About Jenna MacLennan

The Single Most Dangerous Assumption Businesses Make About Bank Security That Can Cause Them To Lose Their Money

Here’s a shocker to most business owners: Your bank often can NOT reclaim money stolen from your bank account due to fraud or cyber-crime. That means if money gets drafted from your business bank account from a hacker, phishing attack, identity theft or by any other means, you have little to no chance of getting it back.

This often comes as a surprise to businesses who think the FDIC will “save” them from getting their accounts wiped out, and can get the money back once taken. The reality is that the FDIC insurance is to protect you from bank failure, NOT fraud. So if your debit card or account information gets accessed by a hacker and you don’t notice it within the same day, you can pretty much kiss that money goodbye.

Recent studies have shown that 83% of small businesses take no formal measures against cyberthreats even though almost half of all attacks are aimed at them.

 

Here are 5 essential steps you can take right now to protect your business:

 

  1. Enforce A Strict Company Password Policy. This is a simple step, but it is still violated by many companies every day.  Make sure that you and your employees change passwords regularly, don’t use the same password for all accounts and require complex passwords.

 

  1. Set Up A Firewall. Small business owners tend to think that because they are “just a small business”, no one would waste time trying to hack into their network.  The fact is that hackers will target the weakest link.  Without a firewall, that “weak link” is YOUR company.

 

  1. Designate A Banking-Only Computer. Banking fraud is one of the biggest threats to small business. The 2011 Business Banking Study showed that 56% of businesses experienced payment fraud (or an attempt at fraud) and 75% experienced account takeover and fraud online.  By using a single computer solely dedicated to online financial transactions (no e-mail, web-surfing, Facebook, YouTube, etc.) it’s much harder for outsiders to gain access to your information.

 

  1. Back Up Your Files Daily. It just amazes me how many businesses never back up their computer network.  You can lose data as well as money in a cyber attack.  Thanks to many new cloud based technologies, you can even schedule offsite backups to occur automatically.  If the data in your business is important to you, make sure that you have more than one copy of it.

 

 

 

October: Tech Gadget of the Month

Tech Gadgets that Improve Productivity, Security or Efficiency in the workplace.

Zone Wireless Headset

This new produce from Logitech comes with a whole host of wonderful features:

  • Well designed
  • Noise cancelling
  • Comfortable
  • QI Charging
  • 14 hour battery life
  • 2 year warranty
  • 30 m wireless range
  • Excellent call quality

But watch out for the price tag.  They retail on Amazon for about $170.00

They are quite a bit more expensive then competing products on the market, but are offering premium quality, superior comfort and a 2 year warranty.

 

 

Cold Weather and Your Laptop-Is It a Good Mix?

Now that autumn is truly upon us and freezing cold temperatures are just around the corner, it may be timely to talk about colder temperatures and  your laptop or other mobile device.  Is it safe to leave your laptop in your car overnight?  You may know that a computer or laptop is more likely to become damaged from heat than it is cold. Actually, a computer may operate more efficiently in cooler conditions. However, taking a computer that has been in a cold temperature to a warmer temperature, can cause condensation inside the computer housing, which can cause damage.

One way this may happen is leaving your laptop out in the car during winter overnight and then moving it into a warm building and powering it up immediately. To help prevent this situation from occurring, do not leave your laptop in a car for any length of time during cold or hot weather. When working in cold conditions or transporting your computer through colder weather, keep it in its laptop carrying case. If you’re working in extreme cold weather (e.g., -5°c or lower) and move the computer to a warmer room, keep the computer off for at least 30 minutes before it’s turning it on.

Finally, whenever working in any place with extreme weather, it is always a good idea to consult the computer documentation or manufacturer for their recommended operating temperatures. Not all laptops and computers are the same, and each component in them can react differently to temperature.  If you suspect you have issues with your computer because of condensation or other weather related issues, we offer computer repair for this and other issues at our shop in Ramsey.

Source: Adapted from ComputerHope.com

 

 

Is There Ever a Good Reason to Click a Link on an Email from an Unknown sender? 

By Bill MacLennan, CEO of Your Computer Hero

 I received a very tricky email the other day.  It appeared very official, stated it was from American Express, and asked me to violate one of my sacred rules for email hygiene by asking me to kindly “take a moment to confirm I received my card,”  offering two links, one to confirm online and the other to confirm through an ap.

