TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Documenting Business Processes

Scott Blake is a Senior Network Engineer with Tech Experts.

Documentation is quite possibly the most important aspect of a business, but it can also be workers’ least favorite task to do. The average person doesn’t want to spend time writing down how they do something — they just want to do it and move on.

Can you guess the biggest reason for documenting your business processes? It may come as a surprise, but it’s also the most fluid part of your business: your employees.

Employees come and employees go and some just take vacations. It’s what they do in between that’s important. Every employee is responsible for some part of your daily business.

Whether an employee quits or just needs time off, having documentation that lists the software used with usernames and passwords, step-by-step instructions on how to use the business software, client and vendor contact information, and credit card information makes their absences that much easier to deal with.

Well-documented processes will cut down on the time it takes to train a new employee.
Give the related information to the new employee and let them use it as a guide for their daily activities. This will allow your other employees to spend more time on their tasks and assignments instead of spending the majority of their time answering routine questions that a documented process could answer.

Order-of-operation questions and disputes can be minimized as well. If there ever comes a time when your employees are unsure of the next step or there is a dispute between departments on how to proceed, they will only need to look over the documented processes in question to resolve the issue.

Having documentation that shows in detail how long it takes to produce a product will also help your sales force deliver your product to your customers.

It allows your sales and marketing departments to understand the timelines of production.

This knowledge will let them know when a product order can be delivered and if the amount can be fulfilled in the timeline requested by the customer. There will be no more over or under promising of delivery dates to customers.

Put trust in the documents, not the person. No one person should be trusted with remembering processes without documenting them. What if this employee quits or becomes ill and is unable to return to work?

For example: You have an employee that works in your IT department. This employee’s job is to monitor and resolve any network related issues. While doing his daily tasks, he discovers it’s time to change the passwords on the business networking equipment such as the router, managed switches and domain admin password.

While the employee doesn’t think twice about it and may have mentioned it to his manager, there was nothing ever documented. Now, four months later, the employee falls very ill and is unable to return to work. What do you do?

The best way to document your business processes is to document them in such a way that all contributing employees have access.

You could use online tools such as Google Docs or Microsoft SharePoint. This way, whenever a process is changed, amended, or removed, the documentation is instant and available for all to see.

After a while, you will have an impressive collection of documented procedures. Having documented information available for employees to read can also start the flow of constructive questions and comments why things are done a certain way and how they can be improved.

If you have questions or you’re looking for suggestions on documenting your processes, call Tech Experts at (734) 457-5000.

Three Sure-Tell Signs Your Hard Drive Is Failing

Under ideal conditions, the average stationary hard drive lasts five to ten years. With the growing use of external drives and laptops that are toted around frequently and exposed to damaging elements, that life span shrinks to between three and five years.

Consequently, it is important to watch for indications that your hard drive is failing, so you can back up all of your valued files and data. Here are three signs that it’s time to act:

Slowed Operation and Freezes
You should immediately back up the contents of your hard drive when you notice that freezes and display of the blue screen become the norm.

It is even more imperative to do so, if these problems continue in Safe Mode or after a fresh installation of your operating system because that’s an indication that hard drive failure is imminent.

Corrupted Data
When it becomes problematic to save or open your computer’s files and you start getting error messages about corrupted data, you should know that your hard drive is failing.

As a hard drive’s functionality gradually wanes, this is a common problem, so act fast to ensure your business and personal data stays intact and safe.

Presence of Bad Sectors
If your hard drive has bad sectors, or areas incapable of maintaining data integrity, you may not immediately notice the problem.

The presence of such sectors is a grave problem and tells that your hard drive is in its final strides.

To check your hard drive for bad sectors, run a disk check with the options to automatically fix the problem and attempt recovery of files.

Coming Of “Edge:” Microsoft’s New Browser

Up until now, Internet Explorer’s successor has been secretly referred to as Project Spartan during Microsoft’s development stage. At the Microsoft Build 2015 Developer Conference, the project name was finally announced as the company’s newest browser: Edge.

The name was already familiar to those in the know because Project Spartan’s page-rendering engine was known as Edge, but now the name has been elevated to describe the product as a whole.

For those who have had difficulties with Internet Explorer, this new browser is long overdue, but Edge should turn their frowns into smiles because it is much faster and more compatible with modern web standards.

Edge joins its competitors, like Firefox and Chrome, in the use of extensions and actually uses the same JavaScript and HTML standard code.

