TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Spring Cleaning Tips for Your Home and Office Computers

ПечатьSpring is a good time to get some cleaning done in your home as well as your office. Here are few tasks and tips you should check off your list, if you own a small business or if you simply are a computer user:

Back up your files
You should make it a routine and regularly back up your important files to the cloud or into an external hard drive. Delete old unnecessary emails and archive important ones. This will make it easier to locate specific email chains and will open up the storage space in your computer.

Update your security settings
You may assume that your home or small business or PC is too small a target for hackers, but that is simply not the case.
Internet security statistics show that hackers are targeting businesses with fewer than 250 employees due to the fact that it’s generally easier to hack into small businesses and home users.

As a rule, assume that any valuable information you have is at risk, and ensure you install the latest security patches and updates whenever they become available.

Take advantage of mobile technology
Research indicates that small businesses that do not accept mobile payments could be losing up to 1 trillion dollars annually. Many small business owners realize the potential of mobile technology, but 91% of them still don’t have mobile-optimized websites. If your business is not yet mobile friendly, it is important to start thinking about upgrading your services.

Go paperless
Going paperless will significantly reduce paper clutter and will minimize the time needed for spring cleaning. There are many affordable solutions you could adopt which allow you to maintain and organize critical business documents.

Manual clean-up
Your hardware and peripherals also need to be cleaned, so take some time to clean your keyboards, screen monitors and to check the batteries in your mouse or wireless keyboards. Also, remember to clean your printer and check whether or not you have installed all the required updates from the manufacturer and that all its parts work seamlessly.

(Image Source: iCLIPART)

Effective Ways To Increase Your Privacy Online

c610923_mWith the increased hacking and account infiltration attempts, protecting people’s privacy has become extremely important.

While online, you can minimize your exposure by browsing privately or completely anonymously.

Private Browsing
You can browse the internet privately, by turning on the private browsing feature. It will prevent the history tracking of pages you visit. The feature is found in the main browser menu.

In Internet Explorer, the feature is called ‘Private Browsing,’ in Firefox, it is called ‘Private Window’ and in Google Chrome, it is called ‘Incognito mode.’

However, there are limits to private browsing: Any files you save or websites you visit will have your IP address as well as unencrypted data you send.

For greater privacy, there is Sandboxie, an application which prevents other programs from saving any data to your disk.

Protect Personal Data
It is good practice to use unique usernames and passwords for each computer user, including guests.

This will help to reduce unwanted access to your files. You could also encrypt your hard drive by enabling Bitlocker which will encrypt your entire drive, making it inaccessible to anyone without your Windows user password.

In case you don’t have Bitlocker built into your OS, TrueCrypt is another free alternative that will secure your files. When you need to completely delete your files, use a utility like Eraser which will ensure they can never be recovered.

Use a Private OS
The best way to ensure complete anonymity and privacy, you could work in an entirely different operating system from your regular OS through virtualization.

A wall is set up around the virtual computer to prevent anything you do from leaving files on your normal Windows file system.

This is an entire operating system devoted to privacy, and is installed on a DVD or USB to run on any computer.

Nothing is written to the computer’s main drives and your browsing activity is completely anonymous.

(Image Source: iCLIPART)

Why Your Company Should Make The Switch To VoIP

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We made the switch to a Voice over IP (VoIP) phone system a few weeks ago. I opted for an in-house telephone server, but could have easily chosen a hosted option that didn’t require any hardware in the office except for phones.

A growing number of small businesses are making the same switch. While it can be a lot of work to overhaul the entire telecommunications system of your small business, it is definitely worth considering in light of the ever-increasing costs of traditional services.

What is VoIP?
VoIP is a method of making phone calls using the Internet as opposed to using typical landlines. VoIP services integrate Internet connected IP phones, which look pretty much like traditional office phones, except they plug into an Internet connection with an Ethernet cable.

Cost effectiveness
The biggest VoIP attraction is low cost. Since they’re Internet-based, hosted systems usually require little to no hardware investment. You might need to upgrade your firewall or Ethernet switches to accomodate the increased traffic.

