TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Which Form Of MFA Is The Most Secure?

Credential theft is now at an all-time high and is responsible for more data breaches than any other type of attack.

With data and business processes now largely cloud-based, a user’s password is the quickest and easiest way to conduct many different types of dangerous activities.

One of the best ways to protect your online accounts, data, and business operations is with multifactor authentication (MFA).

It provides a significant barrier to cybercriminals even if they have a legitimate user credential to log in.

This is because they most likely will not have access to the device that receives the MFA code required to complete the authentication process.

What Are the Three Main Methods of MFA?

When you implement multi-factor authentication at your business, it’s important to compare the three main methods of MFA and not just assume all methods are the same.

There are key differences that make some more secure than others and some more convenient. Let’s take a look at what these three methods are:

SMS-based

The form of MFA that people are most familiar with is SMS-based.

This one uses text messaging to authenticate the user.

The user will typically enter their mobile number when setting up MFA. Then, whenever they log into their account, they will receive a text message with a time-sensitive code that must be entered.

On-Device Prompt In An App

Another type of multi-factor authentication will use a special app to push through the code. The user still generates the MFA code at log in, but rather than receiving the code via SMS, it’s received through the app.

This is usually done via a push notification, and it can be used with a mobile app or desktop app in many cases.

Security Key

The third key method of MFA involves using a separate security key that you can insert into a PC or mobile device to authenticate the login.

The key itself is purchased at the time the MFA solution is set up and will be the thing that receives the authentication code and implements it automatically.

The MFA security key is typically smaller than a traditional thumb drive and must be carried by the user to authenticate when they log into a system.

Now, let’s look at the differences between these three methods.

Most Convenient Form of MFA?

The most convenient form of MFA would be the SMS-based MFA. Most people are already used to getting text messages on their phones so there is no new interface to learn and no app to install.

The SMS-based is actually the least secure because there is malware out there now that can clone a SIM card, which would allow a hacker to get those MFA text messages.

Most Secure Form of MFA?

If your company handles sensitive data in a cloud platform then it may be in your best interest to go for better security.

The most secure form of MFA is the security key. The security key, being a separate device altogether, won’t leave your accounts unprotected in the event of a mobile phone being lost or stolen. Both the SMS-based and app-based versions would leave your accounts at risk in this scenario.

Are Two Monitors Really More Productive Than One?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

When you see those people with two monitors, you may assume they do some specialized work that requires all that screen space or they just really like technology.

But having the additional display real estate that a second screen provides can benefit anyone, even if you’re doing accounting or document work all day.

According to a study by software developer Mavenlink, 73% of surveyed businesses say they spend over an hour per day on average just switching between different apps.

Jon Peddie Research looked at the benefit of using two screens over several years. It found that, overall, employees in all types of jobs can improve productivity by an average of 42%. The company’s namesake put it simply by saying, “The more you can see, the more you can do.”

So, what are the advantages of adding a second screen? [Read more…] about Are Two Monitors Really More Productive Than One?

The Way We Use Passwords Is Finally Changing

Passwords are a problem that companies are always trying to fix, but they are still essential for accessing pretty much anything online. And even now people aren’t changing them after a breach and then still use the same password to access multiple sites.

Reused passwords are a potential security problem because if a password has been compromised once, then hackers can use it to access other accounts if it’s been used as the sign-in for another site.

Truth be told, passwords are annoying for most people. If you look at the best practice password advice, it’s creating work for everyone:

  • Generate long random character passwords rather than using everyday words that can be guessed by cyber criminals’ automated software
  • Use a different password for every single application
  • Never write passwords down or share with a colleague

This is why we tell our clients to use a password manager. It’s a safe way to generate highly secure passwords, store them, and fill in login boxes so you don’t have to.

Recently we’ve heard that tech giants Microsoft, Apple and Google have joined forces to kill off the password and introduce its replacement.

That’s called a passkey.

It’s very simple. To login to something, you’ll use your phone to prove it’s really you.

Your computer will use Bluetooth to verify you’re sat nearby. Because Bluetooth only works a short distance, this should stop many phishing scams.

Then it’ll send a verification message to your phone. You’ll unlock your phone in the usual way, with your face, fingerprint, or PIN.

