TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Your Guide To Microsoft’s End Of Windows 7 Support

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Support for Windows 7 is coming to end this year. The operating system is 10 years old, and in the near future, Microsoft will discontinue all support – including security updates – for this version of Microsoft Windows.

This means the end of Microsoft security updates and this means many 3rd-party security tools like anti-virus may no longer function.

“Malicious Actors” a. k. a. “Hackers” will quickly exploit any Windows 7 computer the moment security updates stop and any future security vulnerability is discovered.

Microsoft tells us that as of October 2018, about 39% of business computers are still running Windows 7. Clearly, there is a lot of work to do over the coming months to prepare businesses for the end of support of Windows 7. [Read more…] about Your Guide To Microsoft’s End Of Windows 7 Support

How To Reduce Pop-Ups And Other Browser Best Practices

Jason Cooley is Support Services Manager for Tech Experts.

One of the most annoying things about browsing the web are pop-ups. Depending on your browser, your ability to limit or block pop-ups is probably built-in. If it’s not, there is definitely an extension for that purpose.

There are also other ways to ensure you have the best and fastest browsing experience possible.

Before we get into which browsers have which kind of pop-up blocker, let’s examine a fact. Pop-ups are annoying, but not always intrusive or unwanted.

There are instances where I need a pop-up from a site as it may be an internal page that has been requested or a log-in box. This can be frustrating as we may not know a pop-up is coming from a link. It may appear that nothing has happened.

So how do you know? The best practice and safest way is to allow pop-ups from sites you trust (as needed).

Say you’re on your banking site and you click log-in. Normally, a pop-up log-in box is displayed, but nothing happens. The pop-up has been blocked.

In the browser, you can enable this webpage to allow pop-ups, thus restoring your access and keeping you secure in the process.

In addition to pop-ups, users must also be on the lookout for pop-under windows. These are typically pages that open with other pages, like a tag along. They also frequently occur when attempting to leave a web page. They pop underneath other windows, hence the name. In most cases, pop-up blockers will stop most pop-unders.

So what about the browsers? Well, let’s just cover the Big Three: Chrome, Edge, and Firefox.

These browsers all come with a built-in pop-up blocker – all of which can be enabled in the settings page of the browser.

In most cases, these will do what you want them to: stop pop-ups. However, there are some instances where pop-ups or pop-unders make it through. There are third party extensions for most browsers that will typically offer more security.

Now that these pop-ups are handled, what else can we do to make a better browser experience? There are a few things you can do to perform sort of “maintenance” on your browser.

Clearing your cache (stored data) can help a website that doesn’t want to load very quickly. Most people know about clearing your browsing history, but there are other clean-up methods available.

There are a few different types of stored data associated with browser use. Some of this is background information, temporary data, passwords, and preferences. You can choose which parts to remove, so you can still keep your saved information without having to reenter it.

Another quick and easy tune up process is to remove any unused browser extensions. This can help with basic browser speed and performance.

Maintaining a generally healthy system is also a key to browser speed. Malware and adware can often specifically affect browsers. Any malware affecting the entire system would affect your browsing speed as well.

The best practice you can have is to use a strong antivirus and scan your computer regularly. There are many factors at play and paying attention to all of them is key to the best browsing experience.

New Whaling Schemes: CEO Fraud Continues To Grow

In previous years, the first clue that your corporate email has been compromised would be a poorly-spelled and grammatically incorrect email message asking you to send thousands of dollars overseas.

While annoying, it was pretty easy to train staff members to see these as fraud and report the emails. Today’s cybercriminals are much more tech-savvy and sophisticated in their messaging, sending emails that purport to be from top executives in your organization, making a seemingly-reasonable request for you to transfer funds to them as they travel.

It’s much more likely that well-meaning financial managers will bite at this phishing scheme, making CEO and CFO fraud one of the fastest-growing ways for cybercriminals to defraud organizations of thousands of dollars at a time.

