TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Online Safety: Is Your Website Secure?

Michael Menor is Vice President of Support Services for Tech Experts.

For all too many companies, it’s not until after a breach has occurred that web security becomes a priority.

While more than a few examples of recent breaches may leap to mind, know that these aren’t exclusive to big name retailers who accept credit cards. If you have a website for your business, you may be at risk.

As more and more business is done using the World Wide Web, websites themselves have become increasingly attractive to cybercriminals.

Websites are such a lucrative target for an attack because not only are there so many sites to attack, but an overwhelming majority of all websites can be easily exploited by some of the most common vulnerabilities.

Attackers, no longer driven by notoriety and ideology, have focused more on techniques that allow them to profit from their illegal activities.

Exploited sites allow the theft of credit card data, financial information, identities, intellectual property, and anything else cyber criminals can get their hands on.

The integrity of the company’s internal network can be affected as well if the website provides access to it.

There are many online services that allow anyone to create a webpage in under ten minutes.

Unfortunately, these quick solutions also make it easier for attackers. Without proper training and knowledge, many of these sites are left with multiple vulnerabilities. A few of these vulnerabilities will be discussed.

The Heartbleed Bug is a vulnerability that allows attackers to obtain confidential data such as usernames, passwords, emails, and even proprietary company data and communications.

Even if you think you might be protected because you use encrypted forms of communication, you’re not safe. Attackers will be able to eavesdrop into your communications and steal data from beneath you.

Like Heartbleed, one of the most prominent vulnerabilities affecting web applications is cross site scripting (XSS).

This vulnerability can allow an attacker to hijack web communications. The attacker may target a vulnerable website by tricking the user into submitting sensitive information or performing a privileged action within the target website’s web controls.

Application Denial of Service attacks have rapidly become a commonplace threat for doing business on the Internet — more proof that Web application security is now more critical than ever. Denial of Service attacks can result in significant loss of service, money and reputation for organizations.

Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services.

Denial of Service attacks are centered on the concept that by overloading a target’s resources, the system will ultimately crash.

An HTTP Denial of Service attack can also destroy programming and files in affected computer systems.

In some cases, HTTP DoS attacks have forced Web sites accessed by millions of people to temporarily cease operation.

Websites that can be compromised pose a serious risk and thus serious preventative measures should be taken to combat it.

Scrambling to fix the problem after the fact is costly, stressful, and can potentially result in legal action. Breaches also cause damage to your company’s image and brand, which may be permanent.

Know your vulnerabilities and don’t rely on ten-minute-or-less website creators to keep you safe.

If it’s too good to be true, it probably is.

The Importance Of Centralized Storage

Scott Blake is a Senior Network Engineer with Tech Experts.

Do you know where all of your data is? Is the file you’re looking for saved to workstation-01 or workstation-12? What happens when a user deletes a file you need from their workstation? What happens if your workstation dies?

If you’re a business owner or manager and have trouble answering those questions, centralized storage of your data may be your answer.

You can remove the stress of accidental deletions, have direct mapped access to your files, secure your data from intrusion and, most importantly, make it easy and simple to back up your data.

Centralized storage can include an external hard drive, USB flash drive, NAS (Network Attached Storage) device, cloud environment, or storage on a server. The best method is determined by your business structure.

Smaller businesses may opt for simple external devices attached to a workstation or a NAS device to save and back up their data. Simple external devices such as larger-sized USB flash drives and external hard drives are a low-cost solution.

NAS devices cost more, but they are useful additions to business networks. Most mid-ranged NAS devices offer raid levels 0, 1, and 5, so they can be customized for speed or data protection.

Some NAS devices are running a server-style operating system that will integrate into your existing AD. This will offer additional security features over a simple external hard drive or USB flash drive.

Businesses and home users that opt for the simple and least expensive method need to be very diligent about their data. Smaller devices are more susceptible to theft and damage.
They also tend to have shorter lives than other more costly methods. Should you go this route, make sure you maintain backups of your data and immediately replace your device at the first sign of possible hardware failure.

Data recovery from a simple solution device may not always be possible and it can become very costly to try.

Closeup of open hard driveLarger businesses will want to opt for on-site storage with network drives and backup solutions in place. Or they may want to invest in the cloud for a storage. Most medium-to-large scale businesses already have some form of a network server and backup in place, so all that may be needed is additional hard drive space or the creation of folders to house data.

