TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Helpful Tips For Keeping Your Cloud Storage Organized

Cloud file storage revolutionized the way we handle documents. No more having to email files back and forth. No more wondering which person in the office has the most recent copy of a document.

But just like the storage on your computer’s hard drive, cloud storage can also get messy. Files get saved in the wrong place and duplicate folders get created.

When employees are sharing the same cloud space it’s hard to keep things organized. Storage can be difficult to keep efficient.

Disorganized cloud storage systems lead to problems. This includes having a hard time finding files. As well as spending a lot of extra time finding needed documents.

Has your office been suffering from messy cloud storage? Does it seem to get harder and harder to find what you need?

Use a Universal Folder Naming Structure

When people use different naming structures for folders, it’s harder for everyone.

They often can’t find what they need. It also leads to the creation of duplicate folders for the same thing.

Map out the hierarchy of folders and how to name each thing. For example, you might have departments” as an outer folder and nest “projects” inside.

With everyone using the same naming system, it will be easier for everyone to find things. You also reduce the risk of having duplicate folders.

Keep File Structure to 2-3 Folders Deep

When you have too many folders nested, it can take forever to find a file. You feel like you must click down one rabbit hole after another. When people need to click into several folders, it discourages them from saving a file in the right place.

To avoid this issue, keep your file structure only two to three folders deep. This makes files easier to find and keeps your cloud storage more usable.

Use Folder Tags or Colors for Easier Recognition

Many cloud file systems allow you to use color tagging on folders. Using this can make a folder or group of folders instantly recognizable. This reduces the time it takes to find and store files.

Don’t Create Folders for Fewer Than 10 Files

The more folders people have to click into to find a document, the more time it takes. Folders can quickly add up as employees create them, not knowing where a file should go.

Use a rule for your cloud storage that restricts folder creation to 10 files or more.

This avoids having tons of folders with less than a handful of files in them. Have someone that can act as a storage administrator as well.

This can then be the person someone asks if they’re not sure where to store a file.

Promote the Slogan “Take Time to Save it Right”

We’re all guilty from time to time of saving to something general, like the desktop on a PC. We tell ourselves that we’ll go back at some point and move the file where it should be.

This issue multiplies when you have many people sharing the same cloud storage space. Files that aren’t where they belong add up fast.

This makes it harder for everyone to find things.

Promote the slogan “take time to save it right” among the staff. This means that they should take the extra few seconds to navigate where the file should be to save it.

This keeps things from getting unmanageable. If you use a file structure that’s only 2-3 folders deep, then this should be easier for everyone to abide by.

What To Do If You Lose Your Laptop (Or Other Device)

So, you’re in the car on the way home from the coffee shop, basking in the glow of consuming your triple-shot, low-foam, extra-hot pumpkin-spice latte when you suddenly realize your laptop has gone missing.

You drive back like the caffeinated lunatic you are, only to discover no one has turned it in.

What do you do?

That depends on what precautions you have (or haven’t!) taken.

First, if you’ve properly encrypted your data, password-protected the access to your device and shut down and logged off all key applications, you’ve got a bit more time to respond.

But the next thing to do, whether or not you’ve taken those precautionary measures, is to notify your IT support company that you’ve lost your device.

That will allow them to change passwords and lock access to applications and data a thief may gain access to via your unprotected laptop.

They can also remotely wipe your device to make sure no one will be able to gain access to the data stored on your computer. (Which is also why it’s critical to back up your data on a daily basis!)

Next, change all the passwords to every website you log into, starting with any sites that contain financial data (your bank account) or company data.

If your laptop contained medical records, financial information, or other sensitive data (like social security numbers, birthdays, etc.), then you need to contact a qualified attorney to understand what you may be required to do by law to notify individuals who may be affected.

Quite simply, an ounce of prevention is worth a pound of cure, so make sure you’re engaging with your IT support company to encrypt and back up your data, as well as put remote monitoring software on all mobile devices.

Set a pin-code lock or password requirement to access a device after ten minutes of inactivity and get into the habit of logging out of websites when you’re done using them.

Some other tips to keep your laptop safe:

Use strong passwords, change passwords frequently, and avoid setting up automatic sign-ins. This will make it more difficult for thieves to log on to your computer and access your personal information.

