TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Helpful Tech Tips To Prevent Phishing

jared-stemeye
Jared Stemeye is a Help Desk Technician at Tech Experts.

Many of us have clicked on an email that appeared authentic, but was not. Those fortunate enough to identify any suspicious elements before an attachment is opened or a link is clicked are the lucky ones. But, sometimes, we don’t notice those little things and click things we shouldn’t.

These trick emails are one method of an effective scheme called phishing, run by cybercriminals to get information about you or your company. Even worse, this information is then bought and sold to the highest bidder to do with it as they wish.

At best, an ad agency might send some extra spam emails your way. At worst, your identity may be stolen or your company’s network may be left exposed for all sorts of trouble.

Fortunately, there are many things you and your workplace can do to avoid these phishing attempts.

Tips for Employers

Just asking employees to watch out for suspicious-looking emails doesn’t drive home the urgency of phishing.

Find recent news reports to share with your workforce. When an organization makes the front page for a data breach (usually because an employee opened an infected email), you can explain how something like that could happen to your organization. It’s well-timed, newsworthy, and will be on forefront your employee’s mind.

The best thing to do as an employer is to implement a program that encourages security awareness, education, and behavior modification.

Changing up how you deliver that message to employees can be quite helpful. Start with a monthly email, memo, or bulletin. Switch it up with in-person, individualized meetings. Using different approaches will help your message resonate with more employees. It is common to need to communicate a message multiple times for it to stick with everyone.

Tips for Employees

Social media can be your worst enemy. Social networks are abundant with personal information, putting it right at the fingertips of cybercriminals.

Do not post any birthdays, addresses, or any other personal information on these websites. We know many domain and personal accounts use these for passwords despite the easy availability. Even with privacy settings maxed, there is always a way for cyber criminals to obtain the information.

Additionally, cybercriminals are getting more creative, especially with phone numbers. It is becoming very common for criminals to call high-risk employees and ask for information. For example, some of these “phishers” will call and pretend they are from their company’s help desk and need to reset account credentials or “require verification” from the user.

When in doubt, don’t give anything out. If something seems off or you don’t know the person, ask for their contact information and look into it. In these cases, it’s better to be cautious than courteous.

Overall, phishing isn’t going anywhere and it should be incorporated into all online security training for workplaces. As long as people use social networks and email continues to be a primary workplace communication channel, phishing will be a top choice for cybercriminal’s data theft. Protect your business and your employees. You can always contact Tech Experts at (734) 457-5000 if you’d like an in-depth review of any suspicious email you may have received.

Improve Your Staff’s Productivity Using These Five Tips

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Increasing employee productivity is a positive approach for companies, regardless of the industry; however, the concept can be rather vague.

Productivity means more than just working to meet a given quality standard, therefore, it isn’t always immediately clear how to achieve optimum outcomes while maintaining standards and keeping your employees happy.

Here are a few concrete methods that can help your staff be more productive:

Block Certain Internet Sites

With the rise of social media, online gaming, and entertainment websites, there are many potential distractions on the web. Even if an employee is well-intentioned, there are plenty of well-designed trappings to keep them there, wasting your company’s time, Internet bandwidth, and, ultimately, money. [Read more…] about Improve Your Staff’s Productivity Using These Five Tips

What Is Credential Management And Should I Have It?

Ron Cochran is a senior help desk technician for Tech Experts.

In the world today, we have many things to remember and passwords are one of those. We have alarm codes, website logins, usernames, passwords, passphrases, bank account information, and everything in between. However, if you’re on top of your password game, then none of your passwords match and that can be quite the chore to keep up on.

This brings me to a product called Passportal.

Passportal eliminates the need to remember all those different passwords, websites, and passphrases. With Passportal, once you have your account set up – and have entered your websites, usernames, passwords, and passphrases – you will only need to remember one password to sign into anything. There is also an extension for one of the most popular web browsers.

