TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Cyber-Compliance Is Serious Business

If you’ve never experienced a cyberattack, you might not think it’s such a big deal.

Especially if you work in management, you’re so busy focusing on the so-called squeaky wheels of every day; does it really matter if you keep up with the intricacies of modern cybersecurity compliance protocol? YES!

Increased digitization across the globe plus ever-advancing cyber threats equals a constantly evolving market, and legislation that scrambles to keep up.

Why Reporting Matters in a Data Breach

Have you ever experienced a cyberattack, either aimed at you or leveled at your organization? If so, then you might already know how important it is to report the breach – and we don’t just mean to your direct managers or the police!

When a data breach happens, you are often beholden to laws detailing what, how fast and to whom you must disclose. For example, financial institutions have to notify the Federal Trade Commission within thirty days.

You typically have to disclose the breach to anyone affected too, depending on what information was stolen. Where do you work? Do you know the laws set upon your industry and role?

So not only does cyber-compliance affect your ability to protect yourself and your customers from a data breach, but that hack will affect customers’ trust in your ability to keep their personal and financial information safe.

There are also legal concerns to think about. Lawsuits can cost millions between legal fees, penalties, profit losses and disruptions to the daily workflow.

Consider that the average company spends $10K per employee on cyber-compliance, and you see why maintaining compliance saves millions – about half of what you’d spend if you let vulnerabilities lay rampantly unpatched.

Maintaining compliance isn’t just smart; it’s necessary. To foster good relationships with your customers and shareholders, and avoid fines and breaches, companies must maintain a compliant cybersecurity structure.

These regulations change over time but do so to keep up with the latest tricks up cybercriminals’ sleeves.

Our IT services include compliance as part of our all-in-one package to reduce excess labor on your end. We’ll stay up to date on changing regulations so you stay cyber-compliant!

Reporting is one of many important regulations that make you more cyber-secure. Think about it: If your bank accounts, or health records, or mailing information got leaked, wouldn’t you want to know?

It’s not just about preferences, though. Data privacy is a right in many countries across the globe. More and more, people and legislation are all pushing for better data privacy protections.

How can we keep our accounts and data private if we don’t know when a breach has occurred? If you don’t know YOUR reporting requirements, now is the time to find out! Give us a call.

Five Habits Your Smart Remote Workers Should Have

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Remote work has become a way of life very quickly, hasn’t it? Loads of businesses and their people are reaping the rewards of flexibility and convenience.

But it also brings cyber security challenges that demand your attention. Of course, this should always be a concern, but when you have employees working from home, a coffee shop, or anywhere else for that matter, you need to make sure they’re making wise decisions that put the security of your data at the forefront.

These are five habits your remote workers should adopt straight away.

Choose your work location wisely

Working from a favorite coffee shop or a picturesque park may seem like a dream come true, but it can expose you to more cyber security risks.

Over-the-shoulder attacks, where cyber criminals discreetly snoop on your screen in public spaces, might seem unlikely, but they have real potential to lead to data breaches. Employees should choose to work in quieter, more private settings to minimize this risk. [Read more…] about Five Habits Your Smart Remote Workers Should Have

Watch Out For New Big Head Ransomware Pretending To Be A Windows Update!

Imagine you’re working away on your PC and see a Windows update prompt. Instead of ignoring it, you take action. But when you install what you think is a legitimate update, you’re infected with ransomware.

Cybercriminals are constantly devising new ways to infiltrate systems. They encrypt valuable data, leaving victims with difficult choices. One such variant that has emerged recently is the “Big Head” ransomware.

The Big Head Ransomware deception

Big Head ransomware presents victims with a convincing and fake Windows update alert. Attackers design this fake alert to trick users. They think that their computer is undergoing a legitimate Windows update.

The message may appear in a pop-up window or as a notification. The deception goes even further. The ransomware uses a forged Microsoft digital signature. The attack fools the victim into thinking it’s a legitimate Windows update.

They then unknowingly download and execute the ransomware onto their system. From there, the ransomware proceeds to encrypt the victim’s files.

Victims see a message demanding a ransom payment in exchange for the decryption key.

Here are some strategies to safeguard yourself from ransomware attacks like Big Head:

Keep Software and Systems Updated: Big Head ransomware leverages the appearance of Windows updates. One way to be sure you’re installing a real update is to automate.

Verify the Authenticity of Update: Genuine Windows updates will come directly from Microsoft’s official website or through your IT service provider or Windows Update settings.

Backup Your Data Regularly: Back up your important files. Use an external storage device or a secure cloud backup service. Backups of your data can allow you to restore your files without paying a ransom.

