TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Security

Automatic Updates: Be Safe by Being Secure

We are all well aware of how  popular the Microsoft Windows operating system has become. Not only is this  operating system popular for the business world, the vast majority of home computers run this operating system in various forms.

This popularity can make you a prime target for hackers and other criminals looking for a way to take advantage of a security risk in the operating system. Microsoft is keenly aware of this issue and takes steps almost instantly to make security patches and updates available for you, or your IT professional, to download and install.

Depending on how you have the automatic updates setting configured, these updates may or may not download and install themselves automatically, or you may have to initiate the process yourself manually.

While this feature is nice, most IT pros would rather pick a time to download and install these updates in a controlled situation, where the loading process can be monitored for any problems or issues that may arise.

The automatic updates utility can be accessed through the control panel. Once you open up automatic updates, you have the option there to select automatic updates, but even if you have automatic updates turned on, it is always a good idea to visit Microsoft’s update website occasionally and have the update center scan your computer to check and make sure you have all the latest updates available.

Microsoft also has a very thorough program called “Microsoft Baseline Security Analyzer 2.1.” This tool written for IT professionals provides a streamlined method of finding common security misconfigurations.

This tool allows our technicians to quickly scan your server or workstations and identify any missing security patches and provides a quick link to the supporting white paper that will explain to the technician exactly what security issue is being addressed with the particular security patch. Once enough of these security patch releases become available, Microsoft bundles them all together into what is called a service pack. This allows IT pros to download this patch to portable media and deploy it very quickly in a network environment.

I cannot stress the importance of keeping up with these service packs and security patches. A case in point, I went to a client’s office and checked every one of their workstations to see how “up to date” they were.

One of the stations required a service pack installation that has been available for months now. In addition, it
required 59 additional updates to bring it up to date.

You can imagine the risk that this system was to the client’s network. We now have this client’s network under our Managed Services Plan. This plan is offered for a nominal monthly fee and encompasses their server and all  stations.

Now these stations are monitored around the clock by our network operations center, and updates are downloaded and installed after hours, as soon as the updates are available.

So make sure to keep your computer and your information safe by being secure and contact Technology Experts to get your network protected by our Managed Services Plan. It’s the best way to make sure your network is safe and  secure.

Gone In Sixty Seconds: Protecting Your Laptop & Data

September was a whirlwind travel month for me, having been in both Charlotte, North Carolina and Chicago in the last three weeks of the month.The training is great, but as anyone who has traveled lately knows, the airports can become a real challenge.

I was waiting in the Charlotte airport for my return flight to Detroit, and watched an awful story unfold.

A passenger, who was obviously a business owner or executive was searching frantically for his laptop case. After about 20 minutes, airport police showed up and it turns out his laptop had been stolen.

Business owners as well as your average everyday computer users are turning to laptops more and more each and every day, due to their mobility and the ability to keep them in touch with the office no matter where they are.

A huge importance that many seem to forget is keeping their data safe, and doing regular backups. I would guess that every three in five users are not performing any type of backups. They run the huge risk of losing all their valuable data, programs, and even their entire computer as the gentleman in the airport did.

It is crucial to have a backup solution in place, especially for business owners who keep most of their work information on their laptop computer.

With today’s technology options, you can find a backup solution that will work for you, and there seems to be a price range for everybody.

Backups can be performed in several ways, from a manual backup to a CD or DVD, some form of removable media like a flash drive, or SD card, and there are even the higher end solutions like BDR and off site backups.

Typically a backup solution would come with a piece of software to control your backups. Things such as what you’re backing up, how often your backing up, and where you want the backups to go.

The beauty of using software is it almost completely automates the process, and becomes something you don’t have to worry about any longer, knowing that if your computer is stolen, or your hard drive suddenly crashes out, you have a good copy of your data, and you can be back up and running in no time at all.

My favorite solution is the offsite backup, which can be offered thanks to the Internet. With an offsite backup system, data that is on your laptop, workstation, or server(s) can be sent out across the Internet (typically encrypted) to an offsite location.

