TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Designing A Comprehensive Security Plan For Your Company

After years of being in the industry and watching the evolution of cyberattacks, we feel that there are 13 critical pieces to any cybersecurity plan that we, as your managed service provider, should implement. They are:

Two-factor/Multi-factor authentication

Two-factor authentication is probably the most widely misunderstood security solution, but a critical and effective part of every cybersecurity strategy.

Two-factor authentication is just how it sounds: two separate layers of security. The first is a typical username and password log-in with the addition of a secondary level that looks for something you know, something you have, or something on your body (e.g., fingerprint).

Here are some stats you should know that describe the critical need for two-factor authentication:

  • 90% of passwords can be cracked in less than six hours.
  • Two-thirds of people use the same password everywhere.
  • Sophisticated cyberattackers have the power to test billions of passwords every second.

This sobering reality is why we require two-factor or multi-factor authentication for all of our employees and users of our system, and we highly recommend that you do too.

Password management

The main reason people use the same password everywhere is because it’s impossible to keep track of hundreds of usernames and passwords across various devices and systems.

A secure password is a unique, hard-to-guess one, so it’s understandable why users resort to the use of the same password for each site. This is why we have a password management program built into our procedures. The password manager program generates unique, complex passwords for each site or program then securely stores them in the management program.

When one of our staff needs credentials, they use the master password to open their database of passwords and obtain the login information they need, making it easy to “remember” a complex password and significantly reduce the risk of a breach.

Security risk assessment

A security risk assessment involves reviewing your technology and how you use it, followed by the implementation of security improvements and preventive measures.

The assessment should be performed at a minimum of one time per year, if not more. A full security assessment includes the following pieces:

Identification – When performing a security risk assessment, we first need to take inventory of all of your critical information technology equipment, then determine what sensitive data is created, stored, or transmitted through these devices and create a risk profile for each.

Assessment – This step takes identification to the next level. To complete the assessment step, we need to identify the security risks to each critical asset and determine the most effective and efficient way to allocate time and resources to mitigation.

Mitigation – This is where we solve problems. We have specifically defined a mitigation approach for each potential risk in our network and what security controls will be initiated in case of a breach.

Prevention – We have specific tools and processes to minimize the risk of threats against us and our network in order to help keep you safe.

Information security plan

There is a significant need to safeguard any information that is collected, transmitted, used, and stored within information systems, so the development of an information security plan is crucial. We take this very seriously. We have taken steps to document a plan and designed systems to secure our and our clients’ sensitive business data.

A security program is essentially about risk management, including identifying, quantifying and mitigating risks to computers and data. There are some essential basic steps to risk management:

Identify the Assets – Beyond generating a list of all the hardware and software within the infrastructure, assets also include any data that is processed and stored on these devices.

Assign value – Every asset, including data, has a value and there are two approaches that can be taken to develop the value: qualitative and quantitative. “Quantitative” assigns a financial value to each asset and compares it to the cost of the counter-measure.  “Qualitative” places the threats and security measures of the assets and sets a rank by use of a scoring system.

Identify risks and threats to each asset – Threats to the system go beyond malicious actors attempting to access your data and extend to any event that has the potential to harm the asset. Events like lightning strikes, tornados, hurricanes, floods, human error, or terrorist attacks should also be examined as potential risks.

Estimate potential loss and frequency of attack of those assets – This step depends on the location of the asset. For those operating in the Midwest, the risk of a hurricane causing damage is extremely low while the risk of a tornado would be high.

Recommend countermeasures or other remedial activities – By the end of the above steps, the items that need improvement should become fairly obvious. At this point, you can develop security policies and procedures.

Policies and procedures (internal & external) – A crucial part of an effective cybersecurity plan is the policies and procedures, both for internal assets and external assets. You can’t have one without the other. A general description can be thought of as this: a policy is the “rule” and a procedure is the “how.” With this in mind, a policy would be to effectively secure corporate data with strong passwords. The procedure would be to use multi-factor authentication.

