TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

The Ransomware Threat Is Growing – Here’s Why

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

One of the biggest problems facing businesses today is ransomware. In 2017, a ransomware attack was launched every 40 seconds and that number has grown exponentially in 2018. What are the main reasons for this type of escalation and why can’t law enforcement or IT experts stop the growing number of cyber-attacks?

Ransomware Trends
One of the reasons involves the latest trends. The art of ransomware is evolving. Hackers are finding new ways to initiate and pull off the cyber-attack successfully.

Hackers rarely get caught. So, you have a crime that pays off financially and no punishment for the crime. The methods of attack expand almost daily. Attack vectors increase with each new breach. If cyber thieves can get just one employee to click on a malicious link, they can take over and control all the data for an entire company. [Read more…] about The Ransomware Threat Is Growing – Here’s Why

Work From Anywhere: How A VPN Can Help You

Jason Cooley is Support Services Manager for Tech Experts.

Work. Most of us have to do it and, typically, we spend around a third of our lives doing it. While you are already dedicating a third of your life to your job, sometimes there is a need to get more work done.

The old statement that “there aren’t enough hours in the day” really applies to a lot of hardworking people who go above and beyond the expected contribution.

The dependency on technology is constantly increasing and, because of this, many of us have jobs that depend on computers.

Often, these jobs require us to be at work in our office, whether it be to run applications hosted on the work server or to access documents.

So, say you have a few extra hours of work to do. You need to use a program at your office or maybe just some stored documents. Now, you have to go in to the office on a day off… unless you have a VPN setup.

What is a VPN?
VPN stands for Virtual Private Network. The internal network at your office would be considered a private network.

The IP addresses are not broadcasted for everyone to see and there is almost certainly some sort of security device keeping unwanted traffic out.

With a VPN, it creates a tunnel from your computer to your office, creating the illusion that you are actually inside that private network.

The VPN program will put your computer on the network virtually, hence the name Virtual Private Network.

The concept of a VPN and how it works is fairly straightforward. You may be asking yourself how safe it is. A VPN is typically viewed as one of the best layers of protection, not just for connecting to a network offsite, but for also hiding the data transmitted while doing so.

In theory, data transmitted over a VPN cannot be accessed or intercepted. This is why a VPN is viewed as a simple and safe way to access your private network, as well as to browse the Internet privately (private does not mean anonymous).

What are all the things a VPN can do for you?
A correctly configured VPN can put you on a network from anywhere where you have an Internet connection.

With a VPN setup, you can now work on those documents. You can use your software that is only available in the office where the database is hosted. You can even send print jobs over the VPN to a printer in your office. A fellow staff member needs a document printed and you are at home? No problem, you can send the request just like you were at your desk.

Who needs a VPN?
While a VPN doesn’t benefit everyone, it sure can make your life a little easier if you’re a road warrior, and maybe even score you some more time at home.

The cost and setup of a VPN is not at all daunting, making it a viable option for anyone with a need to access files and programs they normally couldn’t without being in their office.

Attackers Embed Malware In Microsoft Office Documents To Bypass Browser Security

Chris Myers is a field service technician for Tech Experts.

Cyber attacks continue to increase at a rapid rate. In 2016, there were 6,447 software security vulnerabilities found or reported to authorities. In 2017, that number rose to 14,714, more than double the previous year. Halfway through 2018, we are at 8,177 with no signs of slowing.

One of the biggest avenues of attacks is Adobe Flash Player, which has been a leading source of vulnerabilities for over 20 years.

Modern browsers have been phasing out Adobe Flash over the past 5 years. In December 2016, Google Chrome completely disabled Flash Player by default.

Mozilla Firefox started to block the most vulnerable parts of Flash Player by default in 2016 and 2017.

The latest Flash Player vulnerability, designated CVE-2018-5002 by Adobe, aims to circumvent those browser changes by hiding the attack in a Microsoft Excel file, which is then distributed by targeted emails disguised as legitimate bulletins from hiring websites.

