TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

How To Save Your Business From Phishing Scams

Workplaces today are filled with computers and machines, but just as these workstations optimize efficiency and profit, they also increase the possibility of attacks designed to steal, destroy, or corrupt your data through the use of malicious programs.

The most probable avenue for these malicious programs is through phishing scams. To understand how to stop these attacks, you must first understand what a phishing scam entails.

A phishing scam is an attempt for someone to steal sensitive information or install malware onto your PC by tricking you into clicking a link, opening an attachment, or providing personal information.

Although these attacks use tactics that trick people every day, you can stay safe by staying smart. Through time and practice, it can become easy to spot a phishing attack and keep your PC and personal information safe.

If you receive an email containing a threatening message, usually one demanding immediate action, it is probably a phishing scam. Most of these messages try to trick users into clicking a link or opening an attachment with threatening messages like, “Your account has been compromised! You are no longer protected! Click here to protect your account!”

Once you click the link, though, you are redirected to a phishing site.

Another example may be what seems to be an email from your boss’ boss demanding sensitive information to complete company documentation. Always beware when you see a threatening or demanding message.

Another indicator of a phishing scam is an unfamiliar email address or domain name. Some scammers may use domain names or email addresses similar to your normal contacts, but they will never be the same. If you notice an inconsistency, report the email.

Phishing scams can also normally be identified by the sender’s grammar skills. Here is an example from a phishing email: “Click here to cancel this request, else your öffice 365 accöunt…” Terrible grammar and unfamiliar characters as shown here are indicators of a scam.

Lastly, be wary of any request for any type of personal or sensitive information whatsoever, even if it initially seems to be from a trustworthy source.

Even if it does not show any other signs of being a phishing scam, always double and triple-check the authenticity of the request.

If you do stumble across a phishing scam, your best course of action would be to delete the email in question without opening any attachments or clicking any links.

In addition, you should report the incident to your superior or your IT service provider. If a phishing attack happened to you, it can happen to your coworkers as well.

Giving sensitive company information away to a scammer is the last way you want to start your week.

Their tactics are always changing, so the best way to fight attacks like these is through education and awareness rather than programs or filters. Remember the red flags of a phishing scam, and you will have no problem keeping your business safe and secure.

Three Reasons To Regularly Test Business Systems

Protecting your business requires more time, effort and energy from your technology team than ever before.

Business systems are increasingly complex, requiring staff members to continually learn and adapt to changing conditions and new threats as they emerge.

It’s not unusual for a single ransomware incident to wreak havoc on carefully balanced systems, and this type of attack can be particularly damaging if you do not have the backup and disaster recovery procedures in place to regain critical operations quickly.

From checking for system vulnerabilities to identifying weak points in your processes, here are some reasons why it is so important to regularly test your business systems.

Business System Testing Helps Find Vulnerabilities
The seismic shift in the way business systems work is still settling, making it especially challenging to find the ever-changing vulnerabilities in your systems. Cloud-based applications connect in a variety of different ways, causing additional steps for infrastructure teams as they review the data connectors and storage locations.

Each of these connections is a potential point of failure and could represent a weakness where a cybercriminal could take advantage of to infiltrate your sensitive business and financial data. Regular business system testing allows your technology teams to determine where your defenses may need to be shored up.

As the business continues to evolve through digital transformation, this regular testing and documentation of the results allow your teams to grow their comfort level with the interconnected nature of today’s systems — which is extremely valuable knowledge to share within the organization in the event of a system outage or failure.

Experts note that system testing is being “shifted left”, or pushed earlier in the development cycle. This helps ensure that vulnerabilities are addressed before systems are fully launched, helping to protect business systems and data.

Business System Testing Provides Valuable Insight Into Process Improvement Needs
Business process improvement and automation are never-ending goals, as there are always new tools available that can help optimize the digital and physical operations of your business.

Reviewing business systems in depth allows you to gain a higher-level understanding of the various processes that surround your business systems, allowing you to identify inefficiencies as well as processes that could leave holes in your cybersecurity net.

Prioritizing these process improvements helps identify any crucial needs that can bring significant business value, too. This process of continuous improvement solidifies your business systems and hardens security over time by tightening security and allowing you to review user permissions and individual levels of authority within your business infrastructure and systems.

Business System Testing Allows You to Affirm Your Disaster Recovery Strategy
Your backup and disaster recovery strategy is an integral part of your business.

