TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Online Security: Addressing The Dangers Of Browser Extensions

Browser extensions have become as common as mobile apps. People tend to download many and use few. There are over 176,000 browser extensions available on Google Chrome alone. These extensions offer users extra functionalities and customization options.

While browser extensions enhance the browsing experience, they also pose a danger. Which can mean significant risks to online security and privacy.

The allure and perils of browser extensions

Browser extensions are often hailed for their convenience and versatility. They are modules that users can add to their web browsers. They extend functionality and add customizable elements.

From ad blockers and password managers to productivity tools, the variety is vast. But the ease with which users can install these extensions is a weakness. Because it also introduces inherent security risks.

Key risks posed by browser extensions

Many browser extensions request broad permissions. If abused, they can compromise user privacy. Some of these include accessing browsing history and monitoring keystrokes. Certain extensions may overstep their intended functionality. This can lead to the unauthorized collection of sensitive information.

Users often grant permissions without thoroughly reviewing them. This causes them to unintentionally expose personal data to potential misuse.

There are many extensions developed with genuine intentions. But some extensions harbor malicious code. This code can exploit users for financial gain or other malicious purposes. These rogue extensions may inject unwanted ads. As well as track user activities or even deliver malware.

These extensions often use deceptive practices. They make it challenging for users to distinguish between legitimate and malicious software.

Extensions that are no longer maintained or updated pose a significant security risk. Outdated extensions may have unresolved vulnerabilities. Hackers can exploit them to gain access to a user’s browser. As well as potentially compromising their entire system. Without regular updates and security patches, these extensions become a liability.

Some malicious extensions engage in phishing attacks. As well as social engineering tactics. These attacks can trick users into divulging sensitive information.

This can include creating fake login pages or mimicking popular websites. These tactics lead unsuspecting users to unknowingly provide data. Sensitive data, like usernames, passwords, or other confidential details.

Best practices for browser extension security

Download extensions only from official browser marketplaces. Such as those connected with the browser developer (Google, Microsoft, etc.). These platforms have stringent security measures in place. This reduces the likelihood of encountering malicious software.

Before installing any extension, carefully review the permissions it requests. Be cautious if an extension seeks access to unusual data. Such as data that seems unrelated to its core functionality. Limit permissions to only what is essential for the extension’s intended purpose.

Regularly update your browser extensions. This ensures you have the latest security patches. Developers release updates to address vulnerabilities and enhance security. If an extension is no longer receiving updates, consider finding an alternative.

It’s tempting to install several extensions for various functionalities. But each added extension increases the potential attack surface. Only install extensions that are genuinely needed. Regularly review and uninstall those that are no longer in use.

Use reputable antivirus and anti-malware software. This adds an extra layer of protection against malicious extensions. These tools can detect and remove threats that may bypass browser security.

Stay informed about the potential risks associated with browser extensions. Understand the permissions you grant. Be aware of the types of threats that can arise from malicious software. Education is a powerful tool in mitigating security risks.

Don’t stay in the dark about your defenses. We can assess your cybersecurity measures and provide proactive steps for better protection. Give us a call today to schedule a chat.

Unlocking The Power Of Encryption For Your Small Business: Safeguard Your Digital Assets

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Keeping sensitive business data safe is a top priority. When you’re managing a team of employees that use PCs, phones, and tablets, the importance of encryption can’t be stressed enough.

Encryption is a secret code for your digital information. It scrambles your data into an unreadable format, and only someone with the right “key” can unscramble and access it. Think of it as a lock and key system for your digital assets, ensuring that even if someone gains unauthorized access to your devices or data, they can’t make head nor tail of it without the key.

Your business likely stores tons of sensitive information, from financial records to customer data. Encryption ensures that even if a device is lost or stolen, your data remains safe and confidential.

And there are loads of other benefits too. Lots of industries have strict regulations regarding data security and privacy (think HIPAA). Encryption helps you stay compliant, avoiding expensive fines and legal troubles. [Read more…] about Unlocking The Power Of Encryption For Your Small Business: Safeguard Your Digital Assets

Notifications: Striking A Balance At Work And Home

Notifications have become a part of our daily lives. Whether it’s the ping of a new email, a message from a colleague on Teams, or a meeting reminder on your calendar, these little nudges constantly battle for our attention.