You may also want to install a dedicated server for just data storage and possibly to handle your printing management. Cloud-based storage can be costly depending on the amount of data that needs to be stored, the security level, and the number of simultaneous connections to your data.

Cloud-based methods tend to be best as a secure backup option, but can be used for raw storage. With web-based access, all your employees need is an Internet connection to access their data.

Both on-site server storage and cloud storage offer strong backup options, the ability to restore deleted files, ease of access from off-site locations, and the sharing of files and folders across a wide area.

Whether you choose to go with a low-cost simple solution or a more robust solution, centralized storage brings peace of mind that your data is accessible and secure.

Your business will become more efficient and streamlined just by maintaining your data in one easy-but-secure location for your employees to access.

For more information about implementing centralized storage in your business, call the experts at Tech Experts: (734) 457-5000.

(Image Source: iCLIPART)

Beware Of These Tax Return Scams

In the online world, it seems that there is always a new threat cropping up on the horizon. There is one, however, that has been returning year after year following the onset of online tax filing.

This is the prime time for tax phishing scams, and it is important to recognize the signs of a cyber-criminal going after your identity and holdings.

Since tax season is often a mystifying time financially with ever-changing laws that directly affect your pocketbook, it isn’t far-fetched to believe the IRS or a related government agency may need to double-check your data or ask for additional information via email or text.

This is a situation that sophisticated thieves are well aware of, and they do not hesitate to exploit citizens’ lack of knowledge of how the revenue service actually conducts its business.

In fact, approximately 25,000 phishing emails (messages asking for personal data like Social Security numbers and the like) and 611 scam websites were shut down during the last tax season. It is probable that far more efforts went unreported.

Fortunately, it is easy to thwart criminals’ efforts to gain access to your personal information and financial holdings when you are on the alert.

First, no government agency will ask for such information through an unsecured email or text. If the tax agency, tax-preparation company, or related organization needs additional sensitive information from you, you will be contacted by mail, phone, or directed to a secure website.

In the case you are suspicious of a particular communication, double check that the email or physical address matches that of the legitimate organization.

Also, beware of messages that do not use your full name with something generic, such as “Dear valued customer,” or warn that there will be dire consequences if you do not reply right away.

If there is any doubt whether an email or text is a scam, report it to the organization in question or law enforcement agencies.

Remote Access And Security For Your Business

Working remotely is on the rise and is revolutionizing how business is conducted as a whole. As companies make the switch from centralized networks that require being physically present in the office to expansive virtual environments, it is possible to access corporate data from just about anywhere. Those companies that resist embracing remote access risk being left behind technologically and miss out on all of the benefits using things like clouds or application virtualization can bring.

Just by providing remote access to corporate files and programs, employees can work from anywhere on the fly. This allows your team to work on projects while at home or out of town, greatly increasing productivity and reducing the stress of trying to meet deadlines when life gets in the way and prevents being physically in the office. Remote access also lets employees view or share important documents from other devices, such as smartphones or tablets, to quickly verify information on the fly or perform last-minute tasks with ease.

With remote access, new security concerns also arise. With the transfer of sensitive data, there is the risk of it being intercepted by a third party that isn’t committed to your company’s success or has the intent of doing harm.

Consequently, it crucial to secure your remote access system. Secure remote access will ensure that files are encrypted during transfer, scan for malware, authenticate user identity, and control who has access to particular information.

In these ways, proper security measures not only prevent those outside the company from gaining access to private data, but also manage who can view and use data internally.

With the proper security, a business can thrive beyond expectation. Employee performance can skyrocket by having access to work data 24/7 and from any location because physical presence in the office is no longer a prerequisite to getting work done.

Business continuity is also greatly improved because inclement weather or natural disasters don’t shut down operations and the meeting of deadlines. Secure remote access can even boost employee morale and productivity by facilitating work in varied locations using multiple access mechanisms.

If you require assistance setting up or securing remote access to your business, let us know and we will show you what works best for your situation.

CryptoWall 2.0: Ransomware Is Alive And Well

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

CryptoWall is the latest strain of ransomware to rise to prominence, extorting more than $1 million from victims and wreaking havoc on thousands of police departments, businesses, and individuals across the globe.

On the surface, CryptoWall is similar to its better-known predecessor Cryptolocker, another strain of crypto-ransomware. But there are many differences.

