TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Internet

Do You Have Internet Privacy At Work?

Luke Gruden is a help desk technician for Tech Experts.
Sometimes, when there’s a break or the work day is slow, it can be tempting to check on a couple different websites. In doing this, would anyone know what websites were visited? Other than the people around, who else would know what sites might have been visited? It may come at a surprise that there could be many different people later on – or even immediately – that find out about the websites that were visited.

It is common for workplaces to have a firewall that prevents certain websites from being visited. Along with blocking certain websites, firewalls usually keep track of all the different websites that have been visited and by who.

Any time a website is visited that has been blacklisted (blocked), this usually triggers an alert to the IT department or management, so they can look over who tried to connect to a blacklisted site. From there, if IT or management feel it is necessary, they could look over the entire history of websites that were visited by a user or a group of users.

Now, let’s say for some odd reason that the business does not have a firewall or other device that keeps records of websites visited – could websites that were visited still be discovered?

Well, the computer someone uses also keeps records of websites that they have been visiting, which can be accessed by IT.

Some clever users might be able to remove their footprints from their workstation computer, but they may not have access to something like that.

There is another way that websites visited from a workplace can be tracked without a firewall or looking into the computer files.

If the websites visited warrant any legal action or an investigation is happening at the company, the ISP (Internet Service Provider) can release any and all records of websites visited and exact information of what was done. There is no way to get around this as you need an ISP to use the internet.

There are even more ways to find out what websites are being visited than what was mentioned here. In short, if someone at the office is using the work Internet, it is more than possible that every website visited is being kept track of in one way or another.

If you follow the rules of your workplace and visit only the type of websites allowed by the work place, you shouldn’t have much to worry about. As a rule of thumb, you should only visit sites and do things that you don’t mind the public or workplace knowing about. If you ever see “NSFW” (Not Safe for Work), do not visit or have anything to do with it while on the work Internet.

Only surf the Internet when you are allowed to surf the internet. Don’t visit websites or open emails where the main site or email sender is unknown. With these tips in mind and a better awareness of how a person can be tracked on a business network, you can make better choices while on the company’s Internet.

What Can I Do To Strengthen My Wifi Signal?

A weak WiFi signal in certain areas of your house could limit where you do your work and enjoy your entertainment activities, such as streaming films music or playing online games. This is actually a common issue with a couple of relatively easy fixes that will improve your wireless Internet connection throughout your house.

The first option is to replace the antenna on your router with a taller one. If your router has a built-in antenna, you can likely add an external one and see a marked increase in signal quality. There are two main types of antennae: omnidirectional and directional. An omnidirectional antenna transmits in all directions, while you can point a directional antenna where you need to strengthen the signal without making it easier for others to latch onto your WiFi. The other alternative to improve your wireless signal is to install a range extender, particularly if the area that requires the strongest signal is behind thick walls or is relatively small.

Should Your Business Get A Backup Internet Connection?

With most business operations tied to the Internet, it is important to consider a backup plan in the event that your Internet connection goes down.

A host of things can cause issues with Internet service from natural disasters to provider caused issues, and unfortunately, those are beyond your control.

Choosing whether or not your business should have a backup Internet connection, however, is within your power.

You should first identify how much your business depends on the Internet for its operations when making this decision. In other words, could your business operate, if the Internet was to go down for a few hours without suffering a significant monetary loss? What about for a few days?

Chances are that your business would at least operate at a disadvantage without another way to access the Internet. If that is not the case, deliberating about backup connections may not be your best use of time.

For the rest of the business world, however, the real question lies in what kind of backup Internet connection you should seek.

Most experts will agree that it is wise to have your backup connection one notch lower than your primary one.

For instance, if your primary Internet connection is fiber, your secondary connection could be a T1 line. If your primary is a T1 line, try DSL or cable for your secondary.

That way, you’re not making a huge downward leap such as from fiber to dial-up, and your employees wouldn’t be at too much of a disadvantage.

This approach also takes into account your business’ budget. Your secondary connection will be a little less expensive than your primary while still being somewhat close in capability.

You’ll also need to make sure that your firewall has the capability to support more than one Internet connection. Most of the firewalls we recommend to clients include this as an option; however, the consumer grade routers sold at big box stores rarely offer this as an option.

Another important feature is to make sure your firewall can automatically detect outages, and switch Internet connections to keep you up and running without manually having to switch connections.

Internet Security: Beware Of “Malvertising”

Michael Menor is Vice President of Support Services for Tech Experts.

As if Internet use wasn’t already troubled with cyber perils, users now have to add “malvertising” to the list of things from which they need to protect themselves.

“Malvertising,” like the name suggests, means “ads that contain malware.” Some mal-ads aren’t dangerous unless you click on them – but others can do “drive-by downloads,” sneaking their malware onto your computer simply because you’re viewing the page on which the ad appears.