Cybersecurity insurance and data breach financial liability – CyberInsureOne defines cybersecurity insurance as “a product that is offered to individuals and businesses in order to protect them from the effects and consequences of online attacks.”

Cybersecurity insurance can help your business recover in the event of a cyberattack, providing such services as public relations support and funds to draw against to cover any financial losses. It’s something that your MSP should carry as well as your own business.

And just like business liability and auto liability insurance, it is paramount that your business (as well as your MSP) covers themselves with data breach financial liability insurance to cover any event that may be attributed to their activities causing a breach.

Data access management – Access management is determining who is and who isn’t allowed access to certain assets and information, such as administrative accounts.

This is critical for your business as it enables control over who has access to your corporate data, especially during times of employee turnover. Other benefits include increased regulatory compliance, reduced operating costs, and reduced information security risks.

Security awareness training (with phishing training) – Phishing is the number one attack vector today with over 90,000 new attacks launched every month. If your provider is not actively participating in security and phishing awareness training, they will be unable to keep you up on the latest trends in how these malicious actors are attempting to gain access to your businesses data.

Data encryption – At its basic level, data encryption translates data into a different form, making it readable only by the starting and ending points and only with the appropriate password. Encryption is currently considered one of the most effective security measures in use as it is nearly impossible for an outside force to crack.

Next Gen antivirus and firewall – Antivirus is software designed to detect and neutralize any infection that does attempt to access the device and should be on every endpoint.

Many providers are marketing their software as “next generation,” but true next generation antivirus includes features such as exploit techniques (blocking a process that is exploiting or using a typical method of bypassing a normal operation), application whitelisting (a process for validating and controlling everything a program is allowed to do), micro-virtualization (blocks direct execution of a process, essentially operating the program in its own virtual operating system), artificial intelligence (blocking or detecting viruses the same way as a human user could), and EDR/Forensics (using a large data set from endpoint logs, packets, and processes to find out what happened after the fact).

Next generation firewalls also include additional capabilities above the traditional firewall, including intrusion protection, deep packet inspection, SSL-Encrypted traffic termination, and sandboxing.

Business continuity plan – This is a process surrounding the development of a system to manage prevention and recovery from potential threats to a business. A solid business continuity plan includes the following:

  • Policy, purpose, and scope
  • Goals
  • Assumptions
  • Key roles responsibilities
  • A business impact analysis
  • Plans for risk mitigation
  • Data and storage requirements that are offsite
  • Business recovery strategies
  • Alternate operating plans
  • Evaluation of outside vendors’ readiness
  • Response and plan activation
  • Communication plan
  • Drills and practice sessions
  • Regular re-evaluation of the current plan

Your MSP should be able to provide you with a copy of what is included in their plan and how it will affect your business if they do encounter a business continuity event, as well as their backup plan to maintain your critical business infrastructure.

Email security layers – In short, layers limit risk. Email security layers include tactics such as two-factor authentication and spam filters at the basic level (which give your employees time to evaluate a potential threat by removing the words “urgent” or “do right now” from internal subject lines).

As your managed service provider, we are dedicated to helping you maintain effective cybersecurity through these advanced tactics, as well as through a consultative, trusted advisor relationship. You are more than just a number to us and we will do everything in our power to help keep your business safe and running smoothly.

Working Remotely: Changes Amid The Outbreak

Jason Cooley is Support Services Manager for Tech Experts.

It was early March when Microsoft decided to mandate its employees work remotely. Over a month since then, the world has not yet “bounced” back.

It’s still looking like we haven’t seen the worst of things to come. Many industries are closed altogether. Others are running with reduced staff. More people than we can count are out of work and seeking unemployment.

Unless your position called for travel, working remotely wasn’t something many people would consider. However, there is no normal right now, and many people find themselves working from home for the first time.

Not all industries can manage it. There are front liners that have to work. Sure, you can likely do a video appointment with your doctor, but doctors are still seeing patients.

Food service, gas station, and grocery store employees are all critical and in-person jobs that are going to work on a daily basis.