Although you hope you never have to use it, no business is fully protected without a detailed disaster recovery plan of attack — complete with assigned accountabilities and deliverables. It’s no longer a matter of “if” your business is attacked but “when”, and your technology team must be prepared for that eventuality.

Business testing allows you to review your backup and disaster recovery strategy with the parties that will be engaged to execute it, providing an opportunity for any necessary revisions or adjustments to the plans.

Whether a business system outage comes from a user who is careless with a device or password, a cybercriminal manages to infiltrate your systems or your business systems are damaged in fire or flood, your IT team will be ready to bring your business back online quickly.

Regularly testing your business policies and procedures and validating your disaster recovery plan puts your organization in a safer space when it comes to overcoming an incident that impacts your ability to conduct business.

The complexity of dealing with multi-cloud environments can stymie even the most hardened technology teams, and the added comfort level that is gained by regular testing helps promote ongoing learning and system familiarity for your teams. No one wants to have to rebuild your infrastructure or business systems from the ground up, but running testing procedures over time can help promote a higher level of comfort within teams and vendor partners if the unthinkable does occur.

What Are The Newest Phishing Attacks?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
Phishing is a term adapted from the word “fishing.” When we go fishing, we put a line in the water with bait on it, and we sit back and wait for the fish to come along and take the bait. Maybe the fish was hungry. Perhaps it just wasn’t paying attention. At any rate, eventually a fish will bite, and you’ll have something delicious for dinner.

How Does Phishing Work?
This is essentially how cyber phishing works. Cybercriminals create an interesting email, maybe saying that you’ve won a $100 gift certificate from Amazon. Sound too good to be true? Find out! All you have to do is click the link and take a short survey.

Once you click the link, a virus is downloaded onto your system. Sometimes it’s malware, and sometimes it’s ransomware. Malware includes Trojans, worms, spyware, and adware. These malicious programs each have different goals, but all are destructive and aimed at harming your computers. [Read more…] about What Are The Newest Phishing Attacks?

CFO Tech Blog: How To Become The Tech Savvy CFO

More than ever, today’s CFOs are expected to have a degree of tech savviness. Big data and analytics are tools that are just too powerful to ignore in the CFO suite. If you’re not particularly tech savvy, harnessing the power of these tools to the fullest extent will remain out of reach.

Why You Need to Become the Tech Savvy CFO
It’s crucial to understand just how powerful today’s technology tools are for financial leadership. Whatever the nature of your business and industry, technology can empower you and your staff in the following ways.

Forecasting and Risk
Forecasting has always been a part of the CFO’s role. Forecasting today can be much more accurate, thanks to the rich data that’s available.

CFOs must have the skills to understand and interpret that data (or they must employ people who can). Use robust data and analytics to reduce the amount of guesswork in your forecasting.

Risk management is another responsibility under your purview as CFO. Forecasting and risk management are interrelated, of course, and both have traditionally involved a fair bit of prediction and uncertainty.

If you’re like most CFOs, you’re a fairly risk-averse person. Reduce the risks of prediction and uncertainty by basing your decision-making on data wherever possible.

Advanced Data Visualization Techniques
All this data that companies now have access to can quickly become overwhelming. Today’s tech savvy CEOs harness the power of advanced data visualization techniques to bring the most important information to the surface.

These techniques include making dashboards for interacting with the data and scorecards for presenting it to users at all levels.

Predictive Analytics
In the 1960s, business predictions were often made around a conference table in a smoke-filled room. They were based on some amount of data, but hunches, opinions, and interpersonal power dynamics often played an outsized role.

Today, there’s a better way. Predictive analytics are driven by algorithms and data, not by cigars and opinions. Leverage the power of all the data you’ve collected into predictive analytics.

While they are neither perfect nor omniscient, predictive analytics remove human biases from forecasting. This powerful tool can enhance your effectiveness as a CFO.

Adjust in Real Time
The CFO that understands how to use these new tools can be agile, adjusting in real time based on the data that’s coming in. Many marketplaces change rapidly, and a 6-month-old report may no longer ring true. Big data and analytics let CFOs make these quick adjustments as they continually monitor data and adjust their predictions.

Drive Growth
Acting on your analysis of data can often spur on innovation and growth. Creating efficiencies aids in growth, and as you do so you’re likely to discover new business opportunities, such as a hole in the market that your company is suited to fill.

How to Become the Tech Savvy CFO
Having a tech savvy CFO brings many advantages to a company. As a result, being a tech savvy CFO makes you a much more valuable asset. If you’re not there yet, here are a few quick tips for how to get there.