And that’s it. You’re logged in.

We could see this new no-password login being introduced to some of the world’s biggest websites and applications over the coming year. Exciting!

You’ve Got Questions… We’ve Got Answers!

I think I’ve clicked an unsafe link. What should I do?

The faster you act, the less damage or data loss you’ll suffer. Get in touch with your IT support partner immediately. It’s always a good idea to have a response and recovery strategy in place for when this happens.

My external drive isn’t showing up when connected.

First, make sure it’s powered up! Then try it in a different USB port, and then a different device. This will let you know if it’s the drive or your device that’s the issue. You may need to manually enable it in Windows.

What’s the best antivirus software for my business?

Not all antivirus software is equal, and the best solution for your business may be completely different than it would be for the company next door. It depends on your infrastructure. We’d love to help with a recommendation, so get in touch.

How can I make my display more organized?

Consider adding a second monitor. Not only will this allow you to better organize your apps and windows, but it will also give you more workspace.

Can my phone be hacked?

Yes! As well as the risk of phishing and smishing (that’s phishing via text message), you also put your data at risk by connecting to public Wi-Fi. Fake apps can be an issue.

How do I know if my Teams app is up to date?

Just click on the three dots next to your profile picture and select ‘Check for Updates’ from the menu. If you’re using Windows 11, you’ll need to check under settings -> about Teams.

Signs That Your Computer May Be Infected With Malware

Approximately 34% of businesses take a week or longer to regain access to their data and systems once hit with a malware attack.

Malware is an umbrella term that encompasses many different types of malicious code. It can include viruses, ransomware, spyware, trojans, adware, key loggers, and more.

The longer that malware sits on your system unchecked, the more damage it can do. Most forms of malware have a directive built in to spread to as many systems as possible. So, if not caught and removed right away, one computer could end up infecting 10 more on the same network in no time.

Early detection is key so you can disconnect an infected device from your network and have it properly cleaned by a professional.

Keep an eye out for these key warning signs of malware infection so you can jump into action and reduce your risk.

Strange pop-ups on your desktop

Some forms of malware can take on the disguise of being an antivirus app or warranty notice that pops up on your screen.

Hackers try to mimic things that users may have seen from a legitimate program, so they’ll be more apt to click without thinking.

If you begin to see a strange “renew your antivirus” subscription alert or a warranty renewal that doesn’t quite make sense, these could be signs that your PC has been infected with adware or another type of malware.

New sluggish behavior

Computers can become sluggish for a number of reasons, including having too many browser tabs open at once or running a memory-intensive program. But you’ll typically know your computer and the types of things that slow it down.

If you notice new sluggish behavior that is out of the ordinary, this could be an infection. One example would be if you don’t have any programs open except notepad or another simple app, and yet you experience freezing.

When malware is running in the background, it can often eat up system resources and cause your system to get sluggish.

Applications start crashing

Applications should not just crash out of the blue. There is always a reason. Either the software is faulty, there’s been an issue with an update, or something else may be messing with that application’s files.

If you suddenly experience apps crashing, requiring you to restart the app or reboot your system, this is another telltale sign that a virus, trojan, or other malicious code has been introduced.

Your browser home page changes

If you open your browser and land on a homepage that is not the one you normally see, have your PC scanned for malware right away. Redirecting a home page is a common ploy of certain types of malware.

The malware will infect your system and change the system setting for your default browser home page. This may lead you to a site filled with popup ads or to another type of phishing site.

Just trying to change your homepage back in your settings won’t fix the situation. It’s important to have the malware removed as soon as you suspect something is wrong..

Sudden reboots

Another annoying trait of certain types of malicious code is to make your system reboot without warning.

This can cause you to lose the work you’ve just done and can make it difficult to get anything done. This may happen when malware is changing core system files behind the scenes.

With files corrupted, your system becomes unstable and can often reboot unexpectedly.

Missing hard drive space

If you find that a good deal of your hard drive space that used to be open is now gone, it could be a malware infection taking up your space. Some types of malware may make copies of files or introduce new files into your system.

They will cleverly hide, so don’t expect to see the word “malware” on a file search. Instead, the dangerous activities will usually be masked by a generic-sounding name that you mistake for a normal system file.