Never, Never, Never trust a link in an email unless:

  • I know the sender personally
  • I am expecting the email
  • I have inspected the senders entire email address for validity.

After investigating the email and contacting the fraud department at American Express, I have concluded that it is a legitimate email. However, in a climate where phishing and social engineering scams are growing increasingly savvy, it amazes me that a large company would send out such an email.  Most don’t.

Therefore, I continue to advise against ever clicking on these links or any other link in an email like this, no matter how legitimate it may seemYou have little to gain and much to lose if it turns out to be a scam.  If it is a matter of activating a new credit card, there is always a phone number that comes with the actual card.  Card confirmation may be required, as the subject line in the email indicates, but clicking a link in any email like this is certainly not.  Please beware of ANY email you receive that appears to be from a large company that asks you to click on it.

Having said this, let’s explore a few basic characteristics of scam emails as we commonly see them today.  Again these scams grow more sophisticated and legitimate looking by the day.  I think it makes sense to share what I look at with these, I have included a screen shot of an obvious scam for reference here.

The #1 Tool in the scammer’s toolbox is GETTING YOU TO PANIC! It is not always what you see in an email, but what you feel.  Scammer’s know that your ability to reason goes down exponentially when you are emotional.  If they can find your panic button, it will lead to you divulging private information like your social security number and/or credit card numbers.  If you are panicked by something you see in an email, stop immediately, take a breath and fact check using another source.

You can see in the “Capital One” example that the subject line says, “Account Locked #80485612857’” this is designed to get you panicking.  This also applies to scammers who may call on the phone.  The latest has been another wave in scammer phone calls where the caller announces that there are warrants for your arrest.  Don’t get swept away in panic.  Always, always, always verify any statements made over the phone or email with another source.

A couple more points of interest on the Capital One example:

  • Always note the entire email address.in this case it’s funstomp.online@georgia.gov.  If I go to Capital One company the URL is actually capitalone.com, not “georgia.gov,” and not “funstomp.online.”  There is obviously something fishy here.
  • You will also often see misspellings or grammatical errors in these types of emails.
  • One last point of interest is the simplicity of the email format and the use of the logo.  The logo looks a little pixilated in the email, like it was copied from the website and pasted into the email.

The above 3 points are pretty obvious, but you would be surprised at the number of people who get duped, probably because of the emotionally charged nature of emails like this.

If you ever have a question about the legitimacy of an email, or if you are inundated with scam emails like this, we can help you by enabling email filtering and security software.  Our tech heroes are standing by to answer your questions.

 

 

Ransomware Attack: Is your business at risk?

By Bill MacLennan, CEO of Your Computer Hero

I get a lot of questions from business owners about ransomware attacks, as I should, the statistics about the cost of ransomware attacks on businesses is nothing short of terrifying.  Here are some statistics you should be aware of regarding ransomware attacks:

 

  • A new organization will fall victim to ransomware attack every 14 seconds in 2019, and every 11 seconds by 2021 (Source: Cyber Security Ventures)
  • Ransomware attacks have increased by 97% in the last 2 years. (Source: Phishme)
  • 34% of business hit took a week or more to regain access to their data. (Source: Kaspersky)
  • In 2019, ransomware from phishing emails increased by 109% over 2017 (Source: Phishme)
  • Ransomware generates over $25 million for hackers each year. (Source: Business Insider)

 

Definition: Ransomeware; noun: ransomware; noun: ransom-ware

a type of malicious software designed to block access to a computer system until a sum of money is paid.  Usually, a program is deployed on the system that encrypts the data, the hacker then demands a ransom to unlock the encryption so the owner of the data can have it back.

 

In this article I want to give you a behind the scenes look into how we guard our clients’ networks against such attacks and discuss four ways that companies can be vulnerable.