Once you create your account with Passportal, you’ll be able to enter your website of choice, username, and password; then, when you revisit that site, you will be notified that Passportal has saved your credentials for that site. You’ll click one button and Passportal will automatically enter your information in, then you’re logged in to your favorite websites, social media, or message boards.

While it may sound like you’re putting all of your eggs in one basket, Passportal’s main focus is password security. The website, application, and process was created with military-grade password data security in mind while maintaining ease of use for the end user.

In the event of a mugging or break-in, you can lock your Passportal account and disable your usernames and passwords, instead of trying to remember everything you need to change. It’s one less thing to worry about when recovering from identity theft.

Let’s say your credit card and bank information have been compromised. Once you receive your new card and password, you revisit the website. Passportal remembers your password, but it doesn’t work. You will be able to seamlessly add the new password to the Passportal extension with just a couple clicks and keystrokes. Passportal has saved many users countless extra clicks, time, and hassle by keeping their valuable personal information secure.

If you are the owner of a company, you can utilize Passportal and have control over the passwords and when/if they expire. If you have an employee that quits or is terminated, you can lock that username out of your company information with just ONE click of a button. This feature saves valuable time that a human resource manager would have used to track down all the user information, gain access to their workstation or laptop, and remove their profile, or gain access to the server to remove their Active Directory profile.

Passportal also has two-way syncing with Active Directory for Windows Server. With Passportal, there is even a mobile app and phone number you can text to get a password reset. This feature will save employees who are locked out of their accounts – and allow your IT department to focus on more in-depth issues.

If you’re the human resource manager, general manager, or owner of a company, your company will most likely be able to benefit. Ask your IT department or managed service provider about Passportal and how you can implement it within your company.

Gone Phishing! How To Spot A Phishing Scam

If you are a user that has been around for a while, there is a pretty good chance you’ve been targeted with a phishing scam. You may have a long lost relative in another country who left you millions – and all the executor of the estate needs is your banking information to send you your inheritance! Or a prince of a small country is trying to move some of his fortune and escape to America – and if you can help, you will be rewarded!

These are some oldies-but-goodies, however phishing scams have and will continue to get better and smarter.

There was a time when phishing scams almost always came filled with poor grammar, spelling errors, and writing that just seemed a little off. While these still exist, things have become harder to detect.

These scammers are always looking for your personal information. There are a few ways they can do this, but most of them begin with email spoofing, where a sender will mask their actual email address with a familiar one.

If it isn’t a spoofed email, it may come from an address that is very close to that of a known and trusted sender. This could have an extra letter or even just a period to try to trick you into completing whatever task they are using in an attempt to get your information. This could be something as simple as a link to “family photo” or video and it could very well open your system to different vulnerabilities.

Something like a keylogger, a program that tracks your keystrokes, can be almost undetected while also gathering your online banking or credit card information.

Lately, phishers and scammers have pulled out all the stops. There have been cases where phishers will not only spoof an email, but also documents. These can look pretty real, so take a close look.

A new long-shot, big-payoff scam is to spoof an email address of a financial institution to try to intercept money from home purchases. This is done with forged documents and a fake email. While it’s a long shot for something that big to happen, do big business in-person or through trusted secure communications.

What to watch for:

When you have email communication from a known sender that doesn’t quite add up (or doesn’t sound like them), don’t assume they’re just having an off day. One example: if you know your family member shares all of their photos on Facebook, would they really email you a link with little to no writing in the email?

Any “company” asking for any personal information or passwords through email should also raise red flags. While this might seem obvious if the email address doesn’t match, a spoofed email address can make this trick easier to fall victim to.

Also, be wary of anyone asking for your bank account number via email. Even if it is legitimate, there are other ways to send this information. Protect yourself by choosing a more secure method of communication.

What to do:

If something seems off, research it. If you get a weird email requesting something or asking you to click on a link, don’t assume it’s safe. If it’s from someone you know, ask them if they did send it.

If you are the one “sending,” check your Outbox or Sent folder. This is a good indication if the email came from you or someone you know.

