TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

What Are The Newest Phishing Attacks?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
Phishing is a term adapted from the word “fishing.” When we go fishing, we put a line in the water with bait on it, and we sit back and wait for the fish to come along and take the bait. Maybe the fish was hungry. Perhaps it just wasn’t paying attention. At any rate, eventually a fish will bite, and you’ll have something delicious for dinner.

How Does Phishing Work?
This is essentially how cyber phishing works. Cybercriminals create an interesting email, maybe saying that you’ve won a $100 gift certificate from Amazon. Sound too good to be true? Find out! All you have to do is click the link and take a short survey.

Once you click the link, a virus is downloaded onto your system. Sometimes it’s malware, and sometimes it’s ransomware. Malware includes Trojans, worms, spyware, and adware. These malicious programs each have different goals, but all are destructive and aimed at harming your computers. [Read more…] about What Are The Newest Phishing Attacks?

CFO Tech Blog: How To Become The Tech Savvy CFO

More than ever, today’s CFOs are expected to have a degree of tech savviness. Big data and analytics are tools that are just too powerful to ignore in the CFO suite. If you’re not particularly tech savvy, harnessing the power of these tools to the fullest extent will remain out of reach.

Why You Need to Become the Tech Savvy CFO
It’s crucial to understand just how powerful today’s technology tools are for financial leadership. Whatever the nature of your business and industry, technology can empower you and your staff in the following ways.

Forecasting and Risk
Forecasting has always been a part of the CFO’s role. Forecasting today can be much more accurate, thanks to the rich data that’s available.

CFOs must have the skills to understand and interpret that data (or they must employ people who can). Use robust data and analytics to reduce the amount of guesswork in your forecasting.

Risk management is another responsibility under your purview as CFO. Forecasting and risk management are interrelated, of course, and both have traditionally involved a fair bit of prediction and uncertainty.

If you’re like most CFOs, you’re a fairly risk-averse person. Reduce the risks of prediction and uncertainty by basing your decision-making on data wherever possible.

Advanced Data Visualization Techniques
All this data that companies now have access to can quickly become overwhelming. Today’s tech savvy CEOs harness the power of advanced data visualization techniques to bring the most important information to the surface.

These techniques include making dashboards for interacting with the data and scorecards for presenting it to users at all levels.

Predictive Analytics
In the 1960s, business predictions were often made around a conference table in a smoke-filled room. They were based on some amount of data, but hunches, opinions, and interpersonal power dynamics often played an outsized role.

Today, there’s a better way. Predictive analytics are driven by algorithms and data, not by cigars and opinions. Leverage the power of all the data you’ve collected into predictive analytics.

While they are neither perfect nor omniscient, predictive analytics remove human biases from forecasting. This powerful tool can enhance your effectiveness as a CFO.

Adjust in Real Time
The CFO that understands how to use these new tools can be agile, adjusting in real time based on the data that’s coming in. Many marketplaces change rapidly, and a 6-month-old report may no longer ring true. Big data and analytics let CFOs make these quick adjustments as they continually monitor data and adjust their predictions.

Drive Growth
Acting on your analysis of data can often spur on innovation and growth. Creating efficiencies aids in growth, and as you do so you’re likely to discover new business opportunities, such as a hole in the market that your company is suited to fill.

How to Become the Tech Savvy CFO
Having a tech savvy CFO brings many advantages to a company. As a result, being a tech savvy CFO makes you a much more valuable asset. If you’re not there yet, here are a few quick tips for how to get there.

Learn Analytics
Yes, this sounds basic, but if you don’t understand how to use analytics to do the things we’ve talked about, you need to learn. If others in your company already know analytics, leverage your rank. You are the CFO, after all—make it part of their job to teach you. If you’re in a smaller firm that has yet to embrace big data and analytics, it may be time to go get a certification in this area.