But are we reaching a tipping point with notifications?

According to recent research, the answer might be a big “YES”. The study revealed that the ping, ping, ping of notifications from collaboration tools is not only a distraction at work but is also taking a toll on our precious work-life balance.

So, why are notifications becoming a nuisance, and what can we do about it?

We’re living in the era of collaboration tools. From video conferencing to project management platforms, we rely on these tools to stay connected and productive.

But… the more tools we use, the more notifications flood our screens. During the traditional 9-5, the constant barrage of notifications can derail focus and productivity.

But what’s annoying is when notifications creep into our downtime. One in three workers report that notifications outside of working hours have spiked over the past year.

As a society, we’ve created a situation where notifications disrupt our relaxation and family time.

A third of young workers aged 21-34 struggle to fully enjoy time with loved ones due to work notifications. And that may put you at risk of losing your best people.

Here’s our three step take on tackling the notifications dilemma:

First, set clear boundaries. Make it understood that messages should be replied to within working hours. Practice what you preach by not sending messages outside of your own working hours (schedule-send where possible).

Second, reduce tool overload. Evaluate the collaboration tools you use. Streamline where possible.

Third, empower your employees. Teach them to use do not disturb, and how to mute non-urgent notifications.

While technology has revolutionized the way we work, it shouldn’t come at the cost of our wellbeing and personal time. If we can help you and your team strike a better balance, get in touch.

Top Data Breaches Of 2023: Numbers Hit An All-time High

The battle against cyber threats is an ongoing challenge. Unfortunately, 2023 has proven to be a watershed year for data breaches. Data compromises surged to an all-time high in the U.S.

The last data breach record was set in 2021. That year, 1,862 organizations reported data compromises. Through September of 2023, that number was already over 2,100.

In Q3 of 2023, the top data breaches were:

• HCA Healthcare
• Maximus
• The Freecycle Network
• IBM Consulting
• CareSource
• Duolingo
• Tampa General Hospital
• PH Tech

Let’s look at the main drivers of this increase.

The size of the surge

Data breaches in 2023 have reached unprecedented levels. The scale and frequency of these incidents emphasize the evolving sophistication of cyber threats as well as the challenges organizations face in safeguarding their digital assets.

Healthcare sector under siege

Healthcare organizations are the custodians of highly sensitive patient information. As a result, they’ve become prime targets for cybercriminals and hackers looking to exploit personal information.

Ransomware reigns supreme

Ransomware attacks continue to dominate the cybersecurity landscape. The sophistication of this threat has increased.

Supply chain vulnerabilities exposed

Modern business ecosystems have an interconnected nature. This has made supply chains a focal point for cyberattacks. The compromise of a single entity within the supply chain can have cascading effects.

Emergence of insider threats

The rise of insider threats is adding a layer of complexity to cybersecurity. Organizations must distinguish between legitimate user activities and potential insider threats.

IoT devices as entry points

The proliferation of Internet of Things (IoT) devices has expanded the attack surface. There’s been an uptick in data breaches originating from compromised IoT devices.

Critical infrastructure in the crosshairs

Critical infrastructure has emerged as a prime target for malicious actors seeking to wreak havoc and sow chaos. From power grids and transportation systems to financial institutions and healthcare facilities, the vital systems that underpin modern society have found themselves squarely in the crosshairs of cyber attackers.

The role of nation-state actors

Nation-state actors are entities sponsored or supported by governments to engage in cyber activities, including espionage, sabotage, and other malicious actions, often for political, economic, or strategic purposes.

These actors operate with the resources, capabilities, and backing of a nation-state, allowing them to conduct highly sophisticated and coordinated cyber campaigns.

Nation-state actors are increasingly playing a role in sophisticated cyber campaigns. They use advanced techniques to compromise sensitive data and disrupt operations.

The need for a paradigm shift in cybersecurity

The surge in data breaches underscores the need to rethink cybersecurity strategies.

Collaboration and information sharing

Collaboration among organizations and information sharing within the cybersecurity community are critical. Threat intelligence sharing enables a collective defense against common adversaries.

