TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

HTTPS And Why The Internet Still Isn’t Secure

Frank DeLuca is a field technician for Tech Experts.

HTTPS stands for “Hyper Text Transfer Protocol Secure” and it is the secure version of HTTP, the protocol over which data is sent between your browser and the website you’re connected to.

Most web traffic online is now sent over an HTTPS connection, making it “secure.” In fact, Google now warns that unencrypted HTTP sites are “Not Secure.”

So why is there still so much malware, phishing, and other dangerous activity online?

“Secure” Sites Have a Secure Connection

In previous iterations of Chrome, it used to display the word “Secure” along with a green padlock in the address bar when you were visiting a website using HTTPS. Modern versions of Chrome simply have a little gray padlock icon next to the navigation bar, without the word “Secure.”

That’s partly because HTTPS is now considered the new baseline standard. Everything should be secure by default, so Chrome only warns you that a connection is “Not Secure” when you’re accessing a site over an HTTP connection.

The reason for the removal from displaying the word “Secure” is that it may have been a little misleading. It may have easily been misconstrued to appear like Chrome was vouching for the contents of the site as if everything on the page is “secure.” But that’s not true at all. A “secure” HTTPS site could be filled with malware or phishing attempts.

HTTPS Does Not Mean A Site is “Secure”

HTTPS is a solid protocol and all websites should use it. However, all it means is the website operator has purchased a certificate and set up encryption to secure the connection.

For example, a dangerous website full of malicious downloads might be delivered via HTTPS. The website and the files you download are sent over a secure connection, but they might not be secure themselves.

Similarly, a criminal could buy a domain like “www.bankofamerica.com,” get an SSL encryption certificate for it, and imitate Bank of America’s real website. This would be a phishing site with the “secure” padlock, but again, it only refers to the connection itself.

HTTPS Stops Snooping and Tampering

Despite that, HTTPS is great. This encryption prevents people from snooping on your data in transit, and it stops man-in-the-middle attacks that can modify the website as it’s sent to you. For example, no one can snoop on payment details you send to the website.

In short, HTTPS ensures the connection between you and that particular website is secure. No one can eavesdrop or tamper with the data in-between.

HTTPS Is An Improvement

Websites switching to HTTPS helps solve some problems, but it doesn’t end the scourge of malware, phishing, spam, attacks on vulnerable sites, or various other scams online.

However, the shift toward HTTPS is still great for the Internet. According to Google’s statistics, 80% of web pages loaded in Chrome on Windows are loaded over HTTPS. Plus, Chrome users on Windows spend 88% of their browsing time on HTTPS sites.

This transition does make it harder for criminals to eavesdrop on personal data, especially on public Wi-Fi or other public networks. It also greatly minimizes the odds that you’ll encounter a man-in-the-middle attack on public Wi-Fi or another network.

It’s still no silver bullet. You still need to use basic online safety practices to protect yourself from malware, spot phishing sites, and avoid other online problems.

Wannacry Ransomware Continues To Be A Problem For Some

It’s been almost two years since the outbreak of the Wannacry ransomware epidemic. Unfortunately, all this time later, some companies are still dealing with the fallout. According to the latest research, Wannacry is still infecting hundreds of thousands of computers around the globe.

WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting Windows computers, it encrypts files on the PC’s hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.

A number of factors made the initial spread of WannaCry particularly noteworthy: it struck a number of important and high-profile systems, including many in Britain’s National Health Service; it exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency; and it was linked by Symantec and other security researchers to the Lazarus Group, a cybercrime organization connected to the North Korean government.

As grim as that sounds, it’s not all bad news. After all, the malware has been rendered harmless by the now famous “kill switch” discovered by Kryptos Logic security researcher Marcus Hutchins, who found a glaring flaw in the design of the software. The flaw allowed him to register a domain and encode it with instructions that would keep the ransomware component of Wannacry from activating and actually encrypting files.

That, however, did nothing to get rid of the malicious code infecting legions of PCs around the world. Sadly, much of the code remains in place on infected machines, silently lurking in the background. Kryptos Logic is uniquely positioned to know, since they control the kill switch domain and have continued to monitor traffic to it since building the kill switch on it. To this day, their site continues to be pinged by new IP addresses as the now toothless infection continues to spread.

It’s not hard to see why the removal of a piece of malware that has been rendered suddenly toothless takes a lower priority for busy and often harried IT security professionals. Leaving the code in place on infected machines is not without risk, however.

