tools
  • Email banners
  • Text messages
  • Team communication tools such as Slack or Teams

Some employees are getting the same notification on two different devices. This just adds to the problem.

This leads to many issues that impact productivity and cybersecurity. Besides alert bombardment, every time the boss introduces a new app, that means a new password.

Estimates are that the average employees is already juggling about 191 passwords. They use at least 154 of them sometime during the month.

How Does App Fatigue Put Companies at Risk?

Employees Begin Ignoring Updates

When digital alerts interrupt your work, you can feel like you’re always behind. This leads to ignoring small tasks seen as not time-sensitive. Tasks like clicking to install an app update.

Employees overwhelmed with too many app alerts tend to ignore them. When updates come up, they may quickly click them away. They feel they can’t spare the time right now and aren’t sure how long it will take.

Ignoring app updates on a device is dangerous. Many of those updates include important security patches for found vulnerabilities.

When they’re not installed, the device and its network are at a higher risk. It becomes easier to suffer a successful cyberattack.

Employees Reuse Passwords (and They’re Often Weak)

Another security casualty of app fatigue is password security.

The more SaaS accounts someone must create, the more likely they are to reuse passwords. It’s estimated that passwords are typically reused 64% of the time.

Credential breach is a key driver of cloud data breaches. Hackers can easily crack weak passwords. The same password used several times leaves many accounts at risk.

Employees May Turn Off Alerts

Some alerts are okay to turn off. For example, do you really need to know every time someone responds to a group thread?

But, turning off important security alerts is not good.

There comes a breaking point when one more push notification can push someone over the edge.

What’s the Answer to App Fatigue?

It’s not realistic to just go backward in time before all these apps were around.

But you can put a strategy in place that puts people in charge of their tech, and not the other way around.

  • Streamline your business applications
  • Have your IT team set up notifications
  • Automate application updates
  • Open a two-way communication about alerts

Don’t Forget Your Phone’s Security Settings

It’s common for people to rely on their personal phones to keep in touch at work.

That’s not always the best idea, and there are lots of good reasons to provide company phones to your team (would you want to own the number and block access to sensitive data if somebody left?)

But whoever owns the device, you need to make security your top priority. Cyber criminals know how much valuable information lives on our mobiles, and they’re making phones a target.

If you don’t already have a mobile security and management strategy in place, it’s time you did. Here are our top 5 ways to keep phones secure:

Set minimum upgrade requirements

Cyber crooks and device manufacturers both work in three-year cycles. That means that, as threats evolve, so do the protections that address them. Upgrade devices to follow this cycle, and even if you’re using BYOD (bring your own device), enforce this rule if employees want to use their personal phone for work.

Implement mobile device management

MDM allows you to track the location of devices, lock/wipe their data remotely, and can help you access remote support for any issues. That means your data stays safe, even in cases of a lost or stolen phone. You can also create a list of apps that are to be blocked for security reasons.

Set up MFA (Multi-Factor Authentication)

Make sure all devices have biometric locks requiring facial or fingerprint ID to open them, and that all apps require MFA to log in. Only allow employees access to the software and files they need for their job.

Always update everything

Like all your devices, phones need to have the latest updates installed as soon as they become available.

If you have MDM in place, it’s possible to schedule updates across the entire team at the same time – ask us for more info.

Regular awareness training

You should hold regular cyber security training for your team that includes mobile devices. Your people are your weakest link when it comes to security. Keeping them up to speed on security risks can improve compliance.

It’s easy to overlook mobile devices when it comes to keeping your data secure, but it’s a vital step in protecting yourself against cyber attacks.

These Everyday Objects Can Lead To Identity Theft

You wouldn’t think a child’s toy could lead to a breach of your personal data. But this happens all the time.

What about your trash can sitting outside? Is it a treasure trove for an identity thief?

Many everyday objects can lead to identity theft.

Old smart phones

Our smartphones and tablets have become extensions of ourselves, storing a vast amount of personal information. If lost, stolen, or compromised, these devices can provide unauthorized access to sensitive data, including emails, contacts, financial apps, and social media accounts.

Make sure you clean any old phones by erasing all data or destroying the device.

Wireless printers

Protect wireless printers by ensuring you keep their firmware updated. You should also turn it off when you don’t need it.

Trash can

Identity theft criminals aren’t only online. They can also be trolling the neighborhood on trash day. Discarded items in your trash can reveal personal information that identity thieves can exploit. Dumpster diving is a common tactic used to extract valuable data, such as bank statements, credit card receipts, or pre-approved credit offers.

Always shred or destroy any documents before disposing of them, even those that may not seem sensitive at first glance.

It’s also wise to invest in a cross-cut shredder, which provides better protection compared to strip-cut shredders.