An in-house system requires an investment in a mid-grade voice server, the phone system software, new phones, and possible network upgrades. The equipment cost is around half of what a traditional phone system would cost.

We’ve seen our monthly phone bill drop from over $300 per month to less than $60 using VoIP carriers instead of a traditional phone company.

Hosted fees run from $20 to $30 per extension, which includes all of your local and long distance calling, and the rental of the cloud based phone system.c150103_m

VoIP is particularly cost-effective, if you have employees working from satellite offices or telecommuters.

A telecommuter can take a VoIP phone home and make calls by plugging it into his home Internet connection to make and receive calls on the company lines at no additional cost.

Other benefits
Certain VoIP service providers have introduced mobile apps that allow workers to make and receive phone calls on their mobile devices using the company phone numbers. Their privacy is therefore protected since they do not give their personal phone number.

In addition, the company owns the line so if an employee leaves, calls are routed to the company rather than the employee’s cell phone.

Things to consider
While the mobility and scalability of VoIP systems are attractive, there are a few things to keep in mind. Since VoIP services depend on an Internet connection, if the connection fails, the phones would be dysfunctional.

In a business such as ours, where phones are integral to daily operations and client service, we would strongly recommend a backup Internet connection.

Almost all VoIP systems also have a fail over function, where the system will automatically route incoming calls to another number, such as a cell phone, if the Internet goes down.

The future
The increase in VoIP adoption is undeniable, and analysts predict that it will become the predominant business phone service over the next decade. Our system works great, and I’m glad we made the switch!

(Image Source: iCLIPART)

Does Your Organization Have A Security Program?

Michael Menor is Vice President of Support Services for Tech Experts.

No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. Such a plan is called a security program by information security professionals.

Whether yours is five or 200 pages long, the process of creating a security program will make you think holistically about your organization’s security.

A security program provides the framework for keeping your company at a desired security level by assessing the risks you face, deciding how you will mitigate them, and planning for how you keep the program and your security practices up to date.

Think you don’t have anything of value to protect? Think again. The key asset that a security program helps to protect is your data – and the value of your business is in its data.

You already know this if your company is one of many whose data management is dictated by governmental and other regulations — for example, how you manage customer credit card data (PCI Compliance) or even how you handle sensitive patient information (HIPAA). If your data management practices are not already covered by regulations, consider the value of the following:

Product information, including designs, plans, patent applications, source code, and drawings.

Financial information, including market assessments and your c607128_mcompany’s own financial records.
Customer information, including confidential information you hold on behalf of customers or clients.

Protecting your data means protecting its confidentiality, integrity, and availability. Also known as the C-I-A triangle. The consequences of a failure to protect all three of these aspects include business losses, legal liability, and loss of company goodwill. Consider the following examples:

Failure to protect your data’s confidentiality might result in customer credit card numbers being stolen, with legal consequences and a loss of goodwill. Lose your clients’ confidential information and you may have fewer of them in the future.

A data integrity failure might result in a Trojan horse being planted in your software, allowing an intruder to pass your corporate secrets on to your competitors. If an integrity failure affects your accounting records, you may no longer really know your company’s true financial status.

Having a security program means that you’ve taken steps to mitigate the risk of losing data in any one of a variety of ways, and have defined a life cycle for managing the security of information and technology within your organization.

Hopefully the program is complete enough, and your implementation of the program is faithful enough, that you don’t have to experience a business loss resulting from a security incident. If you have a security program and you do experience a loss that has legal consequences, your written program can be used as evidence that you were diligent in protecting your data and following industry best practices.

Getting started in the right direction
It doesn’t matter whether your security program is five pages or 200 pages long. The important thing is that you have a security program and that you use it to address your company’s security in an organized, comprehensive, and holistic way. You can adapt the above elements to create a security program for your organization, or, if you need help, give us a call at (734) 457-5000.