It is possible, however unlikely, that the hackers who built the program to begin with could find a way to get around the kill switch. If that should happen, then we’ll be facing the full fury of the epidemic all over again, something no one in the field of digital security wants to contemplate.

The bottom line is simply this: If you were impacted by Wannacry when the outbreak initially occurred, it’s worth double checking to make sure that all traces of the malicious code are gone from your network.

Data Encryption – What You Really Need To Know

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

In today’s digitally driven world, far too many personal and business devices are left unsecured. These devices don’t leverage strong passwords and fail to have the encryption needed to protect vital data.

Whether companies choose to store data in public, private, or hybrid clouds, they should always ensure that the data is encrypted before it leaves their devices or networks.

Additionally, when employees think that “this data isn’t important,” they are creating the weak links that hackers need to successfully infiltrate a device (or network) and subsequently steal unencrypted data, upload malware attacks, and otherwise wreak havoc on unsuspecting businesses.

[Read more…] about Data Encryption – What You Really Need To Know

Back At It Again: Microsoft Suspends Windows Updates

Jason Cooley is Support Services Manager for Tech Experts.

Windows 10 was released in July 2015 and there were plenty of reasons to be excited. If you have been around for the last few versions of Windows dating back to Vista, you may have a love/hate relationship with Microsoft.

Windows Vista, for instance, was once known as the biggest failure Microsoft had experienced. That is, until Windows 8. Just using the adoption numbers, it’s clear that Windows 8 was the least successful OS that Microsoft has ever released.

So, Microsoft and their users had many reasons to be excited about Windows 10. Microsoft assured users that Windows 10 would be a return to the golden standard of Operating Systems: Windows 7.

As with all releases of a new operating system, there have been some issues. Some of these problems are indicative of a bigger problems while others are standalone issues.

With a myriad of different types of problems that have surfaced over the last couple of years, Windows 10 may be the most problematic OS of all-time.

Since launch, Windows 10 has had some very unusual problems. While it is almost expected for issues to arise with a new OS, the frequency and type of problems is what’s disturbing. The issues have ranged from broken drivers that leave devices nonfunctional to our latest and greatest issue: the deleted documents folder.

A few times a year, larger updates called “Feature Updates” are released. In April 2018, there was an update that would incorrectly create a duplicate of your documents folder. A lot of these folders were empty and had no real purpose.

At this point, Microsoft decided to implement a fix with their next feature update, due in October 2018. The “fix” would remove the duplicate folder.

There was one very large issue with this. The update did not check if the folder was actually empty before deleting it from your system. People all over began reporting the issue where, all of a sudden, their files were gone.

Once reported, Microsoft acted quickly to halt the update before further systems were affected. The update would still download but would not apply. It was necessary that the access to the update be stopped to save additional systems from data loss.

A strange side effect of the update being put on hold was the failure to apply the downloaded Windows updates.

This resulted in much longer shut down/restart times as the update would attempt to apply, then roll back once it failed. This also provided users with another reason to be frustrated.

The issues are now resolved. The fix has been implemented and there is no more possibility for further data loss.

For what it’s worth, Microsoft also asked for users who lost data to reach out, and they would try to recover it where possible.

It seems like the least they could do considering the issue was created due to poor planning, poor programming, or some combination of those.

When possible, look into deferred updates. Let the problems work themselves out before taking on the unnecessary problems.

Crypto Blackmail: How To Protect Yourself

Frank DeLuca is a field technician for Tech Experts.

A criminal contacts you over email or snail mail and insists they have a webcam video of you watching “unsavory” videos or evidence you cheated on your wife.

To stop the release of this compromising information and to make the problem go away, the criminal asks for digital payment in Bitcoin or another form of cryptocurrency.

You should never respond or pay. All the criminals have are empty threats and they’re just trying to trick you.

What is CryptoBlack Mail?

CryptoBlackmail is any sort of threat accompanied by a demand that you pay money to a cryptocurrency address.

Just like traditional blackmail, it’s a “pay up or we’ll do something bad to you” threat. The difference is the demand for payment in online currency rather than traditional hard (and traceable) cash.

Why cryptocurrency? It’s not possible to “undo” a transaction and it’s hard for the authorities to track down the owner of a Bitcoin address.

With cryptocurrency, the money is gone as soon as you send it.

