About Jenna MacLennan

5 Ways Your Employees Will Invite Hackers into Your Network

Whether they’re criminals or heroes, hackers in the movies are always portrayed as a glamorous group. When it comes down to the wire, these are the individuals who crack into the ominous mega corporation or hostile foreign government database, hitting the right key just in the nick of time. They either save the day or bring down regimes, empty the digital vault of the Federal Reserve or disable all the power plants in the country. It’s always a genius up against an impenetrable fortress of digital security, but no matter what, they always come out on top.


In real life, it’s rarely that difficult. Sure, if you look at the news, you might believe hackers are close to their Hollywood counterparts, stealing data from the NSA and nabbing millions of customer records from Equifax. But the majority of hacks aren’t against the big dogs; they’re against small to mid-sized businesses. And usually, this doesn’t involve actually hacking into anything. A lot of the time – approximately 60% according to the Harvard Business Review – an unwitting employee accidentally leaves the digital front door open.

The biggest threats to your company aren’t teams of roaming hackers; they’re your employees. Here’s why.

  1. They’ll slip up because they don’t know any better. 

With the proliferation of technology has come an exponential rise in digital threats of such variety and complexity that it’d be impossible for the average person to keep track of it all. Each of your employees’ lives are a labyrinth of passwords, interconnected online accounts and precious data. If their vigilance slacks at any point, it not only leaves them vulnerable, but it leaves your company vulnerable as well. For this reason, most cyber-attacks come down to a lack of cyber security education.

  1. They’ll let you get hacked on purpose.

It’s a sad fact that a huge portion of digital attacks are the result of company insiders exposing data to malicious groups. Whether it’s info vital for your competitive advantage, passwords they can sell to hacker networks to make a quick buck or sensitive data they can make public simply to spite your organization, it’s difficult to protect against a double agent.

  1. They’ll trust the wrong person.

For many hacks, little code is needed whatsoever. Instead, hackers are notorious for posing as a trusted member of your own team. And if you believe that you’d be able to spot an impostor from a mile away, you may want to think again. Not only is it easier than ever to crack individual users’ e-mail passwords and login credentials, personal info is now littered throughout social media. A simple visit to Facebook can give a hacker all they need to know to “social hack” their way into the heart of your business.

  1. They’ll miss red flags while surfing the web.

Clickbait is more than a nuisance plaguing your social media feeds. It can be a powerful tool for hackers trolling for easy prey. If an employee doesn’t understand what exactly makes a site or link look dubious, they may open themselves – and your company – to browser exploits or other types of attacks.

  1. They’re terrible at passwords.

According to Entreprenuer.com, “3 out of 4 consumers use duplicate passwords, many of which have not been changed in five years or more.” Even more of those passwords are simply weak, inviting easy access for unsavory elements. Many people brush off the importance of strong passwords, but the risks posed by the password “123456” or “password” cannot be overstated.

When it comes to defending your precious assets against digital threats, it can seem impossible to protect yourself at every turn. But there is one way you can make a concrete change that will tighten up your security more than you realize: educating your people. Through a comprehensive security training program, including specific examples of methods hackers use – particularly phishing – you can drastically minimize the risk of an employee accidentally opening up a malicious e-mail or posting sensitive info. When you make a concerted effort to make the entire organization vigilant against cyber-attacks, you’re much less likely to be targeted.


I know you aren’t THAT in love with your old computer…so why is it still collecting dust in the corner?

If you have a computer or two (or ten) collecting dust in an office closet somewhere, you are not alone.  Many business owners hang on to old computers, monitors and printers because it is just a PAIN to figure out how to responsibly dispose of them and protect sensitive business data in the process.  That is why we have ironed out a secure disposal partnership with a local recycler. Twice a year we offer week long recycling events to our business clients and  all the legwork is done for you.


Dismantled and Crushed

I don’t want to overdo the “save the planet” pep talk, but there are many great reasons to recycle your computer.  Electronic devices contain toxic substances including lead, mercury, cadmium, beryllium, polyvinyl chloride and chromium. These and other components are valuable raw materials that can be melted down or isolated and reused.  When e-waste is tossed into landfills, these chemicals can leach into the soil, polluting ground water.

