TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

VoIP Poised To Replace Traditional Phone Lines

Jason Cooley is Support Services Manager for Tech Experts.

VoIP (Voice over Internet Protocol) is not a new technology, although many of us are just learning of this internet-based communications protocol.

First used in 1970, VoIP uses your local area network (LAN) to send small digital packets over the internet to the recipient. Advances in the reliability and sound quality have encouraged end-users and businesses alike to cut the cord on the traditional phone-line and adopt the more versatile, and yes, less expensive telecom solution.

As we see it, there are nine reasons VoIP outperforms traditional phone lines aside from the cost. They are:

Scalability
Your business is not static. It is cyclical. Guessing each upgrade cycle how many lines you will need is frustrating and can be expensive. If you guess too high, you pay much more than you need to.

If you guess too low, you can stagnate your business growth. Additionally, legacy solutions have a limit as to how many phones can be connected – but VoIP does not. The possibilities are limitless when it comes to VoIP.

Agility
The key to gaining a competitive edge is moving faster than your competition. VoIP solutions can manage changes in volume and users within minutes and removes any ceiling that might affect your communications solution as you grow.

Mobility
In this modern work environment, employees are demanding more flexible work arrangements, including the ability to take and make calls from anywhere.

Statistics even show how flexible work arrangements also increase employee productivity, allowing workers to still connect even during a sick day or outside appointment. VoIP enables this type of mobility through a simple dashboard that allows you to choose which line will get the call.

Advanced features
VoIP is evergreen. Meaning it will always deploy the most advanced features on the market with no additional cost to you as the end-user.

Updates are automatically filtered and deployed to your location through the same lines the device uses to communicate.

Flexibility
Digital communications technologies like VoIP and Unified-Communications-as-a-Service have one huge distinctive advantage over copper lines: flexibility.

The phone number associated with the device is not tied to one particular device in one specific situation. Instead, several devices can be tied to the same extension, and you can decide which device should ring at which time.

Or, if you forgot to change your call flow and need your calls to reach you only on your cell phone and you have left the office, internet-based dashboards enable you to make those changes on the fly and from any internet-connected device.

Reduced complexity
In the golden days of business telephony, the effort and expense to install a PBX was costly – between paying for the certified individual to set up, install all devices, and do adds, moves, and changes throughout the span of the technology’s lifetime, to the simple cost of buying the equipment, paying for the electrical needs to run it and the space to house it.

Every interaction with the system required certified engineers. A new employee’s ability to communicate was dependent on the schedule of the technician to be able to add the user. But VoIP removes all of these complexities. The solution is mostly software-driven, instead of specialized hardware, and accessed with a simple graphical user interface (GUI).

Day to day management of the solution can be handled by administrative personnel, reserving your IT staff for the more complex needs of your business.

Security
A myth has surrounded VoIP and cloud solutions almost since inception. There has been a perceived security risk to a corporation’s data that has persisted, even though the myth has frequently been debunked. Recent studies have found that on-premise solutions are at the same amount of risk of a breach as cloud solutions, and sometimes even greater risk.

A survey by Alert Logic back in 2012 actually found that on-premise solutions were at a greater risk of compromise and data loss, with on-premise solutions being attacked 61.4% and cloud solutions only 27.8%. The fact is, as your service provider, we put your security at the top of our mind when devising and offering solutions such as VoIP and other cloud offerings. Our staff is certified and participates in frequent educational opportunities to learn about the latest cyber-security risks and protection strategies.

Quality
VoIP is not new and has been used in some form since the 1970s. It has recently gained popularity as the technology has grown and proven itself to be a serious competitor to the traditional telephone.

Because VoIP has been in use for almost 50 years, many of the original sound quality issues have been resolved. Thanks to innovations in sound compression and advancements in IP connections, VoIP actually provides superior sound quality as long as there is a high bandwidth and robust internet connection.

Business continuity
You may have heard horror stories about VoIP connections and outages. And while in those early years, these stories were warranted. Internet connections were wildly unreliable, and since VoIP ran over these connections, if they went down, so did your phone.

But now, internet providers have made considerable strides in the reliability and strength of their IP connections, making outages rare.

Add in cellular technologies as a failover, VoIP solutions can actually failback on the cellular 4G or 5G network and continue services in the event of an internet outage, meaning you remain connected regardless of the status of your internet connection.