Windows 10 Creator’s Fall Update to Bring Hardened Ransomware Protection

jared-stemeye
Jared Stemeye is a Help Desk Technician at Tech Experts.

2017 has seen some of the most high-profile ransomware and cryptoware attacks to date. These incidents have demonstrated that these types of attacks can have catastrophic effects that reach far beyond the ransom demands paid to these attackers.

The cost of downtime and damage control multiplies quickly. Even more damaging is being impacted because critical infrastructure or health care services are unexpectedly unavailable for extended periods of time, consequently costing much more than any monetary value.

Microsoft has stated that they recognize the threat that these cybercrimes represent and have since invested significant yet simple strategies that are proving to be extremely effective as new attacks emerge. These new security features are now coming to all businesses and consumers using Windows 10 with the Creators Fall Update.

These advanced security features are focusing on three primary objectives:

  1. Protecting your Windows 10 system by strengthening both software and hardware jointly, improving hardware-based security and mitigating vulnerabilities to significantly raise the cost of an attack on Windows 10 systems. Meaning hackers will need to spend a lot of time and money to keep up with these security features.
  2. Recognizing that history has revealed vastly capable and well-funded attackers can find unexpected routes to their objectives. These latest security updates detect and help prevent against these threats with new advances in protection services like Windows Defender Antivirus and Windows Defender Advanced Threat Protection.
  3. Enabling customers and security experts to respond to threats that may have impacted them with newly updated tools like Windows Defender ATP. This will provide security operations personnel the tools to act swiftly with completeness of information to remediate an attack that may have impacted them.

Microsoft states this is a proven strategy that has remained 100% successful on Windows 10 S, the new secure version of Microsoft’s flagship operating system. Albeit, this version of the operating system does not allow any software from outside the Microsoft App Store to be installed.

Further, Microsoft states that even prior to the fall security updates rolling out, no Windows 10 customers were known to be compromised by the recent WannaCry global cyberattack. Despite this, Microsoft knows that there will always be unforeseeable exploits within their systems.

This is why the Windows 10 Creator’s Fall Update benefits from new security investments to stop malicious code via features like Kernel Control Flow Guard (kCFG) and Arbitrary Code Guard (ACG) for Microsoft Edge. These kinds of investments allow Windows 10 to mitigate potential attacks by targeting the techniques hackers use, instead of reacting to specific threats after they emerge.

Most importantly, Windows Defender security updates coming in this Fall will begin to leverage the power of the cloud and artificial intelligence built on top of the Microsoft Intelligent Security Graph (ISG) to promptly identify new threats, including ransomware, as they are first seen anywhere around the globe.

Though no exact date is set in stone, all of the amazing security updates detailed above will be available this Fall 2017 for free. For more information about the Creator’s Fall update beyond the security features, visit https://www.microsoft.com/en-us/windows/upcoming-features.

Is Your Network Due For A Security Audit?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Businesses always face security risks from a variety of different sources.

Performing a security audit can help you to identify where you have exposures, develop a better understanding of the security policies and controls you have in place, and catalog your IT assets.

This article presents a quick and simple guide to performing a robust security audit that will help safeguard your organization against risks.

Define the physical scope of the audit
The first major task involves determining exactly what you will audit.

For example, you may wish to focus on business processes, such as financial reporting, or asset groups, such as a specific branch office. [Read more…] about Is Your Network Due For A Security Audit?

Data Redundancy And Why You Should Have It

Ron Cochran is a senior help desk technician for Tech Experts.

Data redundancy is the making of an exact copy of the data that you are currently working with, in the event of a hardware failure, theft, or those pesky mistakes where you delete something that you really wanted.

What happens is you will have 1 or more hard-drives used for backups, housing those files that are kept nearly current. You will go through the steps to rebuild or restore the files or programs that were removed, then you will be back at the point you were at before the files were lost.

The above is extremely important when you are working with money or medical records. Let’s say you were working with a customer on their tax returns and your office experienced a power outage, which turns your computer off in the middle of saving data. A short while later, the power is restored and you turn your computer on and open the data to resume where you left off — and you find out that there is no record on your computer of your client and you start to panic.

