TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Password Security: Lock Your Digital Doors Too

Mark Funchion is a network technician at Tech Experts.
Password security may not be on the forefront of everyone’s minds – but it’s more important and easier than ever.

Password security issues have been going on for a long time. Back in November 2014, a webpage started livestreaming security cameras from around the world that had not updated the default credentials. In the US alone, there were over 11,000 cameras livestreaming; a year later in December 2015, there were still almost 6,000 cameras live. [CSOonline.com]

Then in December 2019, many Ring camera accounts were hacked – not with default passwords this time, but actual hacks on accounts without two-factor authentication. [vice.com]

What exactly is two-factor authentication? Two-factor authentication means a second confirmation after your password. This second method is often sent to your cell phone as a text or through an app, which you then input or confirm. Many banks require this, but there are also lots of other sites which have it as an option, like Ring.

While many people see this as an inconvenience, it is a safety feature and it’s becoming the new standard for security.

A good analogy for this is a deadbolt on your door. Your door handle has a working lock, but it is not too hard to get through that lock.

As a second security method, you turn your deadbolt to make it much harder to access your home. That is your physical two-factor authentication – and if it is important enough for entry physically into your home, it should be important for virtual access as well.

Even if you do not have two-factor authentication, at least changing the default passwords and using different passwords across all your accounts are vital steps to more secure accounts. While it’s very convenient to have one password for all your accounts, it also means that if one account is compromised, they are all compromised.

If a hacker gains access to an account and you use the same password for your email, they can “verify” account ownership and change your passwords to lock you out.

That’s why your method of two-factor has to be secure too. If you have verification codes sent to your email and your email password is “password,” that second factor is not helping. It’s just a second “door” that a hacker can walk right through. Not much of a defense.

Going back to the importance of changing default passwords, most of us own a lot of devices in our house that are network-connected. And it is very easy to plug them in, take all the defaults, and go on with your day.

If you live in an area with a lot of neighbors nearby, take a look at the wireless networks you can see.

From my desk at work, I can see over ten networks that are outside of our office. The signals from unsecure devices aren’t kept within the walls of your own home.

A quick Google search can tell you the default username and password of almost anything, including unsecure devices that might be in your own home. In the Symantec Internet Security Threat Report for 2019 [https://docs.broadcom.com/doc/istr-24-2019-en], 60 percent of the IOT attacks (Internet of Things – meaning everything Internet-connected) used a username of “root” or “admin” and over 40 percent of the attacks used a password of “123456” or left that field blank. Not the work “blank” – an actual password of nothing.

People almost always worry about security in some form: we lock our cars, our houses, our cell phones. The same philosophy should be applied to our technology.

Take the time to change your passwords, use varying passwords, and change them periodically. It does not take much of a hacker if we don’t bother to lock our own doors.

Do We Have A Connection Here Or What?

Most businesses are heavily reliant on the internet. Everything is cloud-based and streamed. And it’s especially important now we have more people working from home than ever before.

Without the Internet, those Zoom chats wouldn’t work. We’d spend the day with a mobile phone glued to our ear, and probably with chronic neck ache. Ouch.

So how do you cope if one or more of your remote workers has a poor Internet connection? That can quickly become a frustrating experience for everyone.

Your first port of call would be to run a speed test and then shop around. Find out which providers offer the best speed in their area.

And if they need to, switch. You might choose as a business to financially help them with upgrading their home Internet.

If that’s not an option, then we need to get a little more creative. In extreme cases, you can look at alternatives such as satellite Internet, or a Wi-Fi router that uses 4G.

You can also check their Wi-Fi router to see if an upgrade would be beneficial. And there are things called range extenders that boost the Wi-Fi to reach different parts of their home.

If you’re not sure what you’re looking for or could use some advice on helping your staff get more done from home, call us.

Planning Tips: Don’t Wait Until After Disaster Strikes

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Fun fact. Did you know that floods and droughts kill far more Americans a year than earthquakes, tornadoes, and hurricanes? In 2019, the US recorded 1,520 tornadoes and 1,126 in 2018. So far, 2020 is showing a downward trend with only 602 tornadoes in May compared to May of 2019, which had 932.

What is even more surprising is when you look at the Insurance Information Institute’s data of events for 2019, the events that caused the most deaths and damage to the respective communities were actually severe thunderstorms and winter storms.

If there is anything that is guaranteed when it comes to severe weather it is that your business will be affected by one. The when, what and how are the unknowns.