It is typical for us to collect about 4,500 pounds of e-waste during our weeklong recycling events.  99% of that goes to our recycling partner: B & E Recycling in Elk River.  They are a trustworthy local company, the prices are very reasonable and they have provided us with this written security guarantee:


B & E Recycling Data Security Guarantee

B & E Recycling is exclusively a recycler.  B & E Recycling does not refurbish, resell, give away, utilize or let our employees take home ANY electronics that come through our doors.   At B & E Recycling, we understand the sensitive nature of data that may be stored on computer hard drives and take every precaution to assure that those hard drives are dismantled and destroyed as promised right here on our premises.  Therefore, you can be assured that your data is secure when you trust us to recycle your electronic waste.


Refurbished and Reused

A very small percent of the computers and laptops that are dropped off during our recycling events are refurbish-able.  In this case, protecting your private data, even if you have erased it, requires that the hard drive be wiped to government standards (National Institute of Standards and Technology Standard 800-88 r1).

Wiping to government standards means we take a special program that is designed to overwrite every piece of that data three times over.  Once overwritten by this method, the data is not retrievable by anyone no matter what program they use or how much time they have to work at it.   It is gone and it’s not coming back!


Certificate of Overwrite

For those that need the an iron clad guarantee on file that they have handled the disposal of electronics containing sensitive data, we offer a Certificate of Overwrite as proof that your hard drive has been overwritten to government standards according to National Institute of Standards and Technology Standard 800-88 r1.  Some business have policies that require this type of proof, others prefer the peace of mind that goes with having hard evidence that they responsibly disposed of sensitive data.  We charge a nominal fee of $45 per hard drive for this service and offer volume discounts.  A certificate containing your specific hard drive information will be emailed to you with a statement referring to the government standard.


If you have questions about our recycling event on July 22-27, 2019 or have concerns about data security related to disposing of your e-waste.  Give our shop a call. at 763-229-4467.


Nerdy Talk: How to Communicate with Your IT Guy. Save Money. Get it Fixed Fast.

by Bill MacLennan, CEO of Your Computer Hero 

I am going to give the answer right here in the first sentence: As calm as possible, explain the facts of the problem in the simplest, most non-technical terms Sound simple?

The reality is, amid a frustrating and costly technology failure, good communication is usually the first thing to exit the building.  This is normal and expected!  Any IT professional worth their weight will be able to skillfully navigate through communication under pressure-this is the “art” of our business, the rest is mostly science.  In the remainder of this article I am going to share the five communication principles that I expect our Tech Heroes to employ under pressure to help them stay laser focused on finding and fixing technology problems fast.  I have developed them through 15 years and over 16,000 conversations about technology problems.

Principle #1:  Get over it!  Blustery talk on the part of a frustrated technology user comes with the territory, stay calm.  IT problems stop workflow and cost money. This can be extremely frustrating and can raise the ire of even the calmest CEO.  The IT professional must weather the storm of this frustration and stay focused on gathering facts and solving the problems.  Becoming offended or emotionally involved in the problem does not make for good IT problem solving.  Stay Calm! From the moment the conversation begins, listen intently for facts, and get to work!


Principle #2: Respect! Respect the client’s IT knowledge.  Company CEO’s have all levels of IT knowledge.  Some have vast IT knowledge but hire a consultant so they can remain focused on other things, while others do not want to tackle even the simplest IT problem.  Either way, the client’s attitudes about the problem and depth of interest in the solutions must become part of the communication and solution.


Principle #3: No Nerdy Talk! Keep all talk in layman’s terms.  Everyone understands plain English.  No technical terms, it confuses people and reeks of pride-violating principle #2.


Principle #4: Stay Out of the Rabbit Holes! Understand the difference between theories and facts.  Often, a frustrated potential client will call after investing their own time and energy in an attempt to fix their technology problem.  The client will usually share a couple of theories about what is causing the problem  or how to fix it.  These theories are often plausible, they’re always informative, but they also contain some of the biggest time wasting “rabbit holes” to efficient problem solving.  Questioning should be directed at facts: “What error message are you seeing?”, “What exactly do you see when you turn on your computer?,” etc.


Principle #5: Stay relevant!  When a CEO says, “I don’t want to know anything,” there is still relevant insight to be gained from the technology failure that will help them run their business. “I don’t want to know anything,” means they don’t want to know how to fix the technology problem.  They certainly want to know if there is something they can do to avoid this problem in the future such as having different software, different hardware, or different training for employees.