To hide this from anti-virus software, the hackers went another step further by not including the malicious code directly in the Excel file. Instead, they just embed a small snippet that tells the file to load a Flash module from somewhere else on the Internet. Due to this, the file appears to be a normal Excel document with Flash controls to anti-virus applications.

CVE-2018-5002 is what’s known as a Zero Day vulnerability, which means it was used by attackers before it was discovered and patched.

This particular vulnerability appears to have been used in the Middle East already.

In one instance, businesses in Qatar received an email that mimicked “bayt.com,” a Middle Eastern job search website. The attackers sent the email from “dohabayt.com.”

With Doha being the capitol of Qatar, it was easy to assume that dohabayt was simply an extension of the main website.

However, a true branch of bayt.com, known as a subdomain, would be separated by a period like so: doha.bayt.com. Once the target was tricked into opening the email, they were directed to download and open the attached Microsoft Excel file named “Salaries.”

This was a normal-looking table of average Middle Eastern job salaries, but in the background, the attack was already going to work.

How To Avoid Being Infected
The fake email scenario described above is known as phishing. Phishing is the attempt to disguise something as legitimate to gain sensitive information or compromise their computer.

The word phishing is a homophone of fishing, coined for the similarity of using bait in an attempt to catch a victim.

The attack described above was a type of phishing known as spear phishing, where the attacker tailored their methods specifically to the intended victim.

They disguised the email as a local site used for job or employee hiring, and the file as a desirable database of salary information.

Phishing emails are most easily identified by checking the sender’s email address. Look at the unbroken text just before the “.com”.

If this is not a website known to you or if it contains gibberish such as a random string of numbers and letters, then the email is almost always fake.

While the attack above was sophisticated, most phishing emails simply try to trick the user by saying things like “Your emails have been blocked, click here to unblock them” or “Click here to view your recent order” when you did not actually order anything.

Always be vigilant. When in doubt, forward the email to your IT department or provider for them to check the email for viruses or other threats.

How Can You Improve Your Online Privacy?

Frank DeLuca is a field technician for Tech Experts.

You have probably heard about the myriad of security blunders that have plagued the business and IT worlds. We’ve seen considerable security and privacy miscues from some of the world’s biggest businesses, organizations, and government agencies.

This includes data breaches, attacks from hackers, privacy concerns, and theft where massive amounts of private user data were lost and/or misplaced. If major institutions can fall victim to these privacy and security lapses, then so can individuals and society at large.

The Internet can certainly be a scary, confusing place, especially for the uninitiated, but there are many ways in which you can protect yourself, mitigate risk, and increase your privacy while having an online presence.

Use Strong Passwords For Your Sensitive Accounts
Using strong, unique passwords (symbols, long phrases, capitalization, punctuation) can help you avoid that gut-wrenching feeling that you get when you realize that someone has hacked your account and has access to your personal information. Not knowing what’s going to happen to your work or your memories is something no one wants to experience.

Creating strong and unique passwords for each of your online accounts is a smart practice. The reason is quite simple: if one of your online accounts is hacked, then the others will soon follow. Consider a password manager like LastPass or Keeper to create, store, and manage your passwords.

Don’t Allow Or Accept Cookies From Third Parties
The purpose of the computer cookie is to help websites keep track of your visits and activity for convenience. Under normal circumstances, cookies cannot transfer viruses or malware to your computer.

However, some viruses and malware may try to disguise themselves as cookies, replicating after deletion or making it easier for parties you can’t identify to watch where you are going and what you are doing online.

Because cookies are stored in your web browser, the first step is to open your browser. Each browser manages cookies in a different location. For example, in Internet Explorer, you can find them by clicking “Tools” and then “Internet Options.” From there, select “General” and “Browsing history” and “Settings.”

In Chrome, choose “Preferences” from the Chrome menu in the navigation bar, which will display your settings. Then expand the “Advanced” option to display “Privacy and security.” From there, open “Content settings” and “Cookies.”

Use A VPN Or VPN Provider
A virtual private network, or VPN, can help you secure your web traffic and protect your anonymity online from snoops, spies, and anyone else who wants to steal or monetize your data.

