online security

How Can You Improve Your Online Privacy?

July 26, 2018

Jason Cooley — Frank DeLuca is a field technician for Tech Experts.

You have probably heard about the myriad of security blunders that have plagued the business and IT worlds. We’ve seen considerable security and privacy miscues from some of the world’s biggest businesses, organizations, and government agencies.

This includes data breaches, attacks from hackers, privacy concerns, and theft where massive amounts of private user data were lost and/or misplaced. If major institutions can fall victim to these privacy and security lapses, then so can individuals and society at large.

The Internet can certainly be a scary, confusing place, especially for the uninitiated, but there are many ways in which you can protect yourself, mitigate risk, and increase your privacy while having an online presence.

Use Strong Passwords For Your Sensitive Accounts
Using strong, unique passwords (symbols, long phrases, capitalization, punctuation) can help you avoid that gut-wrenching feeling that you get when you realize that someone has hacked your account and has access to your personal information. Not knowing what’s going to happen to your work or your memories is something no one wants to experience.

Creating strong and unique passwords for each of your online accounts is a smart practice. The reason is quite simple: if one of your online accounts is hacked, then the others will soon follow. Consider a password manager like LastPass or Keeper to create, store, and manage your passwords.

Don’t Allow Or Accept Cookies From Third Parties
The purpose of the computer cookie is to help websites keep track of your visits and activity for convenience. Under normal circumstances, cookies cannot transfer viruses or malware to your computer.

However, some viruses and malware may try to disguise themselves as cookies, replicating after deletion or making it easier for parties you can’t identify to watch where you are going and what you are doing online.

Because cookies are stored in your web browser, the first step is to open your browser. Each browser manages cookies in a different location. For example, in Internet Explorer, you can find them by clicking “Tools” and then “Internet Options.” From there, select “General” and “Browsing history” and “Settings.”

In Chrome, choose “Preferences” from the Chrome menu in the navigation bar, which will display your settings. Then expand the “Advanced” option to display “Privacy and security.” From there, open “Content settings” and “Cookies.”

Use A VPN Or VPN Provider
A virtual private network, or VPN, can help you secure your web traffic and protect your anonymity online from snoops, spies, and anyone else who wants to steal or monetize your data.

A VPN creates a virtual encrypted tunnel between you and a remote server operated by a VPN service. All external Internet traffic is routed through this tunnel, so your data is secure from prying eyes. Best of all, your computer appears to have the IP address of the VPN server, masking your identity.

To understand the value of a VPN, it helps to think of some specific scenarios in which a VPN might be used. Consider the public Wi-Fi network, perhaps at a coffee shop or airport.

Normally, you might connect without a second thought. But do you know who might be watching the traffic on that network? If you connect to that same public Wi-Fi network using a VPN, you can rest assured that no one on that network will be able to intercept your data.

Additional tips: keep your Windows operating system and your applications such as Microsoft Office up to date at all times, don’t post private information on your social media accounts, and use browser ad/tracking blockers.

Network Security: What Does Your Firewall Do For You?

June 26, 2018

Jason Cooley is Support Services Manager for Tech Experts.

“Security.” It’s a word that we are all familiar with, but it can have many different meanings depending on context. Security to people nearing retirement age may mean financial security for their future.

At a large event like a concert, it could mean both security guards and the overall security of the event.

However, as time goes by, the word security has become increasingly related to the digital world.

Using the Internet to pay bills, access banking information, or even applying for loans is commonplace. We must be prepared to protect our identity and personal information.

Now, whether you are talking about your home or your business, network security starts with a firewall.

So what is a firewall?

A firewall, in terms of network security, can be a physical device that your incoming and outgoing data is routed through. It could also be a program on your device that can strengthen and supplement your devices’ security.

Both of these have different capabilities and purposes and can be used individually or together.

While there are different types, their essential function is the same. A firewall is put in place to allow or deny traffic, based on a set of security rules.

In a business setting where many staff members use a computer daily, a firewall can be put in place to block unwanted traffic.

A simple security rule to check for secure certificates can stop unwanted traffic easily.

