TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Social Media Hashtags: What Are They And How To Use Them?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

As we delve into our social media networks, like Instagram, Twitter, and Tumblr, it seems that hashtags – or little words and phrases preceded by the # symbol – are permeating everything in our feeds.

This cryptic little symbol can actually make it easy to categorize posts and search for similar content, but more and more people seem to be using it outside of that purpose, which creates confusion about this practice as a whole.

Unlike many internet crazes, the emergence of the hashtag can actually be traced to its very first Tweet.

Back in August 2007, Chris Messena, a former Google employee, wrote on Twitter: “how do you feel about using # (pound) for groups. As in #barcamp [msg]?” Granted, this single tweet didn’t revolutionize how we navigate social media all at once, but it eventually did catch on.

[Read more…] about Social Media Hashtags: What Are They And How To Use Them?

HIPAA Email Encryption Requirements

Michael Menor is Vice President of Support Services for Tech Experts.

Question: does the Security Rule allow for sending electronic patient health information (e-PHI) in an email or over the Internet?

Answer: the Security Rule allows for e-PHI to be sent over an electronic open network as long as it is adequately protected. The HIPAA Security Rule does not expressly prohibit the use of email for sending e-PHI.

However, the standards for access control, integrity, and transmission security require covered entities, such as insurance providers or healthcare providers, to implement policies and procedures.

These policies and procedures restrict access to, protect the integrity of, and guard against unauthorized access to e-PHI.

The standard for transmission security also includes addressable specifications for integrity controls and encryption.

By default, whenever you send or receive email, you must connect through the Internet to an email service provider or email server.

The reality is that most email service providers do not use any security at all. This means everything you send to or receive from your email service provider is unsecure, including your user name, password, email message, attachments, who you are sending to, and who you are receiving from.

It gets worse! Most email service providers connect to other email service providers without any encryption.
If the other party is not using a secure email service, their emails can also be compromised. So the email you send and receive through the Internet is wide open, unsecure, and can be intercepted and stolen by thieves.

This is one of the main causes for identity theft, spam, and PHI breaches.

According to the U.S. Department of Health & Human Services (HHS), “…a covered entity must implement an addressable implementation specification if it is reasonable and appropriate to do so, and must implement an equivalent alternative if the addressable implementation specification is unreasonable and inappropriate, and there is a reasonable and appropriate alternative.”

This basically states that encryption is required. If you choose not to encrypt your data, you must document, in writing, a reasonable explanation why you chose not to do so.

In the event of an audit, the Office for Civil Rights (OCR) will review your documentation and determine whether or not they agree with you. You’re required to encrypt PHI in motion and at rest whenever it is “reasonable and appropriate” to do so.

I’ll bet that if you do a proper risk analysis, you’ll find very few scenarios where it’s not. Even if you think you’ve found one, and then you’re beached, you have to convince the OCR, who think encryption is both necessary and easy, that you’re correct.

I have convinced myself and others that encryption is required by HIPAA.

Better safe than sorry, after all.

Top Signs Your Computer May be Infected

Scott Blake is a Senior Network Engineer with Tech Experts.

Ranging from minor spyware and adware to complete system lock-outs courtesy of ransomware, infections have become a standard in today’s high-speed electronic age.

Even when using the latest state of the art detection software, the most modern systems are prone to infection.

Some basic low-level forms of adware and spyware are add-ons called toolbars. A toolbar is an add-on to a web browser, putting another bar at the top of your browser window below the address bar.

They can come in several different forms and functions. Some are helpful and pose no threat to your system. Others serve as a reporting tool for the toolbar’s designer.

They can collect data on surfing habits such as websites visited and search topics used. This data is then transmitted back to the designer and sold off to advertisers who, in turn, use the information to start spamming you with their client’s websites and ads.

Building off of the spam generated from the data collected from the adware and spyware, you will start to see more and more pop-ups on webpages and possibly even on your desktop.

Sometimes, these pop-ups are harmless and very easy to remove, but more often, they are the beginning stages of an invasion of malicious programs.

The pop-ups use false and misleading information to scare the user into believing they are already infected and they need to download “their” software to clean the infections.

What ends up happening is that you think you are downloading one program to clean your system, but you are really downloading and installing additional programs in the background.

I have seen instances where one so-called program install downloaded nine additional programs in the background. None of the additional programs had anything to do with “cleaning” or “speeding” up your system. They just wreak havoc on your operating system.

