Cybersecurity Awareness a Year-Round Job

by

Cybersecurity Awareness Month heightens our vigilance in October, but we can’t let our guards down at any time of year anymore, especially during the holiday shopping season.

Small businesses are not likely to be attacked directly by cyber criminals unless you do business with more valuable targets. You will, however, be attacked with the phishing emails that hackers  deploy in the hopes that some “fish” will take their bait.

Cyber criminals now use AI writing tools to help make their phishing emails more convincing, too.

You can, however, spot phishing emails by remaining diligent at all times.

My Golden Rules for handling emails:

  • If you don’t know the sender, do not click any links or file attachments. Delete the email.
    • If the email is relevant to you, go directly to the sender’s website in your browser.
    • For well-known brands, hover over the link (don’t click) to see if it goes to the brand’s website (i.e., dell.com versus something.com/dell)
  • If you know the sender, but receive an unexpected email from them, do not click links or file attachments until you confirm that the sender you know actually sent it.
    • Do this by phone — a hacker could hijack the email account and make it look like the sender you know is providing confirmation.
  • If you mistakenly click on a link in an unexpected email, and it takes you to a page to change your password, do not enter your password. Close the page.

Below is a phishing email that I received that incorporates elements of many phishes:

Phishing email characteristics

As you can see, this phishing email:

  • Uses the International date format (day / month) versus the month / date format that I would expect in the U.S.
  • The From: email address is not @intuit.com or @quickbooks.com. It’s @updatessoftware.info.
  • The phone number shows up in searches for known scams.
  • Hovering over the link reveals it goes to techsales.info instead of intuit.com or quickbooks.com.
  • Awkward language
  • The text uses fear tactics by claiming the database will be corrupted and backups automatically removed, preventing recovery, if the deadline is missed.

What would I do with this email?

This email caught my attention because I knew that Quickbooks is requiring desktop software customers to upgrade before Sept. 30 if they want to continue using the desktop software instead of Quickbooks Online.

The International date format, however, gave me pause initially. The fake From: email address sealed it.

Had the hackers spoofed a legitimate Quickbooks email address, the other elements would have still confirmed this as a phish.

You also want to protect your passwords as follows:

  • Use a password manager such as one of these.
  • Do not send passwords in emails and text messages unless encrypted
  • Do not use the same passwords for business and personal use
  • Do not store passwords in word processing files or spreadsheets
  • Do not share your passwords with anyone, including co-workers

If you want more in-depth information about cybersecurity awareness, you can visit the Cybersecurity and Infrastructure Security Agency (CISA) website at https://cisa.gov.

Off-Boarding Employees

by

It happens to every business that has employees. At some point an employee will leave for a variety of reasons including retirement, striking out on their own, health reasons or what they perceive to be a better opportunity at another company.

One interesting look at turnover rates comes from a study of employees changing their employers on LinkedIn. It found that 11 percent of employees posted new employers on their LinkedIn Profile during the 12-month period of their study in 2021 and 2022.

That doesn’t surprise me. In fact, judging by the number of LinkedIn profiles of employed people who still advertise their availability, I believe the number could be higher than 11 percent.

So, accepting that you will have turnover, how do you safely off-board those who leave from an IT standpoint?

The following technology off-boarding checklist will help mitigate the risk of losing valuable corporate knowledge and business in the departing employee’s transition.

Knowledge Loss
Be sure to query the departing employee about specific knowledge of their job that might not be in company manuals and procedures.
If involved in Sales, be sure the departing employee provides all contact information for Customers and Leads.

Social Media accounts
Change or delete the employee’s accounts on all Social Media.

Application logins
Change / disable / delete the employee’s login credentials on all Cloud and Desktop applications.

Email logins and forwarding
Change / disable / delete the employee’s Email login credentials.
Set up forwarding of the employee’s emails to someone else within the organization until customers become aware of the replacement.

Company Device Recovery
If the employee uses company devices such as Smart Phones or Tablets, recover the devices.

Recovering Data from Personal Devices
If the employee used his / her own devices, recover all company information from those devices.

Revoking Access
Disable / Delete access to the devices, applications, files and databases the employee accessed over the corporate network.
Revoke access to the physical building(s).

For help setting up an Off-Boarding Policy for your company, contact me at 302-537-4198, ericm@flexitechs.com, or on our Contact form.

How do I Switch from Windows 10 to 11?

by

If you’re ready to upgrade from Windows 10 to 11, consider the first three questions in this series first and your computer’s compatibility with Windows 11.

Windows 11

The Top 5 Questions about Windows 11

After doing so, you need to go to the Windows Update section of your Settings. There, you may see a link to download and install Windows 11 if Microsoft has determined your computer meets the hardware requirements to do so.

If you see it, click the Download and Install button or link and follow the prompts to perform the upgrade to Windows 11.

If you don’t see that, click “Check for Updates” and see if it gives you the link to download and install Windows 11.

If not, download and run the PC Health Check utility from Microsoft.

If the utility deems your computer suitable for the upgrade, see if you get the “Download and Install” button and if so, follow the prompts to upgrade to Windows 11.

Of course, this is Microsoft and at times the procedure won’t be as simple as advertised. Case in point — I have already seen that my 2-year-old Lenovo Desktop with 3.6 ghz processor and 8GB of Ram and 256GB SSD hard drive does not qualify for the upgrade because the processor does not match an obscure setting that Microsoft has decided not to support.

If you don’t see the Download and Install button or link or Windows Update or the PC Health Check utility tell you you can’t upgrade your PC to Windows 11, contact us at FlexITechs to take a look for you.

As always, these upgrades will create conflicts with existing applications and hardware. So, if you need to buy a new computer make sure your existing applications and peripherals will work with Windows 11. For an existing computer, we recommend waiting a couple of months for the bugs to reveal themselves before upgrading.

Tomorrow’s Question — Do I Really Need to Upgrade to Windows 11?