TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Password Versus Passphrase… Which Is Best?

Passwords are something you use almost every day, from accessing your email or banking online to purchasing goods or accessing your smartphone.

However, passwords are also one of your weakest points; if someone learns or guesses your password they can access your accounts as you, allowing them to transfer your money, read your emails, or steal your identity. That is why strong passwords are essential to protecting yourself.

However, passwords have typically been confusing, hard to remember, and difficult to type. In this newsletter, you will learn how to create strong passwords, called passphrases, that are easy for you to remember and simple to type.

Passphrases
Passphrases are a simpler way to create and remember strong passwords.

The challenge we all face is that cyber attackers have developed sophisticated and effective methods to brute force (automated guessing) passwords. This means bad guys can compromise your passwords if they are weak or easy to guess.

An important step to protecting yourself is to use strong passwords. Typically, this is done by creating complex passwords; however, these can be hard to remember, confusing, and difficult to type.

Instead, we recommend you use passphrases-a series of random words or a sentence. The more characters your passphrase has, the stronger it is. The advantage is these are much easier to remember and type, but still hard for cyber attackers to hack.
Here are two different examples:
Sustain-Easily-Imprison
Time for tea at 1:23

What makes these passphrases so strong is not only are they long, but they use capital letters and symbols. (Remember, spaces and punctuation are symbols.) At the same time, these passphrases are also easy to remember and type.

You can make your passphrase even stronger if you want to by replacing letters with numbers or symbols, such as replacing the letter ‘a’ with the ‘@’ symbol or the letter ‘o’ with the number zero.

If a website or program limits the number of characters you can use in a password, use the maximum number of characters allowed.

Using Passphrases Securely
You must also be careful how you use passphrases. Using a passphrase won’t help if bad guys can easily steal or copy it.

Use a different passphrase for every account or device you have. For example, never use the same passphrase for your work or bank account that you use for your personal accounts, such as Facebook, YouTube, or Twitter. This way, if one of your accounts is hacked, your other accounts are still safe.

If you have too many passphrases to remember (which is very common), consider using a password manager.

This is a special program that securely stores all your passphrases for you. That way, the only passphrases you need to remember are the ones to your computer or device and the password manager program. Never share a passphrase or your strategy for creating them with anyone else, including coworkers or your supervisor. Remember, a passphrase is a secret; if anyone else knows your passphrase, it is no longer secure.

If you accidentally share a passphrase with someone else, or believe your passphrase may have been compromised or stolen, change it immediately. The only exception is if you want to share your key personal passphrases with a highly trusted family member in case of an emergency.

Do not use public computers, such as those at hotels or Internet cafes, to log in to your accounts. Since anyone can use these computers, they may be infected and capture all your keystrokes. Only log in to your accounts on trusted computers or mobile devices.

Be careful of websites that require you to answer personal questions. These questions are used if you forget your passphrase and need to reset it. The problem is the answers to these questions can often be found on the Internet, or even on your Facebook page.

Make sure that if you answer personal questions you use only information that is not publicly available or fictitious information you have made up.

Can’t remember all those answers to your security questions? Select a theme like a movie character and base your answers on that character. Another option is, once again, to use a password manager. Most of them also allow you to securely store this additional information.

Many online accounts offer something called two-factor authentication, also known as two-step verification.

This is where you need more than just your passphrase to log in, such as a passcode sent to your smartphone. This option is much more secure than just a passphrase by itself. Whenever possible, always enable and use these stronger methods of authentication.

Mobile devices often require a PIN to protect access to them. Remember that a PIN is nothing more than another password. The longer your PIN is, the more secure it is. Many mobile devices allow you to change your PIN number to an actual passphrase or use a biometric, such as your fingerprint.

If you are no longer using an account, be sure to close, delete, or disable it. (This article is reprinted with permission from the SANS Security Center OUCH! newsletter.)

Are You Still Using Microsoft Windows Server 2008?

Microsoft will stop mainstream support for Server 2008 at the end of this year. This is a popular technology solution, so the end of support creates concern for many. Read on, and we’ll explain what this means and what you should do.

What Does 2008 Server End of Life Mean For Your Company?
Windows Server 2008 end of life means that Microsoft will no longer update this product unless a warranty compels them to do so.