There are 4 best primary ways that companies can safeguard themselves against a successful ransomware attack:

  1. Educate employees about phishing scams. Most ransomware attacks are initiated through email. Employees can be duped into clicking on a link that deploys the encryption software. Clicking the link gives permission to load the encryption software which looks for the Windows vulnerabilities once on the system.  Just last month, Monore College in New York had their computer systems and website shut down by a ransomware attack.  Hackers demanded 2 million dollars for the encryption code to release the ransomware.  The malicious software entered the system by an employee who clicked on an email link.
  2. Upgrade-for Microsoft 7 users. Microsoft will discontinue free support of Windows 7 this January. After this time, you may pay for support for three years, the price is per computer and increases each year.  I recommend updating to Windows 10. The support is critical because it updates the vulnerabilities to the latest hacker schemes, like the most recent ransomware attacks known as the “wannacry” or “NotPetya.”
  3. Be VERY VIGILANT about updating and implementing patches. Scheduled maintenance is not an option for your business network and it is a critical service that we offer our business clients. It is absolutely paramount that updates and patches get implemented on a timely basis. If you are not totally certain that these updates are happening as they should, it may be time to talk to us about doing that maintenance for you.  If a ransomware attack circumvents your firewall, it looks for Windows system vulnerabilities on the computers in the network, the patches and updates address these vulnerabilities.
  4. You must have adequate backups. If a ransomware attack happens, the first place we will look for recovery is your data backups. The best backups include an off site/cloud based copy that has redundancy, so multiple copies and multiple days worth.   In light of these increasing attacks, and others like them, I have come to believe that the best defense against a costly cyber attack is the Datto device.  This is a hardware piece that creates an exact, real time image of a server or data store computer so the system can be booted back up right away after it is hit.  The Datto device also has ransomware blocker that dramatically decreases the chance of a successful attack.

Definition: Phishing

noun: phish-ing /’fiSHing/: the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers (or in this case click on a link that executes malicious software)

 

According to a poll from Insureon and Manta, only 16% of small business owners think they are susceptible to a cyberattack.  Yet, 61% of attacks occur at smaller businesses.  Don’t wait until you are under attack to get your cyber security plan in place!  If you have more questions than answers regarding the security of your network, call our shop today to talk to one of our expert technicians!  We would love to answer your questions about your current system and discuss how we can help you avoid being a victim of the increasing number and severity of ransomware attacks.

September: Tech Gadget of the Month

Tech Gadgets that Improve Productivity, Security or Efficiency in the workplace.

UPWADE Portable Travel Power Strip 

  • Universal 100V-240V
  • 2 Outlets
  • Surge Protector
  • Travel Power Strip
  • 4 Smart USB Charger Ports (Max 5V 4.2A) 1200W
  • 5ft Long Extension Cord
  • Multi-Port Wall Charger (UL Listed)

 

There are never enough outlets for charging all of our devices. Airports and hotels are only slowly adapting to the needs of today’s travelers. This power strip will make you instantly popular with those nearby in the airport terminal. Great for a hotel “base” setup, easily stores, bag included, in any backpack or briefcase.

Retails for 16.99 + S&H on Amazon.com.

 

 

The 5 Biggest Mistakes Twin Cities Business Owners Make With Their Computer Network That Cost Them Time, Money and Aggravation

Want to avoid the most common and expensive computer problems most Twin Cities business owners experience? Then read on! We’ve compiled a list of 5 things you should be doing to save yourself a lot of time and money, by avoiding a big, ugly computer disaster.

  1. Have an automated off-site back-up system in place. I cannot stress the importance of this enough. Having an off-site back-up of your data will be the equivalent of wearing a seatbelt in a major accident. You don’t think much about it until you need it, and then, you will thank your lucky stars you had it in place.

 

  1. Centralize your data on your server. At one time, servers only made sense for large organizations because of their high cost and complexity. But today, there are very affordable and easy-to-implement server systems designed specifically for any size small business. Depending on your business needs, your server can be in your office or hosted in the cloud. A server will not only speed up your network, but it will also make backups easier, allow secure remote access to allow you and your employees to work from home or on the road, and make it much easier to share documents, databases, and printers.

 

  1. Keep your anti-virus software up-to-date, and perform weekly spyware scans. Almost everyone understands the importance of anti-virus software, but many businesses still do not perform routine spyware sweeps. Spyware can cause a host of problems that include slowing down your systems, pop-up ads, and even identity theft.

 

  1. Create an acceptable use policy and enforce it! One of the biggest threats to your network are your employees! Although that sounds harsh, it is true. Employees can accidentally introduce viruses and spyware through innocent activities online such as checking their Gmail account, downloading photos, or visiting phishing websites set up by online criminals. There are several great programs available for monitoring employee activity online. If you would like a recommendation for your specific situation, call our office.