Victims are typically infected with CryptoWall by opening a malicious email attachment, though drive-by-downloads on websites are also possible. The email attachments are often zip files that contain executables disguised as PDFs.

Once infected, CryptoWall scans all mapped drives and encrypts important files. That’s an important distinction: CryptoWall will scan your local drives, but also any server mapped drives, such as an S: or N: drive. [Read more…] about CryptoWall 2.0: Ransomware Is Alive And Well

Risks When Employees Use Their Own Mobile Devices

Michael Menor is Vice President of Support Services for Tech Experts.

BYOD (Bring Your Own Device) is an exciting development for increasingly mobile and interconnected employees, but also a new challenge for IT security teams.

Gone are the days where security professionals can lock down a finite set of machines and facilities; instead, they must manage an ever-growing, ever-changing landscape of employees, devices and applications, many of which have access to information that needs to be protected.

According to an article on eWeek, a survey was done on organizations with mobile devices connecting to their networks: only 33 percent have any official BYOD policy governing the use of personal portable devices, 67 percent do not.

The security risks are inherent in BYOD between viruses, hacking, improper security, and more. Flat-out thefts of smartphones, laptops, and tablets are also an issue.

In New York City alone, police data show that Apple products were stolen in a total of 11,447 incidents in the first nine months of 2012. That is an increase of 40 percent compared to the previous year.

Of course, employee education and awareness are important as informed users are more likely to act responsibly and take fewer risks with company data. Unfortunately, employees can be careless and criminals crafty, which is why network security defenses and policies are so critical.

Although implementing a restrictive device policy may feel like the most secure approach for your company, it can easily backfire.

Your craftiest employees are going to find a way to connect their devices to your network no matter what. And employees who do obey your “no iPhones” message will probably resent the policy and experience lower productivity.

Bring Your Own Device conceptToday’s workers expect to have 24/7 access to their information. They want to be able to catch up on emails on the evening train ride home or access information while away from the office.

BYOD lets IT staffs eliminate the hassle and expense of provisioning, distributing, and maintaining hundreds of corporate-owned mobile devices.

But setting up a BYOD program isn’t without its challenges. For starters, when you give employees free rein to bring in their own devices, you put your corporate documents and data at the mercy of the native security on these devices.

When you consider that many of your employees probably have “1234” as the PIN on their iPhones, that’s a pretty sobering thought.

Another major concern is your network. When you allow today’s increasingly powerful smartphones and tablets to request resources from your network, you really put your infrastructure to the test.

Are you ready to serve data instantly to hundreds of increasingly powerful hand-held mobile devices?

What if your mobile employees want to watch training videos, play back webinars, or listen to conference call recordings on their devices – can you deliver this kind of bandwidth?

Like most things, there are upsides and downsides, but a decision should be made on what best suits you, your employees, and your business.

When it comes down to it, BYOD isn’t a completely ridiculous idea. In fact, the benefits of BYOD may be worth the extra security precautions required to implement it.

(Image Source: iCLIPART)

Remote Employees And Network Connections

Scott Blake is a Senior Network Engineer with Tech Experts.

As businesses begin to downsize their ecological footprint, the need for remote or satellite employees grows. Business leaders and owners are now faced with the daunting question on how to allow remote employees access to their existing network without compromising network security.

One of the best ways to accomplish this is through the use of VPN.

VPNs allow secure access to business resources by creating encrypted pass-throughs via the Internet. The Internet, combined with present-day VPN technology, allows businesses a low cost and secure means to extend their networks to their remote employees.

The two most common methods in which to set up remote access are IPsec (IP Security) or SSL (Secure Sockets Layer). Both methods work well and both have their advantages depending on the needs and size of your business.

VPNs created using SSL technology provide remote-access connection from almost any Internet-enabled location or device using a web browser interface.

No special client software needs to be preinstalled on either device. This makes SSL VPNs a true “anytime, anywhere” connection to company-managed desktops.

There are two different SSL VPN connections to choose from: clientless and full network access.

Clientless requires no special software. All traffic is transmitted and delivered through a web browser.

There is no need to install or download any unique software to establish the connection. With clientless access, only web-enabled programs and apps are able to be accessed, such as email, network file servers and local intranet sites.

Even with such limited access to network resources, this style of connection is well-suited for most businesses.c868266_m

Additionally, because there is no need for special software to be supported by the IT department, businesses can cut down on managed overhead.