While most malvertising is on websites, it can also show up on other ad-displaying apps, such as Facebook, Skype, some email programs, and many games.

The reason that malvertising is more of a problem than other malware approaches is that it can be spread through online advertising delivery networks like Google DoubleClick to legitimate sites that users routinely visit, like the New York Times, Huffington Post, and Yahoo, as well as routinely-used mobile apps that show ads. Malware-bearing ads can be “injected” either by hacking ads at the provider end or by buying and providing mal-ads. In most cases, there’s no way for a user to tell just by looking that an ad has been compromised.

The Potential Damage
The dangers of advertising-delivered malware are the same as those from malware you get any other way. Malware can steal account usernames and passwords, bank and credit card information, and other sensitive data.

It can encrypt your data and “hold it for ransom.” It can, in turn, infect other computers on your network and turn your computer into a “zombie,” spewing out spam and malware to the Internet.

July_2015_MalvertisingLike other viruses and malware, malvertisements take advantage of security vulnerabilities on users’ computers and mobile devices. These may be anywhere from the operating system, to web browsers and other applications, to add-ons and extensions like Java, JavaScript, and Flash.

How do you know if your computer has been infected by malware? One sign is that your web browser shows unexpected pop-ups or seems to be running slower. But many malware infections remain “stealthy,” possibly even eluding anti-malware scans.

Legitimate ad creators and ad delivery networks are working on ways to detect and prevent malware from getting into the digital ads they serve. Otherwise, people have even more reason to not look at ads or block ads entirely.

But, assuming it can be done, this won’t happen for a year or more. The burden is on companies and individuals to do their best to protect their networks, computers, and devices.

What Can Companies and Users Do?
Although malvertising is a relatively new vector, the best security practices still apply; if you’re already doing things right, keep doing them. But what does “doing things right” look like?

  1. Avoid clicking on those ads, even accidentally.
  2. Maintain strong network security measures. Next generation firewalls at the gateway can often detect malware payloads delivered by ads, block the ads entirely, and/or detect communication from already-infected devices.
  3. Regularly backup systems and critical files so you can quickly restore to a pre-infected state if your systems and data are compromised.
  4. Deploy endpoint security software on every device so that it’s protected on and off the network.
  5. Ensure that all operating systems and client software (especially web browsers) are fully patched and up to date.
  6. If you suspect a computer has been infected, stop using it for sensitive activities until it’s been “disinfected.” Again, many security appliances can help you identify and quarantine infected devices.

It’s unfortunate that even more of everyday Internet use is potentially unsafe, but the steps to fend off malvertising are essentially security precautions that companies and individuals should already be following.

Does Your Company Need An Internet Usage Policy?

Scott Blake is a Senior Network Engineer with Tech Experts.

With the growth and expansion of the Internet, it is important to make sure that your business has a policy in place to protect its assets.

Depending on your business, an Internet Usage Policy (IUP) can be long and drawn out or short and to the point.

An IUP will provide your employees with guidelines on what is acceptable use of the Internet and company network. IUPs not only protect the company, but also the employee.

Employees are informed and aware of what is acceptable when it comes to websites and downloading files or programs from the Internet.

When employees know there will be serious consequences for breaking the IUP, such as suspension or termination of employment, companies tend to notice a decrease in security risks due to employee carelessness.

You will need to make sure your IUP covers not only company equipment and your network, but also employee-owned devices such as smart phones and tablets. You may be surprised at the number of employees that feel they do not have to follow the IUP because they are using their own device to surf or download from the Internet.

Make sure you address proper usage of company-owned mobile devices. Your business may have satellite employees or a traveling sales force. Even when they are away, they need to be aware they are still representatives of the business and must follow the business IUP.

After all, it would not go over well if your sales staff was giving a presentation to a prospective client and suddenly, “adult content” ads popped-up on the screen because one of your employees was careless in their web habits.

The downloading of files and programs is a security risk in itself. Private, internal company documents and correspondence downloaded from your company’s network can become public, causing unrepairable damage.

On the same thought, employees downloading from the Internet open your company’s network up to malware attacks and infections.

There are a lot of hackers that prey upon the absent-minded employee downloading a video or song file by hiding a piece of malware within the download. Once the malware makes it into your network, there’s no telling what damage it can cause.

As for non-work related use of the company network and Internet, make sure your employees know there is no expectation of personal privacy when using the company’s network and Internet connection.

Make it well-known that the network and Internet are in place to be used for work purposes only. Improper use of the network can reduce bandwidth throughout the company network.

This includes all mobile devices owned by the company. This way, your employees know that no matter where they are they still must follow the guidelines of the IUP.

Make sure all of your employees sign the IUP and fully understand what it is they are signing. Make sure you answer any and all questions they may have.

This will help clear up any confusion your employees may have. This way, there can be no excuses as to why the IUP was broken.