Websites have security certificates, so when you access a page, your firewall can check the certificate. If the certificate is digitally signed and known as trusted, the firewall will allow traffic to proceed.

Search results can often display links of potentially harmful websites.

A firewall adds a layer of security making sure your employees don’t accidently find themselves on a website that could compromise your network.

This same principle works for home networks and can allow you to set some security rules. These rules can be put in place to help keep Internet usage safe, especially with children around the house. A firewall can also block certain content.

In an office setting, you could turn off access to social media to stop staff from accessing sites that aren’t needed to complete work.

It can block certain search engines and even limit the use of unsecure versions of websites.

At home, you can block content from websites you don’t want your family to have access to.

There is also the option of having active network times. You can have your Wi-Fi network only active during business hours, keep your kids off their devices at bedtime, or limit access to certain days.

There are many other things that your firewall can do to help keep your network safe.

Keeping your network secure has the potential to save you thousands of dollars, depending on the number of devices and your dependency on those devices.

Safety and security always has a high value to you. It can also help you rest easier knowing that either your business, or your family, is a little bit safer.

Google Study Reveals Phishing Attacks Are The Biggest Threat To Web Security

June 26, 2018

A recent study by Google and UC Berkeley suggests that cyber thieves are successfully stealing 250,000 valid usernames and passwords every week.

The study, which was based on 12 months of login and account data that was found on criminal websites and forums, aimed to ascertain how the data had been hacked and the actions that can be employed to avoid criminal activity in the future.

Google claims the research is vital for developing an understanding of how people fall victim to scammers and hackers and will help to secure online accounts.

The research found that, over a 12-month period, keyloggers (programs that monitor every keystroke that someone make on a computer) stole 788,000 account credentials, 12 million were harvested via phishing (emails or phone calls that con people into handing over confidential data), and an incredible 1.9 billion were from breaches of company data. The study found the most productive attacks for cyber-thieves came from phishing and keylogging. In fact, in 12%-15% of cases, the fraudsters even obtained users’ passwords.

Malicious hackers had the most success with phishing and were able to pick up about 234,000 valid usernames and passwords every week, followed by keyloggers who managed to steal 15,000 valid account details per week.

Hackers will also look to gather additional data that could be useful in breaching security measures, such as the user’s Internet address (IP), the device being used (Android versus Apple) and the physical location. Gathering this data, however, proved far harder for those with malign intent.

Of the people whose credentials were secured, only 3.8% also had their IP address identified, and less than 0.001% had their detailed device information compromised.

Google said in a follow-up blog post that the research would be used to improve the way it detects and blocks attempts to misappropriate accounts.

Historical data of the physical location where users logged on and the devices they used will increasingly be used as part of a range of resources that users can use to secure their accounts.

The research, however, did acknowledge that the account hacking problem was ‘multi-pronged’ and would require countermeasures across a number of areas including corporate networks.

Education of users is set to become a ‘major initiative’ as the research also revealed that only 3.1% of people whose account had been hijacked subsequently started using enhanced security measures such as two-step authentication (Google authenticator or a similar service) after control of a stolen account was regained.

Cyber Security: How Safe Are You?

December 1, 2017

Jason Cooley is Support Services Manager for Tech Experts.

In 2017, Equifax, one of the largest credit bureaus in the US, suffered a data breach that exposed the names, Social Security numbers, date of birth, and some driver’s license numbers for 143 million people. An additional 209,000 people also had their credit card information exposed.

The attack was discovered on July 29th, but according to Equifax, the breach began sometime in May.

Let that sink in. One of the companies that rates credit scores and stores tons of financial information, had their data stolen for months.

Some would think that the larger the company (especially with sensitive data), the better the security. That isn’t always how it works out.

eBay, the online giant, is not immune. In 2014, 145 million user accounts were compromised.

The list goes on, and it contains some pretty big names. Target (2013), JP Morgan Chase (2014), The Home Depot, VeriSign, and even Sony’s Playstation Network (2011) have all suffered at the hands of hackers.