Meet Regularly with Experts
Your CIO, if your firm has one, should be well versed in the sorts of technology we’ve discussed today. Meet regularly with your CIO and ask questions. Do the same with other experts in your network. They aren’t the finance people, so they may not readily see how big data and analytics can transform your role. As your understanding grows and you learn to them the right questions, you’re likely to discover breakthroughs together.

Read What They Read
Sites like CIO.com are go-to resources for CIOs, but you can benefit there, too. Not every article will apply to what you’re learning, but many will. Reading sites like these will increase your overall tech comfort level.
Leverage the Data

As your understanding of analytics grows, you can start leveraging that data in real, meaningful ways. It’s easy to get overwhelmed in a deluge of data if you don’t have the tools to parse through it. At the same time, it’s possible to parse the data so finely that you miss valuable conclusions. As your comfort level grows, you’ll improve in leveraging data to the fullest extent.

Educate Your Team
Last, you need to educate your team. As you journey to become a tech-savvy CFO, teach your team what you’re learning so that they can help you win using data and analytics.

Signs Your PC Needs A Tune-Up (Or Replaced!)

Jason Cooley is Support Services Manager for Tech Experts.
One of the most frustrating things a person can experience in the office is a slow computer system.

As modern systems get quicker and Internet speeds continue to soar, we really notice when performance seems off.

Watching a video online 10 years ago versus today is a world of difference. Take it back 15 years, and it’s like two different universes.

Yet, we are so used to these speeds and increases in performance that we often assume that there’s something “wrong” with our computer or Internet connection when it slows down. Sure, this can be the case, but how can you tell?

First, you really need to isolate whether your computer system is slow or if your Internet is causing the problems. This is easier than you would expect.

Try loading a webpage. See if there is a delay in your keyboard input. Look for spinning wheels. These are indicative of system processing actions. You can try opening a few documents or pictures stored on your computer.

If there is no delay but webpages load slower than normal, you likely are having Internet speed issues.

Let’s assume that your Internet is fine. Speed is good, connection is strong. How can we tell if there is something wrong that needs fixed or if it’s just a temporary issue?

Let’s talk about age. The average usable life of a PC is around five years, give a take a year or two based on how good the system specs were at the time of purchase.

For instance, a laptop at a chain retail store might be a great price, but if you buy outdated products to start with, you will definitely have a harder time reaching the target goal of five years of use out of your computer. You can sometimes find a bargain, but a lot of times, you really get what you pay for.

Speaking of getting what you pay for, you may not be an expert, but remember that, while features like touchscreens are nice, they’re not a great help when your system resources are maxed out.

A touchscreen in a laptop is basically a tradeoff for two other specs when it comes to cost. Basically, if you had two identically priced laptops, the one with a touchscreen would have less RAM and a slower CPU, for instance.

Other things can let you know if there is more to it than needing a new PC. Is your lag recent and sudden? How secure are you? Is your operating system up to date?

A recent virus could quickly impact your system. While they don’t always work like this, a quick change in performance is typically failing hardware or an infection.

The best thing to do is to rule out the virus first. Always better to be safe. If you aren’t sure about how to thoroughly check for and remove virus infections, look for someone who can help.

So what if you still aren’t sure? If you are on the cusp of having your computer for four or five years, it might be time to make the call to replace it.

If there is a chance it’s the CPU failing and it’s close in the age range, replace it.

It is a calculated decision, but don’t let trying to save a few bucks for a few weeks longer cause you endless frustration. It may just be time to say goodbye.

Using Wireless Printers? Here’s How to Secure Them

With some reports estimating over seven million incidents of cybercrime and online fraud occurring in 2018, it would be a mistake to discount the risks associated with using a wireless printer.

After all, any time data is transmitted wirelessly, there is a chance it could be intercepted. When you think about all the sensitive information that is printed in your company, this threat may then seem quite real.

Try the following tips to minimize the risk of a security vulnerability associated with wireless printing:

Use WPA2
This security certification program essentially password protects your print job capabilities just as you would require login credentials to access wireless internet.