Through these malicious programs, more dangerous infections can occur. High-risk level malware, trojans, and viruses become residents on your system.

From this point forward, you will start to experience extreme slowness or even a complete inability to browse the Internet. You will start to see an increase in spam email and email messages containing attachments or web links to strange web addresses.

The attachments are what you need to be very cautious about. A very high-risk level malware called Crypto is primarily transmitted through these infected attachments. Once infected, the Malware spreads though your system, encrypting all of your data.

After that, there is little hope of recovering any of your data.

Viruses, malware, trojans and malicious programs are lurking on the web at every turn.

The most important thing to remember is “knowledge is power.” Don’t fall victim to the overwhelming number of companies advertising that their products can and will clean your computer of these nasty bugs and speed up the performance of your computer at the same time.

The truth is that the vast majority of these companies will install a ton of “freeware” programs on your system that will bog down your CPU and eat up your memory resources.

Once these programs are installed, get ready for Pop-Up City. It turns into a giant game of Whack-A-Mole just trying to close all the windows and pop-ups generated by these programs.

Several of these programs will also inject a proxy server into your Internet settings. This will severely limit your Internet browsing and even redirect you to predefined webpages in an attempt to lure you into purchasing additional programs to remove the programs you already installed.

For additional information or if you think you may have a virus or spyware infection, contact Tech Experts at (734) 457-5000.

Is Skype For Business Right For Your Company?

Last month, Microsoft released its vision video preview for Skype for Business, which suggested some major changes to ways we currently conduct business.

The video shows a wrist-worn communication device that allows you to contact colleagues on the fly. It also illustrates how Skype can help people be virtually present in the office while actually working in the field.

Skype-powered technology can integrate data into one space and share it on a big screen to facilitate brainstorming, can instantly translate speech into a number of languages, and even simulate a doctor’s house call – if what is depicted in the preview becomes a reality.

Really, nothing in Microsoft’s Skype for Business preview is all that far-fetched. Skype has already drastically changed how people keep in touch on both business and personal levels.

Presently, you can video chat with anyone, anywhere to conduct interviews or meetings. It’s not that big of a leap to envision using Skype to do these same things in the great outdoors or to integrate it with web searches and data files. The basic technology is already there; the vision video just shows some tweaks and new exciting applications.

The possibilities illustrated in the preview video highlight Microsoft’s mission to develop cross-platform technology that increases productivity.

While Skype for Business may not initially perform as seamlessly as the video leads us to believe – especially when real-time translation has yet to be perfected – there are products already advertised that do similar things.

Microsoft’s Surface Hub combines Skype with an 84-inch touchscreen display, and the HoloLens promises to take holograms and headsets to the next level.

Is Someone Using Your WiFi? Here’s How To Find Out

There’s no doubt about the convenience of using wireless in your home or office. However, you don’t want just anybody hopping on your WiFi, using your network, and breaching its security. Having a unique password doesn’t mean you are immune to this problem.

If you ever notice that your connection is much slower than usual, it’s worth taking a peek at just how many devices are connected to your wireless network.

You can download and install a program aptly called “Who Is on Your WiFi” to know if there are other people connected to your hot spot who should not be. The free version is sufficient to detect intruders, but there are also paid versions with extra features like text notifications, audit logs, etc.

Once you install the application, all you have to do is follow the tutorial to run a scan of your network and review information about devices that are linked to your connection.

Initially, you may not recognize which MAC and IP addresses correspond with which device, but there’s an easy way to identify them. Turn off all of your devices, then turn them on one by one. If you only have one known device connected to your WiFi, and the “Who Is on Your WiFi” application is showing more than that device, it’s a safe bet someone is sharing your Internet connection. Take the appropriate measure of immediately changing your wireless password and only share it with family or designated individuals you want to have it.

For future scans, you can label each of your devices as something easily recognizable, such as My Phone or Dad’s Laptop, to facilitate the identification of intruders.

How The “Internet of Things” Will Affect Small Business

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Just when you thought you had the Internet mastered, something new crops up on the horizon.

One of the newest advances that will likely revolutionize the world is the Internet of Things (IoT).

If you haven’t heard of this, you’re not alone, but this idea is fast becoming a realization. Simply put, the IoT refers to how it is possible to remotely control and monitor just about anything via sensors and, of course, your Internet connection – from opening your home’s garage door from your office to the level of dog food remaining in your pooch’s bowl.