It is no longer a matter of if, but when the copper lines that have serviced our telephones for generations will be phased out. Major carriers, such as AT&T and Verizon, have listed a sunset date for the maintenance of these copper wires to occur next year. Yes, in 2020, if a copper line goes down, the operator will not need to replace the line, but instead, transfer your service over to the digital solutions.

Start your migration today, and avoid the headache of a forced migration when you are least expecting it. Talk with one of our staff today to see how we can help you manage the transition and keep your business connected.

Most Small Business Breaches Could Be Prevented

The majority of breaches that affect small and medium businesses like yours could have been prevented through the use of today’s technology. Here are 14 ways you can protect your business:

Security assessment
Establish a baseline and determine when your last security assessment was.

Spam email
Most attacks occur from infected emails. Be sure you secure your accounts. We can help you determine the right level of protection for your business.

Passwords
Set company policies surrounding passwords and external devices in your business. Examples include restricting USB drive access, screen timeout limits, enhanced password policies, and limiting user access to certain files.

Security awareness
Educate, educate,and then educate some more. Employees are the single greatest risk to an organization of a cyber breach by employees inadvertently clicking on a link in an email or downloading a file that contains the virus or ransomware.

Advanced endpoint detection and response (EDR)
Technology advancements have enhanced the traditional methods of virus protection, adding protections for fileless and script-based attacks and can even roll back systems after an attack. Give us a call at (734) 457-5000 (or email at info@mytechexperts.com) to learn more about these features and how they can replace your current virus protection software.

Multi-factor authentication
Multi-Factor Authentication is the process of requiring two modes of identity checks when logging into accounts with sensitive and personal information, such as bank accounts or social media.

This additional layer of protection can be critical in ensuring your data does not become lost.

Computer updates
Automate key software, such as Microsoft Office and OS, Adobe, and Java, to protect your network from the latest attacks. We can provide “critical update” services to your business and help you keep your business protected from these malicious sources.

Dark web research
A little known secret is the reality that many users’ login credentials have been placed for sale on Dark Web sites. Continuously monitor these sites and update credentials as needed if you find your corporate credentials up for sale to the highest bidder.

SIEM/log management
SIEM, or Security Incident & Event Management, uses data engines to review all logs from all covered devices, protecting your systems from unauthorized access.

Web gateway security
New cloud-based security products can detect web and email threats and block them – before they reach your network and users.

Mobile device security
Don’t neglect to secure your employees’ mobile devices and tablets. Many attackers target these devices, believing them to be forgotten by most businesses.

Firewall
Advanced firewall technology today enables intrusion detection and intrusion protection features. Ensure these are enabled on your corporate firewalls, and if you don’t know how, call us today.

Encryption
Encrypt files both at rest and in motion, especially on mobile devices, laptops and tablets. Cell phones are an unexpected attack vector.

Backup
Utilize multiple forms of backup, from cloud backup to on-premise and offline, further reducing the risks of a ransomware attack preventing access to your data.

10 Most Important CyberAttacks Of The Last Decade

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

The only way to keep history from repeating itself is to learn from the mistakes of the past. The following is a list of the most significant cyberyattacks from the last decade, as compiled by TechTarget:

Yahoo – 2013
With the unfortunate legacy of being the largest breach in the history of the internet, all three billion Yahoo accounts were compromised. The organization took 3 years to notify the public of the breach and that every account’s name, email address, password, birthdate, phone numbers, and security answers had been sold on the dark web.

Equifax – 2017
Probably the most damaging attack occurred just 3 years ago with the hack of Equifax. The hackers were successful in gaining access to 143 million Equifax customers and information vital to the lives of all. [Read more…] about 10 Most Important CyberAttacks Of The Last Decade

Microsoft Starts Forcing November 2019 Update On Users

Jason Cooley is Support Services Manager for Tech Experts.

The Windows 10 November 2019 update (also known as Version 1909) is live and many users have moved to Microsoft’s latest feature update.

As an IT professional here at Tech Experts, it seems like these feature updates happen one right after another.

Although this is not the case as Microsoft only releases feature updates twice a year, the issues we encounter during each feature update’s life cycle make it seem that way. The only notable updates between these feature updates are ones that may fix an issue, which may or may not have been caused by the last feature update.

So what are updates like for someone who is not one of the Tech Experts?

As a user, you may or may not notice updates a lot more frequently, but those are smaller updates and may not fix anything at all. There are regular security updates made during each cycle, updates to Microsoft applications, important system files, drivers, and numerous other things.

