TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Beware of Deepfakes! Learn How to Spot the Different Types

Have you ever seen a video of your favorite celebrity saying something outrageous? Then later, you find out it was completely fabricated? Or perhaps you’ve received an urgent email seemingly from your boss. But something felt off.

Welcome to the world of deepfakes. This is a rapidly evolving technology that uses artificial intelligence (AI). It does this to create synthetic media, often in the form of videos or audio recordings. They can appear real but are actually manipulated.

Deepfakes have already made it into political campaigns. In 2024, a fake robocall mimicked the voice of a candidate. Scammers wanted to fool people into believing they said something they never said.

Bad actors can use deepfakes to spread misinformation and damage reputations. They are also used in phishing attacks. Knowing how to identify different types of deepfakes is crucial in today’s world.

So, what are the different types of deepfakes, and how can you spot them?

Face swapping deepfakes

This is the most common type. Here the face of one person is seamlessly superimposed onto another’s body in a video. These can be quite convincing, especially with high-quality footage and sophisticated AI algorithms. Here’s how to spot them:

  • Look for inconsistencies: Pay close attention to lighting, skin tones, and facial expressions. Do they appear natural and consistent throughout the video? Look for subtle glitches such as hair not moving realistically or slight misalignments around the face and neck.
  • Check the source: Where did you encounter the video? Was it on a reputable news site or a random social media page? Be cautious of unverified sources and unknown channels.
  • Listen closely: Does the voice sound natural? Does it match the person’s typical speech patterns? Incongruences in voice tone, pitch, or accent can be giveaways.

Deepfake audio

This type involves generating synthetic voice recordings. They mimic a specific person’s speech patterns and intonations. Scammers can use these to create fake audio messages and make it seem like someone said something they didn’t. Here’s how to spot them:

  • Focus on the audio quality: Deepfake audio can sound slightly robotic or unnatural. This is especially true when compared to genuine recordings of the same person. Pay attention to unusual pauses as well as inconsistent pronunciation or a strange emphasis.
  • Compare the content: Does the content of the audio message align with what the person would say? Or within the context in which it’s presented? Consider if the content seems out of character or contradicts known facts.
  • Seek verification: Is there any independent evidence to support the claims made? If not, approach it with healthy skepticism.

Text based deepfakes

This is an emerging type of deepfake. It uses AI to generate written content like social media posts, articles, or emails. They mimic the writing style of a specific person or publication. Scammers can use these to spread misinformation or impersonate someone online. Here’s how to spot them:

  • Read critically: Pay attention to the writing style, vocabulary, and tone. Does it match the way the person or publication typically writes? Look for unusual phrasing, grammatical errors, or inconsistencies in tone.
  • Check factual accuracy: Verify the information presented in the text against reliable sources. Don’t rely solely on the content itself for confirmation.
  • Be wary of emotional triggers: Be cautious of content that evokes strong emotions. Such as fear, anger, or outrage. Scammers may be using these to manipulate your judgment.

Staying vigilant and applying critical thinking are crucial in the age of deepfakes.

Familiarize yourself with the different types. Learn to recognize potential red flags. Verify information through reliable sources. These actions will help you become more informed and secure and protect you from these threats.

How To Make The Pain Of Passwords Go Away

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Passwords. They’re the keys to our digital kingdoms, but also the biggest pain in our necks.

They’ve been around since the dawn of the internet, and guess what? Even with replacements being introduced, they’re not going away anytime soon.

I’m sure you’ve felt the pain of managing a billion passwords for all your accounts. It’s exhausting and risky. Perhaps it’s time you considered using a password manager.

The real beauty of password managers is you only have to remember one password – the master password to log in to your manager. Then, it does everything else for you.

  • It creates long random passwords
  • It remembers them and stores them safely
  • And it will even fill them into the login page for you

That means no more wracking your brain trying to remember if your password is “P@ssw0rd123” or “Pa55w0rd123” (both are really bad and dangerously weak passwords, by the way). With a password manager, all the work is done for you.