In order to protect your business from these events, you need to have a process in place before you find yourself on the wrong side of a significant weather event. [Read more…] about Planning Tips: Don’t Wait Until After Disaster Strikes

This Is Now The Biggest Crime Risk To Your Business

Jason Cooley is Support Services Manager for Tech Experts.
If someone asked you to take a wild guess at the world’s biggest crime, what do you think? Burglary maybe? Common assault? Or perhaps you might take a more humorous approach and suggest man buns or women with ridiculous eyebrows?

Well, you might be surprised (and a little concerned) to find out that the most commonly reported crime right now is actually online fraud, AKA cybercrime.

With one in ten people falling prey to Internet fraudsters and over five million cases reported every year, cyber criminals are very real predators that can have a devastating effect on your personal life, your business, and your credit rating.
And these figures are just the tip of the iceberg. Many more cybercrimes are believed to go unreported because victims feel too embarrassed to let on that they’ve been duped by a stranger sitting behind a keyboard.

The digital age comes with lots of well documented pros and cons. We can now work from anywhere in the world and stay constantly connected, but that has an added effect on our personal lives and stress levels.

Cybercrime costs billions of dollars every year. That’s an obscene amount of money by anyone’s standards. And the really scary thing is that the ever- increasing industry called data theft is now relatively easy for anyone to get involved in.

Gone are the days of 1980s sci fi movies, where computer hackers were dark, mysterious and possessed savant-like levels of intelligence.

Today anyone with the inclination and $50 to spend can pick up a powerful piece of software that will enable them to hack into your computer systems and wreak havoc.

Funnily enough – the best way to be 100% sure a hacker can’t break into your business is to not use computers. We all know that’s not possible. The second best way is to make sure you have next generation cybersecurity protection and tools in place.

Call us today at (734) 457-5000 or email at info@mytechexperts.com to chat about your cybersecurity coverage.

Are You Using Multi-factor Authentication Yet?

Robust security is key for storing data. Cyber-criminals are targeting all businesses all the time, using clever automated tools to sniff out weaknesses they can exploit. Don’t make it easy for them.

Multi-factor authentication gives you another level of security when logging into apps.

What is it? You’ve probably used it when you log into your bank account. You enter your password, then on the next screen, you click to have a code texted to your phone, which you enter as a second, single-use password.

The thing is, it’s not just for your bank. You can use it to access many applications.

It’s simple to set up, and you can use it for any account that holds data you’d rather not fall into the wrong hands.

There are lots of different ways to do multi-factor authentication to protect your business’s data:

• The text message approach: That’s lots better than nothing, but is the least secure multi-factor authentication
• Generate a code on your cell phone: This is better
• Have a special small USB device that must be plugged into your laptop

If you’re unsure how to set this up, please give us a call at (734) 457-5000. We’d love to help.

Buyer Beware: New Phishing Scams Appearing On Craigslist

Craigslist email scams come in many shapes and forms, but in general, a Craigslist email scammer is known to do at least one of the following things:

● Ask for your real email address for any reason at all.
● Insist on communicating by email only (using either your Craigslist email or your real email).
● Send you fake purchase protection emails that appear to be from Craigslist itself.

Asking for your real email address
Scammers might ask you for your real email address for any of the following reasons:

The scammer claims they want to send payment via PayPal. Scammers posing as buyers might try to talk you into accepting online payments, such as those via PayPal.

Once you give your PayPal email address to the scammer, however, they can easily send you a fake PayPal confirmation email to make you think that they paid when they really didn’t.

The scammer claims they use a third-party to securely handle the payment. Similar to the PayPal scenario above, a scammer (posing as either a buyer or a seller) might ask for your real address so that they can send a fake email that appears to come from an official third party.

These types of emails typically are cleverly designed to look like they offer a guarantee on your transaction, certify the seller, or inform you that the payment will be securely handled by the third party.

The scammer intends to send you multiple scam and spam messages. A scammer who asks for your real email address might be creating a list of victims they’re targeting to hack their personal information.

They could be planning to send you phishing scams, money or lottery scams, survey scams or even social network scams.

Insisting on communicating entirely by email
Scammers might insist on talking exclusively by email for any of the following reasons:

The scammer can’t speak to you by phone or meet up in person. Many Craigslist scammers operate overseas and don’t speak English as their first language, which is why they prefer to do everything via email. If they’re posing as a seller, they almost definitely don’t have the item you’re trying to buy and are just trying to get your money.