The larger ‘feature updates’, while not intending to do so, are the most likely to cause system issues. Many users who are more tech savvy avoid installing these until they are certain it is stable. In some cases, users will try to avoid installing them at all.

Many people live under the “if it isn’t broke, don’t fix it” mentality. Minus security updates, I can see a strong case for this line of thinking.

For years, many users (myself included) could selectively manage their updates. I could avoid installing many updates and keep installing only security updates.

While there is still some ability to manage updates in Windows 10, it is also more limited. One way Windows 10 has made managing updates easier for everyday users is by having the option to pause updates altogether. There is even an option specifically allowing you to stop those feature updates, which is great if your system is running well and you don’t want to cause any issues.

There are also times where you may have a specific piece of software that is not compatible with the newest feature update and you need to avoid software incompatibility. That is when you are probably most grateful for the pause feature updates option.

Well, the time has come for Microsoft to go against your choices and decide that it knows what is best for you!

The November 2019 update is being pushed out to users, whether you want it or not. While it sounds deceitful, there is – as always with Microsoft – more to it.

Users who are currently on Version 1809, which is now two versions behind, are being pushed to the November update. There are new security updates for Version 1909, and they cannot be applied to 1809.

Microsoft is taking this precaution to make sure users stay protected. In the past, Microsoft typically reserved forced rollouts for Windows Home version, but these forced updates will also apply to all computers running Windows 10 Professional.

If you are on Version 1809 and want to avoid being updated to 1909, you may be able to delay the process by manually moving to Version 1903 instead. Just remember, Microsoft is prioritizing your security, not comfort.

Why Is Ryuk The Most Dangerous Ransomware?

Ryuk is one of the most prevalent ransomware variants in the threat landscape, with infections doubling from the second to the third quarter in 2019.

Ransomware infections continue to increase in tandem with overall impact and monetary demands.

Furthermore, Ryuk’s ability to delete shadow copies and backups makes Ryuk extremely costly and almost impossible to remediate.

For instance, Ryuk operators demanded nearly $600,000 from one government agency after successfully encrypting nearly all files on the network.

Ryuk uses encryption to block access to a system, device, or file until a ransom is paid. It is often dropped on a system by other malware (e.g., TrickBot) or delivered by cyber threat actors (CTAs) after gaining access to the system through compromising Remote Desktop Services.

Once on a system, CTAs deploy Ryuk through the network using PowerShell, PsExec, or Group Policy, with aim to infect as many systems as possible. The number of infected systems depends upon how the malware is deployed as well as the CTA’s access and privileges.

This may be a local subnet, the list of computers in active directory, or the entire organization depending on the variability and process specific nature of spreading the malware.

Once the malware is pushed out to the network, it targets backups and begins the encryption process.

Researchers have observed an increase in Emotet or TrickBot infections leading to a Ryuk infection.

For example, TrickBot disabled the organization’s endpoint antivirus application and spread throughout the network, infecting hundreds of endpoints and multiple servers.

Since TrickBot is a banking trojan, it likely harvested and exfiltrated financial and other sensitive information prior to deploying Ryuk.

Once Ryuk is deployed network-wide, the CTAs encrypted the organization’s data and backups, and left ransom notes on the machines.

Ryuk ransom notes once contained a message and a ransom amount, but have since evolved over time.

Throughout most of 2019, the ransom note did not list a ransom amount and only contained a message and email address. However, now Ryuk ransom notes are very simplistic, with no price or message, only containing an email address, the ransomware’s name, and the statement “balance of shadow universe.”

The CTAs demands payment via Bitcoin cryptocurrency and direct victims to deposit the ransom into specific Bitcoin wallets.

The ransom demand is typically between $100,000-$600,000, which as of 12/19/19 is 14-84 Bitcoins. Notably the ransom demand is determined by the organizations’ assessed ability to pay and the sensitivity of the data affected.

It is highly likely the CTAs account for characteristics like industry, solvency, subscription to cyber insurance, and network saturation when calculating ransom demands. Furthermore, the CTAs have been known to negotiate with victims and adjust the initial ransom amount.

Ryuk’s main infection method is to be dropped on a system by other malware. The file will have a five-letter random name that is usually generated by the srand1 and GetTickCount2 functions.

Persistence
Once executed, the main payload attempts to stop antivirus related processes and services. It uses a preconfigured list to kill more than 40 specific processes and 180 services with taskkill and net stop commands.

