TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Do You Have Internet Privacy At Work?

Luke Gruden is a help desk technician for Tech Experts.
Sometimes, when there’s a break or the work day is slow, it can be tempting to check on a couple different websites. In doing this, would anyone know what websites were visited? Other than the people around, who else would know what sites might have been visited? It may come at a surprise that there could be many different people later on – or even immediately – that find out about the websites that were visited.

It is common for workplaces to have a firewall that prevents certain websites from being visited. Along with blocking certain websites, firewalls usually keep track of all the different websites that have been visited and by who.

Any time a website is visited that has been blacklisted (blocked), this usually triggers an alert to the IT department or management, so they can look over who tried to connect to a blacklisted site. From there, if IT or management feel it is necessary, they could look over the entire history of websites that were visited by a user or a group of users.

Now, let’s say for some odd reason that the business does not have a firewall or other device that keeps records of websites visited – could websites that were visited still be discovered?

Well, the computer someone uses also keeps records of websites that they have been visiting, which can be accessed by IT.

Some clever users might be able to remove their footprints from their workstation computer, but they may not have access to something like that.

There is another way that websites visited from a workplace can be tracked without a firewall or looking into the computer files.

If the websites visited warrant any legal action or an investigation is happening at the company, the ISP (Internet Service Provider) can release any and all records of websites visited and exact information of what was done. There is no way to get around this as you need an ISP to use the internet.

There are even more ways to find out what websites are being visited than what was mentioned here. In short, if someone at the office is using the work Internet, it is more than possible that every website visited is being kept track of in one way or another.

If you follow the rules of your workplace and visit only the type of websites allowed by the work place, you shouldn’t have much to worry about. As a rule of thumb, you should only visit sites and do things that you don’t mind the public or workplace knowing about. If you ever see “NSFW” (Not Safe for Work), do not visit or have anything to do with it while on the work Internet.

Only surf the Internet when you are allowed to surf the internet. Don’t visit websites or open emails where the main site or email sender is unknown. With these tips in mind and a better awareness of how a person can be tracked on a business network, you can make better choices while on the company’s Internet.

Why Do I Keep Seeing The Same Ads On Multiple Websites?

This is the result of an online advertising approach known as site retargeting which tracks your online behavior to offer you targeted advertising. At first glance, this may seem like it is posing a security threat, but there are assurances that tracking is done anonymously.

Site retargeting is based on a pretty simple concept. Whenever you visit a website that may want to show you an advertisement, it puts a digital tag called a cookie on your browser. Then, when you visit another site with an area to display paid advertising, the information on that particular and other tags is used to choose an advertisement you would likely be amenable to click or watch. The hope is that, while you may have missed an opportunity to purchase an item once, you may be more inclined to complete a purchase at a later date.

If you don’t appreciate being such a target for advertisers, there are ways to block and delete cookies and to stop ads from reappearing. To delete existing cookies on your browser, choose the option to delete cookies under the settings. Also, if you see an icon that says AdChoices next to recurring advertisement, you can click that icon to stop the reappearance of that particular ad. Most browsers also have a Do Not Track option in their settings, which prevents your browser from being tagged in the first place, but that also means you can’t save passwords or use other tools that are also dependent on cookies. You could also surf the web in private browsing mode (accessible through your browser’s settings) or use an ad-blocking service like Ghostery or AdBlock Plus.

Windows 10 Goes Back On The Shelf

Brian Bronikowski is a field service technician for Tech Experts.
While it was broadcast everywhere during the launch of the newest operating system from Microsoft, users of Windows 7 and 8.1 are nearing the end of the free upgrade period. The infamous “Get Windows 10” app has been hounding users for quite some time now and most will be happy to hear that it will be gone nearing the end of July.

That, however, is only after Microsoft ups the ante attempting to reach their goal of one billion Windows 10 devices within 2-3 years of launch. The question many users should be asking themselves is simple: what does this mean for me?

First and foremost is price. After July 29th, there will be no opportunity to obtain a free upgrade. Instead, home users will need to purchase a license for the new system that would run them $119.00. Businesses and those in need of a professional Windows license would look at a price tag of $199.00.

Neither of these seem like friendly numbers to your average user or business owner. Those who have upgraded and switched back to their previous operating system are in luck, however. Once upgraded, you obtain the Windows 10 key indefinitely. In the future, a fresh install of Windows 10 will automatically activate and update as per usual.

Before we get there however, we have one last hang-up from the software giant. It would seem that Microsoft wants to get as many free upgrades in the world as possible.

