TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Outdated Software Could Cost Much More Than An Upgrade

It’s nice when we own something and it’s completely paid for. Think of a car or large purchase you financed. Once it’s paid off, you feel great: money is freed up and it’s yours.

However, often in these situations, you’ve poured a few years of use into it by the time it’s paid off. When something finally breaks, the warranty has probably already expired. Then, you’re forced to decide if you are going to put money into this old car or appliance or if it’s time to upgrade instead.

When you don’t upgrade your car or appliances, there may be some small risks in terms of missing out on improved safety or the newest features, but the biggest risk will be monetary.

Businesses sticking it out with old software isn’t much different, but the consequences can be much worse.

Software is sometimes pricey, and often, the outdated software will still technically work. We get used to the layout and processes, and it becomes easy to use. After five or ten years, you know where all the buttons are. Your documentation for employees might be based this particular version, and you may not have the time to overhaul your reference materials.

The issue with this is, while you’re happy to run the 2015 version of a software, that software company has released a new version in 2016, 2017, 2018, etc. Usually, they will still update old versions for a short time after new ones come out.

Once these software companies stop providing updates, however, any known vulnerabilities will remain unpatched and any new vulnerabilities that are discovered will not be addressed.

If you know the software inside and out, so do the hackers. It’s far easier for them to utilize a known flaw than attempt to break a new and unknown software. The longer you wait to update, the more likely it is that your data or network will be compromised.

Yes, paying for that new version of software is not something we want to do, but in the long run, it may save you a lot of money and headaches.

Software as a Service (SaaS) also makes this a little easier to deal with. Rather than paying a huge amount one time upfront, you can often subscribe and pay a smaller amount monthly or yearly that allows you to install new versions as they come out. This usually includes security patches and updates too.

Another consequence of holding out on updating old software is the possibility that your PC may need to be suddenly replaced or updated. If it crashes or becomes too slow to reliably use, you can lose that program. A lot of software is provided via download, and it may not be available for download once it’s time for a new PC.

In addition, if you bought something that was written for Windows 7 and have not upgraded in the past six years, it may not be possible to use that program if you are stuck five versions behind. Also, since you paid the vendor long ago, they often won’t help you reinstall the old software; instead, they’ll require you to buy a current version before assisting.

We understand that staying with what you’re familiar with is easy. Since you own the software, it carries a financial benefit as well. However, the short-term financial gains risk data loss and essential parts of your business becoming unrecoverable in a disaster. Look at software updates like insurance: you are paying to keep yourself as protected as possible and working to minimize any potential risk.

Using Technology To Maximize Your Business’ Efficiency and Communication

In today’s world, we have so much technology that we barely know what half of it does, let alone how to use it. We tend to stick to what we know and forgo the rest. However, once you understand how you can optimize the relevant tech in your business, you can radically improve efficiency and communication.

One easy way to increase your business’ efficiency and keep everyone on the same page is by using a group-based calendar.

Staff can see what the plans are for the day, who’s going to be out of the office, schedule meetings and appointments, and more. Everyone can plan their day around each other’s availabilities and come in every day knowing what to expect.

Shared drives, either on a network or through a hosting service like OneDrive for Business, can also save time and increase work efficiency.

Shared folders and drives can be divided by department (like Marketing) or use (like Scanned Documents), ensuring files can be accessed instantly in their current version by all allowed parties. You can also filter out who has access to certain folders.

If it would be a right fit for your business, it might be worth looking into a customer relationship management (CRM) system.

A CRM system does what it sounds like: it tracks your relationships with your clients. It does much more than digitize your client files; these are a powerful tool that can do a lot of heavy lifting in organizing your business, managing your clients and workload, marketing, collaboration between employees, and client satisfaction.

There are many, many webpages written on the topic and many CRM options to choose from at all different price points, so some independent research will benefit you here.

We use a CRM program at Tech Experts to track all of our clients’ service tickets, manage invoicing, build marketing campaigns, monitor statistics, and more.

Back to the tech that’s easier to implement. If you use a fax line, you may be able to switch to an email-to-fax/fax-to-email service or an online fax service.

These solutions function just like a regular fax line (make sure the provider you’re considering is HIPAA compliant, if needed) and are often cheaper than a traditional fax machine when compared. These faxes can be sent from anywhere, to multiple parties at once, and save on paper and equipment costs.

