TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

How To Protect Your Business From SHTML Phishing

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
Data security is vital to any business. Learn how SHTML phishing works and how to minimize the risk of your data falling into the hands of attackers.

Email phishing has been in the playbook of hackers since, well, email. What’s alarming is the scope in which criminals can conduct these attacks, the amount of data potentially at risk, and how vulnerable many businesses are to phishing attempts.

Here’s what you need to know to spot the hook and protect your data from being reeled in.

How Does Email Phishing Work?
A phishing email typically contains an attachment in the form of a server-parsed HTML (SHTML) file.

When opened, these shady files redirect the user to a malicious website often disguised as a legitimate product or service provider. [Read more…] about How To Protect Your Business From SHTML Phishing

Windows 10 Feature Updates: Changes Going Forward

Jason Cooley is Support Services Manager for Tech Experts.
Windows 10 and its updates have been an interesting ride to say the least. For IT professionals, like us at Tech Experts, Windows 10 updates have caused a myriad of problems in the last few years. You don’t have to be a Tech Expert to have experienced some of these problems.

Over the years it has not been abnormal for Windows Updates to cause issues for users. Third party software could potentially function different or not at all after updates. Your printer may stop working. You could lose a shortcut.

While inconvenient, it isn’t Microsoft intentionally causing you grief. To simplify it as much as possible, Microsoft makes changes they find necessary. Sometimes, those changes cause already installed software (and potentially any future installed software) to stop working.

These issues seem to be more prevalent in Windows 10 and there are more than a few I would classify as large scale issues. Microsoft attempts to fix issues that are reported, based on how impactful they are and how many users they affect. If a common sound driver isn’t working for 50% of Windows users, that would be a priority fix.

So where do these issues come from?
Windows has different types of updates. The large updates with major changes to the system are called Feature Updates. These updates have been rolling out twice a year and in the opinion of many, this is where the issues originate.

Twice a year, your system has a good chance of having something not work correctly for an unspecified amount of time. Not a great user experience. Feature updates are intended to create a better user experience, make needed changes, or improve functionality. The broken software, drivers, or even data loss are just free bonuses.

Additionally, Microsoft has two groups for how updates are sent out. If you are a Windows Insider, you get the upgrade first and act as a live tester to eliminate the worst of these issues. Then, once Microsoft determines they are ready to deploy to the second group of users, the feature updates push all of the changes all at once, for better or worse.

Good news ahead
I have been hard on the updates because of the level of frustration caused by them for consumers and professionals alike. Thankfully, Microsoft recently announced that next year it will start a new model for its update cycles. Instead of two major feature updates every year, there will be one major and one minor feature updates per year. The schedule will include major upgrades in the spring and minor upgrades in the fall.

There are more changes to the way updates work coming as well, and I believe they will help prevent many of the problems that the updates the last two years have caused.

There are changes to the deployment model coming as well. The Insiders will still receive the updates first, but the rest of the Windows users will catch a big break here.

Instead of the major feature update coming all at once, the feature changes and upgrades will be released slowly. As Microsoft’s John Wilcox notes, “we are using a controlled feature rollout (CFR) to gain better feedback on overall build quality, [so Slow Ring subscribers] may not see the new 19H2 features right away.”

These last two years haven’t been easy, but the new process will almost certainly save us a lot of time, alleviate a few headaches, and make for a better user experience.

Basically, what they were supposed to be doing all along.

Why Antivirus Software Is So Important

Workplaces across the world are constantly under fire from security threats stemming from computer viruses.

As businesses have updated their technology throughout the years, the implicit security that stemmed from the use of typewriters and handwritten documents has diminished.

Now, everyone is connected to their neighbor, making businesses as vulnerable as ever to fraud and theft of sensitive information. To combat it, every workplace should be well-equipped with a proven and trusted antivirus software.

A virus is a malevolent program meant to do any number of things. They can hijack your PC through phishing scams, careless downloads, and even by accidentally clicking on an online advertisement.

Overall, viruses can slow down your PC, steal sensitive data stored on your machine, prevent computers from booting up, and send out messages under your alias. Much like real life, viruses can essentially be “contagious” and spread across a network, making them a business’s worst nightmare. One infection could create a site-wide virus epidemic if it spreads across the network – and some are designed to do just that.

In addition, not all viruses are the same. The term “virus” is really an umbrella for many different types of malware.

For example, there are worms, which make an indefinite amount of copies of themselves to take over your CPU.

Trojans are seemingly good-natured programs, but in reality, they secretly perform some sort of malicious attack whether that is stealing your information or slowing down your PC.

