TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

How An End User Might Accidentally Undermine Your Security

Michael Menor is Vice President of Support Services for Tech Experts.

If you’re like every other small business out there, you know that the more employees you hire, the more technology that you have to procure. However, when you have more end-users, you provide more avenues for threats to slip into your network infrastructure unnoticed.

When all it takes is one simple mistake from a single end-user, how can you minimize the chances of falling victim to an untimely hacking attack? We’ve put together a list of honest mistakes that any end-user can make – and how they can be prevented.

Clicking on malicious links
With so much information on the Internet, it’s easy for an employee to search through countless pages without any regard to the sites and links that they’re clicking on.

You need to emphasize the importance of safe browsing, including double-checking the destination of a link before clicking on it. You can do so by hovering over the link and looking in the bottom-left corner of your browser.

Using weak passwords
Employees frequently use passwords that aren’t strong enough to keep hackers out. Often times, they’ll simply use something of personal significance, like the name of their pet or a specific date.

This isn’t the right way to approach password security. Instead, users should attempt to put together passwords that are private, randomized strings of numbers, letters, and symbols.

Losing unencrypted devices
It’s not unheard of for an employee to use company devices in public places. If they accidentally leave their smartphone on the bus or their tablet on a park bench, there’s always the risk that it can be stolen.

Unless you practice proper encryption protocol, any information available on the device can be accessed by the person who finds it, be it a good Samaritan or a tech-savvy thief.

Implementing unapproved solutions
Some employees simply prefer to use solutions that aren’t provided by the company to get their work done. The problem here is that the employee is moving forward without consulting IT about it and that your data is being used in a solution that you can’t control.

Plus, if the employee is using free or open-source software, these often come bundled with unwanted malware that can put your data in even greater peril.

Personal email use
It’s one thing to check your personal email account while at work, but another entirely to use your personal email account to perform work purposes.

As the recent debacle with Hillary Clinton shows, people don’t take kindly to sensitive information being leaked via an unsecured email server that their organization has no control over.

Add in the fact that personal email accounts are often not as secure as those in a professional productivity suite and you have a recipe for disaster. You need to reinforce that your team should keep their work and personal email separate.

Leaving workstations unattended
Besides the fact that some tech-savvy employees are practical jokers, it’s a security risk to leave a workstation unlocked and unattended for long periods of time.

Imagine if someone from outside of your organization walked into your office and accessed confidential files without authorization; that’s on the employee who got up and left the device unattended.

Encourage your employees to always log off of their workstations, or at least lock them, before stepping away from it. User error is a primary cause for concern among businesses, but it can be mostly avoided by providing your staff with the proper training. For more information on IT best practices, give us a call at (734) 457-5000.

Technology Considerations When Moving To A New Office

Michael Menor is Vice President of Support Services for Tech Experts.

Moving your office is never an easy task. You have to move furniture, personal objects, and above all else, your technology infrastructure. There’s nothing simple about moving your office’s technology, but it’s still nothing to get worried about. That’s why we’re here to help – from suggesting the optimal network cabling, to the proper deployment of new and improved technology solutions.

For example, let’s take a look at your office. You have a certain number of workstations, one for each of your employees. These workstations need to be connected via cable to your business’s network. Otherwise, your team could go without required software, data, and other important resources. Your cabling infrastructure could quickly grow to be uncontrollable, especially if you don’t approach your cabling procedures correctly.

[Read more…] about Technology Considerations When Moving To A New Office

Do You Have Internet Privacy At Work?

Luke Gruden is a help desk technician for Tech Experts.
Sometimes, when there’s a break or the work day is slow, it can be tempting to check on a couple different websites. In doing this, would anyone know what websites were visited? Other than the people around, who else would know what sites might have been visited? It may come at a surprise that there could be many different people later on – or even immediately – that find out about the websites that were visited.

It is common for workplaces to have a firewall that prevents certain websites from being visited. Along with blocking certain websites, firewalls usually keep track of all the different websites that have been visited and by who.

Any time a website is visited that has been blacklisted (blocked), this usually triggers an alert to the IT department or management, so they can look over who tried to connect to a blacklisted site. From there, if IT or management feel it is necessary, they could look over the entire history of websites that were visited by a user or a group of users.

Now, let’s say for some odd reason that the business does not have a firewall or other device that keeps records of websites visited – could websites that were visited still be discovered?

Well, the computer someone uses also keeps records of websites that they have been visiting, which can be accessed by IT.

Some clever users might be able to remove their footprints from their workstation computer, but they may not have access to something like that.