Here’s how to spot these so-called whaling schemes that target the “big fish” at an organization using social engineering and other advanced targeting mechanisms.

What Are Whaling Attacks?

Phishing emails are often a bit more basic, in that they may be targeted to any individual in the organization and ask for a limited amount of funds.

Whaling emails, on the other hand, are definitely going for the big haul, as they attempt to spoof the email address of the sender and aim pointed attacks based on information gathered from LinkedIn, corporate websites and social media.

This more sophisticated type of attack is more likely to trick people into wiring funds or passing along PII (Personally Identifiable Information) that can then be sold on the black market. Few industries are safe from this type of cyberattack, while larger and geographically dispersed organizations are more likely to become easy targets.

The Dangers of Whaling Emails

What is particularly troubling about this type of email is that they show an intimate knowledge of your organization and your operating principles. This could include everything from targeting exactly the individual who is most likely to respond to a financial request from their CEO to compromising the legitimate email accounts of your organization.

You may think that a reasonably alert finance or accounting manager would be able to see through this type of request, but the level of sophistication involved in these emails continues to grow. Scammers include insider information to make the emails look even more realistic, especially for globe-trotting CEOs who regularly need an infusion of cash from the home office.

According to Kaspersky, no one is really safe from these attacks — even the famed toy maker Mattel fell to the tactics of a fraudster to the tune of $3 million. The Snapchat human resources department also fell prey to scammers, only they were after personal information on current and past employees.

How Do You Protect Your Organization From Advanced Phishing Attacks?

The primary method of protection is ongoing education of staff at all levels of the organization. Some phishing or whaling attacks are easier to interpret than others and could include simple cues that something isn’t quite right. Here are some ways that you can potentially avoid phishing attacks:

  • Train staff to be on the lookout for fake (spoofed) email addresses or names. Show individuals how to hover over the email address and look closely to ensure that the domain name is spelled correctly.
  • Encourage individuals in a position of leadership to limit their social media presence and avoid sharing personal information online such as anniversaries, birthdays, promotions and relationships — all information that can be leveraged to add sophistication to an attack.
  • Deploy anti-phishing software that includes options such as link validation and URL screening.
  • Create internal best practices that include a secondary level of validation when large sums of money or sensitive information is requested. This can be as simple as a phone call to a company-owned phone to validate that the request is legitimate.
  • Request that your technology department or managed services provider add a flag to all emails that come from outside your corporate domain. That way, users can be trained to be wary of anything that appears to be internal to the organization, yet has that “external” flag.

There are no hard and fast rules that guarantee your organization will not be the victim of a phishing attack. However, ongoing education and strict security processes and procedures are two of the best ways to help keep your company’s finances — and personal information — safe from cyberattack.

Five Ways to Deal With Aging Computer Equipment

While upgrading your tech equipment marks an exciting time in the office, it also presents a problem. With the introduction of new technology, you must decide what to do with your old equipment.

Provided those items are still in good working order, they may continue to be helpful in other avenues. Consider one of these five ways to give your old, replaced technology a new home:

Find a fresh purpose for it

Old equipment may not be up to task in one arena anymore, but it may be useful for something else. For example, old computers could power dummy terminals or be used for browser testing.

Connect with a local nonprofit

Your obsolete equipment may build a bridge with a local nonprofit. If you don’t have a particular organization in mind, ask your team for suggestions.

Donating your items to a nonprofit can elevate your company’s image in the public eye and be tax deductible down the road.

Donate it to a school

Whether your old equipment is best put to use actively or as the technological equivalent of a cadaver in a computer assembly class, schools are always in need of computers for students to use.

Be charitable

Similarly, you can donate your outdated technology to a charity and allow it to either sell your old items or put it to use in their office. This method can even net you and your business a tax break.

Hand it down

What is old to you can be new to someone else. Review the age and functionality of your employees’ equipment, and you might find what you wish to discard constitutes an upgrade to another member of your team.