Another example of a virus is spyware, which does not stop your PC from running smoothly, but just as the name states, it spies on your activity and collects sensitive information without your knowledge or consent.

All users need antivirus to keep themselves and their fellow coworkers safe. Antivirus acts as the security guard defending your computer. Its primary task is that of a gatekeeper. It stops viruses from attaching themselves to your workstation before they even become a threat.

Although antiviruses do a stellar job at the gate, some viruses can still slip through the cracks. In these cases, antivirus software can find and remove threatening programs from your device. Most antivirus software notifies you of the removal as well or asks for permission before fully removing the program from your machine.

In order for an antivirus software to be successful and functioning, the developers must be dedicated to updating the antivirus’ database consistently with new information on new threats, so be sure to keep your program up-to-date.

Just as the field of computer science and technology is rapidly changing and improving, so are the viruses and malware that attack your computer. Many antiviruses are consistently updating their databases and rules to account for this growing and changing threat.

Lacking antivirus software for your business is like leaving the door unlocked for hackers and malicious programs to do what they please with your costly computers and sensitive information. The best way to fight a cyberattack is to prevent it from happening in the first place, and antivirus software does just that.

The Cloud – Have You Harnessed Its Strategic Advantages?

The cloud may still feel like a new technology – but in reality, it’s been around for more than 10 years now. Does that make you feel old?

Let’s be clear about something – the cloud is here to stay. In recent years you may have still heard the occasional “industry insider” suggest that the world may be moving too quickly to an untested and unsure platform in cloud computing, but no more. The cloud is now an integral part of daily life for private consumer and business users alike.

What Is The Cloud?
The cloud is a network of technologies that allows access to computing resources, such as storage, processing power, and more. That’s where the data is – in these data centers all around the world. Which data center your data is in depends on what cloud service provider you’re working with.

The Cloud Isn’t As New As You Might Think
Would you say the cloud is “new”? To some, this may seem like a question with an obvious answer, but it’s not that simple. The way in which we think about technology can lead to something feeling new for a lot longer than would make sense otherwise.

After all, the cloud is more than a decade old, but a lot of people still think of it as a new technology.

You Need To Keep An Eye On Your Cloud
As beneficial as the cloud can be, it’s important to note that it can also pose risks if it isn’t managed properly. It all comes down to the classic binary relationship between convenience and security.

The cloud gives you unparalleled access to your data from anywhere with an Internet connection. That means that external parties (including cybercriminals) can have undue access to your data as well if you don’t take the necessary steps to secure your environment.

That’s why you need to monitor your cloud. No matter who you entrust your data to, you should ensure that you or someone in your organization is given appropriate visibility over your cloud environment. That way, you can guarantee that security and compliance standards are being maintained.

If you don’t have the resources to manage this type of ongoing monitoring, then it would be wise to work with the right third party IT services company.

Doing so will allow you to outsource the migration, management, and monitoring of your cloud.

You’ll get the best of both worlds – security and convenience.

Top Concern For Small Businesses? Cybersecurity

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

While some might assume that fear of an economic recession would be at the top of the list of key issues small business owners concern themselves with, a recent survey found that another issue is of much greater concern: Cybersecurity.

This is no surprise.

For the past several years, cybercrimes and data breaches among companies large and small, governments, and even individual citizens have risen drastically.

While it’s true that many business owners still assume a data breach at their own company is highly unlikely, with the ultimate price tag of such attacks ramping up to the millions of dollars (and recovery being hardly successful), it makes sense that companies are taking notice.
[Read more…] about Top Concern For Small Businesses? Cybersecurity

Zoom Zero-Day Bug: Webcam Hijacking And Other Intrusive Exploits

Jason Cooley is Support Services Manager for Tech Experts.

Internet safety is always a concern and there are a large number of tools available to assist with that. Depending on how much security you need, you may need to run multiple pieces of software. Antivirus, antimalware, firewalls, and even 2-factor authentication are security measures all doing different things.

Even with all of these types of security layers in place, there is no such thing as guaranteed safety. You can be as careful as possible and avoid anything seemingly questionable, but one thing you can’t avoid are security exploits.

An exploit could be used to track a user’s history, and possibly even every keystroke. This could potentially send passwords for anything you enter on the computer.

Recently, Zoom, a video conferencing application, was discovered to have a severe vulnerability on the Mac platform. This exploit was a very simple one: a person attempting to access your webcam could send a legitimate Zoom meeting invite, but set with certain settings on a certain server.

When the link is clicked, even without accepting the invite, the client is silently launched, turning on the end user’s webcam. Even if the Mac user had uninstalled Zoom, the client would silently reinstall and launch.