Everyone needs to have a security program because it helps you maintain your focus on IT security. It helps you identify and stay in compliance with the regulations that affect how you manage your data. It keeps you on the right footing with your clients and your customers so that you meet both your legal and contractual obligations. Its life cycle process ensures that security is continuously adapting to your organization and the ever-changing IT environment we live in. And, of course, it’s the right thing to do because protecting your data’s security is the same as protecting your most important asset.

(Image Source: iCLIPART)

The Top 5 Upgrades To Speed Up Your Systems Now

Scott Blake is a Senior Network Engineer with Tech Experts.

Things happen a lot faster in a small business than they do in the corporate world. This is why it is critical for small business owners to ensure their technology is up to date.

Here are five upgrades you should consider including in your IT budget to help you get things done faster.

Get a faster Internet connection
Surprisingly, many businesses which completely rely on Internet connectivity still settle for slow Internet speeds.

It may not seem obvious at first; however, speeding up your Internet connection will speed your business activities, such as file downloads and webpage loading.

You might even consider signing up for a second internet line with another provider just so you can balance your Internet access between the two.

This will speed things up and provide a safety net in case one provider’s network fails. Most of the firewalls we recommend automatically have two Internet connections for redundancy.

Upgrade to Gigabit networking
Upgrading your network speed to Gigabit Ethernet will give you a 10-fold increase in network throughput.

GbE used to be expensive; however, today there are affordable gigabit network switches. In addition GbE works over CAT 5E cabling that is widely deployed, and it is typically built into most desktops and laptops.

Upgrade hard drives to Solid State Drives
If you are not yet ready for a company-wide system upgrade, you can still stretch the lifespan of your desktops/laptops by upgrading the hard disk drive (HDD) to a solid state drive (SSD).Печать

An SSD can read and write data at a higher speed, which allows users to boot up their systems and launch applications faster. SSDs are affordable; even a lower-end model will deliver a significant system boost.
We’ve seen incredible performance increases when installing solid state drives. Windows will boot in 5 to 10 seconds, Word loads instantly, and even QuickBooks speeds up.

Switch to 802.11n  wireless
If your office runs on an 802.11b or 802.11g Wi-Fi network, this would be a good time to deploy the 802.11n wireless.

This comes with a faster wireless speed that makes for a better experience and can support more wireless devices. Note that GbE is necessary to support these faster 300 Mbps 802.11n Wi-Fi access points.

Upgrade computer RAM
More RAM never hurts, and this is bolstered by the sheer affordability of RAM.

While modern computers with 4GB or more of RAM generally have adequate memory for nearly all user demands, increasing your RAM allows you to reduce virtual memory or even turn it off. This makes for a much faster computing experience.

(Image Source: iCLIPART)

Most Commonly Used IT Acronyms and Their Meanings

CPU (Central Processing Unit)
The CPU is the computer ‘brain’ and its most important element. It interprets and executes most of the commands from the computer’s hardware and software.

RAM (Random Access Memory)
RAM may be compared to a person’s short-term memory. It is the place where the operating system, application programs and data in current use are kept so they can quickly be reached by the processor.

GHZ (Gigahertz)
GHz describes the frequency cycles and is used when discussing computer performance, usually the clock speed of the CPU. A CPU with a higher clock speed can process data faster. One GHz means 1 billion cycles per second.
Gigabyte
A gigabyte (GB) is equal to approximately a billion bytes and is a measure of computer storage capacity that could be used to describe disk space, data storage space, or system memory.

Megabyte
A megabyte (MB) is a measure of computer storage capacity and is equal to approximately a million bytes. Most PCs have storage in gigabytes, not megabytes.

32/64 BITS
32-bit and 64-bit refer to the architecture that a central processing unit or operating system utilizes. Generally, more bits mean that data can be processed in larger chunks and more accurately.

 

The Hidden Cost Of Internet Misuse At Work

Using the Internet for personal purposes in the workplace is causing a dip in employee productivity and costing money for the business owner.

Internet abuse constitutes an issue due to the fact that the browsed content raises ethical questions and often the sites visited are not allowed through office policies.

This is in addition to the fact that the time and frequency of accessing the Internet compromises productivity.