A full network access VPN allows access to almost any program, application, network server, and resource connected to your business network. Unlike clientless access, full network access connection is made through the use of VPN client software. Because the client access software is dynamically downloaded and updated, it requires little or no desktop support.

As with clientless access, you have the ability to customize each connection based on employee access privileges. If your remote employees require the full functionality of installed programs and applications as if they were sitting inside the office building, utilizing a full network VPN connection is the obvious choice.

IPsec based VPNs are the staple of remote-access connection technology. IPsec VPN connections are created by using installed VPN client software on the user’s workstation and connecting device.

Client software allows for greater customizability by modifying the VPN client software. Businesses are able to configure and maintain the appearance and function of the VPN client, which allows for easier implementation for connections with other desktops, kiosks, and other special need cases.

Many businesses find that IPsec connections meet their requirements for the users, but the advantages of self-updating desktop software, accessibility from non-company managed devices, and customizable user access make SSL VPNs a front runner for remote-access connections to your office.

If you have any questions or would like more information about how a VPN can help your company, you can reach Tech Experts at (734) 457-5000.

(Image Source: iCLIPART)

Tips For Your Next Tablet Purchase

Now that tablets have become ingrained in the techie lifestyle, it’s hard to believe the first Apple iPad arrived on the scene just four years ago. In the time that has passed since then, tablet sales and development have skyrocketed.

Consequently, there is a much larger variety to choose from today than just a single brand and its incarnations.

For those looking to upgrade their tablet or try one out for the first time, navigating the sea of tablet possibilities can be a daunting prospect. Here are a few tips to demystify your purchase choices:

Choose the right operating system for you: Apple’s iOS gets the most attention by far, likely due to its length of time on the market, general ease of use, and plethora of applications available for download.

Android’s OS is also competitive in the availability of apps, and it merges seamlessly with all of Google’s applications.c332562_m

Finally, the Windows OS is growing in popularity with users looking for a PC-like experience and aren’t as concerned about installing various applications.

Get enough storage and a screen size you can work with: Just as if you were PC shopping, a huge concern is having enough space to store your files and a screen that is easy to read.

After all, it’s no fun squinting to decypher text or choosing which applications to keep or ditch due to insufficient storage space.

Also, consider the screen resolution when choosing between models – it can be equivalent to the difference between a regular television screen and HD.

Decide if a WiFi only or cellular version fits your needs: There are two ways you can get online with a tablet – connecting via WiFi networks around you or using cellular service to gain entry.

WiFi only versions are typically cheaper, and you always have to option of turning your smartphone into a hotspot for on-the-fly connections. A cellular version is a tad pricier and requires additional service fees, but the advantaage is you will always be able to get online wherever you go.

(Image Source: iCLIPART)

New Security Risk For Android Phones

Just when you thought you had safeguarded your mobile device from any misuse, a new threat emerges.

For Android users, it’s a big one. Rapid7 has recently discovered a security bug that allows cyber criminals to access a smartphone user’s data.

Although this security problem is widespread, Google has responded that it will take no action to fix it. The bug exists in phones operating on Android 4.3 and below, and allows hackers to control your smartphone.

Although Android 4.4 and 5.0 users are not vulnerable to this risk, this issue affects approximately 60 percent of Android users – almost a billion people worldwide.

Google’s official response is that their policy is not to develop fixes for older software versions, but it can notify people of the risk and others are welcome to create their own fixes.

To date, there are no known patches to address this issue. There is, however, one way to ensure your safety if you possess an affected smartphone. Simply download and install a newer version of the operating software.

Is My Business Data Safe in the Cloud?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

One of the newest business technologies is “the cloud” that more and more people are using. It’s an elusive term that is difficult to pin down, and it is precisely that vagueness that inspires fear in those who are considering transferring sensitive business data to it.

The cloud, however, isn’t as mystifying as you may think, and, if you use an online data drive or social media, you are already using it. Simply put, the cloud consists of networks of servers worldwide that are capable of storing information.

The primary benefit of using the cloud for business is that it eliminates the cost and hassle of purchasing and maintaining a physical server. Also, employees don’t have to waste time downloading and running applications and programs when they can pluck what they need from the cloud and virtually put it back when they are done. While this all sounds well and good, the question remains, “Is business data safe in the cloud?”

[Read more…] about Is My Business Data Safe in the Cloud?