Many companies, including ours, use an online library (also known as a knowledge base) to store employee training and reference materials.

This makes it easy for both new and established employees to check procedures without having to interrupt another employee; they simply log in and find the article they need to complete their task.

Additionally, if someone does need to ask for help, they can be directly linked to detailed processes, saving time for everybody involved.

These also allow you to control who has access to what spaces. Services like this are typically browser-based, but something similar could be set up on shared network drives as well.

With the amount of people that are currently working remotely or people who will be working remotely in the future, communication is key.

Not only can these help with communication inside of your business, but also assist in communication with your customers.

The Biggest Cyber Threat To Your Business Is In Your Pocket

According to a Verizon study, one in three businesses has admitted to suffering a breach as a result of a mobile device. The same study found that 80% of businesses were aware that they had a big gap in their network security as a result of mobile device usage.

Banning the use of mobile devices for work is not an option, however. The productivity benefits of these mobile devices are too big to give up, and chances are, employees will still use them.

So how can you make sure that your data is safe as it travels around in your (and your employee’s) pockets?

Basic protection for all operating systems

Regardless of your operating system and device model, the following security protocols can easily be implemented.

Fingerprint and/or face recognition and secure passcode – this feature not only protects you, but your employee as well. Highlight and encourage employees to set this security feature up on their devices.

Offer internal support to help less tech-inclined employees to set this up and troubleshoot common challenges with unlocking the device with these features.

Not only will this help keep your information secure if the device is lost, but it will also help prevent other unauthorized individuals from accessing your device if it is left unattended.

Use a VPN – A VPN provides a secure phone connection to a private server between your devices and your data and bypasses using public networks to access your information. This helps secure the data and encrypts it as it travels from point to point.

Enable data encryption – Both Android and iPhone devices can be encrypted through the device and it is highly recommended that you encourage your employees to activate this feature. Spreadprivacy.com has detailed instructions on how to do this for both Android and iPhone devices.

Set up remote wipe capabilities – Depending on the device, there is a function along the lines of Find My Phone that you can have implemented that will allow you to remotely lock and erase the device in the event it is lost or stolen.

Apple devices have the function built into the operating system and Android devices can enable this feature with app downloads.

Mobile protection for Android users

One of the great things about Android devices is that you have a variety of manufacturers, features, and price points to choose from.

While they might differ slightly in features and functionality, here are some basic tips for protecting your Android device:

  • Only buy Androids from vendors who are proactive in issuing security patches
  • Use 2FA (Two-factor authentication)
  • Take advantage of built-in security features
  • Do not save all passwords
  • Only buy apps from Google Play
  • Always, always back up the device’s data
  • Encrypt your device (See instructions above)
  • Be careful about connecting to public WiFi, and be diligent about securing your own WiFi networks.
  • Use the Android security app
  • Install a VPN

Mobile protection for iPhone users

Regardless of the model, all Apple iPhone devices will have the following security features. Keep in mind, however, that older models of the phone will not be able to take advantage of the newest iOS and may require an upgrade.

Here are 10 tips for keeping your iPhone safe:

  • Update the iOS frequently. You can opt into automatic software updates through your phone as well so you don’t have to keep an eye out for new updates
  • Enable 2FA (Two-factor Authentication)
  • Set the phone to “self-destruct” or wipe the entire phone after someone fails to access the phone 10 times.
  • Activate “Find my iPhone.”
  • Avoid public WiFi
  • Only use trusted iPhone charging stations
  • Change your iTunes and iCloud passwords regularly.
  • Revoke permissions to your camera, microphone, etc
  • Use a passcode longer than 4 numbers
  • Disable Siri access from the lock screen.

Take the next step

These tips will get you started on keeping your business, and personal, information safe as you roam. But this is just the first step. Take the next step and set up a full security audit to see where there may be a crack in your armor that leaves you vulnerable.

Is A VoIP Phone System Good For A Small Business?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Is VoIP worth it for a small business? The short answer is 100% Yes! In fact, VoIP makes the perfect communication solution for all-sized businesses, big or small. Let’s look at the reasons why VoIP phone systems make sense for your business:

Pay less, save more!

You will be able to reduce your communication expenses by handling all your communication needs for offices, mobile and data services with one single provider. This not only saves you money, but also saves your precious time!