There is another way that websites visited from a workplace can be tracked without a firewall or looking into the computer files.

If the websites visited warrant any legal action or an investigation is happening at the company, the ISP (Internet Service Provider) can release any and all records of websites visited and exact information of what was done. There is no way to get around this as you need an ISP to use the internet.

There are even more ways to find out what websites are being visited than what was mentioned here. In short, if someone at the office is using the work Internet, it is more than possible that every website visited is being kept track of in one way or another.

If you follow the rules of your workplace and visit only the type of websites allowed by the work place, you shouldn’t have much to worry about. As a rule of thumb, you should only visit sites and do things that you don’t mind the public or workplace knowing about. If you ever see “NSFW” (Not Safe for Work), do not visit or have anything to do with it while on the work Internet.

Only surf the Internet when you are allowed to surf the internet. Don’t visit websites or open emails where the main site or email sender is unknown. With these tips in mind and a better awareness of how a person can be tracked on a business network, you can make better choices while on the company’s Internet.

Why Do I Keep Seeing The Same Ads On Multiple Websites?

This is the result of an online advertising approach known as site retargeting which tracks your online behavior to offer you targeted advertising. At first glance, this may seem like it is posing a security threat, but there are assurances that tracking is done anonymously.

Site retargeting is based on a pretty simple concept. Whenever you visit a website that may want to show you an advertisement, it puts a digital tag called a cookie on your browser. Then, when you visit another site with an area to display paid advertising, the information on that particular and other tags is used to choose an advertisement you would likely be amenable to click or watch. The hope is that, while you may have missed an opportunity to purchase an item once, you may be more inclined to complete a purchase at a later date.

If you don’t appreciate being such a target for advertisers, there are ways to block and delete cookies and to stop ads from reappearing. To delete existing cookies on your browser, choose the option to delete cookies under the settings. Also, if you see an icon that says AdChoices next to recurring advertisement, you can click that icon to stop the reappearance of that particular ad. Most browsers also have a Do Not Track option in their settings, which prevents your browser from being tagged in the first place, but that also means you can’t save passwords or use other tools that are also dependent on cookies. You could also surf the web in private browsing mode (accessible through your browser’s settings) or use an ad-blocking service like Ghostery or AdBlock Plus.

Windows 10 Goes Back On The Shelf

Brian Bronikowski is a field service technician for Tech Experts.
While it was broadcast everywhere during the launch of the newest operating system from Microsoft, users of Windows 7 and 8.1 are nearing the end of the free upgrade period. The infamous “Get Windows 10” app has been hounding users for quite some time now and most will be happy to hear that it will be gone nearing the end of July.

That, however, is only after Microsoft ups the ante attempting to reach their goal of one billion Windows 10 devices within 2-3 years of launch. The question many users should be asking themselves is simple: what does this mean for me?

First and foremost is price. After July 29th, there will be no opportunity to obtain a free upgrade. Instead, home users will need to purchase a license for the new system that would run them $119.00. Businesses and those in need of a professional Windows license would look at a price tag of $199.00.

Neither of these seem like friendly numbers to your average user or business owner. Those who have upgraded and switched back to their previous operating system are in luck, however. Once upgraded, you obtain the Windows 10 key indefinitely. In the future, a fresh install of Windows 10 will automatically activate and update as per usual.

Before we get there however, we have one last hang-up from the software giant. It would seem that Microsoft wants to get as many free upgrades in the world as possible.

This is quite a feat when just over half of Windows-based computers are still running Windows 7. How do they plan access that user base? Automatic upgrades seem to be their answer.

While many have claimed to have experienced Windows 10 upgrading by itself, it seems to be a reality in the very near future. The actual update for Windows 10 comes through as any other update you may be familiar with.

The catch with 10 is that it was previously an optional update, yet Microsoft will be putting it in the “Recommended Updates” category. As such, many users will install the update files without their knowledge. In the meantime, the pre-mentioned “Get Windows 10” app will schedule the upgrade for them in a suspicious window. It looks similar to the previous screen but instead of having a cancel button, they have replaced it only with “OK”.

But what does a single button really cause? For some fast-paced users, they may misunderstand and click the new button thinking that it’s putting off the update.

Little do they know that within a day or two, they’ll find themselves mid-upgrade. There is one way around this once the update is scheduled: a link will appear on the same screen that will allow you to stop the automatic upgrade.

Microsoft leaves it to you to navigate to the link and pages beyond to stop your free upgrade. Luckily, the IT guys at Tech Experts are able to get past this or downgrade those that have recently updated against their will.