We won’t sugar coat it – password managers aren’t invincible. Like all superheroes, they have their weaknesses. Cyber criminals can sometimes trick password managers into auto filling login details on fake websites.

But there are ways to outsmart criminals.

First, disable the automatic autofill feature. Yes, it’s convenient, but better safe than sorry, right? Only trigger autofill when you’re 100% sure the website is legit.

And when choosing a password manager, go for one with strong encryption and multi-factor authentication (MFA) where you generate a code on another device to prove it’s you.

These extra layers of security can make a big difference in making your accounts impenetrable.

Enterprise password managers offer useful features like setting password policies and analyzing your teams’ passwords for vulnerabilities. Plus, they often come with behavior analysis tools powered by machine learning tech. Highly recommended.

But here’s the thing – no matter how advanced your password manager is, it’s only as good as the person using it. So, do yourself a favor: Train your team to stay vigilant against scams, and always keep your password manager up to date.

We can recommend the right password manager for your business and help you and your team use it in the right way. Get in touch at (734) 457-5000, or info@mytechexperts.com.

 

You’d Be Lost Without It, So Don’t Forget Email Security

Let’s talk about something super important: Email security. Yep, we know it might not sound like the most thrilling topic, but it’s a big deal. Businesses like yours face more cyber threats than ever.

We’ve seen our fair share of cyber attacks, and let us tell you, many of them start with a simple email (official figures say it’s a massive 90%!). Yep, that innocent-looking message in your inbox could be the gateway for cyber criminals to wreak havoc on your business.

So, why is keeping your business email secure so important? Well, for starters, it’s your first line of defense against cyber attacks. Think of it like locking the front door of your house to keep out intruders.

If your email is secure, you’re making it a whole lot harder for cyber criminals to sneak in and steal your sensitive data.

But implementing proper email security measures safeguards your valuable data from getting lost or falling into the wrong hands.

It’s not just cyber criminals you’re at risk from; an employee could accidentally leave a laptop on a train or in a coffee shop.

That could mean all your important business communications and documents were suddenly open for someone else to read. It would be a nightmare, right?

You might be thinking, “But I’m just a small business. Why would I be a target?” Ah, but here’s the thing – cyber criminals don’t discriminate based on business size.

In fact, small and medium-sized businesses are often seen as easier targets. That’s because they may not have the same level of security measures in place as larger corporations.

So, don’t think you’re off the hook just because you’re not a Fortune 500 company.

Now that we’ve established why email security is crucial, let’s talk about how you can ramp up your defenses.

First off, use strong, unique passwords for your email accounts. None of that “p@ssW0rd123” nonsense, please.

Better still, use a password manager to create and store uncrackable passwords.

Consider implementing two-factor authentication for an extra layer of security (where you generate a login code on another device to prove it’s you).

And don’t forget to keep your software and security patches up to date – those updates often contain important fixes for vulnerabilities that cyber criminals love to exploit.

Lastly, educate your employees about the importance of email security. They could be your strongest defense or your weakest link when it comes to keeping your business safe from cyber threats.

Teach them how to spot phishing emails (emails pretending to be from someone you trust) and what to do if they suspect something isn’t right.

Remember, a little prevention now can save you a huge headache, time, trouble (and money) later. If we can help with that, get in touch.

Google & Yahoo’s New DMARC Policy – Why Businesses Need Email Authentication

Have you been hearing more about email authentication lately? There is a reason for that. It’s the prevalence of phishing as a major security threat. Phishing continues as the main cause of data breaches and security incidents. This has been the case for many years.

A major shift in the email landscape is happening. The reason is to combat phishing scams. Email authentication is becoming a requirement for email service providers. It’s crucial to your online presence and communication to pay attention to this shift.

Google and Yahoo are two of the world’s largest email providers. They have implemented a new DMARC policy that took effect in February 2024. This policy essentially makes email authentication essential. It’s targeted at businesses sending emails through Gmail and Yahoo Mail.