No management or maintenance needed

For a hosted VoIP service, your provider will manage and maintain the network, hardware and all for you. Let the experts do the job for you so you can focus on your core business! [Read more…] about Is A VoIP Phone System Good For A Small Business?

Work-From-Home Precautions For Your Network

Mark Funchion is a network technician at Tech Experts.

As our world has shifted to a heavy work-from-home environment, it is important that you do what you can to make sure your business’s network is secure, whether your employees are working from home or in the office.

Working from home can pose many challenges. The first involves the device the employee uses. If they have a company-issued laptop and you implemented a VPN, then great, you’re fairly secure.

What do you do if they are using their own home PC? Do they have anti-virus? Are they accessing documents through a common cloud storage location, such as OneDrive or Dropbox?

If so, that can cause issues because that home PC may have other users who are not careful about what they download or what emails they open. If that PC is infected and your employee connects to shared storage, your business may become infected.

For these reasons, you should really consider only allowing access to your data over a VPN that your employees must log into. Do not share files through cloud storage unless you are sure the devices connecting are secure.

This means you may need to provide anti-virus to your users. Yes, it’s an expense, but it’s much cheaper than recovering from a ransomware attack because an employee’s 12-year-old downloaded a Fortnite “hack” to get more V-Bucks.

Next, push the use of two-factor authentication (2FA) and password managers. Having a simple password like “CompanyVPN1!” won’t cut it.

Force your users to use strong and varied passwords. Now, those can be difficult to remember, so it may be a good investment to look into a corporate password manager. This will securely store passwords and make it easier for employees to use stronger credentials.

In addition to better passwords, use 2FA. This security measure sends a verification code to your employee via email or text when they log into secure apps or websites. It’s another extra step, but again, the more precautions you take, the better off your security will be. Just because your employee logged in from home with a strong password doesn’t mean it’s actually your employee. That second authentication makes it much more difficult for the end user’s information to be gained by cybercriminals.

Educate your employees about using public Wi-Fi as well. It’s nice to sit in a comfy chair at Panera and enjoy a bagel and coffee while responding to emails, but who else is on that network? If they must do this, then using a VPN and 2FA are a must.

These are a lot of scary things, but don’t lose sleep. Be diligent in securing your network. If you allow work-from-home, be prepared to invest in setting up VPNs, 2FA, password managers, and anti-virus software for your employees. This time and due diligence will greatly help you prevent your data and network from becoming compromised.

Also, remember you are not in this alone: Tech Experts is here to help. If you want to secure your network for remote work, reach out to us at (734) 457-5000. We secured our own network so we can work remotely and have the expertise to help you do the same.

Modern Utilization Of Tech In Schools & Workplaces

Everywhere you look now, there is some type of technology in use and nearly every industry takes advantage of it. Between food delivery apps, the capability to review your accounts online, or the self-scan check-out lanes at the grocery store, we use technology every day and it’s all part of our common experience.

While we may overlook a lot of it in our daily lives, the right tech can make your professional life much easier and efficient. Convenience is one of the main reasons we innovate, right?

One way you can bring helpful tech into the work setting is by using a company-wide chat. You can have a group messaging system like Discord or Slack, but even a group chat over text messages can be a helpful addition in the right workplace.

A company-wide chat allows you to have conversations as needed and communicate with minimal interruptions. Questions, updates, and requests can be reviewed, then responded to a timely matter or addressed right away. It creates a “paper trail” as well, so past messages can be referenced easily.

With chat, you are able to touch base with your peers, employees, or bosses anywhere and anytime. Instead of having ten people trying to reach the same person all at once, they can send them a message and have a reply almost instantly. Unlike email, chat is less likely to be buried in conversation chains, coupons, and other mail.

Another good way to use modern technology is by utilizing remote access. Being able to work remotely is a huge time-saver and a great help for online collaboration, in both schools and the workplace. It allows us to work from anywhere with an Internet connection.

Remote learning is also a very good use of new technology because it allows students to work from home and have all of the same access to resources as if they were sitting in the classroom in front of a teacher. For working professionals, it’s the same – they can complete their work from anywhere as if they were sitting at their desk in the office.

Another great way that technology has influenced the workplace for the better is automation in repetitive tasks. Some examples are network monitoring, notifications, emails, file-sharing, and time management.