This preconfigured list includes antivirus processes, databases, backups, and document editing software. Additionally, the main payload establishes persistence in the registry and injects malicious payloads into several running processes.

To increase persistence, Ryuk makes changes to the registry allowing it to run the payload every time the user logs on.

Ryuk’s anti-recovery techniques are more extensive and sophisticated than most types of ransomware, making recovery almost impossible without restoring from clean external offline backups.

Ryuk’s process injection allows the malware to gain access to the volume shadow service and delete all shadow copies, including those used by third-party applications.

Encryption
Ryuk uses unbreakable RSA and AES encryption algorithms with three keys. The CTAs use a private global RSA key as their base encryption model. The second RSA key is delivered to the system via the main payload and is encrypted with the CTA’s private global RSA key.

Once the malware is ready for encryption, the final key is created in their three-key encryption model.

Ryuk scans the infected systems and encrypts almost every file, directory, drive, network share, and network resource.

Ryuk attempts to encrypt all mounted network drives. As long as the drives are not CD-ROM types, the files will be encrypted.

Finally, once the malware is finished with the encryption process, it will create the ransom note, “RyukReadMe.txt”, placing it in every folder on the system.

What Are The Advantages Of Office 2019?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

As an IT service company, we get asked this question almost every day. Now that it’s available, everyone wants to know what Office 2019 is all about. Office 2019 provides a subset of features that Microsoft has been adding to Office 365 over the past three years.

Office 2019 is a local version of Office software, rather than cloud-based. It’s a perpetual release, meaning that you purchase the product once and own it forever instead of paying for a subscription or subscriptions to use it.

Who Will Benefit From Using Office 2019?

Although anyone can purchase Office 2019, this version has been designed for business users. It comes with volume licensing and is best for companies that don’t want to use the cloud-based version of Office. You can also install the Office 2019 app on all your mobile devices, where you’ll have access to its basic features. [Read more…] about What Are The Advantages Of Office 2019?

Microsoft Contractors Listening To Recordings Made Via Skype Or Cortana

Jason Cooley is Support Services Manager for Tech Experts.

For years, Skype has been a big part of computer users’ experiences regardless of operating system. Whether voice calls, messaging, or video, Skype has a huge share of the user pool. Many Android users use Skype for video chatting in lieu of Apple’s popular Facetime app. It’s also popular among those contacting relatives or friends around the globe.

Skype even introduced an auto translate feature last year. The feature allows for translation between languages in (nearly) real time. Skype has made connecting with people easier than ever, no matter where they are from or their language.

Skype’s translate feature has been praised and for good reason. It is quite impressive that there is an application capable of translating so quickly, allowing people that don’t speak the same language to have a nearly flawless conversation. Of course, with software capable of such amazing things, it’s guaranteed that improvements will constantly be in the works so that it can reach its full potential.

Skype’s translator FAQ does state that calls are collected for data analysis, but that’s vague and may not raise any alarms.

What if I told you that some of those calls were being recorded? Not only that, but they are also being listened to in some cases.

With Skype, the data discovered shows that MOST of the Skype recordings gathered and reviewed are recordings using the translator. Again – that is MOST, not all. These calls contained all kinds of personal information: relationships being discussed, intimate conversations, arguments, you name it.

Skype claims that the information was gathered and listened to only to help improve the product. However, the problem will always go back to the fact that this information was not disclosed.

In fact, many people would say Skype was dishonest in the way that the privacy information was portrayed. Microsoft, who owns Skype, of course states that they only collected voice recordings with customer permission. Micro­soft also ensures that the data is treated as confidential information, but humans are still listening to personal conversations. The confidentiality of that seems suspect.

Then there is Cortana, Windows’ built-in digital assistance. Cortana can search for you, using voice commands. Much like more well-publicized assistants (such as Amazon’s Alexa), Cortana can help you by pulling up search results, maps, or other information you may need. Of course, Cortana also can remember some of your information for you.

So let’s think about Cortana being used in the real world. Asking Cortana about that embarrassing rash? Punching in your home address? Someone might be listening to that too.

The stance on the Skype calls (even though not ALL calls listened to were made with translator) is that Microsoft is collecting data for the purpose of improving its translator feature – so what about Cortana? Is listening to a person’s voice searches really improving any sort of programming?