What constitutes Internet abuse?
Workplace Internet abuse is a significant risk factor for employer liability, costing employers’ valuable hours of work.

Internet abuse ranges from viewing pornography in private c472520_moffices to spending hours on social sites, playing online games, shopping online and paying bills through the company Internet.

Other consequences of improper Internet use include litigation, such as sexual harassment, hostile work environments and discrimination.

Revoking privileges
One way to deal with this problem is to entirely remove Internet access. Unfortunately, such a decision has the negative effect of punishing those who don’t abuse the privilege.

In addition, it’s impossible to completely banish personal Internet usage when the business relies heavily on Internet for communication, research and up-to-date information.

Monitoring usage
One way to reduce employer liability is to monitor and filter employee Internet use.
Although there are disagreements about the principle behind Internet monitoring, many employers agree that it is a necessary ‘evil.’

This solution requires some investment and changes in the networking infrastructure but can provide an almost immediate Return on Investment (ROI).

A phased implementation approach works best. Let your employees know you’re making a change, implement, and then give them a few days to adjust.

It is also necessary to draft an Acceptable Use Policy (AUP), implementing rules of personal Internet use before implementing such a change.

If you want to discuss internet monitoring solutions for your business, please give us a call for a free assessment.

(Image Source: iCLIPART)

The Right Strategy To Get More Visitors To Your Website

ПечатьEvery website can be improved, however good it is. In fact, you never want to settle for ‘good enough,’ particularly if your website is part of a business.

It’s unlikely that 100 percent of the visitors to your site take the precise action you want, so there is always room for improvement.

Determine your sales path
When thinking about how to attract more visitors to your site, it is first important to figure out the primary goal of your website, and then work backwards.

For instance, if you are selling a product online, the path for your visitors is likely to visit your homepage, navigate to the product sales page, click the order button and then complete the order form before they finally arrive at your thank you page. This path is your conversion funnel; the trick is to optimize and improve every piece of it.

Evaluate each website page
In order to determine how much attention you should give to each of your website pages, you must evaluate them separately.

Find out how many visitors land on each page, and what percentage of them proceed to the next stage of the sales path (its conversion rate). Aiming to increase the conversion rate of each page will be much more effective than looking at your entire website as a whole. For instance, increasing the conversion rate of each page by 10 percent would mean a 33 percent increase in your overall conversion rate.

Constant tracking
It is critical to track the conversion rate of each page both daily and monthly. While daily rates may fluctuate quite a bit, watch out for dramatic conversion drops which might be caused when a page, image or video does not load. On a monthly basis, check the performance of your pages and spot those that are decreasing in effectiveness and need improvement.

(Image Source: iCLIPART)

Severe Weather Is Just Around The Corner… Be Prepared

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

March is National Severe Weather Preparedness month, and we’re still shaking off severe winter storms.Tornado season is right around the corner, so it’s important to assess your company’s backup systems.

Disasters put all business data at risk and that’s why so many businesses take steps to protect their systems. But there are still risks that they may miss.

One of the best ways to make sure your network is properly protected is to learn from the mistakes other companies. Here are four key things that virtually guarantee it will be impossible for your business to recover from a catastrophic hardware failure or natural disaster.

Not backing up data
It may seem like common sense when preparing for a disaster or developing a continuity plan that you should back up your data. However, a study from Symantec found that only half of businesses back up more than 60% of their data.

Other businesses don’t back up data or only back up certain systems. This means that if these businesses are faced with a disaster, they could lose up to 40% of their data. Some businesses could lose all of it.

Many experts suggest that businesses not only back up their data, but take more of an all-or-nothing approach. All data should be backed up so that should a disaster happen you can guarantee that nothing will be lost.

Failing to protect off site data
Business is becoming increasingly spread out, with many employees working from outside of the office, or on their own systems. People who telecommute or use their own systems usually store important data on their local machines.

When a company goes to protect or back up their data, some Computer crashmay forget to back up data on machines outside of the company premises.