By controlling access to your wireless printers, you can also monitor who is printing what and detect when someone attempts to gain unauthorized access to your systems.

Keep Security Software Updated
Many printers come with some form of built-in security, but the installed version can only be effective for so long.

Regularly check for more updated versions of your printers’ security software and install them as they become available to be protected from the latest threats.

Use Data Encryption
Just as your emails and other document sharing methods are encrypted during transmission, you should make sure your printer data is encrypted as well.

This ensures that, if the information is intercepted by a nefarious third-party, they will not be able to decode the stolen data. This is especially important for printers you use to print checks.

Train Your Staff in Printer Protocol
No matter what measures you take to secure your wireless printers, they won’t be as effective if your staff doesn’t know how to properly use equipment or keep protection programs up to date.

Provide training to your employees about safe printing practices.

These tips don’t just apply to large businesses; the threat of a security breach through wireless printing systems can affect small businesses and even individuals just as easily.

With a little forethought and effort however, you can greatly decrease these risks to be able to print without fear.

Your Guide To Microsoft’s End Of Windows 7 Support

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Support for Windows 7 is coming to end this year. The operating system is 10 years old, and in the near future, Microsoft will discontinue all support – including security updates – for this version of Microsoft Windows.

This means the end of Microsoft security updates and this means many 3rd-party security tools like anti-virus may no longer function.

“Malicious Actors” a. k. a. “Hackers” will quickly exploit any Windows 7 computer the moment security updates stop and any future security vulnerability is discovered.

Microsoft tells us that as of October 2018, about 39% of business computers are still running Windows 7. Clearly, there is a lot of work to do over the coming months to prepare businesses for the end of support of Windows 7. [Read more…] about Your Guide To Microsoft’s End Of Windows 7 Support

How To Reduce Pop-Ups And Other Browser Best Practices

Jason Cooley is Support Services Manager for Tech Experts.

One of the most annoying things about browsing the web are pop-ups. Depending on your browser, your ability to limit or block pop-ups is probably built-in. If it’s not, there is definitely an extension for that purpose.

There are also other ways to ensure you have the best and fastest browsing experience possible.

Before we get into which browsers have which kind of pop-up blocker, let’s examine a fact. Pop-ups are annoying, but not always intrusive or unwanted.

There are instances where I need a pop-up from a site as it may be an internal page that has been requested or a log-in box. This can be frustrating as we may not know a pop-up is coming from a link. It may appear that nothing has happened.

So how do you know? The best practice and safest way is to allow pop-ups from sites you trust (as needed).

Say you’re on your banking site and you click log-in. Normally, a pop-up log-in box is displayed, but nothing happens. The pop-up has been blocked.

In the browser, you can enable this webpage to allow pop-ups, thus restoring your access and keeping you secure in the process.

In addition to pop-ups, users must also be on the lookout for pop-under windows. These are typically pages that open with other pages, like a tag along. They also frequently occur when attempting to leave a web page. They pop underneath other windows, hence the name. In most cases, pop-up blockers will stop most pop-unders.

So what about the browsers? Well, let’s just cover the Big Three: Chrome, Edge, and Firefox.

These browsers all come with a built-in pop-up blocker – all of which can be enabled in the settings page of the browser.

In most cases, these will do what you want them to: stop pop-ups. However, there are some instances where pop-ups or pop-unders make it through. There are third party extensions for most browsers that will typically offer more security.

Now that these pop-ups are handled, what else can we do to make a better browser experience? There are a few things you can do to perform sort of “maintenance” on your browser.

Clearing your cache (stored data) can help a website that doesn’t want to load very quickly. Most people know about clearing your browsing history, but there are other clean-up methods available.

There are a few different types of stored data associated with browser use. Some of this is background information, temporary data, passwords, and preferences. You can choose which parts to remove, so you can still keep your saved information without having to reenter it.

Another quick and easy tune up process is to remove any unused browser extensions. This can help with basic browser speed and performance.