Learn Analytics
Yes, this sounds basic, but if you don’t understand how to use analytics to do the things we’ve talked about, you need to learn. If others in your company already know analytics, leverage your rank. You are the CFO, after all—make it part of their job to teach you. If you’re in a smaller firm that has yet to embrace big data and analytics, it may be time to go get a certification in this area.

Meet Regularly with Experts
Your CIO, if your firm has one, should be well versed in the sorts of technology we’ve discussed today. Meet regularly with your CIO and ask questions. Do the same with other experts in your network. They aren’t the finance people, so they may not readily see how big data and analytics can transform your role. As your understanding grows and you learn to them the right questions, you’re likely to discover breakthroughs together.

Read What They Read
Sites like CIO.com are go-to resources for CIOs, but you can benefit there, too. Not every article will apply to what you’re learning, but many will. Reading sites like these will increase your overall tech comfort level.
Leverage the Data

As your understanding of analytics grows, you can start leveraging that data in real, meaningful ways. It’s easy to get overwhelmed in a deluge of data if you don’t have the tools to parse through it. At the same time, it’s possible to parse the data so finely that you miss valuable conclusions. As your comfort level grows, you’ll improve in leveraging data to the fullest extent.

Educate Your Team
Last, you need to educate your team. As you journey to become a tech-savvy CFO, teach your team what you’re learning so that they can help you win using data and analytics.

Signs Your PC Needs A Tune-Up (Or Replaced!)

Jason Cooley is Support Services Manager for Tech Experts.
One of the most frustrating things a person can experience in the office is a slow computer system.

As modern systems get quicker and Internet speeds continue to soar, we really notice when performance seems off.

Watching a video online 10 years ago versus today is a world of difference. Take it back 15 years, and it’s like two different universes.

Yet, we are so used to these speeds and increases in performance that we often assume that there’s something “wrong” with our computer or Internet connection when it slows down. Sure, this can be the case, but how can you tell?

First, you really need to isolate whether your computer system is slow or if your Internet is causing the problems. This is easier than you would expect.

Try loading a webpage. See if there is a delay in your keyboard input. Look for spinning wheels. These are indicative of system processing actions. You can try opening a few documents or pictures stored on your computer.

If there is no delay but webpages load slower than normal, you likely are having Internet speed issues.

Let’s assume that your Internet is fine. Speed is good, connection is strong. How can we tell if there is something wrong that needs fixed or if it’s just a temporary issue?

Let’s talk about age. The average usable life of a PC is around five years, give a take a year or two based on how good the system specs were at the time of purchase.

For instance, a laptop at a chain retail store might be a great price, but if you buy outdated products to start with, you will definitely have a harder time reaching the target goal of five years of use out of your computer. You can sometimes find a bargain, but a lot of times, you really get what you pay for.

Speaking of getting what you pay for, you may not be an expert, but remember that, while features like touchscreens are nice, they’re not a great help when your system resources are maxed out.

A touchscreen in a laptop is basically a tradeoff for two other specs when it comes to cost. Basically, if you had two identically priced laptops, the one with a touchscreen would have less RAM and a slower CPU, for instance.

Other things can let you know if there is more to it than needing a new PC. Is your lag recent and sudden? How secure are you? Is your operating system up to date?

A recent virus could quickly impact your system. While they don’t always work like this, a quick change in performance is typically failing hardware or an infection.

The best thing to do is to rule out the virus first. Always better to be safe. If you aren’t sure about how to thoroughly check for and remove virus infections, look for someone who can help.

So what if you still aren’t sure? If you are on the cusp of having your computer for four or five years, it might be time to make the call to replace it.

If there is a chance it’s the CPU failing and it’s close in the age range, replace it.

It is a calculated decision, but don’t let trying to save a few bucks for a few weeks longer cause you endless frustration. It may just be time to say goodbye.

Using Wireless Printers? Here’s How to Secure Them

With some reports estimating over seven million incidents of cybercrime and online fraud occurring in 2018, it would be a mistake to discount the risks associated with using a wireless printer.

After all, any time data is transmitted wirelessly, there is a chance it could be intercepted. When you think about all the sensitive information that is printed in your company, this threat may then seem quite real.

Try the following tips to minimize the risk of a security vulnerability associated with wireless printing:

Use WPA2
This security certification program essentially password protects your print job capabilities just as you would require login credentials to access wireless internet.