You run across corrupted files

If you open a file and find it corrupted, this could be a red flag that ransomware or another form of malware has infected your system.

While files can occasionally become corrupt for other reasons, this is a serious issue that deserves a thorough malware scan if you see it.

Get expert malware scanning and removal

Free online malware and virus scans aren’t very reliable. Instead, come to a professional like Tech Experts that can ensure your entire system is cleaned properly.

How To Protect Your Online Accounts From Being Breached

Stolen login credentials are a hot commodity on the Dark Web. There’s a price for every type of account from online banking to social media. For example, hacked social media accounts will go for between $30 to $80 each.

The rise in reliance on cloud services has caused a big increase in breached cloud accounts. Compromised login credentials are now the #1 cause of data breaches globally, according to IBM Security’s latest Cost of a Data Breach Report.

Having either a personal or business cloud account compromised can be very costly. It can lead to a ransomware infection, compliance breach, identity theft, and more.

To make matters more challenging, users are still adopting bad password habits that make it all too easy for criminals. For example:

  • 34% of people admit to sharing passwords with colleagues
  • 44% of people reuse passwords across work and personal accounts
  • 49% of people store passwords in unprotected plain text documents

Cloud accounts are more at risk of a breach than ever, but there are several things you can do to reduce the chance of having your online accounts compromised.

Use multi-factor authentication (MFA)

Multi-factor authentication (MFA) is the best method there is to protect cloud accounts. While not a failsafe, it is proven to prevent approximately 99.9% of fraudulent sign-in attempts, according to a study cited by Microsoft.

When you add the second requirement to a login, which is generally to input a code that is sent to your phone, you significantly increase account security. In most cases, a hacker is not going to have access to your phone or another device that receives the MFA code, thus they won’t be able to get past this step.

The brief inconvenience of using that additional step when you log into your accounts is more than worth it for the bump in security.

Use a password manager for secure storage

One way that criminals get their hands on user passwords easily is when users store them in unsecured ways, such as in an unprotected Word or Excel document or the contact application on their PC or phone.

Using a password manager provides you with a convenient place to store all your passwords that is also encrypted and secured. Plus, you only need to remember one strong master password to access all the others.

Password managers can also autofill all your passwords in many different types of browsers, making it a convenient way to access your passwords securely across devices.

Review your privacy settings

Have you taken time to look at the security settings in your cloud tools? One of the common causes of cloud account breaches is misconfiguration. This is when security settings are not properly set to protect an account.

You don’t want to just leave SaaS security settings at defaults, as these may not be protective enough. Review and adjust cloud application security settings to ensure your account is properly safeguarded.

Don’t enter passwords when on public Wi-Fi

Whenever you’re on public Wi-Fi, you should assume that your traffic is being monitored. Hackers like to hang out on public hot spots in airports, restaurants, coffee shops, and other places so they can gather sensitive data, such as login passwords.

You should never enter a password, credit card number, or other sensitive information when you are connected to public Wi-Fi. You should either switch off Wi-Fi and use your phone’s wireless carrier connection or use a virtual private network (VPN) app, which encrypts the connection.

Use good device security

If an attacker manages to breach your device using malware, they can often breach your accounts without a password needed. Just think about how many apps on your devices you can open and already be logged in to.

To prevent an online account breach that happens through one of your devices, make sure you have strong device security. Best practices include:

  • Antivirus/anti-malware
  • Up-to-date software and OS
  • Phishing protection (like email filtering and DNS filtering)

Your Remote Workers Aren’t Using Computers That Look Like This, Are They?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

When did you last check everything was OK with the devices your team uses when they work remotely?

That might sound like a strange question. But a recent survey discovered that 67% of remote workers are using faulty devices to work from home. And the reason?

They’ve likely damaged the device themselves and are too scared to tell you!

Laptops, keyboards, and monitors are most likely to be damaged (in that order). And it’s usually because of food or drink spills… though some people blame their partners, children, and even their pets!

We’ve all watched in horror as a cat rubs itself against a full glass of water next to a laptop…

[Read more…] about Your Remote Workers Aren’t Using Computers That Look Like This, Are They?

Top 5 Cybersecurity Mistakes That Leave Your Data At Risk

The global damage of cybercrime has risen to an average of $11 million USD per minute, which is a cost of $190,000 each second.