Some examples of CryptoBlackmail:
– Physical mail saying “I know you cheated on your spouse,” and demanding payment in the form of Bitcoin to a specified Bitcoin wallet.

– Emails claiming an attacker has placed malware on your computer and recorded you in a uncompromising position, along with a video feed from your webcam. The attacker also claims to have copied your contacts and threatens to send the video to them unless you pay.

– Emails including a password to one of your online accounts along with a threat and demand for payment to make the problem go away.
The attacker just found your password in one of the many leaked password databases and hasn’t compromised your computer. Keep in mind that the criminals almost certainly cannot follow through on their threat and they probably do not have the information they claim to have. It is simply a numbers game.

For example, someone may just send emails saying “I know you cheated on your spouse” to a large number of people knowing that, statistically, some of them will be tempted to act.

The important thing to note is that this not a personally targeted attack. Unfortunately, the scammers do trick some people, which then perpetuates this ongoing CryptoBlackMail scam as an easy payday for criminals with little to no work involved.

How to Protect Yourself

Ignore the scammers. Delete and forget the scam. Don’t try to negotiate or even respond with the scammer. Don’t pay a single cent.

Don’t re-use passwords. If a criminal sent you one of your passwords, it’s likely that password was from one of many leaked password databases available online.

Change your passwords. If you’re concerned a criminal might have your passwords, you should change them immediately.

Get a password manager. They can help keep track of those unique passwords. They remember passwords for you, letting you use strong, unique passwords everywhere without having to remember them all.

Disable your webcam. If you’re really worried about someone spying on you with malware on your computer, you can just disable your webcam when you aren’t using it.

The most important thing to do — aside from never paying the scammers — is to ensure you aren’t re-using passwords, especially if they’ve already been leaked. Use strong, unique passwords and you won’t have to worry about password leaks. Just change a single password whenever there’s a leak and you are done.

Are Smartphones And Tablets Killing The Traditional PC?

In the early days of the Internet, there was only one device that enabled you to access it. That was the desktop computer.

Laptop computers have existed for as long as desktops have, but due to hardware limitations, they never really became a viable alternative.

In a technical sense, laptops are “mobile” devices, but still require the user to be seated to use. It hasn’t been until recently that we have seen truly mobile devices.

The Rise Of Smartphones
The first smartphone was invented in 1992, three years before the term “smartphone” even existed. It was IBM’s “Simon,” which was a cellphone with a monochrome LCD touchscreen and a stylus.

It was the first phone was able to send faxes, pages, and emails and it was even capable of running third party applications.

It came with built-in features that are so commonplace on today’s smartphones that most people take them for granted, such as a calendar, a notepad, a world clock, and a way to schedule appointments.

Simon didn’t sell well and its $899 price tag surely didn’t help move units either. For comparison, that’s the same purchasing power as $1607 in 2018.

It wasn’t until Apple’s iPhone in 2007 that the modern smartphone became mainstream. IBM was able to sell a total of 50,000 Simon smartphones over its entire lifetime, a number that is dwarfed by Apple’s 1.4 million iPhone sales in the first year of its existence.

The Aging Desktop
Hardware advancements in recent years have made smartphones powerful enough to perform all the basic functions that consumers were using desktops for in the early days of the Internet.

Smartphones are also priced lower than their desktop counterparts. Sure, if you compare the price of a brand new, top-of-the-line smartphone to a much more powerful desktop PC you may find that the desktop by itself is less expensive.

But for a desktop to function you also need peripherals like a monitor, keyboard, a mouse, speakers, etc. You also need a desk, a chair, a constant source of power, and, in most cases, an entire dedicated room. One could make the argument that you need to pay for a cell phone service to be able to use all the functions of a smartphone, but that isn’t much different than paying for an ISP.

Tablets
In 2010, Apple made yet another mobile device that would change the tech world forever: the tablet. Tablets are essentially large smartphones although they aren’t typically used to make phone calls.

Due to their size, they are capable of carrying stronger hardware than smartphones and they are easier to use as a practical tool in the workplace. There are even specialized “professional” tablets that are designed with detachable keyboards and Bluetooth mice that run the same operating systems that their desktop cousins do.

They weigh less than modern “lightweight” notebook laptops, and have the advantage of a touchscreen. Their functionality comes at a steep price though, and it’s one that will be felt by your wallet. Most “professional” laptops will cost even more than the most powerful desktops and laptops.