Use Robust Security Software: Install reputable antivirus and anti-malware software on your computer.

Educate Yourself and Others: Stay informed about the latest ransomware threats and tactics. Educate yourself and your colleagues or family members.

Use Email Security Measures: Put in place robust email security measures. Be cautious about opening email attachments or clicking on links.

Enable Firewall and Network Security: Activate your computer’s firewall. Use network security solutions to prevent unauthorized access to your network and devices.

Disable Auto-Run Features: Configure your computer to disable auto-run functionality for external drives.

Be Wary of Pop-Up Alerts: Exercise caution when encountering pop-up alerts especially those that ask you to download or install software. Verify the legitimacy of such alerts before taking any action.

Keep an Eye on Your System: Keep an eye on your computer’s performance and any unusual activity. If you notice anything suspicious, investigate immediately.

Have a Response Plan: In the unfortunate event of a ransomware attack, have a response plan in place. Know how to disconnect from the network. Report the incident to your IT department or a cybersecurity professional.

Avoid paying the ransom. In most cases, it is against federal law to pay a ransom to hackers.

Cyber Security Threats Your Team Must Know About

Your employees are your first line of defense in cyber security, and their training is as crucial as the cutting-edge tools you’ve invested in. Are you overlooking this vital element?

We strongly advise you make an ongoing commitment to regular cyber security training for every single one of your team. That means keeping them up to date on the latest cyber threats, the warning signs to look out for, and of course, what to do should a situation arise.

If you’re not already doing that, arrange something now (we can help).

While you wait, here are some urgent cyber threats to address right away:

Admin attack

Email addresses like “info@” or “admin@” are often less protected due to perceived low risk. But several teams may require access to these accounts, making them an easy target. Multi-factor Authentication (MFA) can double your security. Even if it seems tedious, don’t neglect it.

MFA fatigue attacks

MFA can feel intrusive, leading employees to approve requests without scrutiny. Cyber criminals exploit this complacency with a flood of fake notifications. Encourage your team to meticulously verify all MFA requests.

Phishing bait

Phishing remains a top threat. Cyber criminals mimic trusted sources with deceptive emails. Teach your team to inspect email addresses closely. Implementing a sender policy framework can also enhance your protection.

Phishing scams are attempts to trick you into revealing your personal information, such as passwords, credit card numbers, or Social Security numbers.

Scammers often send emails or text messages that appear to be from legitimate companies, such as banks, credit card companies, or government agencies. They may also create fake websites that look like real websites.

The three most common phishing scams are:

  • Fake shopping websites, which sell counterfeit products – or even sell nothing at all. They collect your credit card information to sell to other hackers.
  • Romance scams to trick people into falling in love, so they’ll be more willing to send money.
  • Social media scams that either impersonate real people, or invent new personas entirely.

Other common internet scams include:

  • Investment scams (yes, people still fall for these every day) that promise victims high returns on their investments, but the investments are actually fake.
  • Tech support scams which claim to be a tech support company, but then charge for unnecessary services or steal personal information.
  • Lottery and sweepstakes scams tell people that they have won a lottery or sweepstakes, but they need to pay a fee to claim their prize.
  • Charity scams impersonate legitimate charities and ask for donations.

Cyber security training doesn’t have to be tedious. Try simulated attacks and think of them like an escape room challenge—fun yet enlightening. It’s about identifying vulnerabilities, not fault-finding.

Don’t exclude your leadership team. They need to understand the response plan in case of a breach, much like a fire drill.

If you receive an email, text, or call from someone who is asking for your personal information or money, be suspicious! Don’t click on anything until you verify the sender is who they say they are!

Keep Your Smart Home From Turning Against You

Smart homes offer unparalleled convenience and efficiency. But as we embrace the convenience, it’s essential to consider the potential risks.

Recent headlines have shed light on the vulnerabilities of smart home technology, such as the story in the New York Post’s article titled “Locked Out & Hacked: When Smart Homes Turn on Owners.”

The article describes smart home nightmares. Including the new owner of a smart home that unexpectedly got locked in. The prior owner had left preprogrammed settings. Suddenly at 11:30 p.m., the home told him it was time to go to bed and locked every door in the house.

Another technology victim was a woman terrorized by lights and sounds at home. Her ex-partner was maliciously manipulating the smart technology.

As homes get smarter, how can you avoid a similar experience? We’ll explore some key strategies to protect your home and your privacy.

Secure your network

The foundation of any smart home is its network. Just as you wouldn’t leave your front door wide open, you shouldn’t neglect Wi-Fi security.