Insurance companies and accounting offices? Their employees are probably very important to a lot of people right now. Their jobs are unlikely to be reliant on a central location.

A computer with web access can be enough to get you through in some situations, and other times, you need access to resources on your corporate network. Different people have different needs. In some cases, people are learning what they need and how to get it as they go.

As someone working in the IT industry, a fair portion of my normal work is done remotely. The only difference is my physical location. I can make calls, remotely assist clients, resolve issues, and carry on like a typical day at the office.

Many are not so lucky. The world doesn’t stop running, and being under quarantine is creating some unique situations. People who have never worked from home suddenly are.

Non-critical business is on hold, but the justice system isn’t on complete shutdown. Different cities and states are still working with its judges to get things done. There are certainly some instances of cities where they have the infrastructure in place to do telecourt appearances. There are others that are trying to put systems in place to be able to operate and hear cases.

While it is likely that some criminal cases will be put on hold, other court matters, like custody cases, can’t always wait indefinitely.

With such uncertainty, some judges are doing Zoom meetings just to make sure that the world does keep moving around us.

Meeting apps like Zoom are being used more and more frequently as people attempt to find ways to host meetings. Skype, Discord, and just about anything else have been used in a pinch to try to make ends meet.

Technology can be daunting, especially when new concepts like virtual meetings or VPNs are introduced.

People trying to use a webcam and mic or remote connection for the first time can get frustrated; it can be hard enough when we’re not facing a global pandemic. Having a technology partner like Tech Experts can ease the transition (and your mind) in these trying times.

There are many things to be learned from this entire situation, though, and many things are sure to change. One thing is for sure: we will all likely be a little more comfortable with the idea of working from home in the future, should we need to.

The Five Broad Categories Of The Cybersecurity Framework

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

One of the key methods that the NIST recommends businesses do on a continual basis is focus on these five categories as you assess your cybersecurity framework. These should be done regularly, and proactively, in order to be the most effective.

The categories are broad and cover a wide array of tools that businesses can use to build a cybersecurity framework that best supports their business security needs. They are: identify, protect, detect, respond and recover.

The first step you should take is to identify who should and should not have access to your business’s privileged information, and then maintain strict physical access rules for those personnel who don’t need that access.

NIST recommends that you do not allow cleaning and maintenance staff unsupervised access to rooms that contain computers or other technology that stores sensitive information.

Further recommendations include performing extensive background checks on all prospective employees, setting systems to lock down after several minutes of inactivity and maintaining separate accounts for each user. [Read more…] about The Five Broad Categories Of The Cybersecurity Framework

Windows 10 Issues Persist After Windows 7 Retires

Jason Cooley is Support Services Manager for Tech Experts.

January marked the end for Windows 7. After ten years and more than a few extensions, Microsoft finally made the cut-off and will no longer be updating what many would call its most reliable operating system ever.

Many businesses held out as long as possible, and some have even paid for privatized extended support.

Microsoft certainly had to split its focus while having more than one operating system in production, but with the end of Windows 7, one would assume that Windows 10 would have more developers working on the issues and updates as they arise.

It hasn’t been long, but so far, we have not seen anything to indicate a brighter future for Windows 10.

Now, Microsoft is no stranger to a failed OS. Who can forget Windows ME (Millennium Edition), Windows Vista, and even Windows 8? These were deemed failures and had a much shorter life span than favorites like Windows XP and Windows 7.

That said, Windows 10 won’t fall into the same category as ME, Vista, or Windows 8. Windows 10, when correctly functional, really is one of the better user experiences there has been. It has already proven commercially to be more successful with a larger market share than any of the failed systems.

Of course, that could also be attributed to the fact that there was another OS available at the times of ME, Vista, and Windows 8. Windows ME couldn’t break the grasp that Windows XP had. Vista was a victim of Windows XP and Windows 7. Windows 8 was decimated by Windows 7 and Windows 10.