So for example, you could be working at your company, and having all your daily additions to a highly secure data center out in the cloud. This would protect your information from a disaster such as a building burning down, or a fatal hardware crash.

If that sounds like overkill for your situation, an easier solution can be used, such as backing up once a week to a flash drive.

All Windows based systems have a utility built in called Backup and Restore. This utility will allow users to backup just their  personal data, such as pictures, documents, emails, etc. or even take it a step further and back up the entire computer’s  configuration, including the data.

Windows Complete PC Backup and Restore is most useful for disaster recovery when your PC malfunctions.

This feature helps you create complete PC backups, and then in the event of a serious system issue or data loss, Windows Complete PC Backup and Restore can restore your entire PC environment, including the operating system, installed programs, user settings, and data files.

If you do not have currently have a backup solution implemented, please contact our technical support team. We can work with you to set up backups to a flash drive or CD.

We also have a great offsite solution for $39.99 per month that will keep all of your data safe in the event of a failure. It works transparently in the background, encrypting and forwarding your data to our data center, where’s it is stored and updated as needed.

The best thing about this type of solution is that it doesn’t require you to do anything – the backups occur automatically, and we’re notified if there is ever a problem where your backup didn’t complete properly.

LoJack For Laptops

The technology behind Computrace LoJack for Laptops by Absolute Software is the Computrace Agent, a small software client that is embedded into the BIOS firmware of most computers at the factory. Or Tech Experts can install this agent for you.

The Agent in your computer maintains daily contact with the Absolute Monitoring Center. If you report your computer stolen, Agent contact will increase to every 15 minutes.

Increased contact allows Computrace to obtain specific details like the physical location of your computer, any activity that has occurred post-theft, and other important data that will aid Computrace in working with local law enforcement to catch the thief and return your property to you.

Regardless of recovery status, you can remotely delete data to remove some or all of the information stored on your computer so that it doesn’t fall into the wrong hands.

This could include files and applications containing personal photos, internet bookmarks, browser cookies, financial information, and stored passwords.Everything an identity thief would need to steal your identity.

On the web: www.absolute.com

Choosing The Right Antivirus Software

Protecting your computer from spyware, viruses, pop ups and malware is one of the most important things you can do as a computer owner. Not being protected can lead to stolen information or just plain harm to the computer.

Some infections can sit in the background and wait until the right time to deploy. By having a good antivirus program you can protect your computer at all times. Here are some tips to help you choose the right antivirus software for your system.

Costs
When looking for the right antivirus software do not forget to compare pricing. Most antivirus software is fairly priced. Some well known antivirus software can be very pricy due to the well known name that the company has. One of the more affordable antivirus programs that I know is low priced, but has great quality. It’s called Etrust, and it’s made by Computer Associates (CA).

Automatic Updates
You can pay all the money in the world for a good antivirus program, but if the antivirus signatures do not update automatically then it is not worth it. Almost every computer user does not even pay attention if the antivirus is on or not – most just assume it is taking care of business. By having an antivirus that automatically updates it can help keep the antivirus software up to date and protect you from the newest threats.

Frequency of Signature Updates
An important part of the software is how often the software actually updates. They say that a new virus is created every four minutes. So good antivirus software sends out multiple updates every day to make sure the virus signatures are up to date on the most recent threats.

Active Scanning
Active scanning is another feature that is very good to have. Some antivirus programs only protect the computer fi les as they’re being used or access, and not all the fi les on the system. You want protection that is active all of the time, and scans files and programs as you access them.

By having it scan it will look through all fi les on the computer to make sure there are no sleeping threats on the system. Many infections will just keep coming back so having the computer scan every day helps protect from those types of infections.

Performance
When looking at antivirus software, you have to ask yourself: “Will it slow down my computer?”

If the software takes a lot of space and resources, you may fi nd it will slow down your system when it’s working. If you sit down and think of these topics before you rush into buying new antivirus software, I am sure you will get great software for your money.

Also there are many websites that will compare antivirus programs if you are worried about the safety of your computer.

If you have any questions or concerns about the best antivirus for you, please feel free to give us a call here at Tech Experts at (734) 457-5000.

