TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Don’t Let Working From Home Lower Your Guard

Wyatt Funchion is a help desk technician at Tech Experts.

When working from home or taking online classes for school, it is very easy for us to get caught up in our work and forget about the potential risks of using the Internet.

Whether you are using Zoom, assisting clients, writing assignments, or even just sending a simple email, cybercriminals have figured out ways to exploit our everyday tasks.

Email is one of the most vulnerable territories for users, and cybercriminals love it because it works. Phishing emails, which are emails that try to trick you out of your sensitive information, are one of the most common Internet threats and are easy to overlook if you’re overworked or in a hurry. Some can be extremely convincing, especially at a glance.

One of the best ways to keep your personal information and your work information protected is to avoid clicking links, opening attachments, and replying to emails when you don’t know where or who the email came from. Don’t provide them with extra information like a password, log-in, or anything else sensitive.

Cyberattacks are another common threat while working from home, and your computer and network are targeted just for existing. An easy way to prevent these attacks would be to use an antivirus suite.

These run in the background of your computer and automatically update themselves. They can protect against zero-day attacks (viruses taking advantage of security flaws before they are patched), malware, spyware, viruses, trojans, worms, and more. Some can alert you of phishing scams, including those sent via email, and alert you when a download is suspicious.

Something else that could put both your work and personal information at risk is your web camera. Cameras are used frequently for Zoom calls or Google Meets for both schools and employers and can be a huge risk if you have any documentation like passwords written in your workspace.

It’s also a big risk to your privacy in general, so make sure there isn’t anything else confidential in frame, such as personal phone numbers on a whiteboard.

A simple way to get rid of the potential risks would be to either unplug your webcam or cover it when it’s not being used. Sliding webcam covers are a good way to cover them and are fairly easy to install. They can be found in all shapes, sizes, and colors.

If your workspace is easily accessed by your family or you also use your personal computer for work, it can create threats for your company. Make sure to not leave your computer unlocked or open on any sensitive information that could be accessed by someone other than you. Another risk can be using your work account for personal use because you may not be as careful about what you access during your personal time versus work hours.

In the end, it is important to keep your work life or school life separate from your personal life.

Taking a few extra steps to make sure everything is secure can be the difference between a stolen identity or encrypted computer.

Changing Your Password Has Changed

If you didn’t know, changing your password regularly is so 2018. No, as ever in the world of tech, things have moved on and there are better, easier ways of doing it now.

We’re not suggesting you stick with the same password you’ve been using for the last 10 years. And certainly not suggesting you use the same password across multiple apps.

Today, the most secure way to keep your passwords un-hackable is to utilize a random generator for each new password. And then use a password manager to keep them all safe for you.

A random generator will create passwords you couldn’t possibly remember yourself – even if you could recite pi to 100 digits. They’re really… random. Which is perfect for keeping your accounts secure.

The password manager comes in and stores these passwords safely for you. So no more jotting down random characters in the back of a notebook.

Together, they make the perfect team. And we suggest that you get your own team to use them, now.

If you’re unsure how to set this up, or you would like some help to find the password manager that would be best for your business, call us at 734-457-5000. We’d love to help.

Social Media: Friend Or Fraud?

Hopefully you’re aware of the risks of fake accounts on social media. Accounts are created to catfish; con people out of money; and for other kinds of exploitation.

But did you know that fake accounts can be created for other services too?

Most of the businesses we interact with now need you to create an account. Think food ordering, online shopping, maybe even for businesses like yours.

But what’s the harm in that, right? These fakes won’t be creating accounts on your website to trick you into anything. They won’t be able to access your products or services for free. Aside from creating spam in your CRM, what’s the problem?

Actually, these fake accounts can result in huge fraud. Recently, for example, the US Secret Service announced it had recovered $2 billion in fraudulent Covid-19 relief claims.

And it’s on the rise, because there are now software tools which automate account creation and mask real identities.

In the world of retail, bots exist to buy up limited edition or highly desired items, aiming to resell them for a higher price.

And the lengths these bots go to in order to make fake email accounts look like real humans is incredible.

They sign up to mailing lists, send emails, watch YouTube videos, all to build up normal email account activity, before creating accounts with the desired retailer, ready for the drop.

When the item is released, these bots are all logged in and checking out at the same time, making it next to impossible for real humans to make a purchase.