Windows 10 from a user standpoint is not a failure, but there are a few ways that it exceeds the issues that some of these failed operating systems had.

Windows 10 has had some fairly widespread issues. The most recent problem? A majority of Windows 10 users found themselves unable to use the search feature in Windows. The start menu would allow you to open it, but the search never returned results.

Microsoft was able to fix the issue within a day or so, but what caused the issue?

The broken search was related to a broken link to Bing search. The search function is integrated with Bing, and the functionality of the feature was completely broken because of it.

There have been other issues as well. One of my favorite and most unique problems with Windows 10 was a few month span during an entire feature update where Microsoft had broken the ability to install Microsoft Office.

There was no fix. If the problem occurred, you had to either roll back to install Office or wait until the next feature update.

You almost expect there to be issues with third party software during a new update, but when it’s the company’s own product? It is definitely a headscratcher. Relatedly, there were frequent problems with Office activation and the Microsoft store being completely missing or broken.

While Windows 7 didn’t have all of the features that Windows 10 did, it seemed to be much more reliable.

We can only hope that Microsoft gets those extra developers working so Windows 10 can be as reliable as its predecessor. Despite these issues, the potential is there.

Ransomware Attacks On Healthcare Providers Rose 350% In Q4 2019

Ransomware assaults against healthcare providers expanded an astounding 350 percent during the last quarter of 2019 with the quick pace of assaults previously proceeding all through 2020.

Ransomware attacks dominated healthcare headlines during the later part of 2019 with attacks on IT vendors disrupting services on hundreds of dental and nursing facilities, while a number of hospitals, health systems, and other covered entities reported business disruptions from these targeted attacks.

Also, in December, Blackberry Cylance specialists revealed that another ransomware variation known as Zeppelin was spotted focusing on the human services division and tech associations through the supply chain.

IT research group Corvus broke down the ransomware attacks of the last few years to get a feeling of malware’s effect on the part and its assault surface and discovered there were in excess of 24 announced ransomware occurrences a year ago.

These findings mirror similar reports, which also noted that these numbers are likely lower than the actual number of attacks – as some ransomware victims do not report the incidents to the public.

In fact, Emsisoft research shows that more than 759 healthcare providers were hit with ransomware last year, reaching crisis levels.

Further, the trend has continued in 2020 with at least four healthcare covered entities reporting attacks in January alone. According to Corvus, the number is more than any other quarter in healthcare since Q3 2017. And if the rate continues, there will be at least 12 reported during Q1 2020.

The researchers also found that healthcare actually has a smaller attack surface, on average, than the web average. Those that have reduced their overall exposure, especially hospitals, have limited the risk of exposure.

But health services and medical groups are the most at risk in the sector, according to the data.

That’s not to say that healthcare is successfully securing its attack surface. For example, one of the most common exposure types is through the remote desktop protocol, which is associated with a 37 percent greater likelihood of a successful ransomware attack.

Healthcare is also struggling to secure its email security, overall. Eighty-six percent of healthcare covered entities don’t use scanning and filtering tools on their email platforms. Even hospitals, which typically leverage these services at a higher rate, are failing to deploy this tool at a successful rate (just 25 percent use the tech).

What’s more, health practitioners, such as dentists and physicians are 14 percent less likely on average to use the most basic form of email authentication, which are known to prevent suspicious emails from making it to the inbox.

It’s concerning, as Corvus showed that more than 91 percent of ransomware attacks are the result of phishing exploits.

“Hospitals use email scanning and filtering tools more than average, but the average is low,” researchers wrote. “These services are associated with a 33 percent reduction in the likelihood of a ransomware attack. All healthcare entities should strongly consider such services to help prevent phishing.”

Corvus also found that hospitals are six times more likely to internally host their own servers, instead of leaning on a third-party vendor. As a result, those entities have “the responsibility for maintaining some aspects of security in their court: keeping up with the everchanging threats rather than handing it off.”

“As commodity ransomware has become more readily available and examples of successful attacks on smaller organizations, like local governments, gain attention, attackers may well turn their attention to organizations like individual health practitioners or nursing/long-term care facilities,” researchers wrote.