If you had a redundant data solution, then you could restore the data, but if you didn’t, then you will need to call that customer and explain that they will need to bring all of that data back in so you can enter it into your system again. Now, consider how this customer could begin to think of you and your business.

If you have a safety net, you would follow the steps from your program and, in a short while, all of that data that you lost will be restored and you’ll be back at the point when the power went out, with all of your data intact. There are several different ways you can set up a system backup. One of the ways is to have more than one storage solutions to send data to.

With this solution, you will have more than one drive that is saving that information, which will do a couple of things. It will speed up the read/write times and you take less of a chance of losing more data. It’s always wise to have more than one solution for data recovery. You don’t want to wait until it’s too late and find out that in order to recover the data on your drive it’s going to be thousands of dollars.

You can have an image copy of your hard-drive made one time a day (or once a week or maybe twice a month) with a scheduled back up. You could have an application running in the background of your computer that would take up very few resources as it copies your data to a drive or an offsite storage facility.

We offer quite a few different data redundancy solutions to our clients. Those options range from on-site RAID drives to a cloud-based solution that is off-site. With either option, you can have a data backup or an image of your operating system — or even a direct mirror copy of your hard-drive in real time.

If you are worried that you might lose valuable information, then some sort of data redundancy is probably something you should be actively seeking. If you’re overwhelmed by the options and aren’t exactly sure which method would suit your business best, contact us and we can help you narrow it down, as well as provide a solution.

My Laptop Battery Doesn’t Charge Fully. What Could Be The Issue?

If your laptop has not fully charged after being connected to a power source for a prolonged period of time, you will need to conduct some basic troubleshooting activities to identify what is causing the problem. Try one of the options provided below to identify what is preventing your laptop battery from charging properly.

Verify that the AC/DC cable is in full working order
Remove the battery and plug the power adapter into the laptop to verify that the device can power without a battery source. If not, the AC/DC cable may be faulty. Purchase a new cable and try again.

Service the battery
Once you have verified that the AC/DC adapter is not the culprit, you will need to check that the battery is working properly. An old battery may be inefficient and may need replacing or servicing. If you’re using Windows, an application like BatteryCare can help you to identify the total capacity of the battery. Connect the device to power for two hours and monitor how this affects the battery power levels. If the total capacity doesn’t shift much, now would be a good time to get the laptop serviced. In some cases, you may need a new battery.

Check the charger board
If you replace the battery and have checked that the AC/DC cable is in full working order but continue to experience problems charging your laptop, it may be that the charger board is broken. If that is the case, you will need to arrange for your laptop to be professionally repaired by a qualified IT service company.

Working From Home: Can You Still Be Productive?

“There’s no place like home” rings very true for a lot of people. There is just a level of comfort at home that you can’t find anywhere else.

For me, some comfort is needed to really be efficient and most people probably work better when they are at least moderately comfortable, but is there such a thing as too much? I don’t mean only physical conveniences.

Don’t get me wrong, working from home sounds really great some days. You can multi-task and throw in a load of laundry, do some dishes, or work on something else to break up the day. Sounds good, doesn’t it? You are being really productive!

How much work are you getting done, though? These little side tasks add up. It’s just one of many distractions that can really impede your productivity.

Noise, household tasks, or maybe even other people being home while you are trying to work can make your ability to get things done a real challenge. When considering working at home myself, I have come to the conclusion that it just isn’t for me in most circumstances.

If you are putting in a traditional eight hour work day or 40 hour week at home, how much of that time is actually spent focused on your work? Personally, with a set task (or tasks) that need to be completed, success working at home would come much easier. While you are almost certain to run in to some distractions, having a set task to work on, even if it takes longer than it should, means you’re still being productive.

Let’s say you lose about five minutes an hour being distracted. Even those five minutes can easily add up to a ton of wasted time.

Over the course of a week, losing five minutes an hour adds up to two hours and 20 minutes a week.