Cybersecurity Tips For Everyday Life

When it comes to cybersecurity, we often rely on our IT experts and installed software to protect our systems from digital threats.

From tech support to firewalls, a lot of tools and people contribute to our online safety!

In the midst of all of this, we can sometimes forget that we, too, play a critical role in guarding our systems and networks. At home or in the office, we each have a responsibility to protect the private data in our care.

Human error

Human error is actually responsible for 95% of cyberattacks. YOU are the number one threat to your own private data! You can also be its greatest defense.

How might you put yourself at risk? It can be as simple as clicking on malicious links, opening attachments from unknown senders, or sharing sensitive data by mistake. One wrong click, if your devices and systems aren’t properly equipped to defend themselves, can be disastrous.

Social engineering

Then there are social engineering attacks, which use human psychology to trick people into revealing sensitive information or taking actions that compromise security. Because they rely on you acting emotionally against your better instincts, even people who are aware of the risks can easily fall victim to social engineering attacks. It only takes one moment of weakness!

We also play a part in protecting private data whenever we brush up on our Security Awareness Training. That knowledge helps us to identify and track potential threats, which help prevent them from happening in the first place! We are also responsible for reporting suspicious activity to the appropriate teams, which can help identify and respond to attacks early on, before they cause significant damage.

They say “it takes a village,” and that rings just as true in the digital landscape of cyberspace! Together we can make the Internet a safer place to spend our time.

Always back up your data

Data loss can happen to anyone, at any time. It can be caused by a hardware failure, software corruption, malware attack, fire, theft, or simply human error. Backing up your data is crucial to protect yourself from these events. It will also save you the time, money, and stress of losing your data.

When you’re wondering what to back up on your system, the answer is simple: Save everything that you don’t want to lose. That includes personal documents, like photos, music, videos, emails, financial documents, and other memories and files that you don’t want to lose. You might also want to do this for application data, which includes settings and save files for those programs that you use frequently.

System files are essentially the applications and processes which your computer (or whatever device you’re considering) need to run. Backing up system files helps make system recovery seamless if anything happens. If a crucial file is corrupted or destroyed, it could crash your whole system irrecoverably.

Then, at least once per month, you should back up your storage files to another, separate location so you have two versions saved in case one file gets corrupted. Some cybercriminals go straight after your saved storage, hoping to excavate a large amount of data at once.

Automatic backups ensure your continued protection whether you forget or are otherwise prevented from doing it on time.

Put These Seven Things In Your 2024 IT Strategy

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

As we enter 2024, it’s the perfect time to set the stage for an amazing year. And one crucial part of this is reviewing your IT strategy.

If you don’t have one, the start of the new year is a great time to pull one together then.

Think of it as your business’s tech roadmap – a clear plan that shows how you’ll use technology to drive growth, efficiency, and innovation.

We believe your strategy should cover these seven areas:

Business goals alignment

Your IT strategy should align seamlessly with your business goals. It’s not only about your technology, it’s about how that tech can help you achieve your bigger objectives.

Security first

Cyber security is no joke, and your IT strategy should make it a priority. Protect your data, your customers’ trust, and your reputation.

[Read more…] about Put These Seven Things In Your 2024 IT Strategy

How Can You Leverage The New MS Teams Payment App?

There is now another option to streamline the payment process.

Microsoft has launched the Teams Payments app. This is a new feature that allows you to request and receive payments from your customers. You do it within Microsoft Teams meetings.

The Teams Payments app is currently available in the United States and Canada. Subscribers to Teams Essentials and Microsoft 365 Business get it at no charge.

How does the Teams Payment app work?

You can get the app from the Microsoft AppStore. You add it to your Teams account and connect it to your preferred payment service. You can choose from:

  • Stripe
  • PayPal
  • GoDaddy

How do you send a payment request?

To send a payment request, you just need to open the meeting chat. Then, select the Payments icon from the messaging extensions. Then, you can fill out a simple form. It includes the amount, currency, description, and recipients of your request.

Your customers will see the same card in their meeting chat. They can click on the Pay Now button to complete their payment. You will receive a notification that your payment has been processed.

Benefits of using the Teams Payment app

It saves time and hassle. You don’t need to switch between different apps or websites. You can do everything within Teams meetings.

