cybersecurity

Is Your Team Suffering From Cyber Security Fatigue?

August 17, 2023

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Recently, we’ve seen a concerning trend among businesses: cyber security fatigue.

It’s a phenomenon that occurs when people become overwhelmed and desensitized to the constant barrage of cyber threats and security alerts they face on a daily basis.

You may be thinking, “My business is too small to be a target for cyber criminals.”

Unfortunately, that couldn’t be further from the truth. In fact, small businesses are often targeted precisely because they are seen as easier targets.

Cyber criminals know that small businesses don’t have the same resources as larger corporations, making them more vulnerable to attacks.

So, how can you tell if your business is suffering from cyber security fatigue? Here are a few signs to look out for: [Read more…] about Is Your Team Suffering From Cyber Security Fatigue?

What Is App Fatigue And Why Is It A Security Issue?

May 23, 2023

The number of apps and web tools that employees use on a regular basis continues to increase. Most departments have about 40-60 different digital tools that they use. 71% of employees feel they use so many apps that it makes work more complex.

Many of the apps that we use every day have various alerts. We get a “ping” when someone mentions our name on a Teams channel. We get a notification popup that an update is available. We get an alert of errors or security issues.

App fatigue is a very real thing and it’s becoming a cybersecurity problem. The more people get overwhelmed by notifications, the more likely they are to ignore them.
Just think about the various digital alerts that you get.

They come in:

Software apps on your computer
Web-based SaaS tools
Websites where you’ve allowed alerts
Mobile apps and tools
Email banners
Text messages
Team communication tools such as Slack or Teams

Some employees are getting the same notification on two different devices. This just adds to the problem.

This leads to many issues that impact productivity and cybersecurity. Besides alert bombardment, every time the boss introduces a new app, that means a new password.

Estimates are that the average employees is already juggling about 191 passwords. They use at least 154 of them sometime during the month.

How Does App Fatigue Put Companies at Risk?

Employees Begin Ignoring Updates

When digital alerts interrupt your work, you can feel like you’re always behind. This leads to ignoring small tasks seen as not time-sensitive. Tasks like clicking to install an app update.

Employees overwhelmed with too many app alerts tend to ignore them. When updates come up, they may quickly click them away. They feel they can’t spare the time right now and aren’t sure how long it will take.

Ignoring app updates on a device is dangerous. Many of those updates include important security patches for found vulnerabilities.

When they’re not installed, the device and its network are at a higher risk. It becomes easier to suffer a successful cyberattack.

Employees Reuse Passwords (and They’re Often Weak)

Another security casualty of app fatigue is password security.

The more SaaS accounts someone must create, the more likely they are to reuse passwords. It’s estimated that passwords are typically reused 64% of the time.

Credential breach is a key driver of cloud data breaches. Hackers can easily crack weak passwords. The same password used several times leaves many accounts at risk.

Employees May Turn Off Alerts

Some alerts are okay to turn off. For example, do you really need to know every time someone responds to a group thread?

But, turning off important security alerts is not good.

There comes a breaking point when one more push notification can push someone over the edge.

What’s the Answer to App Fatigue?

It’s not realistic to just go backward in time before all these apps were around.

But you can put a strategy in place that puts people in charge of their tech, and not the other way around.

Streamline your business applications
Have your IT team set up notifications
Automate application updates
Open a two-way communication about alerts

Protecting Your Small Business: IT Security Tips

April 21, 2023

Small businesses are increasingly reliant on technology to manage their operations. From storing customer data to conducting financial transactions, businesses of all sizes rely on information technology (IT) to keep their operations running smoothly.

However, this reliance on technology also makes small businesses vulnerable to cyber attacks and data breaches. In this article, we’ll discuss some key IT security tips that small business owners can use to protect their companies from cyber threats.

Keep software up-to-date

One of the simplest ways to improve IT security is to ensure that all software is kept up-to-date. Software updates often include security patches that address vulnerabilities and other issues that could be exploited by cybercriminals. By keeping software up-to-date, you can help to reduce the risk of cyber attacks and protect your company’s data.

Use strong passwords

Passwords are the first line of defense against unauthorized access to your business’s digital assets. It’s important to use strong passwords that are difficult to guess or crack.