Factor in that load of laundry, the 30 minute nap you took, or even just spending a little more time making lunch — we now have HOURS over the course of the week that are just lost time. If you struggle with working at home, there are a few methods of staying focused that help you change your brain from home mode to work mode.

For instance, fight the urge to work in your PJ’s and get dressed like you normally would for work. Also, designate a work space while at home, but change your surroundings every so often if possible to get out of the house, such as working from a café or the library.

Building a to-do list and developing strict work hours (if possible) and sticking to them helps as well. If you have children or a partner at home, you may also want to think about creating a “Do Not Disturb” sign for yourself to let them know that you should be left alone.

Not everyone falls into this category of losing time to distractions and, sure, some people can be very successful while working from home.

Others would be shocked to see how fast the five minutes here and there really add up. Just like every other aspect of life, there are all types of people, and you are all free to make your own decision about working from home.

Some of us (myself included) will stick to keeping our work at work and home at home.

Chrome: The New Standard Browser For Business

jared-stemeye
Jared Stemeye is a Help Desk Technician at Tech Experts.

Numerous enterprises still consider Microsoft’s web browsers as the standard browsers. On paper, Internet Explorer is venerability defined. However, the reality of such claims are a bit different, industry analysts argue.

“Microsoft retains a very strong relationship with [enterprise] IT,” says Gartner Technology Research analyst, David Michael Smith, in an interview. “Most enterprises still have a ‘standard’ browser, and most of the time, that’s something from Microsoft. These days it’s IE11. But we’ve found that people actually use Chrome more than IE.”

Smith, who was updating a 2015 research report on browsers in enterprise, was adamant that, at the time of forecast, Chrome was and still is the king.

“It’s the most-used browser in enterprise,” Smith discloses, referring to Google Chrome.

Internet Explorer still retains a sizable share – Smith calls it “a significant presence” – generally because it’s still essential in most companies. “There are a lot of [proprietary web software, portals, and] applications that only work in IE, because those apps use IE browser specific plug-ins,” Smith stated, indicating examples like legacy versions of Adobe Flash, Java, and Microsoft Silverlight.

“Anything that requires an ActiveX control still needs IE,” Smith concludes.

Many businesses have adopted the modern/legacy implementation strategy: keep the IE browser to handle older sites, services, and web apps, but offer a modern browser for everything else.

That approach lets employees access the old, but does not punish them with a rigid, sub-standard browser for general-purpose use. With this strategy Internet Explorer has played (and continues to play), the legacy role. All while, Chrome remains the most used browser in the world.

There are a few reasons why Chrome is widely used. Doing business on the go is becoming more and more common, even necessary. For that, Chrome boasts some of the best mobile integration available. With Google mobile apps offered on every major platform, it’s easy to keep your data in sync, so seamlessly browsing between multiple devices is easy.

Sign-in to your Google account on one device and all your Chrome bookmarks, saved data, and preferences come right along. It’s a standard feature you can find on other platforms, but Chrome’s integration is the best in the industry.

Secondly, Chrome is fast and light – and with a thriving extension library, it’s as fully featured or as trimmed down as you want it to be. Everything is right where it should be. Privacy and security controls are laid out and accessible while the browser gets out of your way when you need it to.

With all of this included, the most important of these reasons is Google’s announcement of a new Chrome Enterprise Bundle that is suggested to make integration and company standards compliance a breeze. It will help admins deploy and manage the Chrome browser across an entire company. It also provides admins a single installer for the Chrome browser and the Chrome Legacy Browser Support extension (for running an ActiveX widget and administrative policy templates).

Bottom line, Google is vying for the top spot in both consumer and enterprise browser usage, and they are doing a heck of a job achieving this goal. They have already managed to sideline Microsoft’s browser on its own OS, especially in cases where users are not on Windows 10, and don’t have access to “Edge”- Microsoft’s modern browser platform. The true king of business web browsers has become, and will remain, Chrome for the foreseeable future.