The communication gap between IT professionals and non-IT professionals is so cliché, it has become the fodder for many good jokes in our culture.  Our goal at Your Computer Hero is to take the art of communication seriously and hone our ability to gather relevant facts that lead to efficient fixes for our clients.





June: Shiny New Gadget of the Month

Tech Gadgets that Improve Productivity, Security or Efficiency in the workplace

One of the most annoying things about running a business is keeping track of all those receipts!  Here’s where Doxie Go SE, the portable scanner, comes in.

Scan your paper documents, receipts or photos, and send them to your computer or cloud service in a split second. Doxie Go SE is compact, lightweight and doesn’t take up more space than a rolled up magazine, so you can bring it with you anywhere. Its rechargeable battery will last you for up to 400 scans per charge.

Don’t have a computer with you? Not a problem for Doxie Go SE. No drivers are required – just insert your document and scan. Doxie Go SE will save the scans on its expandable SD card or send them straight to your e-mail or favorite cloud app.  Doxi Go SE retails for about $150.00 on Amazon.


Don’t Be a Sitting Duck! 7 Security Measures Every Small Business Should Have in Place Now!

Small businesses are under attack. Right now, extremely dangerous and well-funded cybercrime rings in China, Russia and the Ukraine are using sophisticated software systems to hack into thousands of small businesses to steal credit cards and client information, and swindle money directly out of bank accounts. Some are even being funded by their own government to attack small, virtually defenseless businesses.


Don’t think you’re in danger because you’re “small” and not a big target like a J.P. Morgan or Home Depot?


Think again. 82,000 NEW malware threats are being  released every single day and HALF of the cyber-attacks occurring are aimed  at small businesses; you just don’t hear about it because it’s kept quiet for  fear of attracting bad PR, lawsuits and data-breach fines.


In fact, the National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year – and that number is growing rapidly as more businesses utilize cloud computing and mobile devices, and store more information online.  You can’t turn on the TV or read a newspaper without learning about the latest online data breach, and government fines and regulatory agencies are growing in number and severity.


Because of all of this, it’s critical that you have these 7 security measures in place:


1.Train Employees On Security Best Practices. The #1 vulnerability for business networks are the employees using them. It’s extremely common for an employee to infect an entire network by opening and clicking a phishing e-mail (that’s an e-mail cleverly designed to look like a legitimate e-mail from a web site or vendor you trust). If they don’t know how to spot infected e-mails or online scams, they could compromise your entire network.


2. Create An Acceptable Use Policy (AUP) – And Enforce It! An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls. We can easily set up permissions and rules that will regulate what web sites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others. Having this type of policy is particularly important if your employees are using their own personal devices to access company e-mail and data.  If that employee is checking unregulated, personal e-mail on their own laptop that infects that laptop, it can be a gateway for a hacker to enter YOUR network. If that employee leaves, are you allowed to erase company data from their phone?  If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised? Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.

3. Require STRONG passwords and passcodes to lock mobile devices. Passwords should be at least 8 characters, randomized and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised. Again, this can be ENFORCED by your network administrator so employees don’t get lazy and choose easy-to-guess passwords, putting your organization at risk.


4. Keep Your Network Up-To-Date. New vulnerabilities are frequently found in common software programs you are using, such as Microsoft Office; therefore it’s critical you patch and update your systems frequently. If you’re under a managed IT plan, this can all be automated for you so you don’t have to worry about missing an important update.


5. Have An Excellent Backup. This can foil the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay a crook to get them back. A good backup will also protect you against an employee accidentally (or intentionally!) deleting or overwriting files, natural disasters, fire, water damage, hardware failures and a host of other data-erasing disasters. Again, your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!


6. Don’t allow employees to download unauthorized software or files. One of the fastest ways cybercriminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other “innocent”-looking apps. This can largely be prevented with a good firewall and employee training and monitoring.


7. Don’t Scrimp On A Good Firewall. A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. But all firewalls need monitoring and maintenance, just like all devices on your network. This too should be done by your IT person or company as part of their regular, routine maintenance.