Unfortunately, many businesses are still not ready. The reasons vary, but many company owners stay busy running their day-to-day operations. They just don’t have time for issues like this. And yet, this is a crucial server EOL that could cause many disruptions to your business if not dealt with promptly.

How Soon Should You Get A New Server?
You need to change over from the Windows 2008 Server and Windows 2008R2 to a supported server by the end of the year. That’s the very last moment you’ll have before support is no longer available.

Migrating all of your data, applications, and other IT solutions to new servers is a time-consuming and complicated process, so small businesses should not wait until the last minute.

By waiting, you place your technology assets in danger, and you could pay more for last-minute service. Think of this as an auto repair problem. The sooner you get it fixed, the less it will typically cost. Avoid extra costs and issues by upgrading your servers now.

What Other Problems Can Happen?
An end to bug fixes and those all-important security updates may be the ultimate deal breaker for you. Data managers will tell you that not having these fixes makes your data vulnerable to access by unauthorized parties.

Cybercriminals are on the look-out for ways to infiltrate your systems and steal sensitive data, and they know about the EOL for Windows Server 2008. Since Microsoft will no longer offer security updates and bug fixes for this server, this creates numerous loopholes in data security that could be exploited.

These security breaches can be avoided by installing a newer generation server with supported security updates.

What Should You Do?
There are many reliable servers available on the market today. This new generation of servers offers better efficiency, virtualization, faster speeds, and many other good attributes. Do some research to ensure that you get a proper replacement that will address all the functions that your organization requires.

How Do You Get Ready For The Upgrade?
Installing new servers can be challenging. You have to plan out the process so that everything is done correctly and during off hours, so it doesn’t disrupt your daily operations. The sooner you start, the better.

To plan for an infrastructure upgrade, rewrite and migrate all applications based on Server 2008 to a safe storage place. The new server may require some troubleshooting. Databases can be hosted on the Windows Server 2008 hardware as you install the new system.

During the transition, put a data protection infrastructure in place that will eliminate risks during the server upgrade. This will protect your data from problems with the old server and risks associated with the new system. While this will cost extra, the fines associated with a data breach are often far more expensive.

How To Protect Your Business From SHTML Phishing

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
Data security is vital to any business. Learn how SHTML phishing works and how to minimize the risk of your data falling into the hands of attackers.

Email phishing has been in the playbook of hackers since, well, email. What’s alarming is the scope in which criminals can conduct these attacks, the amount of data potentially at risk, and how vulnerable many businesses are to phishing attempts.

Here’s what you need to know to spot the hook and protect your data from being reeled in.

How Does Email Phishing Work?
A phishing email typically contains an attachment in the form of a server-parsed HTML (SHTML) file.

When opened, these shady files redirect the user to a malicious website often disguised as a legitimate product or service provider. [Read more…] about How To Protect Your Business From SHTML Phishing

Windows 10 Feature Updates: Changes Going Forward

Jason Cooley is Support Services Manager for Tech Experts.
Windows 10 and its updates have been an interesting ride to say the least. For IT professionals, like us at Tech Experts, Windows 10 updates have caused a myriad of problems in the last few years. You don’t have to be a Tech Expert to have experienced some of these problems.

Over the years it has not been abnormal for Windows Updates to cause issues for users. Third party software could potentially function different or not at all after updates. Your printer may stop working. You could lose a shortcut.

While inconvenient, it isn’t Microsoft intentionally causing you grief. To simplify it as much as possible, Microsoft makes changes they find necessary. Sometimes, those changes cause already installed software (and potentially any future installed software) to stop working.

These issues seem to be more prevalent in Windows 10 and there are more than a few I would classify as large scale issues. Microsoft attempts to fix issues that are reported, based on how impactful they are and how many users they affect. If a common sound driver isn’t working for 50% of Windows users, that would be a priority fix.

So where do these issues come from?
Windows has different types of updates. The large updates with major changes to the system are called Feature Updates. These updates have been rolling out twice a year and in the opinion of many, this is where the issues originate.

Twice a year, your system has a good chance of having something not work correctly for an unspecified amount of time. Not a great user experience. Feature updates are intended to create a better user experience, make needed changes, or improve functionality. The broken software, drivers, or even data loss are just free bonuses.