While this may not directly affect your business in this way, it’s making it very difficult for all of us to be recognised as real individuals online. It may be only a matter of time before this is recognised as a form of fraud.

Have you considered how fake account fraud could affect your business? Perhaps it’s time to take a look at the way accounts are created to do business with you.

What’s Your Pocket-Sized Security Threat?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

You guessed it. I’m talking about phones.

How many people in your business have a company-issued phone, or use their own to access company data like emails, client information, or documents? It’s probably a high number, right?

And your phone is a big risk to your data security. Smishing attacks (that’s the text message equivalent of a phishing email) increased 328% in 2020 and will probably significantly rise again this year.

That’s because it’s a goldmine for cyber criminals. 98% of text messages are read and 45% are responded to. So a smishing text is likely to yield good results for criminals.

Once your phone is infected, malware can monitor your calls and messages, download and delete your data, and if a phone is connected to your business network, the infection might even spread. [Read more…] about What’s Your Pocket-Sized Security Threat?

The Internet Of Things Can Poke Holes In Your Network

Mark Funchion is a network technician at Tech Experts.

Some business owners spend a lot of time protecting their network. After putting a firewall in place, configuring security settings, and setting up users with complex passwords (and possibly even 2FA), it’s easy to think that’s secure enough.

Now, having that solid foundation and framework is great. If you’ve done that, you’re definitely on the right track. But you still might leave yourself open to exploitation without even knowing it.

How does that happen? IoT – the Internet of Things.

You’ve secured your business network, but what about the smart watches, fitness trackers, connected speakers, thermostats, and every other device with a battery and a tiny signal? Every single one of those devices is a potential inroad to your network.

For example, a user’s watch connects to their cell phone, which is connected to your business’s Wi-Fi network. With no firewall on the watch, that creates a potential path into your network.

All of these devices require an IP address. In the past, forty people only needed fifty IP addresses to allow everyone to connect their one device to the network, including wiggle room for guests.

Now, every person has a laptop, cell phone, and some sort of accessory – each with its own IP address.

Each of these devices are transmitting a tiny amount of data, but that data and usage grows exponentially.

Plus, if you don’t have that wiggle room for extra connections, you’re more susceptible to a denial of service (DoS) attack, which is when cybercriminals overwhelm your network with traffic and bring it to a halt.

Your network needs to be able to handle an increase in traffic while also securing all that extra information that you do not have control over.

It is scary and overwhelming, but you can take steps to secure yourself without going too far.

The easy way is withholding access to anything that is not corporate-owned and approved. However, limiting all these devices can have a negative impact on your business and its operation.

Instead, take a measured approach. Make sure your firewall is up-to-date, and monitor who is trying to access your network. Limit that access to the smallest “allow” list you can without making it impossible to work.

For all the smart things like watches and thermostats, keep these IoT devices on a separate virtual network. Encourage and educate users to keep their devices up-to-date – and to use them responsibly while on the network.

Cyberattacks are always increasing and changing, and a strong defense makes a considerable impact when it comes to preventing huge losses in productivity, data, business reputation and funds.

Developers know this too, and that’s why it’s important that your devices – all of them, from servers and PCs to security cameras and thermostats – are all kept up-to-date. These updates help patch up holes in the firmware and software that can otherwise be exploited.

We’re big proponents of the “an ounce of prevention is worth a pound of cure” philosophy. If you need help closing up any gaps in your network security, Tech Experts can assist.

We can conduct a network survey, set policies and passwords, segment and restrict access to/from your network, and ensure the right people have the right access.

As cyberattacks against small businesses mount, the time to fortify your first line of defense is now, before it’s too late.

Companies Must Address Employees’ Lax Cybersecurity Habits

A third of employees picked up bad cyber security behaviors while working from home, according to Tessian’s Back to Work Security Behaviors report.

Despite the remote workers’ bad security practices, 9 out of 10 organizations prefer the hybrid workplace as COVID-19 restrictions eased. Similarly, 89% of employees want to work remotely during the week.

The firm advises business owners to consider the bad employee behaviors as organizations transition to hybrid workplace models.

As employees go back to the office, businesses need to address changes to employees’ security behaviors since they have been working remotely.

Most employers are wary that the post-pandemic hybrid workforce would bring bad cybersecurity behaviors.