Inside The Anatomy Of The Human Firewall

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Each year, around 61% of small businesses become the victims of a malware attack. While many small businesses may think no one would ever come after them because of their size, know that over half of the total global attacks hit small businesses and, for thieves, getting access to your systems is becoming increasingly lucrative.

Companies collect more about customers than ever before: medical history, financial records, consumer preferences, payment information, and other confidential information.

Some of this information could be used in malicious ways to either harm your business or directly harm the customers, so we all understand that we must protect it from cyberattacks.

Creating a human firewall is the best way to keep your system and data safe, but what exactly is a human firewall, why do you need one, and how can you build one? Let’s take a look! [Read more…] about Inside The Anatomy Of The Human Firewall

How Google Password Checkup Can Protect Your Data

Jason Cooley is Support Services Manager for Tech Experts.

While the terminology between a data breach and data leak may not seem very important, being prepared to react to compromised data is. Let’s start with knowing the difference between a breach and a leak.

A data breach is an unauthorized intrusion into any private system to access any sensitive data. Data breaches are typically the work of hackers.

A data leak may result in the same end game scenario, but differs greatly in that a leak is data left exposed or accessible, often accidentally.

While the hope is that you are protected and that your passwords are all secure, this realistically isn’t the case. You can have the strongest password possible, but depending on what information may be sold or accessible, the security can be entirely out of your hands.

Worse, a breach or leak won’t always make national news or show signs of unauthorized access.

If you see an out of state charge on your debit card, you’ll have a good idea that you didn’t make the purchase and suspect that you’ve been compromised. In the case of seeing unauthorized charges, the issue is clear.

However, say your email is compromised. It isn’t so obvious.

Perhaps the person with your credentials will monitor for a time in order to find valuable information on you or others.

There are so many ways to be compromised and so many types of information that someone with access to your account may be looking for.
In the past, I have used a few different websites to periodically check. This is obviously problematic, as reputable sources for compiling breached information are not overly abundant.

Being an IT professional, I felt comfortable looking for these sources. I do not recommend the same for just anyone.

Luckily, you no longer have to search to find any potentially compromised accounts. Google’s new extension “Password Checkup” is here to help.

Google Password Checkup is a browser extension that alerts you to any potentially compromised accounts.

While the browser extension is installed and enabled, it checks any account you log into using Google Chrome.

Now, this is not a foolproof protection blanket. While this is a great tool, it only checks against any data breaches that Google is aware of.

These are the same type of searches I mentioned earlier. While I would have to search before, Google Chrome can handle the work here.

If there is potential that your account is compromised, you should ensure you take steps to recover the account and change the passwords.

While there is no surefire way to remain safe, stay diligent. Remember to make sure your computer isn’t compromised by regularly running your anti-virus software.

Much like you lock your door at home, make sure you are taking care of your personal information.

Using Google’s Password Checkup is a great start, but it’s only a start. Change your passwords regularly and keep them unique.

A passphrase is a great way to have a password that is easy to remember but difficult to guess.

Understanding The Value Of Managed IT Services

Depending on their scope and impact on your workday, tech issues can take hours to resolve, if not days. In some cases, you may spend far too much time tracking down a problem, only to come up empty-handed in the end.

In others, such as security breaches, you may not even know there is an issue until the damage has been done.

If you and your team have been handling any tech issues that arise on your own, you could greatly benefit from partnering with a managed IT service provider like Tech Experts.

Here are some of the benefits you can expect from this partnership.

Increases speed of IT repairs
When you partner with Tech Experts, you can report any and all tech issues as they arise and receive a prompt response. Upon receiving your call, we’ll look into the problem and find the most effective solution.

With our years of experience, we’ve probably come across the problem before and already know how to fix it. This makes for very speedy service that helps keep your business operations moving forward without disruption.