This means that Microsoft’s new browser can easily adopt its competitor’s extensions. In fact, Joe Belfiore, Microsoft’s VP of Operating Systems Group at Microsoft, demoed a couple of extensions at the conference. However, you won’t see the extensions feature in Windows 10 until later this year.

Cortana, Windows 10’s Siri-like virtual voice assistant, makes an appearance in Edge as well. When needed, Cortana shows up in a blue circle in the browser’s toolbar to relay pertinent information related to the landing page, such as directions to a local business or contact information.

Edge users can also summon Cortana for assistance and extra info by right-clicking on text selections to find out more.

Another Edge feature is the new-tab page, a remnant from Internet Explorer with a few tweaks. When Edge users open a new tab, the page displays thumbnail icons for the most frequently visited sites. It also allows users to reopen closed tabs and makes many suggestions for apps and videos and facilitates access to weather or latest sports scores.

Edge also provides the option to view pages in a reading mode free of distractions such as images and advertisements. Users can even make annotations, such as highlights and notes, on webpages for sharing or storing as an image. Microsoft’s new browser also comes with coding support and will function the same across all platforms. Until Edge is formally released, users can test it on non-critical PCs by downloading Windows 10 and joining the Windows Insider Program.

How Can You Use Google Trends For Small Business?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Google Trends is a tool that has been around for a while, and has great potential for improving exposure and sales for businesses. It is entirely free to use, and its simplicity makes it accessible to virtually anyone with basic computer knowledge.

Here are some specific ways in which you can use Google Trends to enhance your small business practices:

Brainstorming Topics
For instance, if your business website contains a blog, it’s common to quickly run out of content ideas that will not only interest your readers but also tie into the products or services your business offers.

Choose a phrase that describes a broad idea for a blog post, and Google Trends will show you how popular that phrase is and also suggest related topics. With one simple search, you could potentially come up with ideas for dozens of different blog posts, and relevant content is the best way to build your business website. [Read more…] about How Can You Use Google Trends For Small Business?

Data Breaches And The Building Blocks Of Cyber Security

Michael Menor is Vice President of Support Services for Tech Experts.

The data breaches at Target, Home Depot, Staples, Michaels, Anthem, and Sony Pictures Entertainment are just the tip of the iceberg and the stakes are very high. They’re costly for both businesses and customers and once the breach is announced, customers often terminate their relationship with that business.

You may ask, “What constitutes a data breach?” It is an event in which an individual’s information, including name, Social Security number, medical record and/or financial record or debit card is potentially put at risk. This can be in either electronic or paper format. The data set forth in this article is based on Ponemon Institute’s “2014 Cost of Data Breach Study.” Ponemon conducts independent research on privacy, data protection and information security policy.

New methodologies developed by the National Institute of Standards and Technology (NIST) and other industry standards bodies, such as the Department of Health and Human Services (HHS), are being implemented by many organizations, but best practices for addressing cyber security threats remain vague.

So what can be done to minimize cyber security threats? An effective starting point is to focus on the following essential building blocks of any cyber threat defense strategy.

Most organizations rely on tools like vulnerability management and fraud and data loss prevention to gather security data. This creates an endless and complex high-volume stream of data feeds that must be analyzed and prioritized. Unfortunately, relying on manual processes to comb through these logs is one of the main reasons that critical issues are not being addressed in a timely fashion.

Implementing continuous monitoring, as recommended by NIST Special Publication 800-137, only adds to the security problem as a higher frequency of scans and reporting exponentially increases the data volume. Data risk management software can assist organizations in combining the different data sources, leading to reduced costs by merging solutions, streamlining processes, and creating situational awareness to expose exploits and threats in a timely manner.

One of the most efficient ways to identify impending threats to an organization is to create a visual representation of its IT architecture and associated risks.

This approach provides security operations teams with interactive views of the relationships between systems and their components, systems and other systems, and components and other components. It enables security practitioners to rapidly distinguish the criticality of risks to the affected systems and components. This allows organizations to focus mitigation actions on the most sensitive, at-risk business components.

Effective prioritization of vulnerabilities and incidents is essential to staying ahead of attackers. Information security decision-making should be based on prioritized information derived from the security monitoring logs. To achieve this, security data needs to be correlated with its risk to the organization. Without a risk-based approach to security, organizations can waste valuable IT resources mitigating vulnerabilities that, in reality, pose little or no threat to the business.

Lastly, closed-loop, risk-based remediation uses a continuous review of assets, people, processes, potential risks, and possible threats. Organizations can dramatically increase operational efficiency. This enables security efforts to be measured and made tangible (e.g., time to resolution, investment into security operations personnel, purchases of additional security tools).