Automation allows employees to focus on critical tasks instead of repetitive, time-consuming ones that aren’t necessarily as important. It also prevents some things from falling through the cracks by sending reminders or by entirely handling a task without human intervention.

Automation can also take on many forms, and you may already be benefiting from it. One example of automation that we use at Tech Experts is that our incoming service tickets, sent via email, are automatically disseminated to the right team. If this was not set-up, someone would have to manually sort every ticket that came in. The programs and apps that you already use in your business may have options to make your life easier through automation, such as email rules in Outlook.

Current technology has come a long way. Copiers, calculators, and faxes used to be amazing, and now, some of us can work entirely off of the phone in our pocket. Sometimes, it may seem overwhelming, but even small tweaks – like email rules – can have a big impact. Embracing the efficiency of tech can give you freedom and time back so you can make the most of your work hours.

Using Public Wi-Fi? Consider A VPN

With more of us working remotely now, coffee shops are getting busier again as we look for somewhere other than home to work. But while it can be great for getting rid of distractions, it’s not so good for security.

That’s because public Wi-Fi is a hotspot for data theft. Any data sent over public Wi-Fi that doesn’t need a password to access is vulnerable to theft or manipulation from someone else using that network.

And it’s not just other Wi-Fi traffic you need to consider. There are also fake networks to be wary of. You think you’re connecting to the coffee shop’s Wi-Fi… but how do you know it isn’t a fake version with the same name?

As soon as you log on, they can suck up all of your credentials and any other personal data on your device.

If your team is using public Wi-Fi regularly, best practice is to use a VPN (Virtual Private Network) to keep your data safe. This acts as a private tunnel for your device to connect to a private network, keeping your info safe.

Three Steps To Improve Your Ransomware Resilience

This is a cold hard fact: Ransomware is on the rise.

What is ransomware?

It’s where hackers break into your network, encrypt your data so you can’t access it, and then charge you a large ransom fee to unlock it. It’s the most disruptive and costly kind of attack you can imagine. And very hard to undo.

Why is it a big deal?

Ransomware attacks are dramatically up thanks to the pandemic. All the urgent changes that businesses went through last year created a perfect storm with plenty of new opportunities for cyber criminals.

Is my business really at risk?

Thanks to automated tools used by hackers, all businesses are being targeted all the time. In fact, hackers prefer to target small businesses as they typically invest less time and money into preventive security measures compared to large companies. It’s estimated a business is infected with ransomware every 14 seconds.

How can my business get infected with ransomware?

42% of ransomware comes from phishing emails. This is where you get a legitimate-looking email asking you to take a specific action. You only need to click a bad link once to let attackers quietly into your system. And it doesn’t have to be you who clicks… it could be any member of your team.

Why is it so hard to undo?

A ransomware attack takes weeks for the hackers to set up. Once inside a network, they stay hidden and take their time to make lots of changes. Essentially, they’re making it virtually impossible for an IT security company such as ours to undo the damage and kick them out once the attack has started. If you haven’t thoroughly prepared for a ransomware attack before it happens, you are much more likely to have to pay the fee.

How much is the typical ransom?

The hackers aren’t stupid. They know trying to get $150,000 out of a small business simply won’t happen. But you might stump up $10,000 just to end the hell of a ransomware attack. They will change their ransom demand based on how much money they believe a business has.

Of course, the ransom isn’t the only cost associated with an attack. There are countless indirect costs. Such as being unable to access your data or systems for a week or longer. How horrendous would it be if no one could do any work on their computer for a week? How would your customers react to that?

What can I do now to protect my business?

This is the most important question to ask. It’s virtually impossible to stop a ransomware attack from happening. But you can do an enormous amount of preparation, so if an attack does happen, it’s an inconvenience, not a catastrophe.

Here are the three steps we recommend for maximizing your ransomware resilience.

Act as if there’s no software protecting you

Software is essential to keep your business safe from all the cyber security threats. But there’s a downside of using this software – it can make you and your team complacent.

Actually, humans are the first defense against cyber-attacks. For example, if your team doesn’t click on a bad link in a phishing email in the first place, then you’re not relying on software to detect an attack and try to stop it.

This means basic training for everyone in the business, and then keeping them up-to-date with the latest threats.

Invest in the best data backup and recovery you can

Automatic off-site data backup is a business basic. When you have a working backup in place, it can be tempting not to give it a second thought.