But what’s DMARC, and why is it suddenly so important?

The email spoofing problem

Imagine receiving an email seemingly from your bank. It requests urgent action. You click a link, enter your details, and boom – your information is compromised. The common name for this is email spoofing.

It’s where scammers disguise their email addresses. They try to appear as legitimate individuals or organizations. Scammers spoof a business’s email address. Then they email customers and vendors pretending to be that business.

These deceptive tactics can have devastating consequences on companies. These include:

  • Financial losses
  • Reputational damage
  • Data breaches
  • Loss of future business

Unfortunately, email spoofing is a growing problem. It makes email authentication a critical defense measure.

What is email authentication?

Email authentication is a way of verifying that your email is legitimate. This includes verifying the server sending the email. It also includes reporting back unauthorized uses of a company domain.

Email authentication uses three key protocols, and each has a specific job:

  • SPF (Sender Policy Framework): Records the IP addresses authorized to send email for a domain.
  • DKIM (DomainKeys Identified Mail): Allows domain owners to digitally “sign” emails, verifying legitimacy.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Gives instructions to a receiving email server including, what to do with the results of an SPF and DKIM check. It also alerts domain owners that their domain is being spoofed.

SPF and DKIM are protective steps. DMARC provides information critical to security enforcement. It helps keep scammers from using your domain name in spoofing attempts.

Why Google & Yahoo’s new DMARC policy matters

Both Google and Yahoo have offered some level of spam filtering but didn’t strictly enforce DMARC policies.

Starting in February 2024, the new rule took place. Businesses sending over 5,000 emails daily must have DMARC implemented.

Both companies also have policies for those sending fewer emails. These relate to SPF and DKIM authentication.

Look for email authentication requirements to continue and be more strictly enforced. You need to pay attention to ensure the smooth delivery of your business email.

The benefits of implementing DMARC include:

  • Protects your brand reputation
  • Improves email deliverability
  • Provides valuable insights

Introduction To Smart Home Technology For Small Biz Owners

In the past, the concept of a “smart home” might have conjured up images of futuristic living spaces from science fiction movies. Today, technology such as video telephones and voice-activated lights have made those dreams a reality.

However, with the rapid advancement of technology, some traditional problems persist, such as security vulnerabilities and connectivity issues. If you’re incorporating smart home technology into your small business, understanding these challenges and knowing how to address them is essential.

Here are some of the most common smart home issues and solutions.

Connectivity woes

Problem: Your smart devices frequently lose connection or have slow performance.

Solution: Start by restarting your router and any problematic devices. This often resolves temporary connectivity issues. If problems persist, check the placement of your router. It should be in a central location to evenly distribute the Wi-Fi signal throughout your premises.

For larger spaces, consider investing in a Wi-Fi extender to boost signal strength and expand coverage.

Device unresponsiveness

Problem: Devices fail to respond to commands or operate sluggishly.

Solution: The first step in troubleshooting unresponsive devices is to turn them off and on again. This can clear out any temporary glitches affecting performance.

Additionally, ensure your devices are running the latest software updates, as these can include important fixes and improvements.

Battery drain

Problem: Smart devices are consuming battery power more quickly than expected.

Solution: Adjust the device settings to optimize power usage. Disable unnecessary features and reduce the frequency of updates or checks that the device conducts autonomously. These small adjustments can significantly extend battery life.

Incompatibility issues

Problem: Smart devices don’t communicate or work well together.

Solution: Ensure all devices are compatible with your chosen smart home platform (such as Google Home, Amazon Alexa, or Apple HomeKit). When purchasing new devices, review the manufacturer’s specifications to ensure they can integrate smoothly with your existing setup. This can prevent a lot of frustration and ensure that your devices can work together seamlessly.

Security concerns

Problem: Vulnerability to hacking and unauthorized access.