“We can see that the security measures at these kinds of organizations are average at best, and in some areas worse,” they continued. “Healthcare organizations of all sizes are at risk… They should be taking advantage of opportunities to improve email security.”

As the number of successful ransomware attacks increased, several industry stakeholders released guidelines to help organizations shore up their defenses, including the Department of Homeland Security, Microsoft, NIST, and the Office for Civil Rights. Healthcare organizations, especially those with limited resources, should turned to these insights to bolster their defenses.

Lastly, the FBI has continually reminded organizations that they should not pay the ransom for a host reasons, including that there is no guarantee the hackers will unlock the data and the threat actor may launch a subsequent attack.

Ransomware attacks have cost the healthcare sector at least $160 million since 2016, according to Comparitech.
This article was adapted from research published by Health IT Security.

The Biggest Cloud Advances In The Last Decade

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Yes, believe it or not, we have closed out yet another decade in technology. As we are entering the second generation of the “Roarin’ 20s,” it felt like the perfect time to look back on the ‘10s.

Even though cloud technology was widely available prior to 2010, the technology has made significant strides in gaining acceptance as the defacto business solution. From communications to storage to backup, the cloud is now where it is at.

In the beginning….
There were three cloud giants that emerged. Between Google, AWS and Microsoft, the cloud market was valued at an astonishing $24.65 Billion.
[Read more…] about The Biggest Cloud Advances In The Last Decade

VoIP Poised To Replace Traditional Phone Lines

Jason Cooley is Support Services Manager for Tech Experts.

VoIP (Voice over Internet Protocol) is not a new technology, although many of us are just learning of this internet-based communications protocol.

First used in 1970, VoIP uses your local area network (LAN) to send small digital packets over the internet to the recipient. Advances in the reliability and sound quality have encouraged end-users and businesses alike to cut the cord on the traditional phone-line and adopt the more versatile, and yes, less expensive telecom solution.

As we see it, there are nine reasons VoIP outperforms traditional phone lines aside from the cost. They are:

Scalability
Your business is not static. It is cyclical. Guessing each upgrade cycle how many lines you will need is frustrating and can be expensive. If you guess too high, you pay much more than you need to.

If you guess too low, you can stagnate your business growth. Additionally, legacy solutions have a limit as to how many phones can be connected – but VoIP does not. The possibilities are limitless when it comes to VoIP.

Agility
The key to gaining a competitive edge is moving faster than your competition. VoIP solutions can manage changes in volume and users within minutes and removes any ceiling that might affect your communications solution as you grow.

Mobility
In this modern work environment, employees are demanding more flexible work arrangements, including the ability to take and make calls from anywhere.

Statistics even show how flexible work arrangements also increase employee productivity, allowing workers to still connect even during a sick day or outside appointment. VoIP enables this type of mobility through a simple dashboard that allows you to choose which line will get the call.

Advanced features
VoIP is evergreen. Meaning it will always deploy the most advanced features on the market with no additional cost to you as the end-user.

Updates are automatically filtered and deployed to your location through the same lines the device uses to communicate.

Flexibility
Digital communications technologies like VoIP and Unified-Communications-as-a-Service have one huge distinctive advantage over copper lines: flexibility.

The phone number associated with the device is not tied to one particular device in one specific situation. Instead, several devices can be tied to the same extension, and you can decide which device should ring at which time.

Or, if you forgot to change your call flow and need your calls to reach you only on your cell phone and you have left the office, internet-based dashboards enable you to make those changes on the fly and from any internet-connected device.

Reduced complexity
In the golden days of business telephony, the effort and expense to install a PBX was costly – between paying for the certified individual to set up, install all devices, and do adds, moves, and changes throughout the span of the technology’s lifetime, to the simple cost of buying the equipment, paying for the electrical needs to run it and the space to house it.