What’s more, some industries have regulations stating that you must back up data from all end-points (e.g., computers and devices) regardless of their location. So, when you are backing up data, be sure that you also back up data on systems that aren’t in the office.

Not backing up data consistently
The data in your business is always evolving and growing. Therefore, you need to ensure that it is backed up regularly. Because backups take time, there is a higher chance for them to fail. If you only back up once a year without checking, and disaster strikes, you could find that your data is incomplete, inaccessible or out of date. This may make any recovered data essentially useless.

The question is, how often should you back up your data? For most small businesses, a full backup at least once a week is suggested. If you work with client data on a regular basis or in a regulated industry, daily backups would likely be the best plan.

Using outdated backup methods
Just because you back up your data doesn’t mean it will always be available, especially if you use older backup methods such as data tapes or disks. These physical backups can be lost or even destroyed in a disaster and possibly even stolen. You may want to employ a more modern data backup solution that is more reliable, such as our Experts Total Backup cloud backup system.

That being said, you don’t have to give up older methods as these can come in handy, especially if you are going to be operating without the Internet for an extended period of time. By employing more than one solution, you can cover all bases while ensuring that data is largely backed up and available.

If you are looking to learn more about how you can protect your data, please contact us today to see how our systems and solutions can help.

(Image Source: iCLIPART)

Tips For Defending Against Social Engineering Attacks

c481198_mby Michael Menor, Network Technician
I just got yet another email from my bank. Or, at least it looked like the bank that had issued one of my credit cards. The email included my correct name and mailing address, as well as a variety of other quality information such as the last four digits of my credit card number.

This may not seem like it is great information, but I regularly change details in my name for accounts, such as using different middle initials, including or omitting part of my first name, or using one of the three different street addresses that will get mail delivered to my home. So when someone gets it all correct, it really is a big deal to me.

According to the email, I needed to log on (yes, convenient link included) and check a fraud alert that was being issued on my credit card by my bank because of suspicious activity.

Again, this did make some sense, because this account was compromised, and I do have fraud triggers set to alert via email and text. Despite the fact that I pretty much always view these emails as suspicious, all in all, it seemed like the type of email that I might not want to ignore.

Except for the fact that the email came to a valid email address which I have never registered with this particular bank. Oddly enough, I have seen this with increasing frequency, and have received both Facebook and LinkedIn notifications with friend/connect requests – with people I actually know – but, both sent to email addresses which I have never registered with Facebook or LinkedIn.

Social Engineering?
Getting a few emails doesn’t necessarily mean I am in the middle of a social engineering attack. The catch here is that the emails contained real information that could only be gathered if someone was working it, so I tend to look a little beyond random phishing. The sender had good information.

A more recent complexity in social engineering is the use of this type of good information in an Advanced Persistent Threat (APT). In this role, social engineering is used in concert with other attack vectors. Information gathered from social engineering is used to target technical attacks, and in turn, information from technical attacks is used to help target further social engineering attacks as an attacker learns more about a set of individuals as well as the entire organization.

The availability of information from public sources like social media allows online research about specific people to be very targeted, further enabling more specific social engineering attacks.

Part of the social engineering attacks that are the most dangerous are those attacks that also try to get targets to execute malicious links or applications, potentially installing malware.

You may recognize a random external email attack that includes a virus or a malicious link. But, how would you respond to an email from your daughter’s college that appears to claim she was being ejected, or an email from a well-known pharmaceutical company that announced recently discovered potentially fatal side effects of a prescription drug that you are currently taking? Personal attacks like this which are tailored to a specific individual have become more common, and we should expect this trend to continue.

Can We do Anything About It?
Since there is no such thing as a personal firewall to help filter out attacks, the single best thing you can do to minimize the chances of a successful social engineering attack is proper awareness. At the same time, some technical controls can help. I have no “magic list” of five things to do, and I know 16 controls can look like a daunting task, but any or all of these things can help reduce the chances of a successful social engineering/phishing attack.

Even starting with one thing that you are currently not doing can help.

1. You should know that social engineering attacks exist. You should also know that attackers are interested in getting personal information as well as corporate information, and that individuals may be attacked through any phone, email or social media account – both work and personal – since personal knowledge can help make targeted attacks more successful.