Maintaining a generally healthy system is also a key to browser speed. Malware and adware can often specifically affect browsers. Any malware affecting the entire system would affect your browsing speed as well.

The best practice you can have is to use a strong antivirus and scan your computer regularly. There are many factors at play and paying attention to all of them is key to the best browsing experience.

New Whaling Schemes: CEO Fraud Continues To Grow

In previous years, the first clue that your corporate email has been compromised would be a poorly-spelled and grammatically incorrect email message asking you to send thousands of dollars overseas.

While annoying, it was pretty easy to train staff members to see these as fraud and report the emails. Today’s cybercriminals are much more tech-savvy and sophisticated in their messaging, sending emails that purport to be from top executives in your organization, making a seemingly-reasonable request for you to transfer funds to them as they travel.

It’s much more likely that well-meaning financial managers will bite at this phishing scheme, making CEO and CFO fraud one of the fastest-growing ways for cybercriminals to defraud organizations of thousands of dollars at a time.

Here’s how to spot these so-called whaling schemes that target the “big fish” at an organization using social engineering and other advanced targeting mechanisms.

What Are Whaling Attacks?

Phishing emails are often a bit more basic, in that they may be targeted to any individual in the organization and ask for a limited amount of funds.

Whaling emails, on the other hand, are definitely going for the big haul, as they attempt to spoof the email address of the sender and aim pointed attacks based on information gathered from LinkedIn, corporate websites and social media.

This more sophisticated type of attack is more likely to trick people into wiring funds or passing along PII (Personally Identifiable Information) that can then be sold on the black market. Few industries are safe from this type of cyberattack, while larger and geographically dispersed organizations are more likely to become easy targets.

The Dangers of Whaling Emails

What is particularly troubling about this type of email is that they show an intimate knowledge of your organization and your operating principles. This could include everything from targeting exactly the individual who is most likely to respond to a financial request from their CEO to compromising the legitimate email accounts of your organization.

You may think that a reasonably alert finance or accounting manager would be able to see through this type of request, but the level of sophistication involved in these emails continues to grow. Scammers include insider information to make the emails look even more realistic, especially for globe-trotting CEOs who regularly need an infusion of cash from the home office.

According to Kaspersky, no one is really safe from these attacks — even the famed toy maker Mattel fell to the tactics of a fraudster to the tune of $3 million. The Snapchat human resources department also fell prey to scammers, only they were after personal information on current and past employees.

How Do You Protect Your Organization From Advanced Phishing Attacks?

The primary method of protection is ongoing education of staff at all levels of the organization. Some phishing or whaling attacks are easier to interpret than others and could include simple cues that something isn’t quite right. Here are some ways that you can potentially avoid phishing attacks:

  • Train staff to be on the lookout for fake (spoofed) email addresses or names. Show individuals how to hover over the email address and look closely to ensure that the domain name is spelled correctly.
  • Encourage individuals in a position of leadership to limit their social media presence and avoid sharing personal information online such as anniversaries, birthdays, promotions and relationships — all information that can be leveraged to add sophistication to an attack.
  • Deploy anti-phishing software that includes options such as link validation and URL screening.
  • Create internal best practices that include a secondary level of validation when large sums of money or sensitive information is requested. This can be as simple as a phone call to a company-owned phone to validate that the request is legitimate.
  • Request that your technology department or managed services provider add a flag to all emails that come from outside your corporate domain. That way, users can be trained to be wary of anything that appears to be internal to the organization, yet has that “external” flag.

There are no hard and fast rules that guarantee your organization will not be the victim of a phishing attack. However, ongoing education and strict security processes and procedures are two of the best ways to help keep your company’s finances — and personal information — safe from cyberattack.

Five Ways to Deal With Aging Computer Equipment

While upgrading your tech equipment marks an exciting time in the office, it also presents a problem. With the introduction of new technology, you must decide what to do with your old equipment.