Tired Of Being Tied Down? It’s Time To Lose The Wires!

Security Tips For Your New Wireless Network

With the decline in the cost of wireless equipment and “point and click” configuration ability most newer equipment offers, more and more people are setting up wireless networks in their homes and businesses.

One key configuration that is often missed, though, is security of the wireless network.

Is the wireless connection you’re using secure, is your data in jeopardy, and is your identity safe?

You might be asking yourself “How do I secure my network, and what does it mean so say a wireless network is unsecure?”

If a network is classified as unsecure, it means that the network can be accessed without the need for a key, or password. You’ll find unsecure networks in a lot of public places, such as coffee shops and airports.

The problem is that once a  user is connected to an unsecure network, it is possible they could access network resources such as files, folders, printers, etc. that are shared on your computer – many times, without you even knowing.

As you know, this could be a world of trouble if your confidential data is obtained by an unknown user.

A number of things can be done to ensure your wireless network is safe, network resources are protected, and your data is securely stored on your system.

Firewall
Software or hardware devices can be implemented, and are one of the first lines of defense, to prevent unauthorized access of your wireless network. Most wireless routers include basic firewall protection – it just has to be turned on when the unit is configured.

SSID
The SSID is the name of your network. Most routers come with a default SSID, which, if left that way, is a sign of a poorly configured network. This makes you an easy targets for hackers.

Password Changes
By default, wireless routers have a standard username and password that can be easily looked up on the web.

You should definitely set up your own username and password to access your wireless device’s setup screens, so hackers or unwanted Internet users can’t go into the settings on your router and make changes to your security settings.

Be sure to follow standard password security when coming up with the password for your wireless router – you don’t want hackers to be able to easily guess your password, and access your setup screens.

Signal Strength
Most routers allow you to set the signal strength of the network broadcast. Turning the signal down on your router lowers the  chances of outsiders being in range of your wireless network.

Enable Encryption
This is one of the most important steps to securing your wireless network- require a key or network password in order to connect to the wireless network.

There are several types of encryption, the most common being WEP, WAP, and WAP2. Each provides a different level and method of network security. Any form of encryption is better than having an open wireless network.

Securing your wireless network plays a key role in the protection of your data, network resources, and overall privacy when you’re using a home or work network. It’s a quick and easy process, requiring just a few changes to the default setup. The peace of mind and convenience of wireless networking are worth the extra few steps.

Do You Keep Critical Passwords On A Sticky Note Next To Your PC?

We constantly struggle to get our clients to stop writing down their passwords on sticky notes by the computers. Obviously this is a security risk. Another bad habit is choosing  really easy-toremember passwords such as “password.”

But admittedly, it CAN be hard remembering all of those passwords that are always changing. To solve this little dilemma, we’re suggesting to our clients to stop using passwords and use “pass-phrases.”

What is a “pass-phrase” you ask? They are letters and numbers put together in an easy-toremember phrase such as “!YEAHGoBlue!”

These are MUCH easier to remember than a random cluster of letters and numbers, which means you won’t have to write them down on a post-it note anymore! Plus, they’re much more secure than using a birthday or child’s name.

Pass-phrases can be built from anything, such as favorite quotes, lines from movies, sports team names, a favorite athlete’s name and jersey number, kids’ names and birthdates, pets, and so on.

Here’s some other examples that would be easy for you to remember, but hard for a hacker or criminal to guess:

ILike!ceTea

T&lkingOnTh3Phone

d3tro1tHockey

goneWithth3w!nd

Git-r-don3!!

Detroit-R3D-Wings

All you need to do is be a little creative to get numbers, letters and punctuation into the phrase. All of the normal suggestions remain the same – don’t make a password  exclusively a birthday or child’s name, and always include special letters and punctuation.

Since introducing this to our clients, we’ve found (believe it or not) they actually have fun doing this, and at the same time, are making their networks more secure!

New Phishing Schemes You Should Know About

I know growing up as a child, I loved to go fishing. I never caught very many fish, but just being out on the water “drowning worms” was good enough for me. As the years have passed, though, a new kind of “phishing” has emerged.