This is quite a feat when just over half of Windows-based computers are still running Windows 7. How do they plan access that user base? Automatic upgrades seem to be their answer.

While many have claimed to have experienced Windows 10 upgrading by itself, it seems to be a reality in the very near future. The actual update for Windows 10 comes through as any other update you may be familiar with.

The catch with 10 is that it was previously an optional update, yet Microsoft will be putting it in the “Recommended Updates” category. As such, many users will install the update files without their knowledge. In the meantime, the pre-mentioned “Get Windows 10” app will schedule the upgrade for them in a suspicious window. It looks similar to the previous screen but instead of having a cancel button, they have replaced it only with “OK”.

But what does a single button really cause? For some fast-paced users, they may misunderstand and click the new button thinking that it’s putting off the update.

Little do they know that within a day or two, they’ll find themselves mid-upgrade. There is one way around this once the update is scheduled: a link will appear on the same screen that will allow you to stop the automatic upgrade.

Microsoft leaves it to you to navigate to the link and pages beyond to stop your free upgrade. Luckily, the IT guys at Tech Experts are able to get past this or downgrade those that have recently updated against their will.

The lesson here is a plain one. Users need to keep a look out and understand what is happening to their PC if they hope to retain any control over it. Microsoft’s newest operating system does have many benefits and features that make it very appealing.

However, it isn’t for everyone. If you’re accustomed to what you’re using, the upgrade isn’t a necessity. That said, you should keep in mind that Windows 7 will experience end of life in 2020.

Another Major Ransomware On The Loose: Locky

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Ransomware, a virus that essentially holds a computer user’s data hostage for a monetary reward, isn’t a new threat. It is in fact, becoming more prevalent with an estimated 35% increase of attacks in the past year alone.

One of the newest forms of this virus is known as Locky, which finds its way onto unsuspecting users’ devices through vulnerabilities in the Adobe Flash Player. This ransomware was detected by Trend Micro, and the type of operating system used seems to have little effect on risk. Locky has infiltrated systems through Windows, Mac, Chrome, and Linux.

Many of the Locky attacks, however, have affected Windows 10 users who are unknowingly using outdated versions of the Adobe Flash Player. Anyone running the 20.0.0.306 or earlier versions of Flash is at risk of Locky taking over data and holding it hostage for payment.

Therefore, the simplest way for people to protect themselves from this new ransomware is to ensure they are running the most recent version of Flash.

To do this, access Flash content within your browser and right click on it. Then, choose “About Adobe Flash Player” to view which version is being used. Alternatively, users can visit the Adobe website, which can automatically detect the installed version and also offer the option to upgrade to the most current one.

Locky ransomware isn’t just spread through Adobe Flash. It also can find its way onto systems through attachments in spam emails. In this case, the emails have most frequently been distributed through the same botnet responsible for sending out the online banking malware Dridex.

While actual numbers for how many people have fallen prey to Locky infections are not public, security companies have revealed that the majority of the ransomware attacks have taken place in the United States, Japan, and France.

The amount demanded to remove Locky from affected devices is usually around $100, but security experts suggest not giving in to such demands. Instead, victims are advised to create a backup of files and seek help from your IT provider.

The best defense against such attacks, however, is in prevention. Regularly update your operating system and frequently used programs, never open suspicious emails, and only log in as an administrator on your computer system when and as long as you absolutely must to prevent hackers from intercepting your login credentials.

Major Password Breach Uncovered

Some people collect antique trinkets while others collect more abstract things like adventures. There’s someone out there, however, collecting passwords to email accounts, and yours just might be part of that collection. To date, it has been estimated that over 273 million email account passwords have been stolen by a person or entity now called “The Collector.” This criminal feat is one of the largest security breaches ever, and the passwords have been amassed from popular email services, including Gmail, Yahoo!, and AOL.

It is unclear exactly why “The Collector” has procured so many email passwords, aside from the fact that the individual is trying to sell them on the dark web. The puzzling part of this, however, is that the asking price is just $1. So, the hacker may only be seeking fame for achieving such a large-scale feat.

The email account credentials may have more value in being used in an email phishing scam, but it’s impossible to know the cybercriminal’s intentions as this point. While potentially having your email hacked doesn’t sound like that big of a threat, there are multiple ways in which this information could be used for harm.

The most notable risk is that the login information may be used to access other accounts; many people use the same username and password for their emails accounts as other ones, such as for online banking. So, there is far more value in this large collection than just the asking price of $1. To protect yourself, security experts advise you change your password immediately.