Whenever you update the IUP, make sure you have all of your employees sign and understand the new additions and/or changes to the IUP. It may seem like overkill, but you’ll be glad you did if you ever run into any violations of your company’s IUP.

For assistance in creating Internet Usage Policies or if you have any questions, call the experts at Tech Experts: (734) 457-5000.

Coming Of “Edge:” Microsoft’s New Browser

Up until now, Internet Explorer’s successor has been secretly referred to as Project Spartan during Microsoft’s development stage. At the Microsoft Build 2015 Developer Conference, the project name was finally announced as the company’s newest browser: Edge.

The name was already familiar to those in the know because Project Spartan’s page-rendering engine was known as Edge, but now the name has been elevated to describe the product as a whole.

For those who have had difficulties with Internet Explorer, this new browser is long overdue, but Edge should turn their frowns into smiles because it is much faster and more compatible with modern web standards.

Edge joins its competitors, like Firefox and Chrome, in the use of extensions and actually uses the same JavaScript and HTML standard code.

This means that Microsoft’s new browser can easily adopt its competitor’s extensions. In fact, Joe Belfiore, Microsoft’s VP of Operating Systems Group at Microsoft, demoed a couple of extensions at the conference. However, you won’t see the extensions feature in Windows 10 until later this year.

Cortana, Windows 10’s Siri-like virtual voice assistant, makes an appearance in Edge as well. When needed, Cortana shows up in a blue circle in the browser’s toolbar to relay pertinent information related to the landing page, such as directions to a local business or contact information.

Edge users can also summon Cortana for assistance and extra info by right-clicking on text selections to find out more.

Another Edge feature is the new-tab page, a remnant from Internet Explorer with a few tweaks. When Edge users open a new tab, the page displays thumbnail icons for the most frequently visited sites. It also allows users to reopen closed tabs and makes many suggestions for apps and videos and facilitates access to weather or latest sports scores.

Edge also provides the option to view pages in a reading mode free of distractions such as images and advertisements. Users can even make annotations, such as highlights and notes, on webpages for sharing or storing as an image. Microsoft’s new browser also comes with coding support and will function the same across all platforms. Until Edge is formally released, users can test it on non-critical PCs by downloading Windows 10 and joining the Windows Insider Program.

Online Safety: Is Your Website Secure?

Michael Menor is Vice President of Support Services for Tech Experts.

For all too many companies, it’s not until after a breach has occurred that web security becomes a priority.

While more than a few examples of recent breaches may leap to mind, know that these aren’t exclusive to big name retailers who accept credit cards. If you have a website for your business, you may be at risk.

As more and more business is done using the World Wide Web, websites themselves have become increasingly attractive to cybercriminals.

Websites are such a lucrative target for an attack because not only are there so many sites to attack, but an overwhelming majority of all websites can be easily exploited by some of the most common vulnerabilities.

Attackers, no longer driven by notoriety and ideology, have focused more on techniques that allow them to profit from their illegal activities.

Exploited sites allow the theft of credit card data, financial information, identities, intellectual property, and anything else cyber criminals can get their hands on.

The integrity of the company’s internal network can be affected as well if the website provides access to it.

There are many online services that allow anyone to create a webpage in under ten minutes.

Unfortunately, these quick solutions also make it easier for attackers. Without proper training and knowledge, many of these sites are left with multiple vulnerabilities. A few of these vulnerabilities will be discussed.

The Heartbleed Bug is a vulnerability that allows attackers to obtain confidential data such as usernames, passwords, emails, and even proprietary company data and communications.

Even if you think you might be protected because you use encrypted forms of communication, you’re not safe. Attackers will be able to eavesdrop into your communications and steal data from beneath you.

Like Heartbleed, one of the most prominent vulnerabilities affecting web applications is cross site scripting (XSS).

This vulnerability can allow an attacker to hijack web communications. The attacker may target a vulnerable website by tricking the user into submitting sensitive information or performing a privileged action within the target website’s web controls.

Application Denial of Service attacks have rapidly become a commonplace threat for doing business on the Internet — more proof that Web application security is now more critical than ever. Denial of Service attacks can result in significant loss of service, money and reputation for organizations.

Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services.

Denial of Service attacks are centered on the concept that by overloading a target’s resources, the system will ultimately crash.

An HTTP Denial of Service attack can also destroy programming and files in affected computer systems.

In some cases, HTTP DoS attacks have forced Web sites accessed by millions of people to temporarily cease operation.

Websites that can be compromised pose a serious risk and thus serious preventative measures should be taken to combat it.

Scrambling to fix the problem after the fact is costly, stressful, and can potentially result in legal action. Breaches also cause damage to your company’s image and brand, which may be permanent.

Know your vulnerabilities and don’t rely on ten-minute-or-less website creators to keep you safe.