Possibly, but that sort of testing could be done without the use of private recordings.

Five Benefits Of Virtualization For Small Businesses

Virtualization offers real and attainable multi-faceted advantages for small businesses. Here are some tangible benefits:

Low operating costs

A growing number of businesses are using virtualization because the technology helps reduce costs drastically.

For instance, server virtualization eliminates the need to have physical servers, which are typically costly to run and maintain. In addition, instead of purchasing separate licenses for each server, you would only purchase one license and host additional servers at no extra cost (some limitations and exceptions may apply). With fewer physical servers, you also save money on power bills, maintenance fees and data center office space and fees.

Increased efficiency

Server virtualization makes more efficient use of computing resources; it becomes possible to increase the utilization of your servers from 15 to 80 percent, eliminating the need for extra servers.

You essentially consolidate multiple physical servers onto one machine running a number of virtual servers. As such, you would cut your capital expenses.

Improved business continuity

Server hardware failure is the most common cause of data center failure. In a virtual server, live migration is a feature that helps maintain business continuity by eliminating downtime.

Faster deployment

Virtual devices allow faster installations of new server applications and/or routers as well as to switch software services, since you don’t have to order equipment.

Instead, all you need to do is configure a new virtual machine, router, switch or storage drive using your special virtualization management software tool. The process typically involves copying an image, significantly reducing setup, configuration and recovery times.

Improved disaster recovery

Backing up virtual infrastructure normally entails making copies of virtual machine file images – an easier process than working with different physical servers.

In addition, hosting virtual infrastructure doesn’t require much equipment, so companies can buy multiple servers and house them in different locations. This makes backups redundant and disaster recovery quick for higher uptime.

Administrators can seamlessly move live virtual machines between physical server hosts without turning them off and without downtime.

Tax Benefits You Should Reap Before The Year Ends

There are important tax benefits you can only gain by acting before December runs out. Preparing for taxes at the end of the year also puts you ahead of the game, eliminating the last-minute scramble to decipher receipts and new forms, so you can be calm and collected when tax season actually hits.

Perhaps the most important tax benefit small businesses should be aware of is that purchases like IT hardware or computer software that is purchased off the shelf are tax-deductible. Such capital purchases, however, must be dealt with before the new year, or they can no longer be used on your tax return. New special provisions dictate the cost of such equipment must be deducted within the year they were put into service, so you can’t afford to wait until the fiscal year ends and miss the narrow window for this tax benefit opportunity.

Small businesses should also be aware that many tax benefits are dependent on whether your activities are profitable or not. This is because the amount you can deduct for technological purchases changes according to your business’ total taxable income.

Be sure to reference Section 179 rules if you are showing a profit and Section 168 rules if you are in the red. You may even choose to consider if it is in your business’ best interest to be profitable at all, and adjust your inner workings to reflect your best tax advantage.

When making deductions for tech hardware and software purchased this year, make sure your record keeping is first rate. Keep all paper¬work that identifies the equipment, receipt for purchase, and anything that can point to when you actually put the equipment into service.

If necessary, you can then provide copies of that paperwork to the tax agency in the event that there is a question about your deduction. Before filing, if there is any doubt about whether a particular purchase is eligible for a tax deduction, consult with your tax adviser to be sure the necessary points have been met.

What’s The Best Way To Scan Old Prints And Negatives?

If you have old prints and you would like to share them with your family and friends you can choose from the alternatives listed below:

Flatbed Scanners
A flatbed photo scanner is a great option if you have a large number of photos rather than negatives. Your budget will pretty much determine the quality of those pictures if your intent is to print large-size photos.

However, if you intend to share those with family and friends over your social network sites, you may be ok with a low-cost scanner. Remember that scanning is time consuming, you will have to feed each individual print into the scanner and process the image, which might take weeks depending on how large your collection is.

Negative Scanner
If you would like to scan negatives only, you may be interested in acquiring a negative scanner. Negative scanners are meant to convert film into digital images in the most dedicated way possible. It will not only generate more accurate scans of your negatives, their software will speed up the process. Some scanners offer the comfortable feature of batch scanning, automating
the scanning of multiple 35mm films in a row, in as little as one minute.

Scanning Services
If you find that scanning your photos or films is very time consuming, you may want to try scanning
services that will do the work for you. These services are becoming quite popular. This can be a cost-effective solution for small jobs but may get expensive for larger jobs with higher quality requirements. It is best to research several options.