The lesson here is a plain one. Users need to keep a look out and understand what is happening to their PC if they hope to retain any control over it. Microsoft’s newest operating system does have many benefits and features that make it very appealing.

However, it isn’t for everyone. If you’re accustomed to what you’re using, the upgrade isn’t a necessity. That said, you should keep in mind that Windows 7 will experience end of life in 2020.

Another Major Ransomware On The Loose: Locky

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Ransomware, a virus that essentially holds a computer user’s data hostage for a monetary reward, isn’t a new threat. It is in fact, becoming more prevalent with an estimated 35% increase of attacks in the past year alone.

One of the newest forms of this virus is known as Locky, which finds its way onto unsuspecting users’ devices through vulnerabilities in the Adobe Flash Player. This ransomware was detected by Trend Micro, and the type of operating system used seems to have little effect on risk. Locky has infiltrated systems through Windows, Mac, Chrome, and Linux.

Many of the Locky attacks, however, have affected Windows 10 users who are unknowingly using outdated versions of the Adobe Flash Player. Anyone running the 20.0.0.306 or earlier versions of Flash is at risk of Locky taking over data and holding it hostage for payment.

Therefore, the simplest way for people to protect themselves from this new ransomware is to ensure they are running the most recent version of Flash.

To do this, access Flash content within your browser and right click on it. Then, choose “About Adobe Flash Player” to view which version is being used. Alternatively, users can visit the Adobe website, which can automatically detect the installed version and also offer the option to upgrade to the most current one.

Locky ransomware isn’t just spread through Adobe Flash. It also can find its way onto systems through attachments in spam emails. In this case, the emails have most frequently been distributed through the same botnet responsible for sending out the online banking malware Dridex.

While actual numbers for how many people have fallen prey to Locky infections are not public, security companies have revealed that the majority of the ransomware attacks have taken place in the United States, Japan, and France.

The amount demanded to remove Locky from affected devices is usually around $100, but security experts suggest not giving in to such demands. Instead, victims are advised to create a backup of files and seek help from your IT provider.

The best defense against such attacks, however, is in prevention. Regularly update your operating system and frequently used programs, never open suspicious emails, and only log in as an administrator on your computer system when and as long as you absolutely must to prevent hackers from intercepting your login credentials.

Major Password Breach Uncovered

Some people collect antique trinkets while others collect more abstract things like adventures. There’s someone out there, however, collecting passwords to email accounts, and yours just might be part of that collection. To date, it has been estimated that over 273 million email account passwords have been stolen by a person or entity now called “The Collector.” This criminal feat is one of the largest security breaches ever, and the passwords have been amassed from popular email services, including Gmail, Yahoo!, and AOL.

It is unclear exactly why “The Collector” has procured so many email passwords, aside from the fact that the individual is trying to sell them on the dark web. The puzzling part of this, however, is that the asking price is just $1. So, the hacker may only be seeking fame for achieving such a large-scale feat.

The email account credentials may have more value in being used in an email phishing scam, but it’s impossible to know the cybercriminal’s intentions as this point. While potentially having your email hacked doesn’t sound like that big of a threat, there are multiple ways in which this information could be used for harm.

The most notable risk is that the login information may be used to access other accounts; many people use the same username and password for their emails accounts as other ones, such as for online banking. So, there is far more value in this large collection than just the asking price of $1. To protect yourself, security experts advise you change your password immediately.

Protecting Your Business From DDoS Attacks

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

A Distributed Denial of Service (DDoS) attack prohibits access to a computer resource. This kind of assault rarely happens alone but rather occurs in waves once an attacker realizes they have been successful in the first attempt.

Using the same method of attack on a business’ computer system, such cyber-attackers can then overwhelm and suppress Internet facing websites and applications, which can greatly hinder the ability to conduct business as normal.

In order to safeguard against DDoS attacks, small businesses must first recognize they’re potential targets, especially since there has been a recent rise of such assaults on small businesses in the past year.

While the motivation behind such an assault can be difficult to understand, they happen for a wide variety of reasons. Attackers may seek to hold systems hostage in an extortion attempt, or the attack may not be motivated by the prospect of financial gain at all. [Read more…] about Protecting Your Business From DDoS Attacks

How Cloud Computing Can Benefit You

Michael Menor is Vice President of Support Services for Tech Experts.

Is your business using the cloud in 2016? If not, you should know that it’s a great tool that’s designed to help your business better manage its data and application deployment.

However, the cloud can be used for so much more and it’s quickly becoming an indispensable tool for SMBs.