Every interaction with the system required certified engineers. A new employee’s ability to communicate was dependent on the schedule of the technician to be able to add the user. But VoIP removes all of these complexities. The solution is mostly software-driven, instead of specialized hardware, and accessed with a simple graphical user interface (GUI).

Day to day management of the solution can be handled by administrative personnel, reserving your IT staff for the more complex needs of your business.

Security
A myth has surrounded VoIP and cloud solutions almost since inception. There has been a perceived security risk to a corporation’s data that has persisted, even though the myth has frequently been debunked. Recent studies have found that on-premise solutions are at the same amount of risk of a breach as cloud solutions, and sometimes even greater risk.

A survey by Alert Logic back in 2012 actually found that on-premise solutions were at a greater risk of compromise and data loss, with on-premise solutions being attacked 61.4% and cloud solutions only 27.8%. The fact is, as your service provider, we put your security at the top of our mind when devising and offering solutions such as VoIP and other cloud offerings. Our staff is certified and participates in frequent educational opportunities to learn about the latest cyber-security risks and protection strategies.

Quality
VoIP is not new and has been used in some form since the 1970s. It has recently gained popularity as the technology has grown and proven itself to be a serious competitor to the traditional telephone.

Because VoIP has been in use for almost 50 years, many of the original sound quality issues have been resolved. Thanks to innovations in sound compression and advancements in IP connections, VoIP actually provides superior sound quality as long as there is a high bandwidth and robust internet connection.

Business continuity
You may have heard horror stories about VoIP connections and outages. And while in those early years, these stories were warranted. Internet connections were wildly unreliable, and since VoIP ran over these connections, if they went down, so did your phone.

But now, internet providers have made considerable strides in the reliability and strength of their IP connections, making outages rare.

Add in cellular technologies as a failover, VoIP solutions can actually failback on the cellular 4G or 5G network and continue services in the event of an internet outage, meaning you remain connected regardless of the status of your internet connection.

It is no longer a matter of if, but when the copper lines that have serviced our telephones for generations will be phased out. Major carriers, such as AT&T and Verizon, have listed a sunset date for the maintenance of these copper wires to occur next year. Yes, in 2020, if a copper line goes down, the operator will not need to replace the line, but instead, transfer your service over to the digital solutions.

Start your migration today, and avoid the headache of a forced migration when you are least expecting it. Talk with one of our staff today to see how we can help you manage the transition and keep your business connected.

Most Small Business Breaches Could Be Prevented

The majority of breaches that affect small and medium businesses like yours could have been prevented through the use of today’s technology. Here are 14 ways you can protect your business:

Security assessment
Establish a baseline and determine when your last security assessment was.

Spam email
Most attacks occur from infected emails. Be sure you secure your accounts. We can help you determine the right level of protection for your business.

Passwords
Set company policies surrounding passwords and external devices in your business. Examples include restricting USB drive access, screen timeout limits, enhanced password policies, and limiting user access to certain files.

Security awareness
Educate, educate,and then educate some more. Employees are the single greatest risk to an organization of a cyber breach by employees inadvertently clicking on a link in an email or downloading a file that contains the virus or ransomware.

Advanced endpoint detection and response (EDR)
Technology advancements have enhanced the traditional methods of virus protection, adding protections for fileless and script-based attacks and can even roll back systems after an attack. Give us a call at (734) 457-5000 (or email at info@mytechexperts.com) to learn more about these features and how they can replace your current virus protection software.

Multi-factor authentication
Multi-Factor Authentication is the process of requiring two modes of identity checks when logging into accounts with sensitive and personal information, such as bank accounts or social media.

This additional layer of protection can be critical in ensuring your data does not become lost.

Computer updates
Automate key software, such as Microsoft Office and OS, Adobe, and Java, to protect your network from the latest attacks. We can provide “critical update” services to your business and help you keep your business protected from these malicious sources.

Dark web research
A little known secret is the reality that many users’ login credentials have been placed for sale on Dark Web sites. Continuously monitor these sites and update credentials as needed if you find your corporate credentials up for sale to the highest bidder.