It increases customer satisfaction and loyalty. Your customers will appreciate the ease of paying you through Teams meetings.

It boosts your revenue and cash flow. You can get paid faster and more securely by using the Teams Payments app. You don’t need to wait for invoices or checks to clear. You can receive your money within minutes of completing a service. Either directly into your bank account or PayPal account.

It enhances your professional image and credibility. You can show your customers that you are using a reliable and trusted payment platform. You can also add a seller policy to your payment requests.

It helps you keep track of payments. With the Teams Payments App, you can track transactions in realtime. You’ll receive instant notifications for successful payments and customers receive receipts.

It’s seamlessly integrated with Microsoft 365. The Teams Payments App seamlessly integrates with Microsoft 365.

It increases productivity. Efficiency is the key to productivity. You reduce the time spent on payment-related tasks by integrating Payments into Teams.

The Teams Payments app marks a significant leap in digital business transactions. By leveraging this powerful tool, you’re simplifying payments.

How Can Your Business Be Impacted By The New SEC Cybersecurity Requirements?

Cybersecurity has become paramount for businesses across the globe. As technology advances, so do the threats. Recognizing this, the U.S. Securities and Exchange Commission (SEC) has introduced new rules. They revolve around cybersecurity. These new requirements are set to significantly impact businesses.

Understanding the new SEC cybersecurity requirements

The SEC’s new cybersecurity rules emphasize the importance of proactive cybersecurity measures. These are for businesses operating in the digital landscape.

One of the central requirements is the timely reporting of cybersecurity incidents. The other is the disclosure of comprehensive cybersecurity programs.

The rules impact U.S. registered companies, as well as foreign private issuers registered with the SEC.

Reporting of cyber-security incidents

The first rule is the disclosure of cybersecurity incidents deemed to be “material.” Companies disclose these on a new item 1.05 of Form 8-K.

Companies have a time limit for disclosure. This is within four days of the determination that an incident is material. The company should disclose the nature, scope, and timing of the impact.

It also must include the material impact of the breach. One exception to the rule is where disclosure poses a national safety or security risk.

Disclosure of cyber-security protocols

This rule requires extra information that companies must report. They report this on their annual Form 10-K filing.

The extra information companies must disclose includes:

  • Their processes for assessing, identifying, and managing material risks from cybersecurity threats.
  • Risks from cyber threats that have or are likely to materially affect the company.
  • The board of directors’ oversight of cybersecurity risks.
  • Management’s role and expertise in assessing and managing cybersecurity threats.

Potential impact on your business

Here are some of the potential areas of impact on businesses from these new SEC rules.

Increased Compliance Burden – Businesses will now face an increased compliance burden as they work to align their cybersecurity policies with the new SEC requirements.

Focus on Incident Response – The new regulations underscore the importance of incident response plans. Businesses will need to invest in robust protocols. These are protocols to detect, respond to, and recover from cybersecurity incidents promptly. This includes having clear procedures for notifying regulatory authorities, customers, and stakeholders.

Heightened Emphasis on Vendor Management – Companies often rely on third-party vendors for various services. The SEC’s new rules emphasize the need for businesses to assess vendor practices. Meaning, how vendors handle cybersecurity. This shift in focus necessitates a comprehensive review of your vendor’s security policies.

Impact on Investor Confidence – Cybersecurity breaches can erode investor confidence and damage a company’s reputation. With the SEC’s spotlight on cybersecurity, investors are likely to take note. This includes scrutinizing businesses’ security measures more closely. Companies with robust cybersecurity programs may instill greater confidence among investors.

Innovation in Cybersecurity Technologies – As businesses strive to meet the new SEC requirements, they will seek innovation. There is bound to be a surge in the demand for advanced cybersecurity solutions. This increased demand could foster a wave of innovation in the cybersecurity sector.

Embracing Technology: Steps To Join the 21%

In today’s rapidly evolving business landscape, the phrase “every company is now a technology company” has become increasingly relevant.

Yet, it might surprise you to learn that only 21% of businesses are truly incorporating technology into their strategic thinking in a meaningful way.