Strengthen device passwords

Avoid using easily guessable information like “123456” or “password.” Use a combination of upper and lower-case letters, numbers, and symbols.

Enable two-factor authentication (2FA)

Many smart home device manufacturers offer 2FA as an extra layer of security. This helps keep unwanted people out.

Regularly update firmware

Firmware updates are essential for fixing security vulnerabilities in your smart devices. Make it a habit to check and apply firmware updates regularly.

Vet your devices

Look for products that have a history of prompt updates and robust security features. Avoid purchasing devices from obscure or untrusted brands.

Isolate sensitive devices

Consider segregating your most sensitive devices onto a separate network, if possible.

Review app permissions

Smart home apps often request access to various permissions on your devices. Before granting these, scrutinize what data the app is trying to access.

Be cautious with voice assistants

Review your voice assistant’s privacy settings. Be cautious about what information you share with them. Many devices can be programmed to not listen by default.

Check your devices regularly

Regularly check the status and activity of your smart devices. Look for any unusual behavior.

Understand your device’s data usage

Review your smart device’s privacy policy. Understand how it uses your data.

Stay informed

Finally, stay informed about the latest developments in smart home security. Subscribe to security newsletters.

Cybersecurity Skeletons In Your Business’ Closet

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Let’s dive into a topic that might give you the chills – cybersecurity skeletons in your company’s closet.

You may not have old skeletons hidden away in the basement, but there’s a good chance of cybersecurity vulnerabilities lurking in the shadows. Just waiting to wreak havoc.

You can’t fix what you can’t see. It’s time to shine a light on these hidden dangers, so you can take action to protect your business from potential cyber threats.

Here are some of the most common cybersecurity issues faced by small and mid-sized businesses:

Outdated software: The cobweb-covered nightmare

Running outdated software is like inviting hackers to your virtual Halloween party. [Read more…] about Cybersecurity Skeletons In Your Business’ Closet

What is SaaS Ransomware? How Can You Defend Against It?

Software-as-a-Service (SaaS) has revolutionized the way businesses operate. But alongside its benefits, SaaS brings with it potential threats. When software and data are online, they’re more vulnerable to attacks. One of the latest threats to move from endpoint devices to the cloud is ransomware.

Between March and May of 2023, SaaS attacks increased by over 300%. A study in 2022 by Odaseva found that 51% of ransomware attacks targeted SaaS data.

What is SaaS ransomware?

SaaS ransomware is also known as cloud ransomware. It’s malicious code designed to target cloud-based applications and services. These include services like Google Workspace, Microsoft 365, and other cloud collaboration platforms. Here are some tips to defend your business from SaaS ransomware.

Educate your team

Start by educating your employees about the risks of SaaS ransomware. Include how it spreads through phishing emails, malicious links, or breached accounts. Teach them to recognize suspicious activities and report any unusual incidents immediately.

Enable multi-factor authentication (MFA)

MFA is an essential layer of security. Enabling MFA reduces the risk of unauthorized access. This is true, even if a hacker compromises an account’s login credentials.

Regular backups

Frequently backing up your SaaS data is crucial. Having up-to-date backups ensures that you can restore your files. You won’t need to pay the attacker’s ransom demands and you’ll get your business back up and running faster.

Deploy advanced security solutions

Consider using third-party security solutions that specialize in protecting SaaS environments.

These solutions can provide many benefits including:
• Real-time threat detection
• Data loss prevention
• And other advanced security features

Apply the principle of least privilege

Limit user permissions to only the necessary functions. By doing this, you reduce the potential damage an attacker can do if they gain access.

Keep software up to date

Ensure that you keep all software up to date. Regular updates close known vulnerabilities and strengthen your defense.

Track suspicious account activity

Put in place robust monitoring of user activity and network traffic. Suspicious behavior can be early indicators of an attack. One example to watch for is several failed login attempts. Another is access from unusual locations.

Develop an incident response plan

Prepare and practice an incident response plan. It should outline the steps to take in the event of a ransomware attack. A well-coordinated response can mitigate the impact of an incident. It can also aid in faster recovery. The sooner your team can respond, the faster business gets back to normal.

Collaboration Tools Are GREAT. But Are They A Security Risk?

In today’s digital age, workplace collaboration tools and messaging apps such as Slack, Teams, and Zoom have become indispensable.

They’ve revolutionized the way we work, making communication with colleagues a breeze, facilitating seamless file sharing, and allowing for productive meetings without the hassle of commuting.

The ability to discuss even the most sensitive of topics from the warmth and safety of our homes seems like a dream. However, every silver lining has a cloud.