Additionally, Microsoft has two groups for how updates are sent out. If you are a Windows Insider, you get the upgrade first and act as a live tester to eliminate the worst of these issues. Then, once Microsoft determines they are ready to deploy to the second group of users, the feature updates push all of the changes all at once, for better or worse.

Good news ahead
I have been hard on the updates because of the level of frustration caused by them for consumers and professionals alike. Thankfully, Microsoft recently announced that next year it will start a new model for its update cycles. Instead of two major feature updates every year, there will be one major and one minor feature updates per year. The schedule will include major upgrades in the spring and minor upgrades in the fall.

There are more changes to the way updates work coming as well, and I believe they will help prevent many of the problems that the updates the last two years have caused.

There are changes to the deployment model coming as well. The Insiders will still receive the updates first, but the rest of the Windows users will catch a big break here.

Instead of the major feature update coming all at once, the feature changes and upgrades will be released slowly. As Microsoft’s John Wilcox notes, “we are using a controlled feature rollout (CFR) to gain better feedback on overall build quality, [so Slow Ring subscribers] may not see the new 19H2 features right away.”

These last two years haven’t been easy, but the new process will almost certainly save us a lot of time, alleviate a few headaches, and make for a better user experience.

Basically, what they were supposed to be doing all along.

Why Antivirus Software Is So Important

Workplaces across the world are constantly under fire from security threats stemming from computer viruses.

As businesses have updated their technology throughout the years, the implicit security that stemmed from the use of typewriters and handwritten documents has diminished.

Now, everyone is connected to their neighbor, making businesses as vulnerable as ever to fraud and theft of sensitive information. To combat it, every workplace should be well-equipped with a proven and trusted antivirus software.

A virus is a malevolent program meant to do any number of things. They can hijack your PC through phishing scams, careless downloads, and even by accidentally clicking on an online advertisement.

Overall, viruses can slow down your PC, steal sensitive data stored on your machine, prevent computers from booting up, and send out messages under your alias. Much like real life, viruses can essentially be “contagious” and spread across a network, making them a business’s worst nightmare. One infection could create a site-wide virus epidemic if it spreads across the network – and some are designed to do just that.

In addition, not all viruses are the same. The term “virus” is really an umbrella for many different types of malware.

For example, there are worms, which make an indefinite amount of copies of themselves to take over your CPU.

Trojans are seemingly good-natured programs, but in reality, they secretly perform some sort of malicious attack whether that is stealing your information or slowing down your PC.

Another example of a virus is spyware, which does not stop your PC from running smoothly, but just as the name states, it spies on your activity and collects sensitive information without your knowledge or consent.

All users need antivirus to keep themselves and their fellow coworkers safe. Antivirus acts as the security guard defending your computer. Its primary task is that of a gatekeeper. It stops viruses from attaching themselves to your workstation before they even become a threat.

Although antiviruses do a stellar job at the gate, some viruses can still slip through the cracks. In these cases, antivirus software can find and remove threatening programs from your device. Most antivirus software notifies you of the removal as well or asks for permission before fully removing the program from your machine.

In order for an antivirus software to be successful and functioning, the developers must be dedicated to updating the antivirus’ database consistently with new information on new threats, so be sure to keep your program up-to-date.

Just as the field of computer science and technology is rapidly changing and improving, so are the viruses and malware that attack your computer. Many antiviruses are consistently updating their databases and rules to account for this growing and changing threat.

Lacking antivirus software for your business is like leaving the door unlocked for hackers and malicious programs to do what they please with your costly computers and sensitive information. The best way to fight a cyberattack is to prevent it from happening in the first place, and antivirus software does just that.

The Cloud – Have You Harnessed Its Strategic Advantages?

The cloud may still feel like a new technology – but in reality, it’s been around for more than 10 years now. Does that make you feel old?

Let’s be clear about something – the cloud is here to stay. In recent years you may have still heard the occasional “industry insider” suggest that the world may be moving too quickly to an untested and unsure platform in cloud computing, but no more. The cloud is now an integral part of daily life for private consumer and business users alike.

What Is The Cloud?
The cloud is a network of technologies that allows access to computing resources, such as storage, processing power, and more. That’s where the data is – in these data centers all around the world. Which data center your data is in depends on what cloud service provider you’re working with.

The Cloud Isn’t As New As You Might Think
Would you say the cloud is “new”? To some, this may seem like a question with an obvious answer, but it’s not that simple. The way in which we think about technology can lead to something feeling new for a lot longer than would make sense otherwise.