Back in 2017, a much larger user base was at severe risk of an exploit that would allow hackers to silently install malware to take remote control of the user’s computer. The CVE-2017-11882 exploit was a flaw in Microsoft Office software.

If Office was installed, a Visa paylink email was sent, and when the user opened the word document attached, it launched a PowerShell command installing Cobalt Strike, granting remote control to whoever deployed it.

It was not long before Microsoft had a security fix rolled out, but if the software was installed prior to installing the security update, the remote control software would persist and have free reign on not only one computer, but also be able to travel through the network.

These vulnerabilities are discovered in normal software and have been found in Windows’ core system more times than you probably realize. Microsoft is typically quick to roll out updates when they have the power to fix the flaw, even if it isn’t their software. This illustrates the great importance of keeping Windows up to date.

Sure, if you are at work and have an IT team like the staff at Tech Experts, your updates are managed and prioritized. While some updates are optional or just good for a more user-friendly experience, important security updates should always be installed as soon as possible.

As Windows 7 updates come to an end this year, any of these types of exploits will remain unfixed. Switching to Windows 10 or replacing your computer is the only way to keep getting the latest patches for these intrusive exploits.

If you are already on Windows 10, make sure you have antivirus installed. As always, check your system regularly for updates and get help if you need it – your safety depends on it.

Why VoIP Is Taking Businesses By Storm

Communication is key in business, and with the rise of Voice over Internet Protocol (VoIP), communication has improved drastically. When phone calls can be made over the Internet, doors open for businesses.

First, VoIP offers businesses a consistent and full-time presence. Whether an employee is at their desk or out of the office, VoIP allows for incoming and outgoing calls to multiple devices using the same phone number.

For example, your employee may start their day in the office answering calls with their desk phone. After lunch, when they are scheduled for field work, they can take those same calls using VoIP software from their MSP. This makes for easy accessibility to clients, and it allows for your employees to be easily contacted by clients.

VoIP software is also very user friendly. It allows for easy call transferring and parking through the use of your desktop, and it provides seamless navigation of call queues and phone availability.

VoIP services also typically allow for users to easily see which of their coworkers are available, away, or busy at the moment.

This makes for efficient communication within a business.

Another integral part of business communications is the security behind the phone calls you are making. Home phones are different as it doesn’t matter too much if you and your uncle’s conversation is leaked, but in the business world, phone calls house sensitive information and a breach in phone system security could be detrimental to any business.

Although VoIP breaches can be accomplished, they are much harder to achieve than tapping a traditional phone system, leaving your business safer and far more secure.

When it comes to running a business, one of the main focuses must be reliability. Luckily enough, on top of all the other benefits of using a VoIP system, the reliability of the system is just the same as that of a traditional phone system. It could eventually become a more reliable system for making calls though.

Due to advancements in the field, more emphasis is put on Internet connectivity in businesses, so better software and systems will be put in place to upgrade your VoIP experience. In addition, many businesses have backup Internet connections, making a VoIP system far more reliable than a phone system in this instance.

One of the great parts about VoIP is the quality of your calls. Rather than hearing static, spotty audio, or having calls drop, VoIP call quality is fantastic. Calls are clear, understandable, and only have about a 20 millisecond delay for audio.

If your bandwidth can already handle all that your business needs on a day-to-day basis, there will be no problem with the quality of your VoIP calls.

VoIP is the future of business communications. With all of VoIP’s features, reliability, quality, and easy accessibility in mind, it’s no wonder that businesses across the globe are dialing into VoIP systems. Even as VoIP systems dominate, they continue to grow every day with new features to propel the ease of accessibility of the product.

Is VoIP right for your business? Call us today at (734) 457-5000 and we can give you direction on upgrading your phone system.

Five Social Media Mistakes Businesses Must Avoid

Social media is an incredible chance for your brand to interact directly with your audience and grow it even further. If you’re not able to manage your social media marketing properly however, you’ll simply waste time and resources, or worse, actually harm your brand’s reputation.

Here are five key social media marketing mistakes that your business must avoid at all costs:

Discussing Hot-Button Topics
Some topics, especially political and religious ones, are simply not worth bringing up. This is especially true in today’s divisive political environment.

You’ll end up dividing your audience and perhaps even bringing negative attention onto your brand. It’s better to avoid these issues altogether and playing it a bit safer with your choice of topics.

Winging It
Social media marketing is the same as any other digital marketing strategy. You need to know what you want to get from it. If you don’t have specific goals for your social media strategies, you’ll never know exactly what to do or when they’re successful.

Take the time to think about what you really want from each social media platform, and brainstorm about what you must do to get there.