Don’t write down your passwords. If you must write your passwords down, don’t keep the list close to your laptop (for example, on a sticky note kept in your laptop bag).

Never leave your laptop in an unlocked car or conference room.

Never leave your laptop in plain sight in your locked car. Lock it in the trunk and make sure no one sees you put it there.

Carry your laptop in something other than a laptop bag. This may seem unusual, but a laptop bag makes it very obvious to thieves that you are carrying a laptop. Use something more inconspicuous, such as a backpack or messenger bag.

Always keep your laptop in your sight. Don’t leave a meeting or a conference room without your laptop – always bring it with you. You never know who could have access to that room, even if you’re only gone for a few minutes.

Be especially diligent when traveling – airports are a common place for laptop theft. Also be careful in taxis, hotel rooms, restaurants, and coffee shops.

If your laptop is stolen, you’ll want to make sure you have the make, model, and serial number so a complete report can be filed. Keep this information in your desk at work or at home.

Finally, if you store important data on your laptop, make sure it is being backed up! Most workers store their data on a company server, where it is protected and backed up.

If you’re a mobile worker, backups are extra important since you don’t have the security of a server-based backup system.

How Often Do You Need To Train Employees On Cybersecurity Awareness?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

You’ve just completed your annual phishing training where you teach employees how to spot phishing emails. You’re feeling good about it, until about 5-6 months later when your company suffers a costly ransomware infection because someone clicked on a phishing link.

You wonder why you seem to need to train on the same information every year yet still suffer from security incidents.

The problem is that you’re not training your employees often enough.

People can’t change behaviors if training isn’t reinforced regularly. They can also easily forget what they’ve learned after several months go by.

So, how often is often enough to improve your team’s cybersecurity awareness and cyber hygiene? It turns out that training every four months is the “sweet spot” when it comes to seeing consistent results in your IT security. [Read more…] about How Often Do You Need To Train Employees On Cybersecurity Awareness?

The SLAM Method Can Improve Phishing Detection

Why has phishing remained such a large threat for so long? Because it continues to work. Scammers evolve their methods as technology progresses, employing AI-based tactics to make targeted phishing more efficient.

If phishing didn’t continue returning benefits, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked.

In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher.

Studies show that as soon as 6 months after a person has been trained on phishing identification, their detection skills can begin waning as they forget things.

Give employees a “hook” they can use for memory retention by introducing the SLAM method of phishing identification.

What is the SLAM Method for Phishing Identification?

One of the mnemonic devices known to help people remember information they are taught is the use of an acronym. SLAM is an acronym for four key areas of an email message that should be checked before trusting it. These are:

S = Sender
L = Links
A = Attachments
M = Message text

By giving people the term “SLAM” to remember, it’s quicker for them to do a check on any suspicious or unexpected email without missing something important.

All they need to do is run down the cues in the acronym.

S = Check the Sender

It’s important to check the sender of an email thoroughly. Often scammers will either spoof an email address or use a look-alike address that people easily mistake for the real thing.

You can double-click on the sender’s name to ensure the email address is legitimate.

L = Hover Over Links Without Clicking

Hyperlinks are popular to use in emails because they can often get past antivirus/anti-malware filters.

You should always hover over links without clicking on them to reveal the true URL. This often can immediately call out a fake email scam due to them pointing to a strangely named or misspelled website.

A = Never Open Unexpected or Strange File Attachments

Never open strange or unexpected file attachments, and make sure all attachments are scanned by an antivirus/anti-malware application before opening.

M = Read the Message Carefully

If you rush through a phishing email, you can easily miss some telltale signs that it’s a fake, such as spelling or grammatical errors.

Look for words or phrases not normally used by the person who’s emailing you. Words like “kindly” and “revert” are tell-tale clues the email come from someone who’s not your normal sender.

Also, be on the lookout for pressure to act quickly or unexpected banking change requests. While it happens, it is rare for a company to change banks without months of advance notice.

Get Help Combatting Phishing Attacks

Both awareness training and security software can improve your defenses against phishing attacks. Contact us today to discuss your email security needs.

Watch Out For Reply-chain Phishing Attacks

Phishing. It seems you can’t read an article on cybersecurity without it coming up. That’s because phishing is still the number one delivery vehicle for cyberattacks.

80% of surveyed security professionals say that phishing campaigns have significantly increased post-pandemic.