The scammer is following a script and has an elaborate personal story to share. Scammers use scripts so that they can scam multiple people. If they’re posing as a buyer, they might refer to “the item” instead of saying what the item actually is.

Since English is typically not most scammers’ first language and they operate around the world, it’s very common for them to misspell words or use improper grammar. And finally, to back up why they can’t meet up or need payment immediately, they’ll describe in detail all the problems they’re currently facing/have faced in order to get you to sympathize with them.

The scammer is looking to pressure you to make a payment, or wants to send a cashier’s check. Using their elaborate story, the scammer who’s posing as a seller might ask you to make a deposit via a third party such as PayPal, Western Union, MoneyGram, an escrow service, or something else.

They might even convince you to make multiple payments over a period of time, looking to extract as much money from you as possible before you realize you’re not getting what you’re paying for.

On the other hand, the scammer who’s posing as a buyer might offer to send a cashier’s check, which will likely be discovered as fraudulent days or weeks later.

Beware of anyone who tells you they’re in the military. This is a strong sign of a scam.

Sending fake purchase protection emails
Scammers have been known to send protection plan emails that appear to be from Craigslist. Of course, Craigslist doesn’t back any transactions that occur through its site, so any emails you receive claiming to verify or protect your purchases via Craigslist are completely fake.

The most important thing you can do to avoid getting involved in a Craigslist email scam is to never give away your real email address to anyone you’re speaking to from Craigslist.

Three Ways To Avoid Work From Home Burnout

The lines between work and non-work have blurred for so many people. For those who are still working from home (WFH), they may now be in their sixth consecutive month where there’s little balance between what they do professionally and personally.

Because when the work is sitting there in your personal space, it’s far too easy to work early or late – or both. Accidentally spotting that “urgent” email just before you’re about to go to bed really is incredibly damaging.

Added pressures of childcare have made this worse. Some parents feel that working all hours is the only way they can make up for the perceived reduced quality in their work.

The stress of constantly working (or constantly thinking about work) is dangerous. Our bodies and minds simply aren’t designed to be “on” all the time.

This is bad for our mental health. Which can easily have a negative effect on our physical health too. As IT specialists, we’ve been working remotely for years. Here are our top 3 suggestions to avoid WFH burnout.

1) Have physical ways to transition from personal you to work you, and back again. The easiest way to do this is with a dedicated workspace that’s strictly only used for work.

Even a specific seat at a table can be dedicated to work, even if you sit in other seats to do other things, like eat or play games. Some people dress for work each day, so they can change their clothes to mark the end of the working day.

2) Set strict work hours and stick to them. 9 to 5 might be impossible, but you can still have set work times, even if they’re scattered throughout the day. Make sure your family knows when you’re working. This is where having a set physical space can really help. In your non-work hours, make sure you only do non-work things. And do not check your email!

3) Prioritize what really matters: The other downside of sitting surrounded by work all the time is that there’s always something else that can be done. There’s no point working on minor tasks at 11pm at night, because the chances are, you’re not actually achieving anything meaningful. Assume you have 3-4 hours of truly productive time each day. And make sure you get and stay organized to achieve the most important things in this time.

Emerging: A New Version Of Business In 2020

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Signs of hope are emerging across the globe as economies slowly begin to reopen, but the sad reality is there will never be a return to the “old normal.”

Re-opening phases will look different for each industry and business type. B2C will have different challenges in reopening than B2B. Different regions have been affected in different ways and some more than others.

There is no cookie cutter model to reopening
McKinsey and Company has developed the CEO’s guide to reopening (https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/the-restart) based on research they have done across the globe, specifically in Europe and Asia. One of the biggest differentiators will be if you are B2B or B2C.
[Read more…] about Emerging: A New Version Of Business In 2020

Remote Workforce Or Not – You Can Securely Protect And Back Up Your Corporate Information

Jason Cooley is Support Services Manager for Tech Experts.
One of the most common objections heard when talking with businesses about moving towards a remote work strategy is the supposed security risks posed by not having all data contained within the physical confines of the office building.

While this has widely been debunked, the myth still remains. But the tide may be moving in the other direction now that many businesses were forced to move to an entirely remote workforce during the COVID-19 shutdown.

CNBC has reported that 85% of businesses are now operating 50% of their workforce remotely, and with tech giants Twitter and Facebook both reporting plans to move towards a continued remote strategy, the reality is that remote work in a larger capacity is going to become the norm instead of the exception.

Now is the time to prepare for the “new normal” that will become our reality.