Here are four ways that cloud computing is changing the way that small businesses handle their technology:

Data Storage
The cloud is a great way to share data among your entire organization and deploy it on a per user basis.

Businesses can store their information in a secure, off-site location, which the cloud allows them to access it through an Internet connection.

This eliminates the need to host your data internally and allows your employees to access information from any approved device through a secure connection, effectively allowing for enhanced productivity when out of the office.

Microsoft Office365
Access Office from anywhere; all you need is your computer – desktop, laptop, tablet, or phone – and an Internet connection.

Since the software is running in a data center, you just connect to the Internet to access the software.

Another benefit to this is that you have a central location for all your data. If you need to make a change to an Excel spreadsheet from your tablet and you share the file with your colleague, they will be able to view the changes that you just made.
Gone are the days of emailing files between members of your team and losing track of the most up to date file version.

Virtualization
The cloud can be an effective tool for virtualization, which is a great method for cutting costs for your business. By virtualizing physical IT components, you’re abstracting them for use in the cloud. This means that you’re storing them in the cloud.

Businesses can virtualize servers, desktop infrastructures, and even entire networks for use in the cloud. Doing so eliminates the physical costs associated with operating equipment, allowing you to dodge unnecessary costs and limit the risk of hardware failure. For example, you can deploy all of your users’ desktops virtually from the cloud so you don’t need to rely heavily on more expensive workstation technology and can instead use thin clients. Simply log into your company cloud and access all of your applications and data on virtually any Internet connected device.

Backup and Disaster Recovery (BDR)
A BDR device relies on the cloud to ensure quick and speedy recovery deployment. The BDR takes snapshots of your data, which are sent to both a secure, off-site data center and the cloud.

From there, you can access your data or set a recovery into motion. If you experience hardware failure, the BDR can temporarily take the place of your server, allowing you ample time to find a more permanent solution.

The cloud is crucial to the success of a BDR device, simply because the cloud is where the BDR stores an archive of its data.

Ransoming Your Business One Step At A Time

When it comes to business security, today’s climate is a careful one. It seems like every week the latest and most dangerous ransomware is coming for us.

These can come through a variety of ways, like employees, clients, and websites. The most recent threat we’ve seen is called Rokku. Built upon predecessors, it’s only the next step in the fight against business security systems. Ransomware is a dangerous thing. The main concept is a mix of fear tactics and file encryption. After the system is infected, the virus will normally lay dormant for a time.

Once every file is found and changed to an encrypted state, a message will display, stating the worst.

All of your files are locked until you pay whatever sum the developers demand. Once in this state, you are generally given only a number of hours before your files and content are deleted permanently.

In this instant, many people will jump up to pay for their files in order to save further expense and headache. Unfortunately, doing so rarely helps the issue.

After the ransom is paid, you are supposedly granted access to the files and everything continues on unhindered. That said, there are many times you can send the money in and receive nothing in return.

Your files will still have their encrypted extensions (e.g. *filename*.rokku) and you will be in an even bigger hole than before. Some of the older encryptions have programs made by third parties to help those infected, but this is also often not the case.

In the Rokku scenario, there is no progress made in decryption. No patterns have been found and files are completely distorted in comparison to their original state.

As if it isn’t already enough, there is still more to worry about. Rokku as well as other ransomwares will not stop at only the infected computer. Network shares are also subject to complete encryption.

In short order, your entire network is no longer your own. With this in mind, the question is simple. What can you do?

Ransomware is definitely a problem and is not going away anytime soon.

That said, there is more progress these days than when we first started seeing it pop up on systems. Using Rokku as an example, some newer versions are built off of older attacks.

As such, they can often follow the same patterns and can be taken care of. Anti-virus and anti-malware services are also more and more proactive against these threats.

User error can, however, still cause alarm and ruin things very quickly. Rokku and many of its predecessors are sent through email attachments. Once opened, they will start to run and everything will spiral downward from there.

It is important to know and keep others informed on basic safety practices when it comes to operating computers. Keep in mind to not trust strange sites, emails, or messages that you were not expecting or do not know the sender. Also, be aware of common spam signs.

Misspellings, exaggerated results, and poor grammar are often giveaways.

If you want to review your current computer climate, we recommend giving us a call. With preventive maintenance, business class protection, corporate antivirus, and monitors running to ensure a steady flow, we can ensure the safety and reliability of any network and the important files that it may contain.

The absolute best way to avoid a disaster such as Rokku and other ransomwares is to stop it before it happens.