This concept recently gained definition at Apple’s Worldwide Developer Conference when the company unveiled two applications for iOS8.

The first was the HealthKit app, which lets users keep up with health and fitness data without wearing an actual tracker. The other was the HomeKit that can remotely control electronic devices like lights and cameras at home. [Read more…] about How The “Internet of Things” Will Affect Small Business

Online Safety: Is Your Website Secure?

Michael Menor is Vice President of Support Services for Tech Experts.

For all too many companies, it’s not until after a breach has occurred that web security becomes a priority.

While more than a few examples of recent breaches may leap to mind, know that these aren’t exclusive to big name retailers who accept credit cards. If you have a website for your business, you may be at risk.

As more and more business is done using the World Wide Web, websites themselves have become increasingly attractive to cybercriminals.

Websites are such a lucrative target for an attack because not only are there so many sites to attack, but an overwhelming majority of all websites can be easily exploited by some of the most common vulnerabilities.

Attackers, no longer driven by notoriety and ideology, have focused more on techniques that allow them to profit from their illegal activities.

Exploited sites allow the theft of credit card data, financial information, identities, intellectual property, and anything else cyber criminals can get their hands on.

The integrity of the company’s internal network can be affected as well if the website provides access to it.

There are many online services that allow anyone to create a webpage in under ten minutes.

Unfortunately, these quick solutions also make it easier for attackers. Without proper training and knowledge, many of these sites are left with multiple vulnerabilities. A few of these vulnerabilities will be discussed.

The Heartbleed Bug is a vulnerability that allows attackers to obtain confidential data such as usernames, passwords, emails, and even proprietary company data and communications.

Even if you think you might be protected because you use encrypted forms of communication, you’re not safe. Attackers will be able to eavesdrop into your communications and steal data from beneath you.

Like Heartbleed, one of the most prominent vulnerabilities affecting web applications is cross site scripting (XSS).

This vulnerability can allow an attacker to hijack web communications. The attacker may target a vulnerable website by tricking the user into submitting sensitive information or performing a privileged action within the target website’s web controls.

Application Denial of Service attacks have rapidly become a commonplace threat for doing business on the Internet — more proof that Web application security is now more critical than ever. Denial of Service attacks can result in significant loss of service, money and reputation for organizations.

Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services.

Denial of Service attacks are centered on the concept that by overloading a target’s resources, the system will ultimately crash.

An HTTP Denial of Service attack can also destroy programming and files in affected computer systems.

In some cases, HTTP DoS attacks have forced Web sites accessed by millions of people to temporarily cease operation.

Websites that can be compromised pose a serious risk and thus serious preventative measures should be taken to combat it.

Scrambling to fix the problem after the fact is costly, stressful, and can potentially result in legal action. Breaches also cause damage to your company’s image and brand, which may be permanent.

Know your vulnerabilities and don’t rely on ten-minute-or-less website creators to keep you safe.

If it’s too good to be true, it probably is.

The Importance Of Centralized Storage

Scott Blake is a Senior Network Engineer with Tech Experts.

Do you know where all of your data is? Is the file you’re looking for saved to workstation-01 or workstation-12? What happens when a user deletes a file you need from their workstation? What happens if your workstation dies?

If you’re a business owner or manager and have trouble answering those questions, centralized storage of your data may be your answer.

You can remove the stress of accidental deletions, have direct mapped access to your files, secure your data from intrusion and, most importantly, make it easy and simple to back up your data.

Centralized storage can include an external hard drive, USB flash drive, NAS (Network Attached Storage) device, cloud environment, or storage on a server. The best method is determined by your business structure.

Smaller businesses may opt for simple external devices attached to a workstation or a NAS device to save and back up their data. Simple external devices such as larger-sized USB flash drives and external hard drives are a low-cost solution.

NAS devices cost more, but they are useful additions to business networks. Most mid-ranged NAS devices offer raid levels 0, 1, and 5, so they can be customized for speed or data protection.

Some NAS devices are running a server-style operating system that will integrate into your existing AD. This will offer additional security features over a simple external hard drive or USB flash drive.

Businesses and home users that opt for the simple and least expensive method need to be very diligent about their data. Smaller devices are more susceptible to theft and damage.
They also tend to have shorter lives than other more costly methods. Should you go this route, make sure you maintain backups of your data and immediately replace your device at the first sign of possible hardware failure.