A VPN creates a virtual encrypted tunnel between you and a remote server operated by a VPN service. All external Internet traffic is routed through this tunnel, so your data is secure from prying eyes. Best of all, your computer appears to have the IP address of the VPN server, masking your identity.

To understand the value of a VPN, it helps to think of some specific scenarios in which a VPN might be used. Consider the public Wi-Fi network, perhaps at a coffee shop or airport.

Normally, you might connect without a second thought. But do you know who might be watching the traffic on that network? If you connect to that same public Wi-Fi network using a VPN, you can rest assured that no one on that network will be able to intercept your data.

Additional tips: keep your Windows operating system and your applications such as Microsoft Office up to date at all times, don’t post private information on your social media accounts, and use browser ad/tracking blockers.

Time-Saving Tricks for Microsoft Outlook 2016

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Microsoft Office 365 offers a number of useful tools for today’s busy professionals including some new shortcuts for Outlook 2016. With so many companies now using Outlook as their major email program, Microsoft works to improve its operation with each annual update.

A number of the great features in this program are also found in other MS Office programs. For instance, if you’re familiar with Word, then learning how to use Outlook will be much simpler.

New Changes for Outlook 2016
Using Outlook 2016, you can do a lot more than send and receive emails. You can also manage your calendar, set appointments, schedule meetings, and create/ manage groups.

In addition to being able to set up various types of groups, you can set up groups in Yammer. Yammer has become a central place where teams can exchange files, get updates and have conversations with others. [Read more…] about Time-Saving Tricks for Microsoft Outlook 2016

Network Security: What Does Your Firewall Do For You?

Jason Cooley is Support Services Manager for Tech Experts.

“Security.” It’s a word that we are all familiar with, but it can have many different meanings depending on context. Security to people nearing retirement age may mean financial security for their future.

At a large event like a concert, it could mean both security guards and the overall security of the event.

However, as time goes by, the word security has become increasingly related to the digital world.

Using the Internet to pay bills, access banking information, or even applying for loans is commonplace. We must be prepared to protect our identity and personal information.

Now, whether you are talking about your home or your business, network security starts with a firewall.

So what is a firewall?

A firewall, in terms of network security, can be a physical device that your incoming and outgoing data is routed through. It could also be a program on your device that can strengthen and supplement your devices’ security.

Both of these have different capabilities and purposes and can be used individually or together.

While there are different types, their essential function is the same. A firewall is put in place to allow or deny traffic, based on a set of security rules.

In a business setting where many staff members use a computer daily, a firewall can be put in place to block unwanted traffic.

A simple security rule to check for secure certificates can stop unwanted traffic easily.

Websites have security certificates, so when you access a page, your firewall can check the certificate. If the certificate is digitally signed and known as trusted, the firewall will allow traffic to proceed.

Search results can often display links of potentially harmful websites.

A firewall adds a layer of security making sure your employees don’t accidently find themselves on a website that could compromise your network.

This same principle works for home networks and can allow you to set some security rules. These rules can be put in place to help keep Internet usage safe, especially with children around the house. A firewall can also block certain content.

In an office setting, you could turn off access to social media to stop staff from accessing sites that aren’t needed to complete work.

It can block certain search engines and even limit the use of unsecure versions of websites.

At home, you can block content from websites you don’t want your family to have access to.

There is also the option of having active network times. You can have your Wi-Fi network only active during business hours, keep your kids off their devices at bedtime, or limit access to certain days.

There are many other things that your firewall can do to help keep your network safe.

Keeping your network secure has the potential to save you thousands of dollars, depending on the number of devices and your dependency on those devices.

Safety and security always has a high value to you. It can also help you rest easier knowing that either your business, or your family, is a little bit safer.

53% Of Businesses Have Publicly Exposed Cloud Services

Chris Myers is a field service technician for Tech Experts.

Malware comes in many different forms and is used by hackers in a number of different ways. It can be used to steal information, locate vulnerabilities in your IT systems for a secondary attack, or simply to cause damage.