While we see these tools as productivity enhancers, cybercriminals see them as gateways to potential vulnerabilities. The very platforms that have been champions for our productivity are simultaneously creating a playground for cyber threats.

It’s alarming to realize that, for instance, while Slack employs encryption, it does not have end-to-end encryption. The reason behind this? To provide companies with an overview of their internal communications.

Moreover, if you’ve jumped on the WhatsApp bandwagon for business, beware. This popular app has been a victim of numerous social engineering attacks. And Telegram? It’s steadily climbing the list of hotspots for cyber attackers. These threats have ushered in a new form of cyber-attack known as Business Communication Compromise (BCC).

Think of it as the menacing relative of the widely recognized Business Email Compromise (BEC).

Shockingly, a 2022 Data Breach Investigation Report highlighted that a staggering 82% of data breaches stem from human errors. Just one misguided click on a deceitful phishing email, and your prized communication channels become a hotbed for these cyber rogues.

But there’s hope! Here are some measures to safeguard your digital spaces:

Establish robust access controls. Ensure that only authorized individuals can access your platform. Even basic protocols like multi-factor authentication can act as formidable barriers against intruders.

Adopt stringent data loss prevention techniques. Opt for systems that provide end-to-end encryption and have capabilities to remotely wipe data from misplaced or stolen devices.

Educate your team. Regular training sessions on best practices for handling sensitive information can make all the difference.

Your security is our priority. If you need guidance on fortifying your digital defenses, we’re here to assist.

Is AI Really For You, Or Are You Jumping On The Bandwagon?

Do you ever find yourself asking, “What is all this hype about AI?”

If so, you’re not alone.

The buzz around artificial intelligence (AI) and its potential to revolutionize every aspect of our lives is inescapable. But how can you navigate through the noise and truly harness the power of AI to meet your business’s big goals?

It’s a question that keeps many business leaders awake at night.

Imagine being able to predict market trends before they happen, or to streamline your operations with almost exact precision. This isn’t some far-off dream; it’s the promise of generative AI.

But there’s a lot of speculation around AI. Right now, it’s uncertain, so… should you simply wait and see what happens?

Of course not!

In fact, now is exactly the time to start exploring generative AI for your company.

Sitting back isn’t an option when your rivals could be leveraging this technology to gain a competitive edge. Yes, there’s a lot to learn and understand, but isn’t that part of the thrill of doing business in the 21st century?

But one thing to keep in mind amidst the excitement, is not to lose sight of your core aims, goals, and cultures. What good is a new AI system if it doesn’t align with the way your business behaves? While the world of AI may seem like uncharted territory, some classic rules still apply.

Will you implement it? Will it generate revenue? Can it reduce your costs? Will it boost productivity? If not, perhaps it’s not the right move for your business right now.

The hackers are using AI, too

With the advancement of AI comes new developments for bad actors to weaponize, too.

Artificial intelligence has become incredibly powerful. We can create animated avatars of ourselves with just a facial scan. A few words in the right search engine can generate beautiful imagery and art.

You can even find AI to write entire book chapters (although, they don’t always make much sense).

Unfortunately, cybercriminals have learned how to code entirely new malware in significantly less time than it takes to build by hand.

Usually, malware takes up to an hour to code. Not ChatGPT: the chatbot can code phishing scams honed to lure in more victims, and it can do it in mere minutes.

It also creates infected attachments that try to give the hacker remote access to your machine. Hackers will be able to really hone their scam messages using AI that has quantitative knowledge about what works best.

They can fine-tune their ability to detect exploitable vulnerabilities on your systems. Who knows what threatening idea they’ll have artificial intelligence machines make a reality for them next?

Users need to be careful engaging with nascent technology and stay abreast of new developments that the good guys are working on, so that we can all stay ahead of cybercriminals no matter what they dream up next.

Eight In 10 Businesses Were Targeted With Phishing In The Last Year. Was Yours?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Despite all the buzz about high-tech threats like ransomware and malware, good old phishing has held on to its title as the number one trick in a cyber criminal’s toolkit.

Phishing is when someone tries to trick you into giving them your personal information, like your password or credit card number. They do this by sending you emails or text messages that look like they’re from a real company.

According to the latest annual cyber breaches survey, 79% of businesses were targeted with a phishing attempt in the past year. And if your employees aren’t trained in cyber security awareness, 1 in 3 of them are likely to fall for a phishing attack. Scary!

You might be thinking, “Sure, it’s bad, but it can’t be that bad, right?” Well, let’s break down the consequences of a successful phishing attack.

[Read more…] about Eight In 10 Businesses Were Targeted With Phishing In The Last Year. Was Yours?