 

  1. Perform regular maintenance. Just like your car, a computer network needs regular maintenance. This includes monitoring of critical components, performance, security patches, and your back-up system. Regular maintenance can dramatically improve the speed and reliability of your network, as well as the security of your data. If you cannot afford to lose data or be down for days, you must perform regular maintenance on your network!

 

If you are on a monthly service with us  you can rest assured that all of these thing are covered.  If not, Contact Us NOW If You Want An Easy Way To Make
Sure You Aren’t Making These 5 Mistakes In Your Business!

 

3 Ways You Are Unknowingly Rolling Out The Red Carpet For Identity Thieves

Warning!

Even if you have anti-virus, spyware protection, and a firewall, you could still be an easy target for identity thieves, hackers and cyber criminals. Read on to find out how YOU are giving online criminals free access to your personal and financial information…

You’ve done all the right things. You’ve installed a good firewall, you keep your anti-virus up to date, and you’re making sure you keep up with the latest security patches…so your computer network should be safe from identity thieves, right?

Wrong!

According to a recent study, 37% of electronic identity theft cases had one thing in common: they were caused by an action taken by the user.  That’s right, more than a third of identity thefts were not thefts, but giveaways!

So how do you avoid this happening to you and your company?

No one is 100% safe, but the following 3 tips will stop you from accidentally giving online criminals access to your computer network and confidential information:

  •  Never visit or download free music files, videos or programs from file-sharing sites such as Kazaa. Not only are you downloading stolen materials, but these sites are surefire ways to introduce worms and viruses to your computer. If you are a business owner, set up web filtering software to prevent employees from downloading any unauthorized programs or files.

 

  • Never respond to any e-mail from a bank, credit card company, PayPal or online store where items are purchased (such as eBay) asking you to verify your account information, no matter how credible or legitimate it looks. These are phishing scams set up to access your account information.

 

  • Ask for identification from anyone asking for physical access to electronic equipment, and instruct staff do so as well.  Just to test a theory, I asked a friend to walk into an office, say they are from “the phone company” responding to a problem, and ask to see the network.  Access was granted to a complete stranger 100% of the time.

 

Ransomware Attack: Is your business at risk?

By Bill MacLennan, CEO of Your Computer Hero

I get a lot of questions from business owners about ransomware attacks, as I should, the statistics about the cost of ransomware attacks on businesses is nothing short of terrifying.  Here are some statistics you should be aware of regarding ransomware attacks:

 

  • A new organization will fall victim to ransomware attack every 14 seconds in 2019, and every 11 seconds by 2021 (Source: Cyber Security Ventures)
  • Ransomware attacks have increased by 97% in the last 2 years. (Source: Phishme)
  • 34% of business hit took a week or more to regain access to their data. (Source: Kaspersky)
  • In 2019, ransomware from phishing emails increased by 109% over 2017 (Source: Phishme)
  • Ransomware generates over $25 million for hackers each year. (Source: Business Insider)

 

Definition: Ransomeware; noun: ransomware; noun: ransom-ware

a type of malicious software designed to block access to a computer system until a sum of money is paid.  Usually, a program is deployed on the system that encrypts the data, the hacker then demands a ransom to unlock the encryption so the owner of the data can have it back.

 

In this article I want to give you a behind the scenes look into how we guard our clients’ networks against such attacks and discuss four ways that companies can be vulnerable.

There are 4 best primary ways that companies can safeguard themselves against a successful ransomware attack:

  1. Educate employees about phishing scams. Most ransomware attacks are initiated through email. Employees can be duped into clicking on a link that deploys the encryption software. Clicking the link gives permission to load the encryption software which looks for the Windows vulnerabilities once on the system.  Just last month, Monore College in New York had their computer systems and website shut down by a ransomware attack.  Hackers demanded 2 million dollars for the encryption code to release the ransomware.  The malicious software entered the system by an employee who clicked on an email link.
  2. Upgrade-for Microsoft 7 users. Microsoft will discontinue free support of Windows 7 this January. After this time, you may pay for support for three years, the price is per computer and increases each year.  I recommend updating to Windows 10. The support is critical because it updates the vulnerabilities to the latest hacker schemes, like the most recent ransomware attacks known as the “wannacry” or “NotPetya.”
  3. Be VERY VIGILANT about updating and implementing patches. Scheduled maintenance is not an option for your business network and it is a critical service that we offer our business clients. It is absolutely paramount that updates and patches get implemented on a timely basis. If you are not totally certain that these updates are happening as they should, it may be time to talk to us about doing that maintenance for you.  If a ransomware attack circumvents your firewall, it looks for Windows system vulnerabilities on the computers in the network, the patches and updates address these vulnerabilities.
  4. You must have adequate backups. If a ransomware attack happens, the first place we will look for recovery is your data backups. The best backups include an off site/cloud based copy that has redundancy, so multiple copies and multiple days worth.   In light of these increasing attacks, and others like them, I have come to believe that the best defense against a costly cyber attack is the Datto device.  This is a hardware piece that creates an exact, real time image of a server or data store computer so the system can be booted back up right away after it is hit.  The Datto device also has ransomware blocker that dramatically decreases the chance of a successful attack.

Definition: Phishing

noun: phish-ing /’fiSHing/: the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers (or in this case click on a link that executes malicious software)

 

According to a poll from Insureon and Manta, only 16% of small business owners think they are susceptible to a cyberattack.  Yet, 61% of attacks occur at smaller businesses.  Don’t wait until you are under attack to get your cyber security plan in place!  If you have more questions than answers regarding the security of your network, call our shop today to talk to one of our expert technicians!  We would love to answer your questions about your current system and discuss how we can help you avoid being a victim of the increasing number and severity of ransomware attacks.

 

 

 

Electronics Recycling Event this Month! July 22-27, 2019

Concerned about recycling and data security?

If you have a computer or two (or ten) collecting dust in a your garage or office closet somewhere, you are not alone.  Many PC users and business owners hang on to old computers, monitors and printers because it is just a PAIN to figure out how to responsibly dispose of them and protect sensitive data in the process.  That is why we have ironed out a secure disposal partnership with a reputable local recycler.  And for those who need at that iron clad proof of responsible data disposal on file, we have a Certificate of Overwrite. 

Dismantled and Crushed

I don’t want to overdo the “save the planet” pep talk, but there are many great reasons to recycle your computer.  Electronic devices contain toxic substances including lead, mercury, cadmium, beryllium, polyvinyl chloride and chromium. These and other components are valuable raw materials that can be melted down or isolated and reused.  When e-waste is tossed into landfills, these chemicals can leach into the soil, polluting ground water.

It is typical for us to collect about 4,500 pounds of e-waste during our weeklong recycling events.  99% of that goes to our recycling partner: B & E Recycling in Elk River.  They are a trustworthy local company, the prices are very reasonable and they have provided us with this written security guarantee:

 

B & E Recycling Data Security Guarantee

B & E Recycling is exclusively a recycler.  B & E Recycling does not refurbish, resell, give away, utilize or let our employees take home ANY electronics that come through our doors.   At B & E Recycling, we understand the sensitive nature of data that may be stored on computer hard drives and take every precaution to assure that those hard drives are dismantled and destroyed as promised right here on our premises.  Therefore, you can be assured that your data is secure when you trust us to recycle your electronic waste.

 

Refurbished and Reused

A very small percent of the computers and laptops that are dropped off during our recycling events are refurbish-able.  In this case, protecting your private data, even if you have erased it, requires that the hard drive be wiped to government standards (National Institute of Standards and Technology Standard 800-88 r1).

Wiping to government standards means we take a special program that is designed to overwrite every piece of that data three times over.  Once overwritten by this method, the data is not retrievable by anyone no matter what program they use or how much time they have to work at it.   It is gone and it’s not coming back!

 

Certificate of Overwrite

For those that need the an iron clad guarantee on file that they have handled the disposal of electronics containing sensitive data, we offer a Certificate of Overwrite as proof that your hard drive has been overwritten to government standards according to National Institute of Standards and Technology Standard 800-88 r1.  Some business have policies that require this type of proof, others prefer the peace of mind that goes with having hard evidence that they responsibly disposed of sensitive data.  We charge a nominal fee of $45 per hard drive for this service and offer volume discounts.  A certificate containing your specific hard drive information will be emailed to you with a statement referring to the government standard.

If you have questions about our recycling event on July 22-27, 2019 or have concerns about data security related to disposing of your e-waste.  Give our shop a call. at 763-229-4467.