There are countless hackers out there just waiting for your business to leave your data vulnerable. With the introduction of the cloud, you felt a bit more secure and slept slightly better at night – but now, it seems that was precisely what hackers wanted us to do.

A recent Cloud Security Trends study found that 53% of businesses using cloud storage accidentally expose their data to the public. This is like securing your whole house, locking all doors and windows, and then going to sleep with the garage wide open.

This doesn’t just point the finger at small businesses either. The study showed that even big-name companies such as Amazon Simple Storage Service (Amazon S3) had inadvertently exposed one or more of these services to the public.

The scary thing is that the previous survey showed this was occurring only 40% of the time. Now, this number has grown to 53%.

This study was conducted in 2017 between the months of June to September. Within those two months, they found that businesses are not only exposing their own data but they are also neglecting vulnerabilities in their cloud. When you ignore these things, you put not only your customers at risk but also the livelihood of your company as well.

What Are You Exposing?
The report shows that businesses weren’t solely leaking data such as customer information, but incredibly dangerous information such as access keys and other private data as well.

These cyber-attacks commonly expose data such as personal health information, financial information, passwords and usernames, trade secrets, and intellectual property. With two million new malware attacks launching every day, it’s more important than ever to stay in a constant state of vigilance.

Ignoring Vulnerabilities
A common misconception is that it’s the service provider’s responsibility to keep cloud data safe – this is not true. Most of the damage caused by ignoring vulnerabilities can be prevented by training.

If your staff is trained to recognize weaknesses, then they can be more proactive in fighting against them. More than 80% of businesses are not managing host vulnerabilities in the cloud. Vulnerabilities include insufficient or suspicious credentials, application weaknesses, and inadequate employee security training.

Complex Attacks
Not all the attacks and vulnerabilities are the fault of the business. Some of these attacks are far more complex than most businesses are prepared for, including big-name companies. These sophisticated attacks not only know and bypass the company’s vulnerabilities but also various application weaknesses.

What Can You Do About It?
The first action you can take against attacks is recognizing suspicious IP addresses. Have a policy in place for identifying, flagging, and isolating suspicious IP addresses. Spending a few extra minutes of your time could save months of recovery and downtime.

It’s important to pay attention to mistakes that others have made so you don’t suffer the same consequences. Be sure to train and certify the IT staff you already have. Cyberattacks are guaranteed, but what isn’t guaranteed is how prepared your business is to thwart off those attacks.

Google Study Reveals Phishing Attacks Are The Biggest Threat To Web Security

A recent study by Google and UC Berkeley suggests that cyber thieves are successfully stealing 250,000 valid usernames and passwords every week.

The study, which was based on 12 months of login and account data that was found on criminal websites and forums, aimed to ascertain how the data had been hacked and the actions that can be employed to avoid criminal activity in the future.

Google claims the research is vital for developing an understanding of how people fall victim to scammers and hackers and will help to secure online accounts.

The research found that, over a 12-month period, keyloggers (programs that monitor every keystroke that someone make on a computer) stole 788,000 account credentials, 12 million were harvested via phishing (emails or phone calls that con people into handing over confidential data), and an incredible 1.9 billion were from breaches of company data. The study found the most productive attacks for cyber-thieves came from phishing and keylogging. In fact, in 12%-15% of cases, the fraudsters even obtained users’ passwords.

Malicious hackers had the most success with phishing and were able to pick up about 234,000 valid usernames and passwords every week, followed by keyloggers who managed to steal 15,000 valid account details per week.

Hackers will also look to gather additional data that could be useful in breaching security measures, such as the user’s Internet address (IP), the device being used (Android versus Apple) and the physical location. Gathering this data, however, proved far harder for those with malign intent.

Of the people whose credentials were secured, only 3.8% also had their IP address identified, and less than 0.001% had their detailed device information compromised.

Google said in a follow-up blog post that the research would be used to improve the way it detects and blocks attempts to misappropriate accounts.