Don’t panic just yet, though. There are many things to consider when it comes to data security. From businesses to your personal data at home, we all obviously want to keep our private information private. While there is no foolproof way to keep yourself safe, there are some things that you should know.

This isn’t a movie.

The Hollywood portrayal of hackers is over-the-top for many reasons. Having one person just sitting around and deciding, “Well, I think I will hack the government or this bank,” isn’t a realistic vision of reality. Most of these data breaches come due to an unknown security vulnerability. Then groups of people will try to exploit this vulnerability.

There are different needs for everyone.

While cyber security can affect everyone, you shouldn’t be overly afraid as an everyday consumer. Most well-known websites are secure and checking out with personal information is often doubled down with extra security.

Still, if you are uncomfortable, use a wallet site, such as Paypal. More and more websites offer these types of payment options, putting down yet another layer of safety to keep your financial information safe.

What about my business?

That greatly depends on what kind of business you have. If you have a convenience store, there’s a pretty good chance your credit card processing is the only issue with data you’d ever have. Since this is typically handled by a vendor, you don’t have nearly as much to worry about.

Now, if your company stores any sensitive data (especially the personal information of others), you are going to need to step up the security.

How much do you have to lose?

This isn’t a trick question. Really, how much do you have to lose? Financial information? Client information? As bad as it is to have your data compromised, if you run a business that deals with any sensitive customer or client information, you should not only be careful, but you should be protected.

A managed service provider, like Tech Experts, can help maintain your network and data security. This may include firewalls, blocking specific websites, and running routine checks of the security. Sensitive data, like data that can be used in identity theft, should be protected proactively. You can’t save it once it’s been taken.

Browsing The Internet In Safety

December 1, 2017

Evan Schendel is a help desk specialist for Tech Experts.

Browsing the Internet safely comes with many hurdles. Not all of them are obvious, however. These hurdles are numerous and potentially dangerous, but with the proper knowledge and mindfulness, they can be avoided quite easily.

Viruses and Spyware

The Internet is a minefield of harmful applications and criminals trying to take anything they can, but these attempts can be counteracted.

A user must always watch out for suspicious links or websites. Some websites, though legitimate-looking enough, may be spoofed or fake, hiding malicious code or something equally devious.

Hints to these websites being fake can lie in any aspect of the page, but most commonly, it is a slightly different URL or domain name, typically off by only a letter or two.

The viruses dwelling in pop-ups usually attempt to scare users into clicking their product and downloading the malware or spyware-stuffed application linked in the pop-up.

Spyware can not only steal information input while loaded onto a system, but also slows the system to a crawl and tends to be easy to pick up. Simply navigating to a poisoned web page or opening a suspicious e-mail can infect a workstation with spyware.

The real dangers lie in file-sharing sites, where any file could be dangerous. When downloading any application, evaluate it carefully and make fully sure that not only the site is legitimate, but also that the application is safe too.

Preventative measures do exist, and any workstation should have an anti-virus and anti-spyware application installed and running to prevent most malicious applications from doing any serious damage.

Phishing and Scams

Viruses aren’t the only dangers that come with browsing the Internet. Many scams plague the Internet, preying on people uneducated about their existences.

Older scams were typically through e-mail, with scammers posing as long-lost relatives or people who could offer the victim a large sum of money, but only if they helped them out with a fraction of what they claimed they could pay the victim.

While it seems silly that these scams could work, many fall prey to the empathetic connection one might have when speaking a person in apparent need. These scams, while still common, occur less and less while newer and more sophisticated traps are being developed.

Phishing attempts also come in a method previously discussed – pop-ups. These can have dangerous-looking warnings, alerting you that your machine is infected with a petrifying number of viruses and scaring the user into clicking their links or graphics.

These links or graphics can lead down a dangerous path, including giving the scammers your credit card information or worse.

In the event a pop-up like this occurs, do not panic or give in.

If it is a pop-up, close the window and make certain you click nothing else on the page. If it is a re-direct to a suspicious page, close that as well, and immediately scan the system for any viruses or spyware just to be safe.

No computer is untouchable, but best practices and well-implemented safety measures can make a computer system much more secure, letting you browse the Internet without fear.