Phishing not only continues to work, but it’s also increasing in volume due to the move to remote teams.

Many employees are now working from home. They don’t have the same network protections they had when working at the office.

One of the newest tactics is particularly hard to detect. It is the reply-chain phishing attack.

What is a Reply-Chain Phishing Attack?

You don’t expect a phishing email tucked inside an ongoing email conversation between colleagues.

Most people are expecting phishing to come in as a new message, not a message included in an existing reply chain.

The reply-chain phishing attack is particularly insidious because it does exactly that. It inserts a convincing phishing email in the ongoing thread of an email reply chain.

How does a hacker gain access to the reply chain conversation? By hacking the email account of one of those people copied on the email chain. Often, the target isn’t even aware.

The hacker can email from an email address that the other recipients recognize and trust. The attacker also gains the benefit of reading down through the chain of replies. This enables them to craft a response that looks like it fits.

They may see that everyone has been weighing in on a new idea for a product called Superbug. So, they send a reply that says, “I’ve drafted up some thoughts on the new Superbug product, here’s a link to see them.”

The reply won’t seem like a phishing email at all. It will be convincing because:

  1. It comes from an email address of a colleague. This address has already been participating in the email conversation.
  2. It may sound natural and reference items in the discussion.
  3. It may use personalization. The email can call others by the names the hacker has seen in the reply chain.

Business Email Compromise is Increasing

Business email compromise (BEC) is so common that it now has its own acronym. Weak and unsecured passwords lead to email breaches. So do data breaches that reveal databases full of user logins.

Tips for Addressing Reply-Chain Phishing

Here are some ways that you can lessen the risk of reply-chain phishing in your organization:

• Use a business password manager
• Put multi-factor controls on email accounts
• Teach employees to be aware

HOME SECURITY: Why You Should Put IoT Devices On A Guest Wi-Fi Network

The number of Internet-connected devices in homes has been growing exponentially over the last decade. A typical home now has more than 10 devices connected to the Internet.

IoT stands for Internet of Things, and it basically means any other type of “smart device” that connects online besides computers and mobile devices.

Here are two alarming statistics that illustrate the issue with IoT security:

• During the first six months of 2021, the number of IoT cyberattacks was up by 135% over the prior year.
• Over 25% of all cyberattacks against businesses involve IoT devices

Hackers Use IoT Devices to Get to Computers & Smartphones

Smart devices are a risk to any other device on a network because they are typically easier to breach, so hackers will use them as a gateway into more sensitive devices, like a work computer or a VPN connection to your office.

Improve Security by Putting IoT on a Separate Wi-Fi Network

Just about all modern routers will have the ability to set up a second Wi-Fi network, called a “guest network.”

By putting all your IoT devices on a separate guest network from your devices that hold sensitive information, you eliminate that bridge that hackers use to go from an IoT device to another device on the same network.

Just make sure that you secure your Guest Network with a strong passphrase.

Need Help Upgrading Your Home Cybersecurity?

With so many remote workers, hackers have begun targeting home networks because they can target your sensitive business and personal data in a typically less secure environment than they would face in a business setting.

Which Form Of MFA Is The Most Secure?

Credential theft is now at an all-time high and is responsible for more data breaches than any other type of attack.

With data and business processes now largely cloud-based, a user’s password is the quickest and easiest way to conduct many different types of dangerous activities.

One of the best ways to protect your online accounts, data, and business operations is with multifactor authentication (MFA).

It provides a significant barrier to cybercriminals even if they have a legitimate user credential to log in.

This is because they most likely will not have access to the device that receives the MFA code required to complete the authentication process.

What Are the Three Main Methods of MFA?

When you implement multi-factor authentication at your business, it’s important to compare the three main methods of MFA and not just assume all methods are the same.

There are key differences that make some more secure than others and some more convenient. Let’s take a look at what these three methods are:

SMS-based

The form of MFA that people are most familiar with is SMS-based.

This one uses text messaging to authenticate the user.

The user will typically enter their mobile number when setting up MFA. Then, whenever they log into their account, they will receive a text message with a time-sensitive code that must be entered.

On-Device Prompt In An App

Another type of multi-factor authentication will use a special app to push through the code. The user still generates the MFA code at log in, but rather than receiving the code via SMS, it’s received through the app.

This is usually done via a push notification, and it can be used with a mobile app or desktop app in many cases.