If you have questions or concerns about implementing any of these critical security measures, call our shop to schedule a security assessment. We help our client sleep at night knowing that they have done all they can to prevent security breaches.



VoIP Phone Systems: Cost, Dependability, Sound Quality and Features.

by Bill MacLennan, CEO of Your Computer Hero

Last month’s most interesting project was the installation of a VoIP phone system for one of our clients.  The business owner was frustrated with the lack of features on his aging traditional phones but reluctant to move to VoIP because he believed the sound quality would not be as good.  After we did a thorough evaluation of his existing infrastructure, he decided to go ahead with the install.  The process highlighted some interesting perceptions business owners may have about VoIP, so I thought it would be a good topic for this month’s newsletter. 

In this article I want to define what VoIP is, explore the cost, dependability and sound quality when compared to traditional phone lines as well discuss why many companies are now switching VoIP phone systems.

What is VoIP?

VoIP stands for Voice Over Internet Protocol. The VoIP Phone is essentially a specialized computer that connects through the same lines as your internet.  It is an alternative to traditional telephone network that runs over a copper wire infrastructure that has been in place in America since Alexander Graham Bell started building the network in about 1900.

Cost, Dependability and Sound Quality

Initial cost of a VoIP phone system will include the phones and installation-prices vary widely depending on the phone features and the size of the network but when compared to traditional phone systems often can save money, especially if existing phones are in need of an upgrade.

Dependability and sound quality are tied to the bandwidth, firewall configuration and wired data connectivity.  When we install these systems, as with any upgrade that will put demand on the existing infrastructure, we do an initial site survey to make sure your network will support the data traffic from the phones and give you the results you are looking for.   If upgrades are needed to the infrastructure, that is part of the initial planning.

There are 3 primary reasons why people switch to VoIP phone systems: Features & Function, Business Continuity and Disaster Recovery.

Features and Function-VoIP phone systems offer a much wider range of features that traditional phones do not.  Some features include:

  • Find me/follow me routing
  • Voice Mail to Email Transcription
  • Hold Music of your choosing
  • Bandwidth utilization and inbound/outbound call detail reports
  • Coaching Tools
  • Conferencing
  • Auto-attendant
  • Call Screening
  • Do Not Disturb

Business ContinuityFind me/follow me routing allows calls to be forwarded to your office.  Additionally, since your phone is essentially a computer, it can be treated like a laptop.  Your office phone can be used anywhere you are by taking it with you and plugging it into an Ethernet jack.

Disaster Recoverywith VoIP phone systems, the only equipment that is at the office are the headsets, if those are destroyed, phone services can be accessed via the cloud so there is no need to worry about disaster recovery. If something should happen to your office, employees can continue working from anywhere, numbers can be rerouted to cell phone or another headset and voicemails will still be in the cloud or on email.

Is VoIP right for your business?

If you are thinking about replacing aging phones, are frustrated with your current phone system or believe your business would benefit from the many features of a VoIP system, give our shop a call at 763-229-4467.  We would be happy to answer your questions.



Tech Tip: Answering Security Questions

Answers to security questions must be memorable to you, but they don’t have to be true.

Today online banking, creating new email accounts, health insurance applications and the like often require security questions.  The trouble is, your mother’s maiden name is not a secret. For most, a simple search on Facebook reveals the answer to this security question. Since your credit score may be at stake if someone hacks your bank account, it is worth considering carefully how you may answer these questions.  Think of a memorable alternative to the true answer. For example: If your mother had 5 siblings with maiden name Olson, your answer could be “Oliesixpack.” Since your favorite pet is probably also featured on Facebook-think of a similar unique and memorable alternative for this.


4 Tips for Creating a Risk Free Email Policy

As a means to keep in touch, email is both a must-have resource and a costly liability. Keeping inboxes free of spam and malicious software is just one part of the battle — it is also important to lay down some ground rules governing the use of email in your organization. That’s why every company should have an up-to-date email policy that teaches employees to use company email safely.

#1. Draw the line between business and personal use                            

Though it might seem obvious, one of the first things your policy should make clear is that business email accounts are meant for business purposes only. Many employees don’t think twice about using their business email addresses for personal communications out of convenience. But allowing this can lead to security compromises and reduced productivity.