In addition to anti-virus programs, constant system updates and application patches can keep any potentially dangerous backdoors or vulnerabilities covered and safe.

With all of this information kept in mind, falling prey to viruses, spyware, and scams will be far less likely and sites will seem much safer.

Five Keys For Small Business Preventive Security Measures

November 1, 2017

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We continually mention the importance of network and password security for small businesses for good reason. The increasing security threats and cases of security breaches in both large and small enterprises show that we are more at risk than ever before of suffering a security violation.

Regulated entities such as medical offices (HIPAA) and financial institutions (FINRA) are especially susceptible to breachs and security incidents.

Prevention is always better than cure. To this end, here are five security measures you should start putting in place today.

Limit lateral data transfers
One of the biggest contributors to internal data breaches is a lack of employee knowledge of security issues. It’s important to protect strategically important information and data by limiting who has access to it.

Furthermore, you can employ network segmentation to reduce any unnecessary communication between internal and external networks.

Ensure machines and devices are updated
Internal breaches can result from the use of unprotected machines. Without being aware, employees may download malware or ransomware.

However, this may not be a problem if the software and operating systems on the machines are up to date.

Keeping all devices and the accompanying software and security structures up to date will make a significant contribution to protecting your systems.

Monitor activity to identify suspicious activity
Sometimes, a security breach may not involve any employees. Network administrators should ensure the latest monitoring software is in use to monitor behaviors and immediately detect anything that looks amiss.

Cyber criminals are aware of these types of activities and often conceal themselves deep in the network to exploit the system over a prolonged period of time.

Even if you miss the threat the first time, the monitoring system will provide meaningful insights that will help you recognize foul play.

Ensure robust passwords are in place
When it comes to system passwords and login procedures, you can always improve. In addition to the more traditional text-based password access, you should also ensure you have more up-to-date security mechanisms in place such as fingerprint access and smartcards. These are much more challenging for cyber criminals to replicate.

Embrace cyber insurance policies
No system can be completely safe from a cyber attack. Criminals are getting smarter and smarter, and what appears to be an impenetrable system one day can be infiltrated the next.

For this reason, you may wish to take out cyber insurance to cover any costs you incur if things do go seriously wrong.

Yahoo! And The Hack Heard ‘Round The World

November 1, 2017

In the age of Russian super-hackers and nationwide credit reporting agencies with pitiful security, what could be safe? One thing is for sure – not Yahoo!.

In September of 2016, Yahoo! released the news that 500 million accounts were hacked in the latter half of 2014. That news severely impacted Verizon’s business deal to buy them out, but they only lowered the price by $350 million USD to a total of $4.48 billion USD.

Three months after this business deal was done and the prior hack had been announced, Yahoo! let the nation know that approximately 1 billion accounts had been hacked in 2013. Verizon was not pleased, to say the least.

Just recently, Yahoo! released even more grave information.

In the earlier part of October, Yahoo! bumped the number of affected accounts up to 3 billion. This estimate encompasses every single Yahoo! account, including its subsidiaries like Tumblr and Flickr. That is a lot of data – and if you had any accounts (even unused) linked to these websites dating back to 2014, you could have even had the information sold.

The cybersecurity firm InfoArmor has reported some of this information has been sold on the dark web, a small part of the web not indexed by search engines.

The group selling this information has sold the data to three sources, two of which are known spammers. All paid upwards of $300,000 USD.

With this information, reused passwords from past accounts can be the largest risk, as many people recycle the same password(s) for all of their various online accounts. While no financial information was stolen, security questions, dates of birth, and backup emails were taken.

All of this can be used for not only breaking into the Yahoo! account in question, but also any other accounts with similar information.

A good course of action from here on would be to, as you should, never reuse passwords, and change any existing passwords you feel might be in danger. Ensure that no shady happenings have occurred with any accounts, up to and including bank accounts.

The information sold was reportedly utilized to spy on a range of US White House and military officials, alongside Russian business executives and government officials.