Solution: Secure all devices with strong, unique passwords. Avoid using default or easily guessed passwords. Implement two-factor authentication (2FA) wherever possible, adding an extra layer of security by requiring a second form of verification to access accounts.

App troubles

Problem: Apps controlling the smart devices frequently crash or lose connection.

Solution: If your app isn’t working correctly, first try logging out and logging back in. This can refresh the app’s connection to your devices. If this doesn’t solve the problem, uninstalling and then reinstalling the app may resolve underlying issues.

Automation gone wrong

Problem: Automated functions don’t operate as expected.

Solution: Review the automation rules you’ve set up and test them one at a time. This approach helps identify where things are going wrong so you can make necessary adjustments.

Limited range

Problem: Devices far from the Wi-Fi router or hub have poor connectivity.

Solution: Move devices closer to your router or smart home hub. This can enhance their communication reliability and speed.

Ghost activity

Problem: Devices activate unexpectedly or exhibit unexplained behavior.

Solution: Investigate any unusual activity thoroughly as it could indicate security issues. Change your passwords regularly and monitor device logs for any unauthorized access.

Feeling overwhelmed

Problem: The complexity of managing a smart home system can be daunting.

Solution: Take advantage of device manuals and online tutorials. These resources can provide valuable guidance on setup and troubleshooting. If needed, don’t hesitate to seek out professional help to ensure your smart home setup meets your business needs efficiently.

By understanding these common issues and solutions, you can better manage smart home technology both at home and in your business, ensuring a smoother, more secure operation. If we can help, please reach out – (734) 457-5000, or info@mytechexperts.com.

It’s Time To Fix Your Risky Password Habits

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We all know how important it is to keep our data safe, but sometimes our best intentions fall short. And when you have employees, you’re at an increased risk of security threats and bad habits creeping in.

Here’s the deal: Even if you invest in cyber security training, changing long held password habits can be a tough nut to crack. People love convenience, and remembering a ton of complex passwords just isn’t their idea of a good time.

Your employees are juggling dozens of passwords for work and personal use. It’s a lot to handle, and sometimes they slip up and reuse passwords across different accounts. It’s a familiar story, right? And it’s where the trouble starts.

When passwords are reused, it’s like leaving the front door wide open for cyber criminals. If the password is breached on one site, they will try it to access other sites.

Here’s how you can make sure your team stays on top of their password game.

Password audit: Ask your IT partner to do an audit of passwords and look for weak ones that should be changed.

Block weak passwords: Ask your IT partner to implement a password policy that stops common passwords from being used.

Scan for compromised passwords: Even strong passwords can be compromised. Stay one step ahead by scanning for breached passwords and prompting employees to change them.

Use password managers: Password managers securely generate then store a unique password for every different account… and fill them into the login box so your team doesn’t have to.

Multi-Factor Authentication (MFA): Add an extra layer of security with MFA, where you get a code on a separate device. It’s like putting a deadbolt on your front door – double the protection, double the peace of mind.

With the right tools and guidance, password security doesn’t have to be hard work. If we can help you with that, get in touch – (734) 457-5000.

What Is Microsoft’s New Security Copilot?

It can be challenging to keep up with the ever-evolving cyber threat landscape. Companies need to process large amounts of data as well as respond to incidents quickly and effectively. Managing an organization’s security posture is complex.

That’s where Microsoft Security Copilot comes in. Microsoft Security Copilot is a generative AI-powered security solution. It provides tailored insights that empower your team to defend your network. It also works with other Microsoft security products.

Microsoft Security Copilot helps security teams:

  • Respond to cyber threats
  • Process signals
  • Assess risk exposure at machine speed

A big benefit is that it integrates with natural language. This means you can ask questions plainly to generate tailored guidance and insights. For example, you can ask:

  • What are the best practices for securing Azure workloads?
  • What is the impact of CVE-2024-23905 on my organization?
  • Generate a report on the latest attack campaign.
  • How do I remediate an incident involving TrickBot malware?
  • Security Copilot can help with end-to-end scenarios such as:
  • Incident response
  • Threat hunting
  • Intelligence gathering
  • Posture management
  • Executive summaries on security investigations

How does Microsoft Security Copilot work?