After all, the cloud is more than a decade old, but a lot of people still think of it as a new technology.

You Need To Keep An Eye On Your Cloud
As beneficial as the cloud can be, it’s important to note that it can also pose risks if it isn’t managed properly. It all comes down to the classic binary relationship between convenience and security.

The cloud gives you unparalleled access to your data from anywhere with an Internet connection. That means that external parties (including cybercriminals) can have undue access to your data as well if you don’t take the necessary steps to secure your environment.

That’s why you need to monitor your cloud. No matter who you entrust your data to, you should ensure that you or someone in your organization is given appropriate visibility over your cloud environment. That way, you can guarantee that security and compliance standards are being maintained.

If you don’t have the resources to manage this type of ongoing monitoring, then it would be wise to work with the right third party IT services company.

Doing so will allow you to outsource the migration, management, and monitoring of your cloud.

You’ll get the best of both worlds – security and convenience.

Top Concern For Small Businesses? Cybersecurity

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

While some might assume that fear of an economic recession would be at the top of the list of key issues small business owners concern themselves with, a recent survey found that another issue is of much greater concern: Cybersecurity.

This is no surprise.

For the past several years, cybercrimes and data breaches among companies large and small, governments, and even individual citizens have risen drastically.

While it’s true that many business owners still assume a data breach at their own company is highly unlikely, with the ultimate price tag of such attacks ramping up to the millions of dollars (and recovery being hardly successful), it makes sense that companies are taking notice.
[Read more…] about Top Concern For Small Businesses? Cybersecurity

Zoom Zero-Day Bug: Webcam Hijacking And Other Intrusive Exploits

Jason Cooley is Support Services Manager for Tech Experts.

Internet safety is always a concern and there are a large number of tools available to assist with that. Depending on how much security you need, you may need to run multiple pieces of software. Antivirus, antimalware, firewalls, and even 2-factor authentication are security measures all doing different things.

Even with all of these types of security layers in place, there is no such thing as guaranteed safety. You can be as careful as possible and avoid anything seemingly questionable, but one thing you can’t avoid are security exploits.

An exploit could be used to track a user’s history, and possibly even every keystroke. This could potentially send passwords for anything you enter on the computer.

Recently, Zoom, a video conferencing application, was discovered to have a severe vulnerability on the Mac platform. This exploit was a very simple one: a person attempting to access your webcam could send a legitimate Zoom meeting invite, but set with certain settings on a certain server.

When the link is clicked, even without accepting the invite, the client is silently launched, turning on the end user’s webcam. Even if the Mac user had uninstalled Zoom, the client would silently reinstall and launch.

Back in 2017, a much larger user base was at severe risk of an exploit that would allow hackers to silently install malware to take remote control of the user’s computer. The CVE-2017-11882 exploit was a flaw in Microsoft Office software.

If Office was installed, a Visa paylink email was sent, and when the user opened the word document attached, it launched a PowerShell command installing Cobalt Strike, granting remote control to whoever deployed it.

It was not long before Microsoft had a security fix rolled out, but if the software was installed prior to installing the security update, the remote control software would persist and have free reign on not only one computer, but also be able to travel through the network.

These vulnerabilities are discovered in normal software and have been found in Windows’ core system more times than you probably realize. Microsoft is typically quick to roll out updates when they have the power to fix the flaw, even if it isn’t their software. This illustrates the great importance of keeping Windows up to date.

Sure, if you are at work and have an IT team like the staff at Tech Experts, your updates are managed and prioritized. While some updates are optional or just good for a more user-friendly experience, important security updates should always be installed as soon as possible.

As Windows 7 updates come to an end this year, any of these types of exploits will remain unfixed. Switching to Windows 10 or replacing your computer is the only way to keep getting the latest patches for these intrusive exploits.

If you are already on Windows 10, make sure you have antivirus installed. As always, check your system regularly for updates and get help if you need it – your safety depends on it.

Why VoIP Is Taking Businesses By Storm

Communication is key in business, and with the rise of Voice over Internet Protocol (VoIP), communication has improved drastically. When phone calls can be made over the Internet, doors open for businesses.

First, VoIP offers businesses a consistent and full-time presence. Whether an employee is at their desk or out of the office, VoIP allows for incoming and outgoing calls to multiple devices using the same phone number.