If it’s too good to be true, it probably is.

Beware Of These Tax Return Scams

In the online world, it seems that there is always a new threat cropping up on the horizon. There is one, however, that has been returning year after year following the onset of online tax filing.

This is the prime time for tax phishing scams, and it is important to recognize the signs of a cyber-criminal going after your identity and holdings.

Since tax season is often a mystifying time financially with ever-changing laws that directly affect your pocketbook, it isn’t far-fetched to believe the IRS or a related government agency may need to double-check your data or ask for additional information via email or text.

This is a situation that sophisticated thieves are well aware of, and they do not hesitate to exploit citizens’ lack of knowledge of how the revenue service actually conducts its business.

In fact, approximately 25,000 phishing emails (messages asking for personal data like Social Security numbers and the like) and 611 scam websites were shut down during the last tax season. It is probable that far more efforts went unreported.

Fortunately, it is easy to thwart criminals’ efforts to gain access to your personal information and financial holdings when you are on the alert.

First, no government agency will ask for such information through an unsecured email or text. If the tax agency, tax-preparation company, or related organization needs additional sensitive information from you, you will be contacted by mail, phone, or directed to a secure website.

In the case you are suspicious of a particular communication, double check that the email or physical address matches that of the legitimate organization.

Also, beware of messages that do not use your full name with something generic, such as “Dear valued customer,” or warn that there will be dire consequences if you do not reply right away.

If there is any doubt whether an email or text is a scam, report it to the organization in question or law enforcement agencies.

Most Employees Use Work Computers For Outside Activities

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

GFI Software, a leading software tool provider for companies like Tech Experts, recently released a report that found the personal use of company computers and other devices is leading to major downtime and loss of confidential data in many businesses.

The study of about 1,000 small business employees who used a company-provided desktop or laptop computer found that 39 percent of them said their businesses have suffered a major IT disruption caused by staff members visiting non-work related websites with work-issued hardware, resulting in malware infections and other related issues.

Even more alarming, the study showed nearly 36 percent of staff members said they would not hesitate to take company property, including email archives, confidential documents and other valuable intellectual materials, from their work-owned computer before they returned the device if they were to leave their company.

[Read more…] about Most Employees Use Work Computers For Outside Activities

The Human Factor In Network Security

Scott Blake is a Senior Network Engineer with Tech Experts.

As you’re aware, disaster can manifest in many forms. In the past, we have included articles about weather-related events and how to best prepare your business against disasters.

However, there is another type of disaster that’s unlike flooding or fires that can also have devastating effects on your business.

The Human Factor
When it comes to safeguarding your business both physically and virtually, you have the power and controls available to give the edge against company espionage, cyber-attacks, or absent-minded employees.

It comes down to three basic areas: Software, Hardware and People. Once you have a firm grasp and control over these areas, you will have reduced your risk level considerably.

Software
Make sure all of your company’s electronic devices – from company-owned smart phones, tablets, laptops, workstations and servers – are running anti-virus and have a firewall in place.

While some devices are easier to secure and manage than others, this is a critical area, so be sure to make the best attempt to cover all your devices.

Be certain that your data storage devices are running backups and the backups are indeed good. As an added form of protection, encrypt your data being stored, making sure you save the key offsite as well.

Business_People_Group_laughing backupThat way, if your data is comprised either through internal access or external, it will become very difficult to use the data that was stolen.

The size of your company and the amount of sensitive data you have will dictate the frequency of your backup schedule. Remember, it never hurts to be overprotective when it comes to your data.

Hardware
Have security/firewall devices in place. Make sure they are fully configured for your business and that the firmware is up to date.

A lot of security devices add increased measures through the firmware updates.

They often have the ability to fully lock down your internal network as well. Restrict Internet access to only websites necessary for your business operations.

If your business offers Wi-Fi access for either internal use or guest use, make sure that controls are in place to limit access to your company’s internal network. The best precaution is to place the guest Wi-Fi on a completely separate network.

While Exchange mail servers can increase overhead, they will also add a level of increased security to combat against viral infections being delivered via email and attachments.

I’m sure everyone is well aware of Crypto-Locker and its variants. The majority of Crypto-Locker infections were delivered through infected PDF files sent as attachments.

People
By nature, humans are (and will always be) the most random aspect to safeguard your business from. It is vital that you run full background checks on any employee that will be given access to sensitive data or hardware.

Restrict the use of portable media such as flash drives and external hard drives while employees are working on or in the server room. Some companies may go as far as banning all portable media devices entirely.

Be proactive in actively monitoring your employees and watch for any changes in behavior, appearance, attitude and tone of speech. These can all be signs something is wrong.

If you have questions or you’re looking for suggestions, call Tech Experts at 734-457-5000, or email us at info@mytechexperts.com.

(Image Source: iCLIPART)