You can access Microsoft Security Copilot capabilities through a standalone experience as well as embedded experiences available in other Microsoft security products.

Copilot integrates with several tools, including:

  • Microsoft Sentinel
  • Microsoft Defender XDR
  • Microsoft Intune
  • Microsoft Defender Threat Intelligence
  • Microsoft Entra
  • Microsoft Purview
  • Microsoft Defender External Attack Surface Management
  • Microsoft Defender for Cloud

You can also use natural language prompts with Security Copilot.

Should you use Microsoft Security Copilot?

The pros:

  • Advanced threat detection
  • Operational efficiency
  • Integration with Microsoft products
  • Continuous learning
  • Reduced false positives

The considerations:

  • Integration challenges
  • Resource requirements
  • Training and familiarization

The Bottom Line

Microsoft Security Copilot marks a significant advancement in the world of AI-driven cybersecurity solutions. This cutting-edge system boasts an enhanced ability to detect threats in real-time, greatly improving operational efficiency. Additionally, its wide-ranging integration capabilities make it an extremely versatile tool in the cybersecurity arsenal.

These features render Microsoft Security Copilot an especially attractive option for businesses that are intent on strengthening their digital defense mechanisms.

The decision to implement Copilot in your organization should be tailored to your specific business requirements. It’s important to weigh factors such as your current cybersecurity infrastructure, the resources at your disposal, and the level of commitment your organization is willing to make towards ongoing training and adaptation of this sophisticated AI tool.

Be Careful When Scanning QR Codes

QR codes are everywhere these days. You can find them on restaurant menus, flyers, and posters. They’re used both offline and online. QR codes are convenient and easy to use. You just scan them with your smartphone camera. You’re then directed to a link, a coupon, a video, or some other online content.

With the rise in popularity of QR codes comes an unfortunate dark side. Cybercriminals are exploiting this technology for nefarious purposes. Scammers create fake QR codes. They can steal your personal information. They can also infect your device with malware or trick you into paying money.

It’s crucial to exercise caution when scanning QR codes. This emerging scam highlights the potential dangers lurking behind those seemingly innocent squares.

The QR code resurgence

QR codes were originally designed for tracking parts in the automotive industry. They have experienced a renaissance in recent years as a result, and they’re used as a form of marketing today.

They offer the convenience of instant access to information. You simply scan a code. Unfortunately, cybercriminals are quick to adapt. A new phishing scam has emerged, exploiting the trust we place in QR codes.

How the scam works

The scammer prints out a fake QR code. They place it over a legitimate one. For example, they might stick it on a poster that advertises a product discount or a movie.

You come along and scan the fake QR code, thinking it’s legitimate. The fake code may direct you to a phishing website. These sites may ask you to enter sensitive data such as your credit card details, login credentials, or other personal information.

Or scanning the QR code may prompt you to download a malicious app. One that contains malware that can do one or more of the following:

  • Spy on your activity
  • Access your copy/paste history
  • Access your contacts
  • Lock your device until you pay a ransom

The code could also direct you to a payment page. A page that charges you a fee for something supposedly free.

Tactics to watch out for

Malicious codes concealed: Cybercriminals tamper with legitimate QR codes. They often add a fake QR code sticker over a real one. They embed malicious content or redirect users to fraudulent websites.

Fake promotions and contests: Scammers often use QR codes to lure users into fake promotions or contests. When users scan the code, it may direct them to a counterfeit website.

Malware distribution: Some malicious QR codes start downloads of malware onto the user’s device.

Tips for safe QR code scanning

Verify the source: Verify the legitimacy of the code and its source.

Use a QR code scanner app: Use a dedicated QR code scanner app rather than the default camera app on your device.