The term phishing refers to luring techniques used by identity thieves to fish for personal information in a lake of unsuspecting Internet users.

Their purpose is to take this information and use it for criminal objectives such as identity theft and fraud.

Phishing is a general term for the creation and use by criminals of emails and websites – designed to look like they come from well-known, legitimate and trusted businesses, financial institutions and government agencies – in an attempt to gather personal, financial and sensitive information.

These criminals deceive Internet users into disclosing their bank and financial account information or other personal data such as usernames and passwords.

Today a new form of phishing appears to be spreading through social websites such as Facebook. This new scam works like this.

As soon as you login to the site, it will steal your email and password and then log you into Facebook. Within a short period of time the system will automatically switch your password and block you from the site. It then begins to send the same URL to all of your Facebook friend’s inboxes.

As this spreads, the criminals gather thousands of email addresses and passwords before Facebook can stop all references to the website.

The scammers have developed a method to duplicate the scam immediately and the next thing you know they have four or five phishing scams going on at the same time all over Facebook. This allows them to gather hundreds of thousands of victims very quickly.

It is not known yet what these people intend to do with all these addresses, but you can almost guarantee that they will result in a malicious worm at some point. The potential to access a user’s financial information and accounts could result in the loss of millions of dollars.

Another form of phishing is called “in session” phishing. This form does not use email nor does it rely on the user having to be tricked into clicking on a link.

It works like this. Let’s say you go to your banking website that is secure. You login and take care of your business, then leaving that browser window open you innocently go to another website that has been compromised. All of a sudden a pop-up asks you to validate your login to continue your banking session.

Remember two things must happen in order for this scam to work. First, a website must be compromised and infected—the higher traffic the better, obviously.

Second, the downloaded malware must be able to identify whether or not the unknowing user is logged into a relevant website.

Most banking institutions have taken steps to prevent this. One step is having a rapid disconnect of an idle session.

But in order to be safe we would recommend closing all browser windows after you have visited a secure banking website.

In addition it is very important to keep your system free of all spyware, malware and viruses.

Tech Experts has certified technicians that clean these types of infections and malware from computers every day. We urge you to take advantage of our system checkup and cleaning service to keep your identity to yourself.

QuickTime Video Software Target Of Hacker Attack

We all remember that it was not too long ago when Microsoft had left a huge hole for attackers to exploit in Windows XP.  Microsoft corrected the error by releasing a new security update and including it as an important update in the Windows Update service.

Now for the third time, attackers have found a new vulnerability in Windows. This attack only affects Windows XP, Windows 2003 server and Windows 2000. Windows Vista, Server 2008 and surprisingly Windows 7 aren’t affected.

Microsoft has already discovered that the attackers are using the code on many different video websites. The attack starts with a QuickTime video and exploits a problem in the Direct X software that Windows uses in almost everything you do, from watching videos to playing video games.

The hackers are using the code in QuickTime files which is the default video for Apple, but not in Windows. You most likely have QuickTime installed on your PC if you have an iPhone or iPod.

The malicious code is hidden inside video files, and allows the attacker to execute any kind of program he would like on the victim’s personal computer. Then, depending on what the attacker planned to do, they could take over your computer or make all your data disappear.

In order to get infected, you’d have to open an infected QuickTime file. Opening the file allows the hacker to have control of your computer. This virus code could be sent by an attachment in email or posted on any website. You’d just have to click and download the file in order to infect your computer.

According to the developers of QuickTime, QuickTime is not the flawed code, but rather, the code inside Windows that displays the QuickTime movie using Direct X is to blame.

The reason the newer operating systems are not vulnerable to these attacks is that the code was removed when Microsoft began development of Windows Vista.

Microsoft has already released two fixes for this security vulnerability. One is pretty technical and requires the user to edit the system registry. The second is a tool that Microsoft has built to automatically disable this feature.

Microsoft hasn’t released a patch, but said that once they do, users that used the automated tool will automatically have the parser turned back on.

Top Four Threats Attacking Your Network And What You Can Do About Them

Do you ever feel like your computer network could be more secure? Chances are, keeping a few simple things in mind will improve security and reduce downtime. Here are some things to look out for.