Passwords should be at least twelve to 16 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. To help remember passwords, consider using a password manager, which can generate and store strong passwords for you.

Limit access to sensitive data

Not all employees need access to all data. Limiting access to sensitive data can help to reduce the risk of data breaches.

Consider implementing a least privilege access model, where employees only have access to the data they need to perform their jobs. Additionally, consider implementing two-factor authentication, which requires a second form of identification beyond a password to access sensitive data.

Train employees on IT security best practices

Human error is a leading cause of cyber attacks and data breaches. Employees who are unaware of IT security best practices can inadvertently put your business at risk.

It’s important to train employees on IT security best practices, such as how to identify phishing scams, how to create strong passwords, and how to safely use company devices.

Implement a firewall

A firewall is a network security system that monitors and controls incoming and outgoing network traffic. Firewalls can help to prevent unauthorized access to your company’s network and data. Consider implementing a firewall to help protect your business from cyber threats.

Back up data regularly

Data backups are essential for protecting your business’s data in the event of a cyber attack or hardware failure.

Backups should be performed regularly and stored securely, preferably off-site or in the cloud. This can help to ensure that your business can quickly recover from a cyber attack or other data loss event.

Consider cyber insurance

Cyber insurance can help to protect your business in the event of a data breach or cyber attack. Cyber insurance policies can help to cover the costs associated with data recovery, legal fees, and other expenses related to cyber attacks. Consider consulting with an insurance professional to determine if cyber insurance is right for your business.

IT security is a critical component of small business operations. By implementing these IT security tips, you can help to protect your business from cyber threats and data breaches.

Protecting your business’s data is an ongoing process that requires vigilance and attention to detail. By staying up-to-date on IT security best practices and implementing robust security measures, you can help to ensure the long-term success of your small business.

If you have any questions about IT security or would like to discuss your business’s IT security needs, please don’t hesitate to contact us.

The Biggest Vulnerabilities Hackers Are Currently Exploiting

October 28, 2022

Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.

The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more.

It’s like a game of “whack-a-mole” to keep your systems secure.

Without ongoing patch and update management, company networks are vulnerable. And these attacks are completely avoidable.

82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities.

What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA). Make sure to patch any of these vulnerabilities in your systems.

Microsoft Vulnerabilities

CVE-2012-4969: An Internet Explorer vulnerability that allows the remote execution of code.
CVE-2013-1331: This Microsoft Office flaw enables hackers to launch remote attacks.
CVE-2012-0151: This Windows vulnerability allows user-assisted attackers to execute remote code.

Google Vulnerabilities

CVE-2016-1646 & CVE-2016-518: These Chrome & Chromium engine vulnerabilities both allow attackers to conduct denial of service attacks.

Adobe Vulnerabilities

CVE-2009-4324: This is a flaw in Acrobat that allows hackers to execute remote code via a PDF file.
CVE-2010-1297: A Flash Player vulnerability that allows remote execution and denial of service attacks. (Flash Player is no longer supported, so you should remove it).

Netgear Vulnerability

CVE-2017-6862: This router flaw allows a hacker to execute code remotely.

Patch & Update Regularly!

These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added at https://www.cisa.gov

How do you keep your network safe from these and other vulnerabilities? You should patch and update regularly. Work with a trusted IT professional (like us) to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.

Small Businesses Are Attacked By Hackers Three Times More Often Than Larger Ones

October 28, 2022

Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want?

Didn’t think they even knew about your small business?

Well, a new report out by cyber-security firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security.

Barracuda Networks found something alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.

Why Are Smaller Companies Targeted More?

There are many reasons why hackers see small businesses as low-hanging fruit and why they are becoming larger targets of hackers out to score a quick illicit buck.

Small Companies Tend to Spend Less on Cybersecurity

When you’re running a small business, it’s often a juggling act of where to prioritize your cash. You may know cybersecurity is important, but it may not be at the top of your list. So, at the end of the month, cash runs out, and it’s moved to the “next month” wish list of expenditures.

Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus program and think that’s enough to cover them.

But with the expansion of technology to the cloud, that’s just one small layer. You need several more for adequate security.

Hackers know all this and see small businesses as an easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation.