By controlling access to your wireless printers, you can also monitor who is printing what and detect when someone attempts to gain unauthorized access to your systems.

Keep Security Software Updated
Many printers come with some form of built-in security, but the installed version can only be effective for so long.

Regularly check for more updated versions of your printers’ security software and install them as they become available to be protected from the latest threats.

Use Data Encryption
Just as your emails and other document sharing methods are encrypted during transmission, you should make sure your printer data is encrypted as well.

This ensures that, if the information is intercepted by a nefarious third-party, they will not be able to decode the stolen data. This is especially important for printers you use to print checks.

Train Your Staff in Printer Protocol
No matter what measures you take to secure your wireless printers, they won’t be as effective if your staff doesn’t know how to properly use equipment or keep protection programs up to date.

Provide training to your employees about safe printing practices.

These tips don’t just apply to large businesses; the threat of a security breach through wireless printing systems can affect small businesses and even individuals just as easily.

With a little forethought and effort however, you can greatly decrease these risks to be able to print without fear.

Your Guide To Microsoft’s End Of Windows 7 Support

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Support for Windows 7 is coming to end this year. The operating system is 10 years old, and in the near future, Microsoft will discontinue all support – including security updates – for this version of Microsoft Windows.

This means the end of Microsoft security updates and this means many 3rd-party security tools like anti-virus may no longer function.

“Malicious Actors” a. k. a. “Hackers” will quickly exploit any Windows 7 computer the moment security updates stop and any future security vulnerability is discovered.

Microsoft tells us that as of October 2018, about 39% of business computers are still running Windows 7. Clearly, there is a lot of work to do over the coming months to prepare businesses for the end of support of Windows 7. [Read more…] about Your Guide To Microsoft’s End Of Windows 7 Support

How To Reduce Pop-Ups And Other Browser Best Practices

Jason Cooley is Support Services Manager for Tech Experts.

One of the most annoying things about browsing the web are pop-ups. Depending on your browser, your ability to limit or block pop-ups is probably built-in. If it’s not, there is definitely an extension for that purpose.

There are also other ways to ensure you have the best and fastest browsing experience possible.

Before we get into which browsers have which kind of pop-up blocker, let’s examine a fact. Pop-ups are annoying, but not always intrusive or unwanted.

There are instances where I need a pop-up from a site as it may be an internal page that has been requested or a log-in box. This can be frustrating as we may not know a pop-up is coming from a link. It may appear that nothing has happened.

So how do you know? The best practice and safest way is to allow pop-ups from sites you trust (as needed).

Say you’re on your banking site and you click log-in. Normally, a pop-up log-in box is displayed, but nothing happens. The pop-up has been blocked.

In the browser, you can enable this webpage to allow pop-ups, thus restoring your access and keeping you secure in the process.

In addition to pop-ups, users must also be on the lookout for pop-under windows. These are typically pages that open with other pages, like a tag along. They also frequently occur when attempting to leave a web page. They pop underneath other windows, hence the name. In most cases, pop-up blockers will stop most pop-unders.

So what about the browsers? Well, let’s just cover the Big Three: Chrome, Edge, and Firefox.

These browsers all come with a built-in pop-up blocker – all of which can be enabled in the settings page of the browser.

In most cases, these will do what you want them to: stop pop-ups. However, there are some instances where pop-ups or pop-unders make it through. There are third party extensions for most browsers that will typically offer more security.

Now that these pop-ups are handled, what else can we do to make a better browser experience? There are a few things you can do to perform sort of “maintenance” on your browser.

Clearing your cache (stored data) can help a website that doesn’t want to load very quickly. Most people know about clearing your browsing history, but there are other clean-up methods available.

There are a few different types of stored data associated with browser use. Some of this is background information, temporary data, passwords, and preferences. You can choose which parts to remove, so you can still keep your saved information without having to reenter it.

Another quick and easy tune up process is to remove any unused browser extensions. This can help with basic browser speed and performance.

Maintaining a generally healthy system is also a key to browser speed. Malware and adware can often specifically affect browsers. Any malware affecting the entire system would affect your browsing speed as well.

The best practice you can have is to use a strong antivirus and scan your computer regularly. There are many factors at play and paying attention to all of them is key to the best browsing experience.

New Whaling Schemes: CEO Fraud Continues To Grow

In previous years, the first clue that your corporate email has been compromised would be a poorly-spelled and grammatically incorrect email message asking you to send thousands of dollars overseas.