No Clear Winner
Each option has different pros and based on how you intend to use it. Although smartphones and tablets have been quickly taking over the home user market, almost all workplaces still use the desktop computer.

The price per performance ratio is still in the desktop’s favor. It could be a very long time before mobile devices gain the functionality of a desktop while matching their price.

Colorado Company Taken Down By Ransomware And What That Means for Your Business

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
According to Statista, there were 184 million ransomware attacks in 2017 and the average ransomware demand is over $1,000. Individuals, organizations, and companies have fallen victim to these attacks.

Most people recognize the fact that ransomware is a danger, but they may not realize that it can actually destroy their company.

The recent closure of Colorado Timberline after a ransomware attack is a solemn reminder of the seriousness of the dangers of ransomware.

What Happened to Colorado Timberline?
Colorado Timberline, a printing company in Denver, was forced to cease operations for an unspecified amount of time after a severe cyber attack. [Read more…] about Colorado Company Taken Down By Ransomware And What That Means for Your Business

Line Of Business Applications: Efficiency & Productivity

Jason Cooley is Support Services Manager for Tech Experts.
As someone who works with businesses of all types, I see a wide range of line of business applications in action on a regular basis.

Whether it‘s tracking inventory, calculating loan payments, estimating material cost for a construction project, keeping sales records, or preparing taxes, there is probably an app for that.

You may be wondering: what are line of business applications exactly? A line of business app is any application that serves a particular business need or assists with customer transactions in some way.

It differs from something like an email app, which could be considered a business application, but since it doesn’t apply to a specific industry or specific need, it wouldn’t be a line of business application.

For some people newer to the workforce, the days of old are never even considered. Remember when all restaurants used pen and paper to take orders?

The implementation of a point-of-sale system in restaurants eventually served as an all-in-one solution. Taking orders, keeping track of daily sales and cash totals, even inventory tracking and clocking in/out can be done all from the same program.

Tax preparation and accounting software, too, has come so far. Whether you have all internal or outsourced accounting, the days of having to do much more than signing the forms after printing are over. I’m not talking using an online tax prep program at home. I mean, large scale businesses filing end of the year taxes.

Keeping monthly ledgers, banking records for large corporations, strange tax situations, incomes from multiple states, and just about anything else can be found in good line of business tax and accounting software. So much of this information was only done on paper for so many companies not that long ago.

While many companies (particularly very small businesses) may not have the business scale to require this type of software, it’s time-saving and the accuracy assurance cannot be denied.

The examples above are just a few of many implementations of line of business applications and how they replace the ways of the past.

There are some free line of business applications out there and I am sure there are some that are acceptable for their purposes. But the adage is true: you get what you pay for.

Good corporate-level line of business applications often come with some costs involved. Whether that’s purchasing application licensing, paying a monthly or yearly usage fee, and for support for the applications, there will be an investment.

So how do you know if your investment will be worth it in the long run? How can you be sure using a new line of business app will be beneficial?

If you are looking for software to make your business operate more efficiently but have questions as to how the implementation will work or if the cost is worth the benefits, reach out to the software company.

In many instances, there will be trials or demonstrations available that you just have to inquire about. Emailing or making a phone call with specific questions can really help you have a more informed look at your upcoming investment.

If you are a business that uses a managed service provider, like Tech Experts, you should also interface with your IT provider. They may have insight from other clients or past experiences and should be a part of any technology change your business is looking into.

Your productivity and efficiency could be on its way up and, here at Tech Experts, we’d love to help you get there.

Wi-Fi 6: The Next-Generation Wireless Standard

Frank DeLuca is a field technician for Tech Experts.
Wi-Fi 6 (also known as 802.11ax) is the next-generation wireless standard that is faster than the current king, 802.11ac.

More than speed, it will provide better performance in congested areas, from stadiums to your own device-packed home. Fortunately, it’s coming soon, slotted for a 2019 release.

Wi-Fi will now have version numbers as well. Doing away with those confusing Wi-Fi standard names like “802.11ac,” Wi-Fi names will be replaced with user-friendly names like “Wi-Fi 5” and “Wi-Fi 6.”

Faster Wi-Fi
As usual, the latest Wi-Fi standard offers faster data transfer speeds. If you’re using a Wi-Fi router with a single device, maximum potential speeds should be up to 40% higher with Wi-Fi 6 compared to Wi-Fi 5.