Every Business Has “Hack-Worthy” Resources

Every business, even a 1-person shop, has data that’s worth scoring for a hacker. Credit card numbers, SSNs, tax ID numbers, and email addresses are all valuable. Cyber-criminals can sell these on the Dark Web. From there, other criminals use them for identity theft.

Here are some of the data that hackers will go after:

Customer records
Employee records
Bank account information
Emails and passwords
Payment card details

Small Businesses Can Provide Entry Into Larger Ones

If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies, including digital marketing, website management, accounting, and more.

Vendors are often digitally connected to their client’s systems.

This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus.

Small Business Owners Are Often Unprepared for Ransomware

Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organizations experienced ransomware attacks.

The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.

Who’s To Blame For A Cyber Security Breach?

September 30, 2022

We all know what a huge danger a cyber security breach can be for a business. And just how many businesses are being breached right now. You hear about it on the nightly news and read about it almost daily in the newspaper.

In truth, we hate having to write this. We don’t want to feel like we’re scaring you or sound all doom and gloom! But it’s really important that you’re fully aware of the risk to your business if you suffer a breach.

Last year, the number of reported data breaches rose 68% compared to 2020.

And while it’s a good idea to implement the right cyber security tools to help reduce the risk of an attack, it’s practically impossible (or definitely unworkable) to give your business 100% protection from attack by only using software tools. You also have to manage the human element of data protection. [Read more…] about Who’s To Blame For A Cyber Security Breach?

Six Technology Tools You Shouldn’t Use Any Longer

September 30, 2022

One constant about technology is that it changes rapidly. Tools that were once staples, like Internet Explorer and Adobe Flash, age out. New tools replace those that are obsolete. Discontinued technology can leave networks vulnerable to attacks.

While older technology may still run fine on your systems, that doesn’t mean that it’s okay to use. One of the biggest dangers of using outdated technology is that it can lead to a data breach or infection.

Outdated software and hardware no longer receive vital security updates. Updates often patch newly found and exploited system vulnerabilities. No security patches means a device is a sitting duck for a breach.

Approximately one in three data breaches are due to unpatched system vulnerabilities.

Another problem with using discontinued technology is that it can leave you behind. Your business can end up looking like you’re in the stone ages to your customers, and they can lose faith and trust.

Important reasons to keep your technology updated to a supported version are:

• Reduce the risk of a data breach or malware infection
• Meet data privacy compliance requirements
• To keep a good reputation and foster customer trust
• To be competitive in your market
• To mitigate hardware and software compatibility issues
• To enable employee productivity

Older systems are clunky and get in the way of employee productivity. If you keep these older systems in use, it can lead to the loss of good team members due to frustration.

49% of surveyed workers say they would consider leaving their jobs due to poor technology.
Following is a list of outdated technology tools that you should replace as soon as possible. Are any of these still in use on your home computer or within your business?

Internet Explorer

Many moons ago, Internet Explorer (IE) used to be the number one browser in the world. But, over time, Google Chrome and other browsers edged it out. Including its replacement, Microsoft Edge.

Microsoft began phasing out IE with the introduction of Microsoft Edge in 2015. In recent years, fewer applications have been supporting use in IE. The browser lost all support on June 15, 2022.

Adobe Flash

Millions of websites used Adobe Flash in the early 2000s. But other tools can now do the animations and other neat things Flash could do. This made the tool obsolete, and Adobe ended it.

The Adobe Flash Player lost all support, including security updates, as of January 1, 2021. Do you still have this lingering on any of your computers? If so, you should uninstall the browser plugin and any Flash software.

Windows 7 and Earlier

Windows 7 was a very popular operating system, but it’s now gone the way of the dinosaur. Replacements, Windows 10 and Windows 11, are now in widespread use. The Windows 7 OS lost support on January 14, 2020.

While it may still technically run, it’s very vulnerable to hacks. Microsoft Windows OS is also a high-value target for hackers. So, you can be sure they are out there looking for systems still running this obsolete version of Windows.

macOS 10.14 Mojave and Earlier

Because of the cost of iMacs and MacBooks, people tend to hang onto them as long as possible. Once these devices get to a certain point, updates no longer work. This leaves the hardware stuck on an older and non-supported macOS version.