#2. Make it clear that all emails are company property                             

Since business email addresses are provided by the company and meant for business use, every email sent and received using these accounts are the property of the company. This means employees shouldn’t use company email addresses for sending personal emails since these accounts are owned and monitored by the business.

#3. Train employees to identify phishing scams                                               

Email is the number one delivery channel for social engineering scams. Although the clear majority of them will be picked up by any enterprise-grade spam filter, there are always a few that make it through. These tend to be the most dangerous ones since they’re often targeted towards specific victims and involve impersonation of a colleague or superior.  Provide regular training to help employees identify these scams and report anything suspicious immediately.

#4. Align email policy with your brand                                                      

Your email policy isn’t just about setting strict rules pertaining to security, use, and accessibility. As your go-to channel for conversations with customers, it also plays a key role in your brand. To that end, your policy should provide clear guidelines to help maintain brand consistency and a high standard of customer service.

Although not always included as part of a formal email policy, consider including a section offering guidance on things like etiquette, forwarding, and response times. For example, employees should ideally feel obligated to reply to both internal and external emails within a specified time frame.


Guest Article: When a DREAM is bigger than a DIY

As a provider of IT services and computer repair for the Twin Cities business community we often run across interesting and helpful stories for our clients.  In this guest post, Justin and Jenna Bakken, owners at XtraMile Construction link their daily work life in construction to the big dream they are pursuing by building an entrepreneurial center for impoverished youth in Guatemala.

by Justin and Jenna Bakken, XtraMile Construction

Have you ever seen a DIY (do it yourself) video and left feeling empowered?  The vision, the urge to create was so strong. The dream kitchen was so close, you could see the family meals being shared and countless parties being hosted. You only needed to take that intrusive wall down to open up the space. Maybe add a window for more natural lighting, install new cabinets, replace the wood floor, add a trendy backsplash, a few strokes of paint, and of course top of the line stainless steel appliances!  Motivated, you fuel that dream and it gets way bigger than the simple DIY project. Yet, undeterred you embark on a journey.  Perhaps, a few short hours, days, or even months later you come to the realization that this dream kitchen was a job for a team, a group of skillfully suited people?

The truth is, big projects and big dreams need teams of people to be completed or come to life. Being in the field of construction, I (Justin) have often noticed after a project comes to a close, the contractor or project manager get all the praise. What many people don’t see are the hours of hard work by skilled tradesmen. Yes, the contractor needed people skills to sell a job, he needed vision, and an ability to bring together dedicated, hardworking, skilled individuals to complete the dream. Yet, the dream and the kitchen came to life because of everyone who worked on the project.

What does your dream look like? We started dreaming after backpacking around Guatemala for 3 months for our honeymoon. Over the course of our travels we have spent about 2 years in Guatemala. Each time we returned  we  had the privilege to volunteer our time by helping at local churches, meal programs, rural schools, and orphanages. We have many dreams, one is to create a dream and entrepreneurial center for youth living in poverty.  We will be providing a safe and fun environment, where youth will be equipped to think big and create businesses to better their lives and communities. Now, we are surrounding ourselves with driven and generous people who want to make a difference in the lives of others. One day we will have reached and changed the lives of thousands of youth, but it will not have happened without the help and expertise of hundreds of people.

Dream big friends, whether it is to impact your community or to create that Pinterest worthy kitchen! Just remember when to go the extra mile in your DIY endeavors and when to call us at XtraMile construction. Check out XtraMile Construction at:    www.xtramileconstruction.com



May: Shiny New Gadget of the Month

Tech Gadgets that improve productivity, efficiency and security in the workplace.

512GB  MicroSD cards: Samsung and PNY

A great way to increase the internal capacity of your portable device

The thought of packing the equivalent of nearly 1,000 CD-ROMs on something barely bigger than the average human fingernail would have been unimaginable only a decade ago.

Now storage companies like Samsung, Sandisk or Integral are slowly pushing 512GB microSD cards in the market, fueled by demand from mobile devices.

PNY is one of the latest to do so with the Elite. At  $125 it is comparable in price with other products in the same category but far more expensive than the 400GB SanDisk Ultra which is about half of the price for three quarters of the capacity.

The 512GB card, the highest commercial capacity available,  allows you to dramatically increase available storage on your smartphone, great for 4K footage of field visits or business videos.