Prevents tech issues
Managed IT services prove extremely valuable in the prevention of tech issues of all kinds. From malware attacks to hardware failure, we can stay ahead of the leading issues and potentially keep them from cropping up at all.

Through these preventive actions, you can avoid unnecessary downtime that could otherwise derail the work efforts of your entire staff.

Improves employee productivity
When your employees can hand off tech issues to a dedicated, outsourced team, they can remain on task in fulfilling their daily work duties. This keeps their productivity high, so you can meet your daily business goals and continue to push the annual growth of the company.

With your employees on task, rather than dealing with IT issues, your business operations can continue running smoothly day after day.

Boosts data security
Computer software and hardware issues can have a detrimental impact on the security of your business data. Especially since most of these problems remain hidden from view until a catastrophic loss of data occurs.

Therefore, your company and client information likely remain at risk without help from a skilled IT expert.

We specialize in optimizing security at the network, server and workstation levels, so you can focus on running your business without worry.

Decreases equipment repair costs
You can decrease the amount you spend on upkeep and repair of your equipment with oversight from skilled IT professionals.

Our ability to track down the problem and fix it the first time around will likely prove invaluable as you work on minimizing downtime and boosting employee productivity.

We can also help you time and plan your equipment upgrades perfectly to avoid wasting money on unnecessary items or overspending on parts.

Works well for any budget
With our managed service partnership, you can build your custom IT plan around the exact needs of your company.

You can select the items that will benefit you the most and leave the rest. If you only need computer and cloud support, for example, you can leave all server-related services off your plan. You are not locked into the services you select in the beginning either.

You can also make adjustments to the scope of your managed IT service plan as you expand your operations.

Ability to easily expand
As your business achieves phenomenal growth, you will likely need to add computer equipment and make other key adjustments to accommodate your team and their needs.

We can help you develop a plan that supports your current and future levels of growth. You can build a stronger network, upgrade your software and add computers to your workplace, for example, in support of your company’s continued success.

Peace of mind
When you sign up for managed services, you will give yourself true peace of mind in knowing that all your IT needs are handled.

You can call for service any time that your computer equipment acts up or software programs fail to operate as expected.

You will receive support and oversight in the prevention of problems that would otherwise cause much downtime for your employees.

Through all the managed IT service benefits, peace of mind comes out on top as it allows you to focus on what really matters – accelerating the success of your company.

Setting up a managed IT plan
With a look at these managed IT service benefits, it is clear that there are many ways this arrangement can boost the success of your business. You can get started in building this partnership by giving us a call at 734-457-5000. With this call, you can share the network, equipment and other IT needs of your company to start building your plan.

Four Questions Every CEO Needs To Ask About Cybersecurity

Leaders in every organization need to make identifying and addressing their cybersecurity needs a top priority. You can begin by starting a conversation between your IT service company and employees at all levels of your company about information security and how best to protect sensitive data, but you need to know the right questions to ask. Here are four questions to ask to get the discussion started and moving in the right direction.

How informed is your team about the vulnerability to and potential impact of cyber attacks on your company?

It’s important to assess the current awareness of everyone in your business about cyber threats and the potential damage from data breaches. It’s likely that everyone has heard of the many well-publicized breaches that have occurred over the last several years, but possibly haven’t considered them within the context of your company.

This is the first step to developing an educational initiative to get everyone up to speed on the problem and identifying the at-risk areas in your system. After that, you can begin to develop a chain of communication to take immediate action in case of a breach and set protocols and expectations for response times. A fast and effective response is critical to limiting data exposure.

What are the specific risks to your infrastructure and what are the best steps to take to address them?

Remember that the threat isn’t limited to just hackers. Many breaches occur because employees click on a link in a phishing email, leave a password lying around where it’s easily seen, or by unknowingly becoming a victim of a social engineering scam by giving it to someone over the phone who is impersonating a company employee.

Then you can begin to identify the resources needed to protect your data, including third-party security software and updated equipment. Simply informing your employees of the threat of such low-tech risks can greatly increase your cybersecurity.