But it’s worth remembering that cyber criminals will take any means necessary to get you to pay their ransom. That means they’ll target your backup files too. Including cloud-based data.

It’s critical that you create and implement a comprehensive back-up and recovery approach to all of your business data. The National Institute of Standards and Technology sets out a cyber security framework which includes best practices such as:

• Constant backups: Separate from the computers and ideally in the cloud
• Immutable storage: This means once created, backups can’t be changed
• Firewalls: To restrict what data gets in and out

Create a plan for cyber-attacks

When a cyber-attack happens, every second is crucial. The earlier you act, the less damage is caused.

So, prepare a detailed plan of action and make sure everyone knows what’s in it, where to find it, and how to trigger it.

Test your plan regularly to make sure of its effectiveness and remove any risk of failure by keeping at least three copies of it in different places. One should be a printout kept at someone’s home… just in case you have zero access to data storage.

Lessons Learned From The Colonial Oil Pipeline Attack

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

May 6, 2021 will be a day that goes down in history. This is the day the Colonial Oil Pipeline went down, causing a nationwide disruption. Even though the pipeline only services a portion of the east coast, the effects of the shutdown was felt across the country.

Gas prices skyrocketed, lines at gas stations were so long it took hours to get through, and gas stations were pumped dry as people bought gas and put it in whatever container they could gather just to assure themselves they would have enough to get through the closure.

If you think about it, this type of ripple effect is not confined to energy and utility providers. While the scale of the effect would not be at the level of the pipeline, the devastation it could leave in its wake for your business and your customers is just as likely. [Read more…] about Lessons Learned From The Colonial Oil Pipeline Attack

An Easier Way To Secure Your Password

Mark Funchion is a network technician at Tech Experts.

Between new threats and new tech, security is something that can always be improved upon to make sure your systems are as secure as possible. Passwords are the first level of security, and the area that seems to cause the most headache for end users and IT managers.

In an ideal world, every password would be super complex. For example, a 32-character randomized password with capital letters, lowercase letters, special characters, and numbers. This is possible with a password manager – or if you’re really skilled at memorizing random character strings (unlikely).

The reality is that this does not occur, leading to most of us using a password that is not as secure as hoped. There are a few ways that attackers gain access to our passwords, and the most common methods are an algorithm that “cracks” the password and guessing. Usually, these two are combined, creating databases that nefarious individuals can use for gaining access to your accounts.

The biggest issue with passwords is the human factor. We like things to be simple, so we use things that are familiar. When we have to change a password, we change it in predictable ways, and usually write it on a sticky note.

Let’s look at “Password” as a password. Yes, it’s terrible, but really, it’s eight characters with one capital letter. A password cracker will break “Password” the same as it will break “ushtGsgt.” The second example will just take a little longer to crack because programs try common words and phrases first, then start brute-forcing every combination.

Again, looking at human nature, if one hundred people are asked to make the word “Password” harder to guess, most will swap the “o” for a zero. That’s then added to the list of words and phrases checked first. If the same one hundred people are asked to add a special character and a number, most will probably create something like “Password1!”

Why? Because it is easy to remember, and the “1” and “!” are convenient. Since so many of us will use the same variations of passwords, these become common and therefore are more easily broken.

These reasons are why it’s recommended to use three uncommon, unassociated words as a password (and to not use that combination for all your passwords). For example: “GiraffeDiamondCoffee.” An algorithm will still crack this eventually, but it’s easier to remember and not easily guessed so it will take a while to crack.

The longer it takes, the less likely they will actually get to your data. By using three different random words for your passwords, it is much less likely that your combination of words ends up in the frequently used list, adding more security. You can also easily add numbers and special characters to meet security requirements as needed.

The best practice is to use a password manager and use super complex passwords. Otherwise, using three-word passwords like “GiraffeDiamondCoffee” can boost your security. It may look easy – but it is a 20-character password, so it’s more secure than “P@$$w0rd1!”

Computers that are cracking passwords will try every combination and can test over 100-million per second, so a 10-character password (even with numbers and special characters) only has so many combinations. However, a 20-character password using only capital and lowercase letters like “GiraffeDiamondCoffee” has even more. While the second password seems much easier to crack to the human eye, it’s much more complex in reality.

Do yourself a favor: change how you create your passwords and make your information that much more secure – without making it impossible for you to login to your applications and websites.