SIEM/log management
SIEM, or Security Incident & Event Management, uses data engines to review all logs from all covered devices, protecting your systems from unauthorized access.

Web gateway security
New cloud-based security products can detect web and email threats and block them – before they reach your network and users.

Mobile device security
Don’t neglect to secure your employees’ mobile devices and tablets. Many attackers target these devices, believing them to be forgotten by most businesses.

Firewall
Advanced firewall technology today enables intrusion detection and intrusion protection features. Ensure these are enabled on your corporate firewalls, and if you don’t know how, call us today.

Encryption
Encrypt files both at rest and in motion, especially on mobile devices, laptops and tablets. Cell phones are an unexpected attack vector.

Backup
Utilize multiple forms of backup, from cloud backup to on-premise and offline, further reducing the risks of a ransomware attack preventing access to your data.

10 Most Important CyberAttacks Of The Last Decade

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

The only way to keep history from repeating itself is to learn from the mistakes of the past. The following is a list of the most significant cyberyattacks from the last decade, as compiled by TechTarget:

Yahoo – 2013
With the unfortunate legacy of being the largest breach in the history of the internet, all three billion Yahoo accounts were compromised. The organization took 3 years to notify the public of the breach and that every account’s name, email address, password, birthdate, phone numbers, and security answers had been sold on the dark web.

Equifax – 2017
Probably the most damaging attack occurred just 3 years ago with the hack of Equifax. The hackers were successful in gaining access to 143 million Equifax customers and information vital to the lives of all. [Read more…] about 10 Most Important CyberAttacks Of The Last Decade

Microsoft Starts Forcing November 2019 Update On Users

Jason Cooley is Support Services Manager for Tech Experts.

The Windows 10 November 2019 update (also known as Version 1909) is live and many users have moved to Microsoft’s latest feature update.

As an IT professional here at Tech Experts, it seems like these feature updates happen one right after another.

Although this is not the case as Microsoft only releases feature updates twice a year, the issues we encounter during each feature update’s life cycle make it seem that way. The only notable updates between these feature updates are ones that may fix an issue, which may or may not have been caused by the last feature update.

So what are updates like for someone who is not one of the Tech Experts?

As a user, you may or may not notice updates a lot more frequently, but those are smaller updates and may not fix anything at all. There are regular security updates made during each cycle, updates to Microsoft applications, important system files, drivers, and numerous other things.

The larger ‘feature updates’, while not intending to do so, are the most likely to cause system issues. Many users who are more tech savvy avoid installing these until they are certain it is stable. In some cases, users will try to avoid installing them at all.

Many people live under the “if it isn’t broke, don’t fix it” mentality. Minus security updates, I can see a strong case for this line of thinking.

For years, many users (myself included) could selectively manage their updates. I could avoid installing many updates and keep installing only security updates.

While there is still some ability to manage updates in Windows 10, it is also more limited. One way Windows 10 has made managing updates easier for everyday users is by having the option to pause updates altogether. There is even an option specifically allowing you to stop those feature updates, which is great if your system is running well and you don’t want to cause any issues.

There are also times where you may have a specific piece of software that is not compatible with the newest feature update and you need to avoid software incompatibility. That is when you are probably most grateful for the pause feature updates option.

Well, the time has come for Microsoft to go against your choices and decide that it knows what is best for you!

The November 2019 update is being pushed out to users, whether you want it or not. While it sounds deceitful, there is – as always with Microsoft – more to it.

Users who are currently on Version 1809, which is now two versions behind, are being pushed to the November update. There are new security updates for Version 1909, and they cannot be applied to 1809.

Microsoft is taking this precaution to make sure users stay protected. In the past, Microsoft typically reserved forced rollouts for Windows Home version, but these forced updates will also apply to all computers running Windows 10 Professional.

If you are on Version 1809 and want to avoid being updated to 1909, you may be able to delay the process by manually moving to Version 1903 instead. Just remember, Microsoft is prioritizing your security, not comfort.