More than half (56%) of employers believed that employees had picked bad security practices while working remotely.

Similarly, nearly two-fifths (39%) of employees also admitted that their employee behaviors differed significantly while working from home compared to the office.

Additionally, nearly a third (36%) admitted discovering ‘workarounds’ since they started working remotely.

Close to half of workers adopted the risky behavior because they felt that they weren’t being watched by IT departments. Nearly a third (30%) said they felt that they could get away with the risky employee behaviors while working away from the office.

However, small businesses placed more confidence in their employees while transitioning to the hybrid workplace.

Over two-thirds of business owners believed that their staff would observe their company’s cybersecurity policies.

Many employees are unlikely to admit cutting corners

The fear or failure to report cybersecurity mistakes was a huge cybersecurity risk for organizations. A quarter of employees refused to report such mistakes believing that nobody would ever discover them.

Similarly, more than a quarter feared reporting cybersecurity mistakes to avoid potential disciplinary actions or being forced to take additional security training.

However, younger employees are more likely to admit cutting corners, according to the Tessian report.

More than half (51%) of employees between 16-24 years old and 46% of those between 25-34 years old were more likely to admit circumventing the company’s security protocols.

“Create a security culture that encourages people to come forward about their mistakes, and support them when they do,” the authors suggested.

Personal devices will undermine the network perimeter in the hybrid workplace

Some of the security threats and challenges experienced when people work fully remotely would be imported into the new hybrid workplace.

While many employees used infected devices for remote access during the pandemic, some would bring them to the hybrid office. Company leaders now have to shift to a new security architecture for good – one that involves zero-trust network access, endpoint security, and multi-factor authentication.

Phishing and ransomware attacks are major challenges in the hybrid workplace

Ransomware attacks were also a major concern for more than two-thirds (69%) of companies who believed that the hybrid work environment would be a target for ransomware attacks. These attacks posed a business continuity threat to targeted companies.

Similarly, phishing attacks concerned over three-quarters of IT decision-makers who believed that credential phishing would only exacerbate in a hybrid workplace.

They believed that employees were more likely to expose company data in public or fall for phishing scams impersonating airlines, booking companies, hotels, or senior executives on a business trip. In fact, “back to work” phishing emails were a concern for 67% of IT leaders.

Phishing was the gateway to ransomware attacks. Consequently, successfully blocking phishing exploits reduces the chances of a ransomware attack.

“Stop phishing, business email compromise, account takeover attacks, and social engineering scams, and you significantly reduce the risk of ransomware,” the report authors noted.

However, bad employee behaviors, such as failing to report clicking phishing links, made it harder to stop these attacks.

Three Scary Questions To Ask About Your Data On Your Staff’s Phones

More and more businesses encourage staff to use their own personal cell to access company data.

It’s very convenient and cost effective for everyone. Isn’t that the point of having all your data and apps in the cloud? You can access anything anywhere on any device.

But there are downsides. Any time someone accesses business data on a device that you don’t control, it opens windows of opportunity for cyber criminals.

Here are 3 scary questions to ask yourself.

What happens if someone’s phone is lost or stolen?

What’s a pain for them could be a nightmare for you. Would you be able to encrypt your business’s data or delete it remotely? Would it be easy for a stranger to unlock the device and access the apps installed?

What happens if someone taps a bad link?

Lots of people read their email on their phone. If they tap on a bad link in a phishing email (a fake email that looks like it’s from a real company), is your business’s data safe?

Despite what many people think, phones can be hacked in a similar way to your computer.

What happens when someone leaves?

Do you have a plan to block their ongoing access to your business’s apps and data? It’s the thing many business owners and managers forget when staff change.

If you haven’t already, create a cell phone security plan to go with your general IT security plan. Make sure everyone in your business knows what it is and what to do if they suspect anything is wrong.

If you need a hand, don’t forget that a trusted IT security partner (like us) can give you the right guidance.

Your Business Is Already Under Attack

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Ransomware is big business. It’s one of the fastest growing online crimes. Cyber criminals are targeting small and medium sized companies as well as non-profits and government agencies.

It’s the computer crime where your data is encrypted so you can’t access it unless you pay the ransom fee.

The really scary part is that it’s unlikely you’d realize you were under attack from ransomware until it was too late.