Sixty percent of small and mid-sized companies that have a data breach end up closing their doors within six months because they can’t afford the costs.

The costs of falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, and more.

Many of the most damaging breaches are due to common cybersecurity mistakes that companies and their employees make.

Here are several of the most common missteps when it comes to basic IT security best practices.

Not implementing multi-factor authentication (MFA)

Credential theft has become the top cause of data breaches around the world, according to IBM Security.

MFA reduces fraudulent sign-in attempts by a staggering 99.9%.

Ignoring the use of shadow IT

Shadow IT is the use of cloud applications by employees for business data that haven’t been approved and may not even be known about by a company.

Shadow IT use leaves companies at risk for several reasons:

  • Data may be used in a non-secure application
  • Data isn’t included in company backup strategies
  • If the employee leaves, the data could be lost
  • The app being used might not meet company compliance requirements

It’s important to have cloud use policies in place that spell out for employees the applications that can and cannot be used for work.

Thinking you’re fine with only an antivirus

No matter how small your business is, a simple antivirus application is not enough to keep you protected. In fact, many of today’s threats don’t use a malicious file at all.

Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware.

Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.

You need to have a multi-layered strategy in place that includes things like:

  • Next-gen anti-malware (uses AI and machine learning)
  • Next-gen firewall
  • Email filtering
  • DNS filtering
  • Automated application and cloud security policies
  • Cloud access monitoring

Not having device management in place

A majority of companies around the world have had employees working remotely from home since the pandemic. However, device management for those remote employee devices as well as smartphones used for business hasn’t always been put in place.

A device management application in place, like Intune in Microsoft 365 can help manage this.

Not providing adequate training to employees

An astonishing 95% of cybersecurity breaches are caused by human error.

Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process.

Some ways to infuse cybersecurity training into your company culture include:

  • Short training videos
  • IT security posters
  • Webinars
  • Team training sessions
  • Cybersecurity tips in company newsletters

Is Unified Communications Right For Your Business?

Unified Communications (UC) is a ready-to-use system that allows for seamless communication in numerous ways such as phone, video, screen sharing, chat and file management.

The system operates as a cloud service, making it easily accessible to all team members with access to the Internet. But why should anyone consider switching to unified communications?

There are several reasons, but this is the most crucial: Business leaders who adopt UC would be able to impact their business every day and make it seamless for employees to interact with each other.

That said, we’ll list 5 of the key features of this concept to help you better understand how it can help you scale your business.

Mobility

When connected to unified communications, all employees can stay connected at all times and from all locations. It doesn’t matter whether they’re working from home, vacationing on a remote island, or sitting in the office. They’ll still be able to chat, receive calls, and more.

Unified messaging

This allows employees to handle different message types using a single tool. They can easily switch communication modes, depending on their needs.

Conferencing

Whenever you need conferencing tools, you’ll have them in the palm of your hand.

You can allow a group of teammates or customers from outside your organization to connect and speak via video or audio from different locations.

Fax support

Faxes received through unified communications appear as email attachments. This way, users can also receive faxes on their desktops and smartphones.

Presence

This feature lets other users know each other’s status. That means you’ll be able to see when someone is online (Active), busy (Do Not Disturb), or away (Out of the Office).

Malware Is Becoming Harder To Spot

According to new research, four in five malware attacks delivered by encrypted connections evade detection. And since two-thirds of malware is now arriving this way, it has the potential to be a big problem for your business.

This type of threat has already hit record levels and continues to grow. So, if you don’t yet have a response and recovery plan in place, now’s the time to create one.

It sits alongside your cyber security software protection and regular staff training. The plan details what you do in the event of a cyber-attack.

Having the right plan in place means all your people will know how to sound the alarm if something is wrong. It ensures downtime and damage are kept to an absolute minimum.

The faster you respond to an attack, the less data you should lose, the less it should cost you to put things right, and the faster you get back to work. Of course, you should also follow the usual security guidelines of making sure that updates and patches are installed immediately, and regularly checking your backup is working and verified.

Businesses that don’t place a high importance on their own cyber security planning are the ones hit hardest by such an attack.

Can we help you create your response and recovery plan? Call us.