Protecting Your Business From DDoS Attacks

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

A Distributed Denial of Service (DDoS) attack prohibits access to a computer resource. This kind of assault rarely happens alone but rather occurs in waves once an attacker realizes they have been successful in the first attempt.

Using the same method of attack on a business’ computer system, such cyber-attackers can then overwhelm and suppress Internet facing websites and applications, which can greatly hinder the ability to conduct business as normal.

In order to safeguard against DDoS attacks, small businesses must first recognize they’re potential targets, especially since there has been a recent rise of such assaults on small businesses in the past year.

While the motivation behind such an assault can be difficult to understand, they happen for a wide variety of reasons. Attackers may seek to hold systems hostage in an extortion attempt, or the attack may not be motivated by the prospect of financial gain at all. [Read more…] about Protecting Your Business From DDoS Attacks

How Cloud Computing Can Benefit You

Michael Menor is Vice President of Support Services for Tech Experts.

Is your business using the cloud in 2016? If not, you should know that it’s a great tool that’s designed to help your business better manage its data and application deployment.

However, the cloud can be used for so much more and it’s quickly becoming an indispensable tool for SMBs.

Here are four ways that cloud computing is changing the way that small businesses handle their technology:

Data Storage
The cloud is a great way to share data among your entire organization and deploy it on a per user basis.

Businesses can store their information in a secure, off-site location, which the cloud allows them to access it through an Internet connection.

This eliminates the need to host your data internally and allows your employees to access information from any approved device through a secure connection, effectively allowing for enhanced productivity when out of the office.

Microsoft Office365
Access Office from anywhere; all you need is your computer – desktop, laptop, tablet, or phone – and an Internet connection.

Since the software is running in a data center, you just connect to the Internet to access the software.

Another benefit to this is that you have a central location for all your data. If you need to make a change to an Excel spreadsheet from your tablet and you share the file with your colleague, they will be able to view the changes that you just made.
Gone are the days of emailing files between members of your team and losing track of the most up to date file version.

Virtualization
The cloud can be an effective tool for virtualization, which is a great method for cutting costs for your business. By virtualizing physical IT components, you’re abstracting them for use in the cloud. This means that you’re storing them in the cloud.

Businesses can virtualize servers, desktop infrastructures, and even entire networks for use in the cloud. Doing so eliminates the physical costs associated with operating equipment, allowing you to dodge unnecessary costs and limit the risk of hardware failure. For example, you can deploy all of your users’ desktops virtually from the cloud so you don’t need to rely heavily on more expensive workstation technology and can instead use thin clients. Simply log into your company cloud and access all of your applications and data on virtually any Internet connected device.

Backup and Disaster Recovery (BDR)
A BDR device relies on the cloud to ensure quick and speedy recovery deployment. The BDR takes snapshots of your data, which are sent to both a secure, off-site data center and the cloud.

From there, you can access your data or set a recovery into motion. If you experience hardware failure, the BDR can temporarily take the place of your server, allowing you ample time to find a more permanent solution.

The cloud is crucial to the success of a BDR device, simply because the cloud is where the BDR stores an archive of its data.

Ransoming Your Business One Step At A Time

When it comes to business security, today’s climate is a careful one. It seems like every week the latest and most dangerous ransomware is coming for us.

These can come through a variety of ways, like employees, clients, and websites. The most recent threat we’ve seen is called Rokku. Built upon predecessors, it’s only the next step in the fight against business security systems. Ransomware is a dangerous thing. The main concept is a mix of fear tactics and file encryption. After the system is infected, the virus will normally lay dormant for a time.

Once every file is found and changed to an encrypted state, a message will display, stating the worst.

All of your files are locked until you pay whatever sum the developers demand. Once in this state, you are generally given only a number of hours before your files and content are deleted permanently.

In this instant, many people will jump up to pay for their files in order to save further expense and headache. Unfortunately, doing so rarely helps the issue.

After the ransom is paid, you are supposedly granted access to the files and everything continues on unhindered. That said, there are many times you can send the money in and receive nothing in return.

Your files will still have their encrypted extensions (e.g. *filename*.rokku) and you will be in an even bigger hole than before. Some of the older encryptions have programs made by third parties to help those infected, but this is also often not the case.

In the Rokku scenario, there is no progress made in decryption. No patterns have been found and files are completely distorted in comparison to their original state.