For example, your employee may start their day in the office answering calls with their desk phone. After lunch, when they are scheduled for field work, they can take those same calls using VoIP software from their MSP. This makes for easy accessibility to clients, and it allows for your employees to be easily contacted by clients.

VoIP software is also very user friendly. It allows for easy call transferring and parking through the use of your desktop, and it provides seamless navigation of call queues and phone availability.

VoIP services also typically allow for users to easily see which of their coworkers are available, away, or busy at the moment.

This makes for efficient communication within a business.

Another integral part of business communications is the security behind the phone calls you are making. Home phones are different as it doesn’t matter too much if you and your uncle’s conversation is leaked, but in the business world, phone calls house sensitive information and a breach in phone system security could be detrimental to any business.

Although VoIP breaches can be accomplished, they are much harder to achieve than tapping a traditional phone system, leaving your business safer and far more secure.

When it comes to running a business, one of the main focuses must be reliability. Luckily enough, on top of all the other benefits of using a VoIP system, the reliability of the system is just the same as that of a traditional phone system. It could eventually become a more reliable system for making calls though.

Due to advancements in the field, more emphasis is put on Internet connectivity in businesses, so better software and systems will be put in place to upgrade your VoIP experience. In addition, many businesses have backup Internet connections, making a VoIP system far more reliable than a phone system in this instance.

One of the great parts about VoIP is the quality of your calls. Rather than hearing static, spotty audio, or having calls drop, VoIP call quality is fantastic. Calls are clear, understandable, and only have about a 20 millisecond delay for audio.

If your bandwidth can already handle all that your business needs on a day-to-day basis, there will be no problem with the quality of your VoIP calls.

VoIP is the future of business communications. With all of VoIP’s features, reliability, quality, and easy accessibility in mind, it’s no wonder that businesses across the globe are dialing into VoIP systems. Even as VoIP systems dominate, they continue to grow every day with new features to propel the ease of accessibility of the product.

Is VoIP right for your business? Call us today at (734) 457-5000 and we can give you direction on upgrading your phone system.

Five Social Media Mistakes Businesses Must Avoid

Social media is an incredible chance for your brand to interact directly with your audience and grow it even further. If you’re not able to manage your social media marketing properly however, you’ll simply waste time and resources, or worse, actually harm your brand’s reputation.

Here are five key social media marketing mistakes that your business must avoid at all costs:

Discussing Hot-Button Topics
Some topics, especially political and religious ones, are simply not worth bringing up. This is especially true in today’s divisive political environment.

You’ll end up dividing your audience and perhaps even bringing negative attention onto your brand. It’s better to avoid these issues altogether and playing it a bit safer with your choice of topics.

Winging It
Social media marketing is the same as any other digital marketing strategy. You need to know what you want to get from it. If you don’t have specific goals for your social media strategies, you’ll never know exactly what to do or when they’re successful.

Take the time to think about what you really want from each social media platform, and brainstorm about what you must do to get there.

Posting For the Sake of It
Research has found that the number of social media posts you need to be making on a daily and weekly basis is quite frequent in order to truly engage with and grow your audience.

On Twitter, for example, you may need to Tweet up to 15 times per day. However, you cannot forego quality for the sake of quantity.

Treating All Platforms the Same
It’s likely that you have a presence on a wide variety of social media platforms. At the very least, Facebook and Twitter, and then probably a couple out of Snapchat, Instagram, YouTube, Pinterest, etc. The problem is when you treat all social media platforms the same. The average audience on Facebook and Twitter are much different. People use Instagram differently than they use Pinterest. If you want to truly thrive on social media, you need to understand each platform and what your audience is looking for on it.

Ignoring Negative Activity
It’s critical that you don’t get defensive on social media, but you cannot simply let negative feedback go unanswered. Not only does it further harm the relationship between you and the individual complaining, but it also adds some legitimacy to the complaint for everybody else to see.

After all, if you had a reasonable response to the complaint, why wouldn’t your company voice it? Make sure that you have dedicated customer service resources handling your social media comments in a professional, expedient manner.

By avoiding the key social media marketing mistakes listed above, your business will be in a great position to not only survive on social media platforms, but thrive on them. Your audience will be engaged and energized, and you’ll reach more people than you ever thought possible!