Data recovery from a simple solution device may not always be possible and it can become very costly to try.

Closeup of open hard driveLarger businesses will want to opt for on-site storage with network drives and backup solutions in place. Or they may want to invest in the cloud for a storage. Most medium-to-large scale businesses already have some form of a network server and backup in place, so all that may be needed is additional hard drive space or the creation of folders to house data.

You may also want to install a dedicated server for just data storage and possibly to handle your printing management. Cloud-based storage can be costly depending on the amount of data that needs to be stored, the security level, and the number of simultaneous connections to your data.

Cloud-based methods tend to be best as a secure backup option, but can be used for raw storage. With web-based access, all your employees need is an Internet connection to access their data.

Both on-site server storage and cloud storage offer strong backup options, the ability to restore deleted files, ease of access from off-site locations, and the sharing of files and folders across a wide area.

Whether you choose to go with a low-cost simple solution or a more robust solution, centralized storage brings peace of mind that your data is accessible and secure.

Your business will become more efficient and streamlined just by maintaining your data in one easy-but-secure location for your employees to access.

For more information about implementing centralized storage in your business, call the experts at Tech Experts: (734) 457-5000.

(Image Source: iCLIPART)

Beware Of These Tax Return Scams

In the online world, it seems that there is always a new threat cropping up on the horizon. There is one, however, that has been returning year after year following the onset of online tax filing.

This is the prime time for tax phishing scams, and it is important to recognize the signs of a cyber-criminal going after your identity and holdings.

Since tax season is often a mystifying time financially with ever-changing laws that directly affect your pocketbook, it isn’t far-fetched to believe the IRS or a related government agency may need to double-check your data or ask for additional information via email or text.

This is a situation that sophisticated thieves are well aware of, and they do not hesitate to exploit citizens’ lack of knowledge of how the revenue service actually conducts its business.

In fact, approximately 25,000 phishing emails (messages asking for personal data like Social Security numbers and the like) and 611 scam websites were shut down during the last tax season. It is probable that far more efforts went unreported.

Fortunately, it is easy to thwart criminals’ efforts to gain access to your personal information and financial holdings when you are on the alert.

First, no government agency will ask for such information through an unsecured email or text. If the tax agency, tax-preparation company, or related organization needs additional sensitive information from you, you will be contacted by mail, phone, or directed to a secure website.

In the case you are suspicious of a particular communication, double check that the email or physical address matches that of the legitimate organization.

Also, beware of messages that do not use your full name with something generic, such as “Dear valued customer,” or warn that there will be dire consequences if you do not reply right away.

If there is any doubt whether an email or text is a scam, report it to the organization in question or law enforcement agencies.

Remote Access And Security For Your Business

Working remotely is on the rise and is revolutionizing how business is conducted as a whole. As companies make the switch from centralized networks that require being physically present in the office to expansive virtual environments, it is possible to access corporate data from just about anywhere. Those companies that resist embracing remote access risk being left behind technologically and miss out on all of the benefits using things like clouds or application virtualization can bring.

Just by providing remote access to corporate files and programs, employees can work from anywhere on the fly. This allows your team to work on projects while at home or out of town, greatly increasing productivity and reducing the stress of trying to meet deadlines when life gets in the way and prevents being physically in the office. Remote access also lets employees view or share important documents from other devices, such as smartphones or tablets, to quickly verify information on the fly or perform last-minute tasks with ease.

With remote access, new security concerns also arise. With the transfer of sensitive data, there is the risk of it being intercepted by a third party that isn’t committed to your company’s success or has the intent of doing harm.

Consequently, it crucial to secure your remote access system. Secure remote access will ensure that files are encrypted during transfer, scan for malware, authenticate user identity, and control who has access to particular information.

In these ways, proper security measures not only prevent those outside the company from gaining access to private data, but also manage who can view and use data internally.

With the proper security, a business can thrive beyond expectation. Employee performance can skyrocket by having access to work data 24/7 and from any location because physical presence in the office is no longer a prerequisite to getting work done.

Business continuity is also greatly improved because inclement weather or natural disasters don’t shut down operations and the meeting of deadlines. Secure remote access can even boost employee morale and productivity by facilitating work in varied locations using multiple access mechanisms.

If you require assistance setting up or securing remote access to your business, let us know and we will show you what works best for your situation.