As if it isn’t already enough, there is still more to worry about. Rokku as well as other ransomwares will not stop at only the infected computer. Network shares are also subject to complete encryption.

In short order, your entire network is no longer your own. With this in mind, the question is simple. What can you do?

Ransomware is definitely a problem and is not going away anytime soon.

That said, there is more progress these days than when we first started seeing it pop up on systems. Using Rokku as an example, some newer versions are built off of older attacks.

As such, they can often follow the same patterns and can be taken care of. Anti-virus and anti-malware services are also more and more proactive against these threats.

User error can, however, still cause alarm and ruin things very quickly. Rokku and many of its predecessors are sent through email attachments. Once opened, they will start to run and everything will spiral downward from there.

It is important to know and keep others informed on basic safety practices when it comes to operating computers. Keep in mind to not trust strange sites, emails, or messages that you were not expecting or do not know the sender. Also, be aware of common spam signs.

Misspellings, exaggerated results, and poor grammar are often giveaways.

If you want to review your current computer climate, we recommend giving us a call. With preventive maintenance, business class protection, corporate antivirus, and monitors running to ensure a steady flow, we can ensure the safety and reliability of any network and the important files that it may contain.

The absolute best way to avoid a disaster such as Rokku and other ransomwares is to stop it before it happens.

Do You Have A Blind Spot In Your Security?

Security is only as good as its weakest link — one blind spot and a company can be compromised. It is important that each aspect of a company’s security is understood and up to date.

With the following best security practices, it can be better understood what to be aware of and how to better advance a company’s security.

From remote hackers, to in-person social engineering, and even your own e-mail, there are different methods of attacks and means of defense to maintain a company’s integrity.

Physical Security
The basic defense that predates IT security is physical security. Locked doors, restricted access, and watch patrol are some of the oldest methods to prevent aggressive physical security breaches.

Technology has only made physical security even better with security cameras, alarm systems, RFID badges, and biometric systems that identify a person from their physical being. Having the appropriate physical security is key to preventing and deterring break-ins and stolen items.

Social Engineering
With the right words and story, some people gain access to compromising areas and information that can give a company a real bad time.

Without a physical break-in or even a computer, social engineering works against human psychology, finding the vulnerabilities of staff and workers to trick and deceive their way past security. The best way to defend from this is to have a strong and easily understood security policy that educates staff and workers not give out credentials and access to unauthorized personnel.

Phishing
Billions of emails are sent out every day — promising a vacation, warning people about their bank accounts, or asking for charity — that are entirely design to steal or compromise a person or company. Phishing targets everybody, asking for credit card numbers, asking a person to sign in to their account on a fake site, or taking something in other ways.

Do not open emails or download email attachments with suspicious or unknown origins. If an email looks odd or is too good to be true, call or check a website directly to confirm if an email is legitimate.

Clicking or falling for phishing could end with a stolen identity, stolen money, or a locked PC or network demanding ransom money. Be smart and wise about checking emails.

Hackers
There are people that spend most of their day trying to break security codes, finding software loop holes, and other abstract means to force their way through digital security to gain illegal access to computers.

There are just as many (if not more) people working together to prevent such people from ever gaining access with new security measures and patches. To protect a PC or a company from hackers, always update your security definitions on Windows and antivirus software. Knowing what software to trust and what updates are needed are important ensuring digital security. We at Tech Experts make it our business to keep digital security online and updated at all times, so that no one has to fall victim to the unseen security threat.

Being aware of these different security risk and knowing how to defend from them can give a strong basis in understanding and learning in what needs to be done to keep a company or person secure.

Security is always evolving and changing, but having a modern understanding with security in place can make the difference between a secure environment and a risky work place that could come to a grinding halt when security is breached. Be safe, be smart, and be productive with good security.

What Can I Do To Strengthen My Wifi Signal?

A weak WiFi signal in certain areas of your house could limit where you do your work and enjoy your entertainment activities, such as streaming films music or playing online games. This is actually a common issue with a couple of relatively easy fixes that will improve your wireless Internet connection throughout your house.

The first option is to replace the antenna on your router with a taller one. If your router has a built-in antenna, you can likely add an external one and see a marked increase in signal quality. There are two main types of antennae: omnidirectional and directional. An omnidirectional antenna transmits in all directions, while you can point a directional antenna where you need to strengthen the signal without making it easier for others to latch onto your WiFi. The other alternative to improve your wireless signal is to install a range extender, particularly if the area that requires the strongest signal is behind thick walls or is relatively small.