Sadly, along with the threat of COVID-19, cyberattacks have grown as attackers realize that home networks are not as secure as corporate networks. However, security and back up firm Acronis shares 5 things that you can do to protect your business data moving forward with a remote work strategy.

Five “must do’s” according to Acronis
Acronis is a leading cloud backup and security provider and one that we recommend widely to all of our customers. They list 5 “must do’s” as you set up your remote workforce, and as always, we are here to help you put these processes in place.

Must-Do #1: VPN – or Virtual Private Network
You have most likely heard of this technology as it has been around for a while. But if not, a VPN will encrypt all data while in transit to protect it from cyberattackers.

Must-Do #2: Keep an eye out for phishing
Hackers are known for taking advantage of highly stressful events and we have seen an increase of COVID-19 themed phishing attempts and we expect this number to continue to rise as businesses reopen.

The best and most reliable way to prevent a phishing attack from affecting your business is through effective employee training. As another protective measure, you can install URL filtering software on your employees laptop or home computer to further reduce the risks of falling victim.

Acronis says, however, that you should always ask yourself if you were really expecting that email before opening or clicking any links contained in the message.

Must-Do #3: Anti-Malware
Virus and malware protection has always been a standard recommendation, but with the wide net that is cast with remote work, it has become even more important that every endpoint that touches your corporate data has this protection installed on it.

Must-Do #4: Patch, patch, and patch
Regardless of your operating system, whether it be Microsoft or Apple, you need to ensure that you are operating under the most recent operating system. Many attacks occur by taking advantage of unpatched vulnerabilities.

Must-Do #5: Keep your password, and your workspace, to yourself
Just because the office location is at home does not automatically mean people can’t access sensitive information when you step away. Limit access to your computer even when you are at home and do not tell anyone your passwords.

Prepare for the future now
There is no question that the future we anticipated at the close of 2019 is different than the one that will ultimately surface.

By making the assumption that remote work will continue to be the norm instead of a return to the standard office environment will help your business be agile and meet challenges head-on.

Top Reasons To Record Your Business Calls

The 3cx Phone System, the voice over Internet protocol (VoIP) phone system that Tech Experts sells and services, has a call recording feature that’s quite popular. The service has been available for quite a while now.

However, many small- and medium-sized businesses don’t take advantage of the technology that lets them prioritize customer interaction. When used properly, call recording can strengthen your company’s reputation and boost customer satisfaction.

Here are a few reasons to consider a 3cx Phone System with call recording:

Improve customer service
One of the most important reasons why businesses should always record their calls, no matter its significance, is to ensure high-quality customer service. By reviewing calls, managers can understand how their agents have been dealing with customers, find out whether or not they’ve followed company protocol, and pinpoint any aspects that can be improved on.

Without call recording, managers would have to listen to each call in real time, which is a time-consuming process. By recording each call, not only will your managers save time, but your employees will also be motivated to perform at their best every time they’re on the phone because they know their calls can always be reviewed.

Upgrade employee performance
According to Edgar Dale’s Cone of Learning, people only remember 10% of what they’ve read, 50% of what they’ve seen and heard, and 90% of what they’ve done. By providing your agents with actual recordings of good and bad calling examples during training sessions, and have them simulate calls afterwards, they’ll be able to learn better and provide high-quality customer service faster.

Retrieve missed details and prevent litigation
With hundreds of phone calls daily, it’s understandable if your employees don’t catch every single detail. And for companies that require their agents to manually input information during calls, there’s always a possibility that they’ll forget or miss certain information. Needless to say, this could lead to disgruntled customers. If not properly handled, this can harm your reputation, reduce work opportunities, and if things escalate, proceed to litigation.

VoIP’s call recording feature lets you replay saved audio files to make sure you haven’t missed any details, ensuring that all customer demands are met. And if you ever get into a dispute with your clients regarding who said what, you can always retrieve the exact audio file and have both sides listen to it, saving you thousands of dollars in legal fees.

Understand customer preferences
Have you ever received an inquiry about a product or service that’s not included in your offerings? While your agents usually jot these requests down and pass them on to the relevant personnel, they may end up forgetting some if numerous calls are being made that day. Tiny issues like this can lead to potentially huge losses. With call recording, you can review all your calls at the end of the day. You’ll have a better picture of what certain customers are looking for so you can address them better.

VoIP allows businesses to make on-demand calls affordably, and its call recording feature helps companies improve their customer service and prevent litigation. If you think business VoIP is right for you, or if you have any questions, give us a call at (734) 457-5000.