By focusing on these four cyber security building blocks, organizations can not only fulfill their requirements for measurable risk reporting that spans all business operations, but also serve their business units’ need to neutralize the impact of cyber-attacks.

These methodologies can also help improve time-to-remediation and increase visibility of risks.

The Reality Of Microsoft EOL Software

Scott Blake is a Senior Network Engineer with Tech Experts.

As in life, all good things come to an end. This fact is also true in the software world. When a software company decides to move on from outdated versions of its software they schedule an EOL or End of Life date.

This is set to allow businesses and home users time to plan and ready themselves to upgrade to the most recent versions.

With 90% of the world’s computers running some form of Microsoft software, no other company in the world has more of an impact when setting EOL dates than Microsoft.

From Office software suites to operating systems for desktops and servers (and even cross platforms such as Office for Apple-based computers), Microsoft software is everywhere.

This alone is the number one reason for preparing and upgrading before an EOL date is upon you. There is no greater example of this as when the EOL date for Windows XP arrived.

Companies that made the migration to Windows 7 well in advance were able to test their company software and hardware, as well as communicate with their vendors to secure working upgrades to both. Those that didn’t suffered productivity and business loss due to unneeded and unplanned downtime to make the necessary upgrades and changes.

But for the basic home user, this was a time of doubt. Many users didn’t want to (or have the means to) replace all of the outdated hardware or software.

Spending several hundred dollars on new software and hardware just to be able to receive security updates and patches seemed a little excessive to most home users.

However, keeping security and your data safe is another reason to make sure you make migration plans.

In most cases when an EOL date has come and gone, so has any and all support for your software and hardware. Other software and hardware vendors will soon follow suit and discontinue support for their products that are installed on systems running non-supported software, including operating systems.

Anti-virus software companies are usually the first to discontinue their support. After all, if the operating system is no longer receiving updated security patches, it becomes difficult to continue to support their software.

Computer systems running EOL software will become major targets for hackers and malicious malware. Your personal data will be at risk.

The truth is it’s not the intent of companies like Microsoft to be malicious when ending support for their products.

No matter how popular they may be throughout the world, it’s a business decision. For any company to grow, they must keep developing and growing their products.

This development and growth is expensive and requires a large percentage of their resources. Continuing to support outdated software and hardware would limit these resources.

This would cause development overhead to rise and, in turn, make that $39 inkjet printer cost $89 or raise the price of that $119 operating system to $199.

By ending support and moving forward, companies such as Microsoft are able to develop new and exciting hardware and software for both the largest of companies and the smallest home user while keeping prices affordable to all.

Some important future EOL dates to keep in mind:

July 15, 2015
The end for support for Microsoft Server 2003 and 2003 R2

April 10, 2017
The end of support for Windows Vista (all versions)

October 10, 2017
The end of support for Microsoft Office 2007 (all versions)

January 14, 2020
The end of support for Server 2008

October 13, 2020
The end of support for Microsoft Office 2010 (all versions)

Security Tips To Keep Your Mobile Phone Secure

We’ve all seen the stories about celebrities getting their mobile phones hacked and having their private photos splattered all over the web.

Although you may think there is nothing of real interest on your phone, you are still at risk of security invasion. Any number of people could have motive to do so from exes to a colleague who perceives you as a threat, and even innocuous content on your phone can be taken out of context to reflect negatively on you in general.

Use some of these simple tips to protect your mobile phone and reputation:

Passwords
Your passwords are your primary defense against would-be hackers – from your lock code to email account password. Don’t share your passwords with others. Also, make sure your passwords aren’t easily guessed, such as your pet’s name or child’s birthday.

A secure password may not be as easily remembered, but it is far harder to hack. Finally, shield your phone’s screen when entering passwords in public lest onlookers take note of which buttons you push.

Clear Out the Cobwebs
In addition to creating more storage space on your mobile phone, it is just wise to remove old text conversations, photos, and other data periodically.

Back up the things you want to keep onto other devices, so you can access them later. With all of the excess stuff you don’t use on a regular basis gone, you leave less for hackers to work with if the security of your mobile phone is breached. In the event of being hacked, you would also likely lose all of those things, so backing such info up protects you twofold.

Beef Up Security
Take advantage of the lesser-known security features of your mobile phone. For example, turn off the Discoverable mode on your Bluetooth.

Look on your phone under Security to see if there are already included options, such as an automatic lock screen that activates after a certain period of inactivity.

There are also applications you can download to increase the level of security on your phone, including apps that allow you to access and control your phone remotely in the case of loss or theft.