Historical data of the physical location where users logged on and the devices they used will increasingly be used as part of a range of resources that users can use to secure their accounts.

The research, however, did acknowledge that the account hacking problem was ‘multi-pronged’ and would require countermeasures across a number of areas including corporate networks.

Education of users is set to become a ‘major initiative’ as the research also revealed that only 3.1% of people whose account had been hijacked subsequently started using enhanced security measures such as two-step authentication (Google authenticator or a similar service) after control of a stolen account was regained.

The Latest Expansions To Office 365 Will WOW You!

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

The availability of productivity apps is astounding. Basic word processors that were the desktop staple haven’t been replaced, but have evolved from requiring installation from a CD-ROM to not even requiring a downloaded program file anymore!

Yes, Microsoft Word, the workplace word processing darling, is accessible online through subscription-based Microsoft Office 365, which has a multitude of integrated apps designed for the flexible workforce.

Create documents in Microsoft Word or spreadsheets in Microsoft Excel and save them to SharePoint or OneDrive, send emails through Microsoft Outlook, design innovative presentations with PowerPoint, and the list goes on.

The list of apps that integrate with Office 365 expands every day! Considering Microsoft Office 365 now includes Microsoft Teams and Microsoft Flow, the possibilities are incredible. If you’ve not yet experienced either of these apps, you’re truly missing out. [Read more…] about The Latest Expansions To Office 365 Will WOW You!

Internet Speed Loss: Get What You Pay For

Jason Cooley is Support Services Manager for Tech Experts.

Long gone are the days where you accepted the speed that your dial-up connection allowed.

I remember when 56k modems were exciting. I can easily recall my first cable Internet connection. It was a lightning fast 3mbps (megabytes per second, in case you were wondering).

With gigs and megs, people talk about data and speeds sometimes as if they are interchangeable. They aren’t. Let’s get that clarification out of the way.

Thanks largely to cell phone data plans, people think in terms of how many gigs they have. What that means is that you can transmit a certain amount of data during your monthly cycle, such as 10 gigs.

The megabytes per second phrase is used to describe the rate at which data transfers. This is your Internet speed.

So now that we know what we are talking about, let’s talk speeds and how to maximize them.

As I mentioned before, I remember getting a 3mbps connection. It was lightning fast compared to the dial-up connections that had been the standard.

As times change and technology becomes more demanding, old connection speeds just won’t cut it. Web pages become more complex and the amount of data transferred goes up as well.

In order to have the same type of experience and to avoid long loading times, expectations for higher Internet speeds continue to grow.

My home 25mbps connection came and went; now, I have speeds up to 150mbps. There are speeds much higher available, but before you go paying for more speed than you need, make sure you are getting what you pay for.

Running Internet speed tests is a good place to start. You can use a website, like speedtest.net, to check your upload and download speed, as well as ping.

Ping is used to measure latency, or what you may classify as lag. Ping is typically measured in milliseconds and is the measured response time after sending out a request on the Internet.

The download speed is the number typically advertised and the number that is most important to your connection. So you pay for 150mbps. You run a speed test over Wi-Fi and you are only getting 80mbps. What could be the cause?

First, the best way to test your speed would be over an Ethernet cable directly connected to your modem or router. Check your speed over a wired connection to rule out any loss caused by the modem.

If you are experiencing lower than expected speeds while wired to your modem, you may need to contact your service provider. If you are getting the correct speeds while wired, there are a few possible causes.

The most likely culprits of speed loss are the devices between your modem and computer or other device. Wi-Fi and regular routers, especially those that are a little older, often have a maximum speed set at 100mbps. You may even see 10/100 on the router, indicating its 100mbps speed.

Having one of these devices is going to cost you one-third of your potential speed whether you are wired in or not.

Having quality devices to distribute your connection is as important to speed quality as the connection itself.

There are many other factors that can contribute to speed loss. Too many Wi-Fi networks in close proximity can even cause interference. While the possible causes of speed loss can vary, one thing that does not change is that you want to get what you pay for.