While annoying, it was pretty easy to train staff members to see these as fraud and report the emails. Today’s cybercriminals are much more tech-savvy and sophisticated in their messaging, sending emails that purport to be from top executives in your organization, making a seemingly-reasonable request for you to transfer funds to them as they travel.

It’s much more likely that well-meaning financial managers will bite at this phishing scheme, making CEO and CFO fraud one of the fastest-growing ways for cybercriminals to defraud organizations of thousands of dollars at a time.

Here’s how to spot these so-called whaling schemes that target the “big fish” at an organization using social engineering and other advanced targeting mechanisms.

What Are Whaling Attacks?

Phishing emails are often a bit more basic, in that they may be targeted to any individual in the organization and ask for a limited amount of funds.

Whaling emails, on the other hand, are definitely going for the big haul, as they attempt to spoof the email address of the sender and aim pointed attacks based on information gathered from LinkedIn, corporate websites and social media.

This more sophisticated type of attack is more likely to trick people into wiring funds or passing along PII (Personally Identifiable Information) that can then be sold on the black market. Few industries are safe from this type of cyberattack, while larger and geographically dispersed organizations are more likely to become easy targets.

The Dangers of Whaling Emails

What is particularly troubling about this type of email is that they show an intimate knowledge of your organization and your operating principles. This could include everything from targeting exactly the individual who is most likely to respond to a financial request from their CEO to compromising the legitimate email accounts of your organization.

You may think that a reasonably alert finance or accounting manager would be able to see through this type of request, but the level of sophistication involved in these emails continues to grow. Scammers include insider information to make the emails look even more realistic, especially for globe-trotting CEOs who regularly need an infusion of cash from the home office.

According to Kaspersky, no one is really safe from these attacks — even the famed toy maker Mattel fell to the tactics of a fraudster to the tune of $3 million. The Snapchat human resources department also fell prey to scammers, only they were after personal information on current and past employees.

How Do You Protect Your Organization From Advanced Phishing Attacks?

The primary method of protection is ongoing education of staff at all levels of the organization. Some phishing or whaling attacks are easier to interpret than others and could include simple cues that something isn’t quite right. Here are some ways that you can potentially avoid phishing attacks:

  • Train staff to be on the lookout for fake (spoofed) email addresses or names. Show individuals how to hover over the email address and look closely to ensure that the domain name is spelled correctly.
  • Encourage individuals in a position of leadership to limit their social media presence and avoid sharing personal information online such as anniversaries, birthdays, promotions and relationships — all information that can be leveraged to add sophistication to an attack.
  • Deploy anti-phishing software that includes options such as link validation and URL screening.
  • Create internal best practices that include a secondary level of validation when large sums of money or sensitive information is requested. This can be as simple as a phone call to a company-owned phone to validate that the request is legitimate.
  • Request that your technology department or managed services provider add a flag to all emails that come from outside your corporate domain. That way, users can be trained to be wary of anything that appears to be internal to the organization, yet has that “external” flag.

There are no hard and fast rules that guarantee your organization will not be the victim of a phishing attack. However, ongoing education and strict security processes and procedures are two of the best ways to help keep your company’s finances — and personal information — safe from cyberattack.

Five Ways to Deal With Aging Computer Equipment

While upgrading your tech equipment marks an exciting time in the office, it also presents a problem. With the introduction of new technology, you must decide what to do with your old equipment.

Provided those items are still in good working order, they may continue to be helpful in other avenues. Consider one of these five ways to give your old, replaced technology a new home:

Find a fresh purpose for it

Old equipment may not be up to task in one arena anymore, but it may be useful for something else. For example, old computers could power dummy terminals or be used for browser testing.

Connect with a local nonprofit

Your obsolete equipment may build a bridge with a local nonprofit. If you don’t have a particular organization in mind, ask your team for suggestions.

Donating your items to a nonprofit can elevate your company’s image in the public eye and be tax deductible down the road.

Donate it to a school

Whether your old equipment is best put to use actively or as the technological equivalent of a cadaver in a computer assembly class, schools are always in need of computers for students to use.

Be charitable

Similarly, you can donate your outdated technology to a charity and allow it to either sell your old items or put it to use in their office. This method can even net you and your business a tax break.

Hand it down

What is old to you can be new to someone else. Review the age and functionality of your employees’ equipment, and you might find what you wish to discard constitutes an upgrade to another member of your team.