Cyber criminals hide in your network for between 60 to 100 days before they strike. During that time they’re checking out your network, identifying vulnerabilities, and preparing what they need to hit you with the attack.

[Read more…] about Your Business Is Already Under Attack

Windows 10: Don’t Skip Your Automatic Updates

Mark Funchion is a network technician at Tech Experts.

Windows Automatic Updates: a simple feature with a name that puts you at ease. Windows is the operating system installed on most of our home and business PCs, and as we often mention, malicious individuals try to make our lives miserable by attacking those systems.

Windows, by default, is set to automatically update and protect itself from new viruses and exploits, which is a great feature.

Granted, some updates may be flawed and may need to be removed, but you can prevent those updates from installing. What’s more important than the errant glitch or bug is keeping your PC up-to-date.

However, how many of you have come in the morning and been greeted with a message that your update failed and changes were being undone?

Then, after a lengthy wait, your system restarts and says it will try again later. Most of us ignore that message. Sometimes, repeatedly.

Microsoft deploys small updates as well as large feature updates, so if you put it off for too long, you won’t only be behind on updates but possibly entire versions. Windows 10 has had ten major updates total since 2015, and there are usually two feature updates released per year.

The four most recent versions are 1909, 2004, 20H2, and now 21H1 – and we’ve seen some computers get stuck as far back as Versions 1903 or 2004.

Version 1903 was released in May 2019 and Version 2004 was released in May 2020; if your updates are that far behind, that’s a lot of time spent vulnerable.

That long of a timeframe means the smaller updates that often work, even when the larger versions fail, are no longer produced. Over time, we have seen systems not only stop operating completely, but left in a state unable to perform certain tasks.

One example we’ve encountered is a problem where users on old Windows versions are no longer able to connect to Office 365 with Outlook.

That means having to use the web-based version, which many do not prefer, or trying to fix the update installation errors.

This is where having a managed service provider such as Tech Experts can help. We follow and encounter these issues and know that simple things such as a particular audio driver or a permissions error can cause these update problems.

We manage your updates and take a proactive approach to resolving them before they impact your daily work. When an update needs some manual tweaking, we can schedule a time convenient to you to resolve these issues, often before you’re even aware of them.

Our service extends beyond just these updates, but like a house, if the foundation of your PC (the operating system) is not strong, then every other part is weakened.

We also inspect the rest of your system on a regular basis to keep you protected. Tech Experts can stay on top of these things – from updates to exploits and bugs to enhanced security measures – and guide you in the right direction as a more informed user.

When Was Your Last Permissions Review?

When was the last time you reviewed who in your business has access to which documents?

Do you know who has access to your documents? Or can everyone access everything?

You may need to make some changes. You see, the more people that have access to your business documents, the less secure they are.

Let’s imagine for a moment that one of your people opens a very convincing email, supposedly from a supplier.

The email contains a document to download, which they do, because it’s from a supplier, right? They can trust it.

What your employee didn’t notice was that the email signature was missing or that the email address wasn’t the same as it usually is.

And the document they downloaded has now installed malware on their device.

They don’t notice the malware because it all looked legit and nothing obvious has happened. They continue their working day unaware.

While they’re working, the malware is working too, in the background. It’s accessing and copying all of the data that your employee has access to.

You might get lucky and stop this malware before it enters your network and takes everything, but if your employee already has access to everything, well, it’s gone. Although this isn’t a malicious act on behalf of the employee, they’ve essentially caused a huge data breach that could kill your business.

And this scenario doesn’t even need the malware to become a reality. One day, a member of your team might decide they’d like to make a little money by stealing your valuable data.

By giving everyone access to everything, you’re making it too easy – and too tempting – for them.

So, if you haven’t already done this, I suggest that this week you make it a priority to sit down and work out who needs access to which files and documents and restrict access to absolutely everything.

Keep your own document detailing who has access to what. And update it whenever anyone joins the business or changes roles.

This is also a great way of protecting your data when somebody leaves, because you can see exactly what you need to revoke access to.

If you already restrict access, when was the last time you reviewed it?

Are people able to access files they no longer need? And are there people who could benefit from access to more documents to complete their role?

Yes, that’s a lot to think about. But once you have a detailed document to work from, regular reviews are pretty simple and definitely worth your time.

Please give us a call if you’d like to go over the shares and permissions on your network.