If your business isn’t part of that 21% just yet, don’t worry. Here are five ways you can take inspiration and make technology an integral part of your business strategy.

Learn from success stories

One of the first steps in embracing technology is to look at businesses that have successfully integrated it into their operations. Study their journeys to understand what they did and how it benefited them.

These success stories can serve as a wellspring of inspiration for your own tech transformation. By examining their strategies and experiences, you can gain valuable insights into the possibilities that technology holds for your business.

Find a tech partner

Navigating the complex world of technology can be challenging, especially if you’re not well-versed in it. To bridge this gap, consider finding a reliable tech partner.

A tech expert can guide you through the intricacies of technology, helping you comprehend its potential and how it aligns with your business goals.

Whether it’s consulting firms, IT professionals, or technology service providers, there are resources available to assist you on your tech journey.

Understanding the impact of technology

It’s crucial to grasp the profound impact that technology can have on your business. Your tech partner can provide you with valuable insights and ideas on how technology can enhance your operations, improve efficiency, and drive growth.

By having a clear understanding of the potential benefits, you’ll be better equipped to make informed decisions regarding technology integration.

Explore low-code or no-code solutions

You don’t need to be a computer science expert to leverage technology. Start by exploring low-code or no-code solutions that are user-friendly and require minimal coding knowledge.

These platforms allow you to create customized software applications, automate processes, and build digital solutions without the need for extensive technical skills.

By dipping your toes into these tools, you can experience firsthand how technology can streamline your operations and improve productivity.

Participate in workshops and creative sessions

Technology isn’t just about learning; it’s also about envisioning a different future for your company and your team.

Engage in workshops and creative sessions that encourage you to think outside the box when it comes to technology integration.

Collaborate with experts and fellow business owners to brainstorm innovative ideas and strategies for leveraging technology to your advantage.

These interactive sessions can help you envision how technology can shape your business’s future.

Remember, you don’t have to embark on this journey alone. There are resources, experts, and organizations like ours ready to support you every step of the way.

By taking inspiration from successful tech adopters, seeking guidance from tech partners, understanding the potential impact of technology, exploring user-friendly solutions, and participating in creative workshops, you can position your business to join the 21% of companies that are thriving in the age of technology.

Embrace the digital transformation and unlock new opportunities for growth and success. Get in touch with us, and let’s embark on this tech-driven journey together.

Hackers Don’t Take Holidays – Ransomware Is On The Rise

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Studies have shown up to a 70% increase in attempted ransomware attacks during the holiday season.

Although we may be planning for a restful holiday ahead, full of delicious food and time with loved ones, hackers are not. Their ongoing exploitation of vulnerabilities and ever-changing tactics requires you and your team to be as vigilant as ever.

Phishing attacks have reached record highs this year. Worryingly, in the third quarter of this year alone, phishing attacks skyrocketed by a staggering 173%, compared to the previous three months.

And malware? It’s not far behind, with a 110% increase over the same period.

Let’s put this into perspective. Imagine you’re on a quiet beach, enjoying the sun and the surf. Suddenly, the tide starts to rise rapidly. Before you know it, your picnic basket is floating away, and you’re knee-deep in water. That’s what’s happening in the cyber world right now.

According to a report, the ‘phisherfolk’ group were most active in August, casting out more than 207.3 million phishing emails. That’s nearly double the amount in July. September wasn’t much better, with 172.6 million phishing emails.

But who are these cyber criminals targeting? Old favorites Facebook and Microsoft continue to top the charts, with Facebook accounting for more phishing URLs than the next seven most spoofed brands combined. Block Facebook on your network.

So, what’s the bottom line here? The attacks are coming from everywhere, and your business could be next.

Phishing attacks are like a rising tide, and if you’re not careful, they can quickly sink your business. They target everyone – from tech giants to financial institutions, and even government agencies. The question is – are you prepared?

Take a moment to consider the authenticity of emails. Are they from a trusted source? Do they contain suspicious links? Are they asking for sensitive information?

Make sure your employees are aware of the risks. Encourage them to think twice before clicking on a link or downloading an attachment. After all, a moment’s hesitation could save your business from a devastating cyber attack. [Read more…] about Hackers Don’t Take Holidays – Ransomware Is On The Rise