Security Key

The third key method of MFA involves using a separate security key that you can insert into a PC or mobile device to authenticate the login.

The key itself is purchased at the time the MFA solution is set up and will be the thing that receives the authentication code and implements it automatically.

The MFA security key is typically smaller than a traditional thumb drive and must be carried by the user to authenticate when they log into a system.

Now, let’s look at the differences between these three methods.

Most Convenient Form of MFA?

The most convenient form of MFA would be the SMS-based MFA. Most people are already used to getting text messages on their phones so there is no new interface to learn and no app to install.

The SMS-based is actually the least secure because there is malware out there now that can clone a SIM card, which would allow a hacker to get those MFA text messages.

Most Secure Form of MFA?

If your company handles sensitive data in a cloud platform then it may be in your best interest to go for better security.

The most secure form of MFA is the security key. The security key, being a separate device altogether, won’t leave your accounts unprotected in the event of a mobile phone being lost or stolen. Both the SMS-based and app-based versions would leave your accounts at risk in this scenario.

Are Two Monitors Really More Productive Than One?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

When you see those people with two monitors, you may assume they do some specialized work that requires all that screen space or they just really like technology.

But having the additional display real estate that a second screen provides can benefit anyone, even if you’re doing accounting or document work all day.

According to a study by software developer Mavenlink, 73% of surveyed businesses say they spend over an hour per day on average just switching between different apps.

Jon Peddie Research looked at the benefit of using two screens over several years. It found that, overall, employees in all types of jobs can improve productivity by an average of 42%. The company’s namesake put it simply by saying, “The more you can see, the more you can do.”

So, what are the advantages of adding a second screen? [Read more…] about Are Two Monitors Really More Productive Than One?

The Way We Use Passwords Is Finally Changing

Passwords are a problem that companies are always trying to fix, but they are still essential for accessing pretty much anything online. And even now people aren’t changing them after a breach and then still use the same password to access multiple sites.

Reused passwords are a potential security problem because if a password has been compromised once, then hackers can use it to access other accounts if it’s been used as the sign-in for another site.

Truth be told, passwords are annoying for most people. If you look at the best practice password advice, it’s creating work for everyone:

  • Generate long random character passwords rather than using everyday words that can be guessed by cyber criminals’ automated software
  • Use a different password for every single application
  • Never write passwords down or share with a colleague

This is why we tell our clients to use a password manager. It’s a safe way to generate highly secure passwords, store them, and fill in login boxes so you don’t have to.

Recently we’ve heard that tech giants Microsoft, Apple and Google have joined forces to kill off the password and introduce its replacement.

That’s called a passkey.

It’s very simple. To login to something, you’ll use your phone to prove it’s really you.

Your computer will use Bluetooth to verify you’re sat nearby. Because Bluetooth only works a short distance, this should stop many phishing scams.

Then it’ll send a verification message to your phone. You’ll unlock your phone in the usual way, with your face, fingerprint, or PIN.

And that’s it. You’re logged in.

We could see this new no-password login being introduced to some of the world’s biggest websites and applications over the coming year. Exciting!

You’ve Got Questions… We’ve Got Answers!

I think I’ve clicked an unsafe link. What should I do?

The faster you act, the less damage or data loss you’ll suffer. Get in touch with your IT support partner immediately. It’s always a good idea to have a response and recovery strategy in place for when this happens.

My external drive isn’t showing up when connected.

First, make sure it’s powered up! Then try it in a different USB port, and then a different device. This will let you know if it’s the drive or your device that’s the issue. You may need to manually enable it in Windows.

What’s the best antivirus software for my business?

Not all antivirus software is equal, and the best solution for your business may be completely different than it would be for the company next door. It depends on your infrastructure. We’d love to help with a recommendation, so get in touch.

How can I make my display more organized?

Consider adding a second monitor. Not only will this allow you to better organize your apps and windows, but it will also give you more workspace.

Can my phone be hacked?

Yes! As well as the risk of phishing and smishing (that’s phishing via text message), you also put your data at risk by connecting to public Wi-Fi. Fake apps can be an issue.

How do I know if my Teams app is up to date?

Just click on the three dots next to your profile picture and select ‘Check for Updates’ from the menu. If you’re using Windows 11, you’ll need to check under settings -> about Teams.