Wi-Fi 6 accomplishes this through more efficient data encoding, resulting in higher throughput. Mainly, more data is packed into the same radio waves. The chips that encode and decode these signals keep getting more powerful and can handle the extra work.

This new standard even increases speeds on 2.4GHz networks. While the industry has shifted to 5GHz for less interference, 2.4GHz is still better at penetrating solid objects. And there shouldn’t be as much interference for 2.4GHz as old cordless telephones and wireless baby monitors are retired.

Longer Battery Life
A new “target wake time” (TWT) feature means your smartphone, laptop, and other Wi-Fi-enabled devices should have longer battery life, too.

When the access point is talking to a device (like your smartphone), it can tell the device exactly when to put its Wi-Fi radio to sleep and exactly when to wake it up to receive the next transmission.

This will conserve power, as it means the Wi-Fi radio can spend more time in sleep mode. And that means longer battery life.

This will also help with low-power “Internet of Things” devices that connect via Wi-Fi.

Better Performance in Crowded Areas
Wi-Fi tends to get bogged down when you are in a crowded place with many Wi-Fi enabled devices fighting to receive and send data. Picture a busy stadium, airport, hotel, mall, or even a crowded office with everyone connected to Wi-Fi.

The new Wi-Fi 6, also known as 802.11ax, incorporates many new technologies to help with this.

Wi-Fi 6 can now divide a wireless channel into a large number of subchannels. Each of these subchannels can carry data intended for a different device.

This is achieved through something called Orthogonal Frequency Division Multiple Access, or OFDMA. The Wi-Fi access point can talk to more devices at once.

The new standard also has improved MIMO, or Multiple In/Multiple Out.

This involves multiple antennas, which let the access point talk to multiple devices at once.

With Wi-Fi 5, the access point could talk to devices at the same time, but those devices couldn’t respond at the same time. Wi-Fi 6 has an improved version of multi-user, or MU-MIMO, that lets devices respond to the wireless access point at the same time.

This wouldn’t just apply to busy public places, but also at home if you have many devices connected to Wi-Fi or if you live in a dense apartment complex.

What Type Of Workstation Is Right For Me?

The average American spends just over 1800 hours a year working. For anyone who works in an office environment, this means a lot of sitting down and typing.

That type of sedentary work can lead to a number of health and comfort issues, not to mention productivity issues.

This means that picking an effective and comfortable workstation is absolutely necessary.

Getting Started
When choosing the right device for your workstation, there are a few things you should take into consideration.

First, you should decide what you will be using your workstation for and in what kind of environment. Will you be doing a lot of work from a central station or will you be out in the field? If you will be doing most of your work from one central location, a desktop computer offers the best price vs performance ratio.

Not to mention, the lifetime of a desktop usually outlasts other types of workstation devices. This is due to replaceable components and superior cooling solutions.

Stationary workstations are not always a viable option for all people, specifically people who spend most of their time moving from place to place on the job.

Someone who spends most of their time in the field would be best suited using a laptop or professional tablet.

Budget
One of the most important factors to consider when picking a workstation is how it fits into your budget. Less is often more when it comes to workstations, so you should always be trying to achieve the goals you set out for yourself in the most cost efficient way possible.

It is important that you purchase equipment that is going to perform well enough to complete the tasks you need it to, but any other additional features should be avoided to cut costs.

As mentioned earlier, desktop computers are the most cost efficient way to get work done around the office, so long as you’ll be staying there all day.

Comfort and Health
Who doesn’t want to be comfortable at work? Most of us spend a good portion of our lives working, so it is absolutely necessary to maintain a healthy lifestyle.

The easiest place to start is where you spend most of your day, sitting in a chair. The type of chair you use at work will greatly influence posture, comfort, alertness, and general wellbeing.

How can anyone get any work done if they are miserable and in pain all day? Make sure to pick a chair that has good lumbar support. Ergonomic options are always a plus.

Avoid unnecessary neck strain by keeping your eyes level with your monitor. Small details can also make a big difference, such as having a keyboard with negative tilt.

Negative tilt keyboards are designed to reduce wrist sprain, which is a huge plus for anyone who types all day. These keyboards can also help avoid carpel tunnel issues.

Conclusion
Your workstation is an essential part of your career. Balancing cost, comfort, usability and performance is the key to building the perfect workstation for you, your employees or clients. Cover your needs first, and then don’t forget to shop around for the best price available.