With this information kept in mind, a document was released stating that four men were indicted, two of whom were Russian intelligence officers working for the Russian Federal Security Service. Which is, ironically enough, an agency dedicated to aiding foreign intelligence agencies track cybercriminals.

To finalize, remember to keep safety measures on all your accounts and protect yourself from email fraud or spam to the best of your ability. Only sign up for accounts on legitimate websites and, when you do create an account, use a unique password for that site. For sites with sensitive information, elect to use two-factor authentication when possible.

That way, when a company’s security is pushed back in lieu of other things, you can serve as a second defense for yourself.

Do I Really Need A Firewall For My Business?

October 12, 2017

Ron Cochran is a senior help desk technician for Tech Experts.

Before we answer that, let’s look at what a firewall actually is. No, no actual flames of any kind are involved whatsoever.

A firewall is a barrier or “shield” intended to protect your PC, tablet, or phone from the data-based malware dangers that exist on the Internet. Data is exchanged between your computer and servers and routers in cyberspace, and firewalls monitor this data (sent in packets) to check whether they’re safe or not.

This is done by establishing whether the packets meet the rules that have been set up. Based on these rules, packets of data are accepted or rejected.

While most operating systems (desktop and mobile) feature a basic built-in firewall, the best results can usually be gained from using a dedicated firewall application, unless you know how to set up the built-in firewall properly and have the time to do so.

Firewall applications in security suites feature a host of automated tools that use whitelisting to check which of your applications should accept and reject data from the Internet — something that most users might find far too time consuming to do manually.

So it makes sense, now that it’s clear what a firewall is for, to have one installed and active. But just in case you’re still doubtful of the benefits…

Everyone who accesses the Internet needs a firewall of some kind. Without one, your computer will allow access to anyone who requests it and will open up your data to hackers more easily. The good news is that both Windows and Apple computers now come with built-in software firewalls (although the Mac’s firewall is turned off by default).

But businesses, especially those with multiple users or those that keep sensitive data, typically need firewalls that are more robust, more customizable, and offer better reporting than these consumer-grade alternatives.

Even a relatively small business engages in exponentially more interactions than an individual, with multiple users and workstations, and customers and suppliers. These days, most of those interactions are online and pose risks.

Not only are businesses exposed to riskier online interactions, the potential damage from each interaction is also greater. Businesses frequently keep everything from competitive bids and marketing plans to sensitive banking and customer data on their computers. When unprotected, the exposure is enormous.

Firewalls also allow computers outside of your network to securely connect to the servers that are inside your network. This is critical for employees who work remotely. It gives you the control to let the “good” connections in and keep the “bad” connections out.

Hardware firewalls must be compatible with your system and must be able to handle the throughput your business requires. They must be configured properly or they won’t work and can even stop your network from functioning entirely. You can use multiple hardware firewalls to take advantage of differing strengths and weaknesses.

Some industries (like medical and financial services) have specific regulatory requirements, so it’s important to consult your IT professional before choosing a firewall to make sure you’re not exposing your business to unnecessary liability.

It’s also important for you, or your IT service company, to constantly monitor the firewall to ensure it is up and working, as well as to ensure that it is regularly updated with security patches and virus definitions.

If you currently are not protected by a firewall or would like to inquire about an upgrade to your network infrastructure, please feel free to email (info@mytechexperts.com) or call (734-457-5000).

Helpful Tech Tips To Prevent Phishing

October 12, 2017

jared-stemeye — Jared Stemeye is a Help Desk Technician at Tech Experts.

Many of us have clicked on an email that appeared authentic, but was not. Those fortunate enough to identify any suspicious elements before an attachment is opened or a link is clicked are the lucky ones. But, sometimes, we don’t notice those little things and click things we shouldn’t.

These trick emails are one method of an effective scheme called phishing, run by cybercriminals to get information about you or your company. Even worse, this information is then bought and sold to the highest bidder to do with it as they wish.

At best, an ad agency might send some extra spam emails your way. At worst, your identity may be stolen or your company’s network may be left exposed for all sorts of trouble.

Fortunately, there are many things you and your workplace can do to avoid these phishing attempts.