2. You should be very careful about the type of information you leave in your voicemail greeting. A good default is to leave your first name, and state that you will return the call, without identifying your group.

3. “Extended absence” messages may be necessary, but should be used with care. Consider leaving a “fake” alternate contact name so that a coworker can easily identify that the call came from your out-of-office message. When you’re out and you want callers to reach “Betty Brown” for assistance in your absence, you might leave an outgoing message that says “Beth Brown” instead of “Betty Brown.” Then, when a caller asks for “Beth,” Betty will actually know that this call came as a result of your out-of-office message.
4. To help minimize the ease with which an attacker can identify valid email addresses at your organization, your email server should be configured so that it does not respond to inbound invalid addresses.

5. Make sure that corporate email addresses have little to no relationship with the employee’s user ID. Never make the name in your email address the same as the user ID you use on your internal network. If the user ID that you use to log onto your corporate network is bsmith, do not make your corporate email address bsmith(at)yourcompany.com.

6. You should be filtering attachments on your email and removing attachments with potentially hostile contents, such as executable files. Distributing Trojan horses or viruses via email is a common attack technique.

7. Be aware of company specific jargon. Anyone who uses improper or general information about your company can be regarded as an outsider. Maybe you work for Tech Experts, but everyone calls it “TE.” Using incorrect terminology is a clue that a call may not be genuine.

8. Someone who acts irate or angry and attempts to rush you through a questionable process should be regarded as suspicious. Bullying someone is a common technique to keep a target off balance.

9. Many (not all) data gathering emails come from temporary or “throw away” accounts, such as an account at Gmail or Yahoo. Your staff should be aware that there are a number of reasons an attacker would like to clearly identify valid email addresses and that your staff should consider this in all external responses.

10. Your company should not use or allow the use of external web-based email accounts through the normal course of your business. Do not let employees get used to seeing official email from such accounts (like @gmail.com instead of @yourcompany.com).

11. Your employees should know that no one from corporate IT (or anyone else) would ever call them and ask for their password. Simply put, no employee should ever divulge his or her password to anyone else. Never.

12. You should maintain an accurate and current employee directory with phone numbers. Anyone receiving a suspicious call can ask the caller who they are and consult the phone directory for the name and phone number.

13. Dispose of sensitive material in an appropriate manner. Either use an office shredder or contract with a reputable “secure disposal” company to dispose of sensitive information for you. Yes, “dumpster diving” is real, does happen and does work.

14. The Help Desk can take steps to reduce the number of invalid password resets and snooping attempts.

a. If a user calls from an outside number, the Help Desk’s first response should always be to consult a corporate phone directory for an official work, mobile or home phone number to return the user’s call. Any number not on the list should be considered suspicious.

b. The Help Desk should verify the employee’s full name, with proper spelling, phone extension, department or group. You are trying to add enough information that an attacker would have to be very prepared for the request.

c. The Help Desk should ask the caller for a number at which they can call the user back, regardless of from where the user is calling. A call from anyone who will not provide a callback number should be considered an attack.

d. You may consider having the Help Desk leave a user’s new password in the employee’s corporate voicemail. A valid user should have no trouble retrieving the password. An attacker would have to compromise the voicemail system to get access to the password.

15. If you are being asked to release or reveal something that is clearly sensitive, such as your strategic plan, passwords, pre-release earnings, source code and other such internal information, it should be automatically regarded as suspicious.

16. You should have a plan for how you will communicate internally if you identify that a social engineering attack is taking place against your company.

Does every employee get an email stating that an attack is in progress, and that everyone should exercise additional care? Who should send the email, and what is the final triggering event before a company-wide alert is distributed?

Conclusion
A good social engineer can extract sensitive internal information very quickly, and can then help ensure they make the best use of that information to further additional attacks.

Knowing this, you should understand that a social engineering attack can happen at any time. They don’t happen because you have poor security, they happen because someone else decided you were a target.

(Image Source: iCLIPART)