Provided those items are still in good working order, they may continue to be helpful in other avenues. Consider one of these five ways to give your old, replaced technology a new home:

Find a fresh purpose for it

Old equipment may not be up to task in one arena anymore, but it may be useful for something else. For example, old computers could power dummy terminals or be used for browser testing.

Connect with a local nonprofit

Your obsolete equipment may build a bridge with a local nonprofit. If you don’t have a particular organization in mind, ask your team for suggestions.

Donating your items to a nonprofit can elevate your company’s image in the public eye and be tax deductible down the road.

Donate it to a school

Whether your old equipment is best put to use actively or as the technological equivalent of a cadaver in a computer assembly class, schools are always in need of computers for students to use.

Be charitable

Similarly, you can donate your outdated technology to a charity and allow it to either sell your old items or put it to use in their office. This method can even net you and your business a tax break.

Hand it down

What is old to you can be new to someone else. Review the age and functionality of your employees’ equipment, and you might find what you wish to discard constitutes an upgrade to another member of your team.

Inside The Anatomy Of The Human Firewall

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Each year, around 61% of small businesses become the victims of a malware attack. While many small businesses may think no one would ever come after them because of their size, know that over half of the total global attacks hit small businesses and, for thieves, getting access to your systems is becoming increasingly lucrative.

Companies collect more about customers than ever before: medical history, financial records, consumer preferences, payment information, and other confidential information.

Some of this information could be used in malicious ways to either harm your business or directly harm the customers, so we all understand that we must protect it from cyberattacks.

Creating a human firewall is the best way to keep your system and data safe, but what exactly is a human firewall, why do you need one, and how can you build one? Let’s take a look! [Read more…] about Inside The Anatomy Of The Human Firewall

How Google Password Checkup Can Protect Your Data

Jason Cooley is Support Services Manager for Tech Experts.

While the terminology between a data breach and data leak may not seem very important, being prepared to react to compromised data is. Let’s start with knowing the difference between a breach and a leak.

A data breach is an unauthorized intrusion into any private system to access any sensitive data. Data breaches are typically the work of hackers.

A data leak may result in the same end game scenario, but differs greatly in that a leak is data left exposed or accessible, often accidentally.

While the hope is that you are protected and that your passwords are all secure, this realistically isn’t the case. You can have the strongest password possible, but depending on what information may be sold or accessible, the security can be entirely out of your hands.

Worse, a breach or leak won’t always make national news or show signs of unauthorized access.

If you see an out of state charge on your debit card, you’ll have a good idea that you didn’t make the purchase and suspect that you’ve been compromised. In the case of seeing unauthorized charges, the issue is clear.

However, say your email is compromised. It isn’t so obvious.

Perhaps the person with your credentials will monitor for a time in order to find valuable information on you or others.

There are so many ways to be compromised and so many types of information that someone with access to your account may be looking for.
In the past, I have used a few different websites to periodically check. This is obviously problematic, as reputable sources for compiling breached information are not overly abundant.

Being an IT professional, I felt comfortable looking for these sources. I do not recommend the same for just anyone.

Luckily, you no longer have to search to find any potentially compromised accounts. Google’s new extension “Password Checkup” is here to help.

Google Password Checkup is a browser extension that alerts you to any potentially compromised accounts.

While the browser extension is installed and enabled, it checks any account you log into using Google Chrome.

Now, this is not a foolproof protection blanket. While this is a great tool, it only checks against any data breaches that Google is aware of.

These are the same type of searches I mentioned earlier. While I would have to search before, Google Chrome can handle the work here.

If there is potential that your account is compromised, you should ensure you take steps to recover the account and change the passwords.

While there is no surefire way to remain safe, stay diligent. Remember to make sure your computer isn’t compromised by regularly running your anti-virus software.

Much like you lock your door at home, make sure you are taking care of your personal information.

Using Google’s Password Checkup is a great start, but it’s only a start. Change your passwords regularly and keep them unique.

A passphrase is a great way to have a password that is easy to remember but difficult to guess.