Inspect the URL before clicking: Before visiting a website prompted by a QR code, review the URL.

Avoid scanning suspicious codes: Trust your instincts. If a QR code looks suspicious, refrain from scanning it.

Update your device and apps: Keep your device’s operating system and QR code scanning apps up to date.

Be wary of websites accessed via QR code

Don’t enter any personal information on a website that you accessed through a QR code. This includes things like your address, credit card details, login information, etc. Don’t pay any money or make any donations through a QR code.

Insights from the 2023 Annual Cybersecurity Attitudes and Behaviors Report

We are living in an era dominated by digital connectivity. As technology advances, so do the threats that lurk in the online world.

Often, it’s our own actions that leave us most at risk of a cyberattack or online scam. Risky behaviors include weak passwords and lax security policies, as well as thinking “This won’t happen to me.” This is why human error is the cause of approximately 88% of data breaches.

The National Cybersecurity Alliance and CybSafe publish a report on cybersecurity attitudes and behaviors. The goal is to educate both people and businesses on how to better secure their digital landscapes.

This year’s study surveyed over 6,000 people across the U.S., Canada, the U.K., Germany, France, and New Zealand. The survey asked about several things including knowledge of cybersecurity risks, security best practices, and challenges faced.

The report reveals some eye-opening insights, including how people perceive and respond to cyber threats as well as what they can do to improve their cybersecurity posture.

We are online… a lot

It’s no surprise that 93% of the study participants are online daily. The logins we create continue to expand, as well as those considered “sensitive.” Sensitive accounts hold personal information that could be harmful if stolen.

Nearly half (47%) of the study’s respondents have ten or more sensitive online accounts. This amplifies risk, especially if people are using the same password for two or more of those accounts.

Online security makes people frustrated

Most people (84%) feel that online security is a priority. But as many as 39% feel frustrated, and nearly the same amount intimidated. It can seem that you just can’t get ahead of the hackers. Just over half of people thought digital security was under their control. That leaves a whole lot that don’t think so.

But that is no reason to let down your defenses and become an easy target. There are best practices you can put in place to safeguard your online accounts that work, including:

  • Enabling multi-factor authentication on your accounts
  • Using an email spam filter to catch phishing emails
  • Adding a DNS filter to block malicious websites
  • Using strong password best practices

People need more access to cybersecurity training

One way to reduce human errors associated with cybersecurity is to train people. The survey found that just 26% of respondents had access to cybersecurity training.

It also broke this down by employment status. We see that those not actively employed are most lacking. Even those employed can use more training access and encouragement. Just 53% report having access to cybersecurity awareness training and using it.

Employers can significantly reduce their risk of falling victim to a data breach by improving their security awareness training.

Cybercrime reporting is increasing

Over a quarter (27%) of survey participants said they had been a victim of cybercrime. The types of cybercrimes reported include:

  • Phishing (47%)
  • Online dating scams (27%)
  • Identity theft (26%)

Millennials reported the most cybercrime incidents. Baby Boomers and the Silent Generation reported the fewest.

No matter where you fall in the generations, it’s important to adopt security best practices and be vigilant about your online security.

How Can A Data Breach Cost Your Company For Years?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

The repercussions of a data breach extend far beyond the immediate aftermath. They often haunt businesses for years.

Only 51% of data breach costs occur within the first year of an incident. The other 49% happen in year two and beyond.

The unseen costs of a data breach

The First American Title Insurance Co. case is a good example.

The 2019 cybersecurity breach at First American serves as a stark illustration. It reminds us of the far-reaching consequences of a data breach. In this case, the New York Department of Financial Services (NYDFS) imposed a $1 million fine.

Cybersecurity sites announced the fine in the fall of 2023. The company’s fine was for failing to safeguard sensitive consumer information. This is one example of how costs can come long after an initial breach.

[Read more…] about How Can A Data Breach Cost Your Company For Years?