If you are running macOS 10.14 Mojave or earlier, then your OS is no longer supported by Apple, and you need to upgrade.

Oracle 18c Database

If your business uses Oracle databases, then you may want to check your current version. If you are running the Oracle 18C Database, then you are vulnerable. Breaches can easily happen due to unpatched system vulnerabilities.

The Oracle 18C Database lost all support in June of 2021. If you have upgraded, then you’ll want to keep an eye out for another upcoming end-of-support date. Both Oracle 19C and 21C will lose premiere support in April of 2024.

Microsoft SQL Server 2014

Another popular database tool is Microsoft’s SQL. If you are using SQL Server 2014, then mainstream support has already ended. And in July of 2024, all support, including security updates will stop.

This gives you a little more time to upgrade before you’re in danger of not getting security patches. But it is better to upgrade sooner rather than later. This leaves plenty of time for testing and verification of the upgrade.

Get Help Upgrading Your Technology & Reducing Risk

Upgrades can be scary, especially if everything has been running great. You may be afraid that a migration or upgrade will cause issues.

We can help you upgrade your technology smoothly and do thorough testing afterward. Schedule a technology review today.

How Often Do You Need To Train Employees On Cybersecurity Awareness?

August 31, 2022

You’ve just completed your annual phishing training where you teach employees how to spot phishing emails. You’re feeling good about it, until about 5-6 months later when your company suffers a costly ransomware infection because someone clicked on a phishing link.

You wonder why you seem to need to train on the same information every year yet still suffer from security incidents.

The problem is that you’re not training your employees often enough.

People can’t change behaviors if training isn’t reinforced regularly. They can also easily forget what they’ve learned after several months go by.

So, how often is often enough to improve your team’s cybersecurity awareness and cyber hygiene? It turns out that training every four months is the “sweet spot” when it comes to seeing consistent results in your IT security. [Read more…] about How Often Do You Need To Train Employees On Cybersecurity Awareness?

Top 5 Cybersecurity Mistakes That Leave Your Data At Risk

June 27, 2022

The global damage of cybercrime has risen to an average of $11 million USD per minute, which is a cost of $190,000 each second.

Sixty percent of small and mid-sized companies that have a data breach end up closing their doors within six months because they can’t afford the costs.

The costs of falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, and more.

Many of the most damaging breaches are due to common cybersecurity mistakes that companies and their employees make.

Here are several of the most common missteps when it comes to basic IT security best practices.

Not implementing multi-factor authentication (MFA)

Credential theft has become the top cause of data breaches around the world, according to IBM Security.

MFA reduces fraudulent sign-in attempts by a staggering 99.9%.

Ignoring the use of shadow IT

Shadow IT is the use of cloud applications by employees for business data that haven’t been approved and may not even be known about by a company.

Shadow IT use leaves companies at risk for several reasons:

Data may be used in a non-secure application
Data isn’t included in company backup strategies
If the employee leaves, the data could be lost
The app being used might not meet company compliance requirements

It’s important to have cloud use policies in place that spell out for employees the applications that can and cannot be used for work.

Thinking you’re fine with only an antivirus

No matter how small your business is, a simple antivirus application is not enough to keep you protected. In fact, many of today’s threats don’t use a malicious file at all.

Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware.

Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.

You need to have a multi-layered strategy in place that includes things like:

Next-gen anti-malware (uses AI and machine learning)
Next-gen firewall
Email filtering
DNS filtering
Automated application and cloud security policies
Cloud access monitoring

Not having device management in place

A majority of companies around the world have had employees working remotely from home since the pandemic. However, device management for those remote employee devices as well as smartphones used for business hasn’t always been put in place.

A device management application in place, like Intune in Microsoft 365 can help manage this.

Not providing adequate training to employees

An astonishing 95% of cybersecurity breaches are caused by human error.

Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process.

Some ways to infuse cybersecurity training into your company culture include:

Short training videos
IT security posters
Webinars
Team training sessions
Cybersecurity tips in company newsletters

Why Protecting Your Printers From Cybercrime Is A Must (And Eight Tips For Improving Printer Security)

April 28, 2022

Printing devices are often overlooked when it comes to security. But the reality is, cybercriminals can hack your printer to get confidential information. Your printer is probably the last piece of computer equipment you thought needed protection from cybercriminals. But the truth is very different.