Social Networking Sites
Social networking sites like Facebook are exploding in popularity. Threats range from malware (e.g. viruses, worms,spyware) to scammers trying to steal your identity, information and money. Many businesses and government agencies are
using these sites to communicate with clients and constituents, so simply blocking access is no longer reasonable. Defending your company while allowing employee access requires social network education for your employees and the enforcement of strong acceptable use policies. We can help you develop a policy, then monitor compliance using a Unified Threat Management device that controls and reports on network
access.

Attacks On Mobile Devices
Everyone is going mobile these days not just the “road warriors.” Once limited to laptop computers, mobile network devices now include PDAs, handheld computers and smart phones, with new appliances appearing in the stores every month. Mobile devices often contain sensitive data yet they are easily lost or stolen. Be sure to password protect and encrypt data on all mobile devices whenever possible. Include mobile devices in your acceptable use policy.

Cloud Computing
“The Cloud,” in its most simple form, involves using the Internet to access and store your data. When you access email using a web browser, you are working in “the cloud.” Using the cloud for automated off site backup is rapidly gaining popularity and is just the beginning. Companies like Microsoft, IBM and Google envision the day when we will use inexpensive terminals instead of computers to run programs and access data located somewhere on the Internet. You need to be sure that any data you store and access across the Internet is secure not just where it is stored, but during the trip to and from the Internet.

Overconfidence
User overconfidence in security products is the top threat to your network. Failure to “practice safe software” results in nuisance attacks like porn storms (unstoppable rapid fire pornographic pop-ups) and more subtle key loggers that steal passwords. Surveys promising free stuff, result in theft of information like your mother’s maiden name, high school, etc. used to answer common security questions leading to theft of otherwise secure data. Think before you click!

7 Tips For Working Securely From Wireless Hotspots

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Wireless hotspots are changing the way people work.

These wireless networks provide high speed Internet access in public locations—as well as at home—and require nothing more than a notebook PC with a wireless card.

From coffee shops to restaurants, airports to hotel lobbies, hotspots are ubiquitous. They range from paid services, such as T-Mobile or Boingo, to free connections at your local restaurant or library.

But they all have one thing in common: These are all open networks that are vulnerable to security breaches. And that means it’s up to you to protect the data on your PC. Here are a few tips to make working in public locations more secure.

Encrypt your files.
You can protect your files by encrypting them, which requires a password to open or modify them. Because you must perform this procedure on one file at a time, consider password-protecting only the files that you plan to use while working in a public place.

Choose more secure connections.
It’s not always possible to choose your connection type—but when you can, opt for wireless networks that require a network security key. The information sent over these networks is encrypted, which can help protect your computer from unauthorized access.

The security features of different networks appear along with the network name as your PC discovers them.

Make sure your firewall is activated.
A firewall helps protect your mobile PC by preventing unauthorized users from gaining access to your computer through the Internet or a network. It acts as a barrier that checks all incoming information, and then either blocks the information or allows it to come through. All Windows operating systems come with a firewall.

Monitor your access points.
Chances are, there are multiple wireless networks anywhere you’re trying to connect. These connections are all access points, because they link into the wired system that gives you Internet access. So how do you make sure you’re connecting to the right one? Simple—by configuring your PC to let you approve access points before you connect.

Disable file and printer sharing.
File and printer sharing is a feature that enables other computers on a network to access resources on your computer. When using your mobile PC in a hotspot, it’s best to disable file and printer sharing because when enabled, it leaves your computer vulnerable to hackers. Remember, though, to turn this feature back on when you return to the office.

Make your folders private.
When the folders on your mobile PC are private, it’s more difficult for hackers to access your files.

Consider completely removing sensitive data from your PC.
If you’re working with extremely sensitive data, it might be worth taking it off your notebook PC altogether. Instead, keep it behind the corporate firewall and use your company’s VPN to access it when necessary. This way, you have multiple safeguards in place.

A few simple precautions can help make working in public places more secure. And by selecting the best connections and adjusting settings, you can enjoy productive and safe work sessions no matter where you are.