Major Microsoft Windows Vulnerability Discovered

Microsoft recently released details about the newest vulnerability (MS15-034) in the Windows HTTP stack’s armor. With other recent problems in Microsoft patches, the problem may have been downplayed a bit to save face. This vulnerability, however, is more serious than it initially seemed.

The MS15-034 vulnerability is widespread. Although Windows servers are most at risk, this problem affects most products that run Windows. The chink in question lies in the HTTP.sys component, which is a kernel-mode device driver that processes HTTP requests quickly.

This component has been an integral part of Windows since 2003 and is present in all versions up to Windows 8.1. This means that any device running Windows without up-to-date patches is at risk.

It isn’t difficult to exploit this vulnerability. The only thing Microsoft is divulging about how MS15-034 can be used to compromise devices is that it requires “a specially crafted HTTP request.” It seems that this information is deliberately vague.

All one has to do is send an HTTP request with a modified range header, and access to data is granted, although sometimes limited. A similar attack was documented in 2011 on the Apache HTTPD Web server that was later patched.

There is good news though. As in other areas of life, prevention is far more effective than trying to deal with a problem’s aftermath. It isn’t difficult to protect your devices from the MS15-034 vulnerability.

The first step is to ensure that your server has the latest updates that include the patch to fix the problem.

If your server hosts a publicly accessible application, you can verify your server’s vulnerability by going to https://lab.xpaw.me/MS15-034, enter your server’s URL, and press the Check button for an instant report on your site.

If you then see the report that the website has been patched, you’re safe; otherwise, that particular system will need to be patched.

Social Media Hashtags: What Are They And How To Use Them?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

As we delve into our social media networks, like Instagram, Twitter, and Tumblr, it seems that hashtags – or little words and phrases preceded by the # symbol – are permeating everything in our feeds.

This cryptic little symbol can actually make it easy to categorize posts and search for similar content, but more and more people seem to be using it outside of that purpose, which creates confusion about this practice as a whole.

Unlike many internet crazes, the emergence of the hashtag can actually be traced to its very first Tweet.

Back in August 2007, Chris Messena, a former Google employee, wrote on Twitter: “how do you feel about using # (pound) for groups. As in #barcamp [msg]?” Granted, this single tweet didn’t revolutionize how we navigate social media all at once, but it eventually did catch on.

[Read more…] about Social Media Hashtags: What Are They And How To Use Them?

HIPAA Email Encryption Requirements

Michael Menor is Vice President of Support Services for Tech Experts.

Question: does the Security Rule allow for sending electronic patient health information (e-PHI) in an email or over the Internet?

Answer: the Security Rule allows for e-PHI to be sent over an electronic open network as long as it is adequately protected. The HIPAA Security Rule does not expressly prohibit the use of email for sending e-PHI.

However, the standards for access control, integrity, and transmission security require covered entities, such as insurance providers or healthcare providers, to implement policies and procedures.

These policies and procedures restrict access to, protect the integrity of, and guard against unauthorized access to e-PHI.

The standard for transmission security also includes addressable specifications for integrity controls and encryption.

By default, whenever you send or receive email, you must connect through the Internet to an email service provider or email server.

The reality is that most email service providers do not use any security at all. This means everything you send to or receive from your email service provider is unsecure, including your user name, password, email message, attachments, who you are sending to, and who you are receiving from.

It gets worse! Most email service providers connect to other email service providers without any encryption.
If the other party is not using a secure email service, their emails can also be compromised. So the email you send and receive through the Internet is wide open, unsecure, and can be intercepted and stolen by thieves.

This is one of the main causes for identity theft, spam, and PHI breaches.

According to the U.S. Department of Health & Human Services (HHS), “…a covered entity must implement an addressable implementation specification if it is reasonable and appropriate to do so, and must implement an equivalent alternative if the addressable implementation specification is unreasonable and inappropriate, and there is a reasonable and appropriate alternative.”

This basically states that encryption is required. If you choose not to encrypt your data, you must document, in writing, a reasonable explanation why you chose not to do so.

In the event of an audit, the Office for Civil Rights (OCR) will review your documentation and determine whether or not they agree with you. You’re required to encrypt PHI in motion and at rest whenever it is “reasonable and appropriate” to do so.

I’ll bet that if you do a proper risk analysis, you’ll find very few scenarios where it’s not. Even if you think you’ve found one, and then you’re beached, you have to convince the OCR, who think encryption is both necessary and easy, that you’re correct.

I have convinced myself and others that encryption is required by HIPAA.

Better safe than sorry, after all.