USB sticks

You should never plug a USB device of unknown origin into your computer. This is an old trick in the hacker’s book. They plant malware on these sticks and then leave them around as bait.

Old hard drives

When you are disposing of an old computer or old removable drive, make sure it’s clean. Just deleting your files isn’t enough. It’s best to get help from an IT professional to properly destroy your old computer hard drive.

We have a special drive crushing tool at Tech Experts – just let us know if you need some drives recycled.

Physical documents

Physical documents, such as bank statements, bills, medical records, and tax documents, contain a wealth of personal information. Disposing of them carelessly or leaving them unattended can be an open invitation to identity thieves.

Always shred sensitive documents before discarding them, especially those containing financial or personally identifiable information. Furthermore, consider digitizing important documents and securely storing them on encrypted devices or cloud platforms with strong authentication measures.

Children’s IoT devices

You should be wary of any new internet-connected kids’ devices you bring into your home. Install all firmware updates and do your homework.

ATMs

This is called skimming. Malicious actors can use hidden devices on ATMs or card readers to steal your card information during transactions.

Identity theft can have devastating consequences, impacting both your personal and financial well-being.

Safeguarding physical documents, securing mail, keeping wallets and purses safe, protecting mobile devices, and properly disposing of personal trash are essential steps in minimizing the risk of identity theft. Remember, vigilance and informed decision-making are key.

Data Backup Alone Is No Longer Enough

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Small businesses are increasingly relying on digital data to manage their operations. From financial records to customer information, digital data is the lifeblood of small businesses in today’s digital age. However, with the growing amount of data comes the need for increased data protection measures.

Backups are essential for protecting data in the event of a system failure or other unexpected event. But it’s important to understand that backups alone are not enough to ensure the safety and security of your business’s data. In addition to backups, businesses need to implement data protection measures to prevent data breaches, cyber attacks, and other forms of data loss.

Here are a few reasons why data protection is essential for small businesses: [Read more…] about Data Backup Alone Is No Longer Enough

Protecting Your Small Business: IT Security Tips

Small businesses are increasingly reliant on technology to manage their operations. From storing customer data to conducting financial transactions, businesses of all sizes rely on information technology (IT) to keep their operations running smoothly.

However, this reliance on technology also makes small businesses vulnerable to cyber attacks and data breaches. In this article, we’ll discuss some key IT security tips that small business owners can use to protect their companies from cyber threats.

Keep software up-to-date

One of the simplest ways to improve IT security is to ensure that all software is kept up-to-date. Software updates often include security patches that address vulnerabilities and other issues that could be exploited by cybercriminals. By keeping software up-to-date, you can help to reduce the risk of cyber attacks and protect your company’s data.

Use strong passwords

Passwords are the first line of defense against unauthorized access to your business’s digital assets. It’s important to use strong passwords that are difficult to guess or crack.

Passwords should be at least twelve to 16 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. To help remember passwords, consider using a password manager, which can generate and store strong passwords for you.

Limit access to sensitive data

Not all employees need access to all data. Limiting access to sensitive data can help to reduce the risk of data breaches.

Consider implementing a least privilege access model, where employees only have access to the data they need to perform their jobs. Additionally, consider implementing two-factor authentication, which requires a second form of identification beyond a password to access sensitive data.

Train employees on IT security best practices

Human error is a leading cause of cyber attacks and data breaches. Employees who are unaware of IT security best practices can inadvertently put your business at risk.

It’s important to train employees on IT security best practices, such as how to identify phishing scams, how to create strong passwords, and how to safely use company devices.

Implement a firewall

A firewall is a network security system that monitors and controls incoming and outgoing network traffic. Firewalls can help to prevent unauthorized access to your company’s network and data. Consider implementing a firewall to help protect your business from cyber threats.

Back up data regularly

Data backups are essential for protecting your business’s data in the event of a cyber attack or hardware failure.

Backups should be performed regularly and stored securely, preferably off-site or in the cloud. This can help to ensure that your business can quickly recover from a cyber attack or other data loss event.

Consider cyber insurance

Cyber insurance can help to protect your business in the event of a data breach or cyber attack. Cyber insurance policies can help to cover the costs associated with data recovery, legal fees, and other expenses related to cyber attacks. Consider consulting with an insurance professional to determine if cyber insurance is right for your business.

IT security is a critical component of small business operations. By implementing these IT security tips, you can help to protect your business from cyber threats and data breaches.

Protecting your business’s data is an ongoing process that requires vigilance and attention to detail. By staying up-to-date on IT security best practices and implementing robust security measures, you can help to ensure the long-term success of your small business.

If you have any questions about IT security or would like to discuss your business’s IT security needs, please don’t hesitate to contact us.