How many security incidents are detected in your systems in a normal month or week, what type are they, and how were others informed about them?

You should have a system in place to detect, monitor, analyze, and record any type of potential security incident no matter how small or seemingly insignificant, and disseminate that information to the appropriate personnel, or perhaps to all employees to raise awareness. You should discuss enhanced alerting and monitoring with your IT professionals.

Does your company have an incident response plan? How effective is it, and how often do you test it?

The only way you can quickly react to prevent or limit the damage from a breach is to have a clearly defined response plan in place. It should document how everyone in your company should react in the event of an emergency. This plan should be available to all employees. It should be tested on a regular basis, at least once each quarter, and updated whenever significant changes are made to your IT infrastructure.

Cyberattacks are just a fact of life these days, and that’s not going to change anytime soon. But by asking your team the right questions, starting a dialogue about how to address the threat, raising awareness and implementing training, and having a response plan in place, although you’ll never completely eliminate them, you can reduce your risks significantly.

What Are The Top Cybersecurity Trends For 2019?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Several events in 2018 brought cybersecurity to the forefront of public consciousness, as major sectors– from financial institutions to Facebook– were affected by cybercrime.

According to Forbes, 34 percent of US consumers had their personal information compromised in 2018. Security experts and business leaders are constantly looking for ways to keep two steps ahead of hackers.

Cybersecurity trends for 2019 are a popular topic. Here is what’s anticipated this year in the cybersecurity realm.

Tougher regulations
As digital capabilities are rapidly gaining a worldwide foothold, data is becoming our most highly-valued commodity. [Read more…] about What Are The Top Cybersecurity Trends For 2019?

Windows 10: New Issues Ahead Of The Spring Feature Update

Jason Cooley is Support Services Manager for Tech Experts.

Windows 10 isn’t as universally despised as Windows 8, but isn’t as loved as Windows 7. Windows 7 actually had reported growth for the number of users last month, despite being released 10 years ago.

Polarizing may be the way to describe Windows 10 as people often love it or hate it, not much in between. It is my belief that this is due to the numerous issues, such as data loss via Windows update, broken software, and totally failed systems. Going forward, I don’t think we’ll see another OS quite like Windows 10 in the eyes of its users.

From an IT standpoint, not being able to install Microsoft Office after updating Windows is both annoying and baffling. Two products made by the same company, causing issues with each other. It seems like Windows 10 has a revolving door of problems.

The latest issues are no exception.

Recently, users attempted (and failed) many times to push the new Windows 10 updates to their system. This was met with a generic error that Windows can’t communicate with the update server.

This seems minor in itself, but it’s telling of a larger failure on Microsoft’s part to do proper planning before implementing changes. While there has not been a clear report on what happened, Microsoft is ready to patch and fix its latest issue. There is, however, a work around if you can’t wait for the newest update.

If you change your DNS to Google DNS or another third party DNS provider, you will be able to update Windows. While it is not confirmed, the common belief is that Microsoft sent out a bad DNS record to ISP’s that caused this to occur. You can resolve it yourself, but Microsoft will be taking care of this broken update this week.

The other big news is the Spring update that is being prepared for deployment. Due to the previous feature updates causing many issues, you should delay your update as long as possible, if possible. If you don’t know how to do this on your own, reaching out to an IT professional like Tech Experts could be the way to go.

The new update will feature many changes, most of which are cosmetic. This does not curb my fears for issues relating to the update. Although these types of changes normally only affect what you see on the screen, being extra cautious is probably the way to go.

Cortana and the search feature will now be completely separate, allowing you to use the standard start menu or Cortana individually. There will also be the option to uninstall many applications that you could not previously.

These include Mail, Calendar, Groove Music, Sticky Notes, and more. There will be many new themes and a few quality of life adjustments. While there will surely be more news on the horizon for the new update, do what you can to let them work out all of the issues before they become your issues as well.