Attackers actively try to locate the weakest links in security to gain access to and exploit valuable data. And among the weakest links is the printer.

Printers have access to your devices, network, and the Internet. This new open-access functionality makes them an ideal target for cyberattacks.

Unfortunately, many business owners overlook the importance of securing their printers and mainly focus on computers and mobile phones.

Most people still perceive printers as internal devices that serve basic functions. For this very reason, they are an easy target for cybercriminals.

Other than performing unauthorized print jobs, hackers can access confidential information as well as all connected computers and networks all through a printer.

You may also not be aware of the amount of valuable data your printer can store about you – tax files, bank details, financial records, employee information, personal information, etc. All a hacker needs to do is get into the operating system of your printer, and they can collect this sensitive data.

If you’ve just realized the importance of securing your printer, keep reading. This article shares eight tips to help you do just that.

Tip #1. Make Sure Your Printers Are Configured Correctly
Many things can make a printer vulnerable to cyber threats and security breaches. So, you want to get the basics right to ensure the attacks don’t happen to you. To start with, make sure to change the default password on your printer. Since anyone can access a printer remotely, a simple “123456” code won’t suffice.

Second, make sure you’re using your own router to print files remotely. Never connect to “Guest” networks.

Tip #2. Inspect Print Trays Regularly
This one is a no-brainer, but everyone could use it as a reminder. Make sure to check your print trays and get rid of unused pages carrying sensitive information. There’s no easier way to prevent data leaks than this.

Alternatively, you can get a shredder for your office and shred the papers you don’t want anyone to see.

Tip #3. Install Malware and Firmware Updates
Invest time and effort to ensure that your malware and firmware protection are up to date and can handle all types of hacks.

The good news is that many printers come with pre-built malware protection.

HP, for example, installs the HP “SureStart” software in their printers that monitors approaching targets when the printer is on. The software can shut down the device if an attack comes its way. This is a great way to prevent attacks from spreading further within the network.

Tip #4. Limit Access to the Network
Unprotected printers in a network are an extremely easy target for cybercriminals. Sure, businesses and offices require printers to access networks to perform remote prints. But if you can do the job by disabling the network access, make sure you do that.

If not, tweak the printer and network settings to only allow the device to take print jobs from the network you trust. This will help avoid outside interference and security breaches.

Tip #5. Update Your Printers
Updating a printer is equally as important as updating your phone to the latest software. Much in the way iOS developers look for bugs and fix them in a new update, printer manufacturers work toward known device vulnerabilities and update the software for added protection.

Look for printer updates so you can easily overcome known threats to the printer. Ideally, update your printers every quarter to get the most out of the security benefits.

Tip #6. Install a Firewall
If you run an office, chances are you already have a firewall. But in case you missed this requirement, now’s the time to do it.

Using a reliable firewall helps keep printers safe from cybercriminals. Your computers most likely come with pre-built firewalls, and all you need to do is keep them enabled. But there are also specialized firewalls for homes and offices that offer advanced security and make it virtually impossible for anyone to break in.

Tip #7. Encrypt Your Storage
Printers with shared networks can perform distance printing. And when a print job is in transit and travels from a computer to a printer, hackers can intercept the data and exploit it.

To keep this from happening, encrypt your print jobs. Also, make sure the sensitive data on your printer’s hard or internal drive is encrypted as well.

Keep in mind that when you print a document, that file is often stored as an image within the printer and makes it an easy target for hackers. It’s why you should use an encryption tool to protect your data. Luckily, many modern printers have this tool pre-built.

Tip #8. Educate Your Employees
If you work in an office, chances are you aren’t the only person using the printer. Everyone that has access to it needs to be aware of the responsibilities that come with its usage. Make sure to talk to your employees about ways to ensure both the physical and virtual safety of the printers.

Your staff should also be careful when using their mobile devices to print, as smartphones are easier to hack than standard computers. Explain to them what phishing scams are and how they can avoid being the victim.

Finally, make sure it’s clear to them how they can use confidential information in your company.

Whether you use printers in your office or at home, take a moment to see how you can enhance its security before your next printing job.

« Previous Page