Tips for Employers

Just asking employees to watch out for suspicious-looking emails doesn’t drive home the urgency of phishing.

Find recent news reports to share with your workforce. When an organization makes the front page for a data breach (usually because an employee opened an infected email), you can explain how something like that could happen to your organization. It’s well-timed, newsworthy, and will be on forefront your employee’s mind.

The best thing to do as an employer is to implement a program that encourages security awareness, education, and behavior modification.

Changing up how you deliver that message to employees can be quite helpful. Start with a monthly email, memo, or bulletin. Switch it up with in-person, individualized meetings. Using different approaches will help your message resonate with more employees. It is common to need to communicate a message multiple times for it to stick with everyone.

Tips for Employees

Social media can be your worst enemy. Social networks are abundant with personal information, putting it right at the fingertips of cybercriminals.

Do not post any birthdays, addresses, or any other personal information on these websites. We know many domain and personal accounts use these for passwords despite the easy availability. Even with privacy settings maxed, there is always a way for cyber criminals to obtain the information.

Additionally, cybercriminals are getting more creative, especially with phone numbers. It is becoming very common for criminals to call high-risk employees and ask for information. For example, some of these “phishers” will call and pretend they are from their company’s help desk and need to reset account credentials or “require verification” from the user.

When in doubt, don’t give anything out. If something seems off or you don’t know the person, ask for their contact information and look into it. In these cases, it’s better to be cautious than courteous.

Overall, phishing isn’t going anywhere and it should be incorporated into all online security training for workplaces. As long as people use social networks and email continues to be a primary workplace communication channel, phishing will be a top choice for cybercriminal’s data theft. Protect your business and your employees. You can always contact Tech Experts at (734) 457-5000 if you’d like an in-depth review of any suspicious email you may have received.

What Is Credential Management And Should I Have It?

August 24, 2017

In the world today, we have many things to remember and passwords are one of those. We have alarm codes, website logins, usernames, passwords, passphrases, bank account information, and everything in between. However, if you’re on top of your password game, then none of your passwords match and that can be quite the chore to keep up on.

This brings me to a product called Passportal.

Passportal eliminates the need to remember all those different passwords, websites, and passphrases. With Passportal, once you have your account set up – and have entered your websites, usernames, passwords, and passphrases – you will only need to remember one password to sign into anything. There is also an extension for one of the most popular web browsers.

Once you create your account with Passportal, you’ll be able to enter your website of choice, username, and password; then, when you revisit that site, you will be notified that Passportal has saved your credentials for that site. You’ll click one button and Passportal will automatically enter your information in, then you’re logged in to your favorite websites, social media, or message boards.

While it may sound like you’re putting all of your eggs in one basket, Passportal’s main focus is password security. The website, application, and process was created with military-grade password data security in mind while maintaining ease of use for the end user.

In the event of a mugging or break-in, you can lock your Passportal account and disable your usernames and passwords, instead of trying to remember everything you need to change. It’s one less thing to worry about when recovering from identity theft.

Let’s say your credit card and bank information have been compromised. Once you receive your new card and password, you revisit the website. Passportal remembers your password, but it doesn’t work. You will be able to seamlessly add the new password to the Passportal extension with just a couple clicks and keystrokes. Passportal has saved many users countless extra clicks, time, and hassle by keeping their valuable personal information secure.

If you are the owner of a company, you can utilize Passportal and have control over the passwords and when/if they expire. If you have an employee that quits or is terminated, you can lock that username out of your company information with just ONE click of a button. This feature saves valuable time that a human resource manager would have used to track down all the user information, gain access to their workstation or laptop, and remove their profile, or gain access to the server to remove their Active Directory profile.

Passportal also has two-way syncing with Active Directory for Windows Server. With Passportal, there is even a mobile app and phone number you can text to get a password reset. This feature will save employees who are locked out of their accounts – and allow your IT department to focus on more in-depth issues.

If you’re the human resource manager, general manager, or owner of a company, your company will most likely be able to benefit. Ask your IT department or managed service provider about Passportal and how you can implement it within your company.

« Previous Page