Posting For the Sake of It
Research has found that the number of social media posts you need to be making on a daily and weekly basis is quite frequent in order to truly engage with and grow your audience.

On Twitter, for example, you may need to Tweet up to 15 times per day. However, you cannot forego quality for the sake of quantity.

Treating All Platforms the Same
It’s likely that you have a presence on a wide variety of social media platforms. At the very least, Facebook and Twitter, and then probably a couple out of Snapchat, Instagram, YouTube, Pinterest, etc. The problem is when you treat all social media platforms the same. The average audience on Facebook and Twitter are much different. People use Instagram differently than they use Pinterest. If you want to truly thrive on social media, you need to understand each platform and what your audience is looking for on it.

Ignoring Negative Activity
It’s critical that you don’t get defensive on social media, but you cannot simply let negative feedback go unanswered. Not only does it further harm the relationship between you and the individual complaining, but it also adds some legitimacy to the complaint for everybody else to see.

After all, if you had a reasonable response to the complaint, why wouldn’t your company voice it? Make sure that you have dedicated customer service resources handling your social media comments in a professional, expedient manner.

By avoiding the key social media marketing mistakes listed above, your business will be in a great position to not only survive on social media platforms, but thrive on them. Your audience will be engaged and energized, and you’ll reach more people than you ever thought possible!

Small Businesses Are Under Cyber Attack

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Ransomware, crypto jacking and phishing are now the biggest threat to the survival of small- and medium-sized companies (not to mention large companies, local governments, and even the federal government). Here are some sobering statistics:

  1. Ransomware or hackers attack a business every 14 seconds in the United States.
  2. Sonicwall (a major firewall vendor) reported a 300% increase in the frequency of attacks in 2018.
  3. Ransomware attacks on healthcare organizations will quadruple by next year.
  4. The financial impact of ransomware attacks against small companies is predicted to reach $11.5 billion dollars in 2019.
  5. MOST ALARMING: 91% of cyberattacks begin with a spear phishing email, the most common way to infect a company with ransomware.

The threat landscape has changed significantly in the last 12 months. It used to be the reliability of our client’s backups and disaster recovery options that would worry me at night. [Read more…] about Small Businesses Are Under Cyber Attack

Mozilla And Google Boosts Anti-Tracking And Security

Jason Cooley is Support Services Manager for Tech Experts.

Internet security changes all the time and so does the variety of issues. We have to be sure to run anti-virus, watch out for infections and phishing, and regularly change our passwords just to start the process of being safe on the Internet.

There are people that spend time to create these viruses and other hidden or unwanted system modifications.

While their motivation may not be known (usually money), one of the hazards of using the Internet is dealing with the headaches these things can cause.

On top of regular infections, there are many data gathering processes that can run in the background of your system.

These can be gathering data to send to someone attempting to steal your information. There are also websites that gather data when you visit, login, or create an account.

While there are instances where gathering data is used maliciously as I mentioned, it is also something legitimate sites can be guilty of. In 2019, you may have heard of sites like Google and Facebook gathering information, but what and how much are they gathering? What can you do about it?

Earlier this year, the International Computer Science Institute investigated Google and the Applications linked with its Playstore.

Applications downloaded from Google and the Playstore can gather data, and that can be used to create your Advertising ID. This ID is unique, but is and can be reset.

Many applications were also linking that Advertising ID with the hardware IDs of a device, such as the MAC address. This is forbidden as it allows the data to be permanently stored, even when you erase your history and erase the application data. Google is addressing the issue and already forcing some applications to change its data gathering process.

Google is also stepping up security for mobile devices in another way. Users that are familiar with Chrome and its password storing may know the browser version of Google can suggest a strong password.

This is now coming to mobile devices as well, which will sync security across all devices, prompting you to use a strong and unique password when it is determined your password is weak or frequently used.

Facebook may be the king of data harvesting. I am sure many of you have searched for something on the Internet, then noticed ads on Facebook showing that item. This is part of targeted advertising done by Facebook.

Facebook has the ability to follow you around the web, checking your browser habits and collecting user data anytime you are on a site with a Like or comment section from Facebook attached.

Mozilla Firefox introduced the Facebook Container extension for its browser last year, which keeps Facebook isolated.

While it has been out for awhile, 2.0 was just released, which blocks those sites with the Facebook links from gathering information.

Firefox is stepping up the anti-tracking to another level as well. The browser debuted its new “Enhanced Tracking Protection.” Mozilla teamed up with Disconnect, an open source anti-tracking program to create this new protection that blocks over 1,000 third party websites from gathering data while you browse the Internet.

This feature is enabled by default once the browser is updated to its newest version.

Some may not worry about their privacy online, but for those who do, it’s time to update.