SmallBizIT

by

What You Need to Know About Desk Ergonomics

Getting the job done is the focus. Many of us don’t spend much time thinking about how we’re setting up our workspace to do our tasks, yet desk ergonomics can increase productivity, lessen muscle fatigue, and cut work-related aches.

In a typical office setting someone has thought about ergonomics. Most people have a chair at a desk where they can sit with a posture that reduces the risk of pain. Good workspace positioning will see your:

  • feet flat on the floor, thighs parallel, and knees bent to 90 degrees;
  • elbows comfortably below shoulders, bent at 90 degrees, and close to the body (without being jammed against you);
  • shoulders relaxed and back;
  • back against the chair with your body aligned so that your shoulders are over your hips, and your head, over your shoulders;
  • Eyes looking at the top of the screen (rather than up or down at it).

Anything else risks putting your body out of alignment, which can stress your body and lead to painful issues. For example, carpal tunnel syndrome, muscle strain, and lower-back injury.

Rethinking your work-from-home posture

Sorry. Working from bed or lounging in a cushioned chair isn’t going to put you in the right ergonomic position.

It’s best to replicate a traditional workstation. Start with how you sit: Get a desk and office chair, or at least sit at a table. If your feet don’t touch the ground, get a footrest (or even use a stack of books). This helps get your thighs parallel and knees at 90 degrees.

Now, place your computer where you can keep your elbows bent and shoulders back. You want to hover your palms slightly over the keyboard as you type. If you have armrests, this can help you avoid slouching.

Your lower back is the next consideration. Having your back against the backrest can help your alignment. Office chairs are often designed with lower back support. If you don’t have that, you could get a lumbar pillow to help. Otherwise, you might roll up a towel to put against the small of your back while sitting.

Also, consider your screen placement. You might need to raise or lower your monitor so that your eyes are in line with the top of the screen. Laptop users could need to get a separate screen or keyboard so that they can achieve the right angles at once.

Next steps

If you’re a two-screen user, you can put the one you use most directly in front of you. If you work on both regularly, place them side by side, and angle them towards your seat. Tablet users may want to get a stand that puts it at eye level. Otherwise, switch up which hand you’re using to hold it. Plus, if you’re on the phone a lot, use hands-free or a headset to avoid a stiff neck.

You can also take advantage of a standing desk. In that case, you’ll want to make sure your feet are hip distance apart. Then, stack your hips above your feet, followed by your shoulders, neck, and head. Keep even weight distribution in mind too.

Every 20 minutes or so plan to check in on your posture. Also, take 20 seconds to look at something 20 feet away from you to give your eyes a rest. Moving and stretching can give both your body and mind a break.

Reconfiguring your desk ergonomics can help reduce muscle strain and improve productivity. It’s up to you to sit correctly to take away workplace pain, but we can help you with the pain of problematic IT. Contact us today at (416) 645-2469, (905) 667-0441 or email us to contact us.

Want to be notified when our next blog is posted, sign up here.

by

What Is Zero-Click Malware?

You know not to open an email attachment from someone you don’t know. You also avoid downloading unexpected files or questionable popups when you go online. But did you know there’s malware that requires zero action from you? Zero-click malware can infect your device without any interaction on your part.

Traditional malware required the user to click a link, download a file, or execute a program. It often relies on phishing and social engineering to fool you into taking action.

Zero-click malware exploits vulnerabilities in your operating system (OS) or applications. It uses carefully crafted, undetected code to access and execute a payload automatically, and there’s no trigger. If one is present on the system you’re using, you’ll navigate right into it.

This makes zero-click malware attacks all the more dangerous. After all, they happen without your knowledge or consent. Meanwhile, attackers can use zero-click malware to:

  • gain access to sensitive data, such as passwords or financial information;
  • take control of your device;
  • impersonate you and send out messages on your behalf;
  • carry out additional attacks.

Understanding zero-click attacks

Zero-click attacks exploit bugs, misconfigurations, or design flaws in an application or OS. They can come in many forms as attackers:

  • target email applications and messaging apps such as WhatsApp or iMessage;
  • build malicious websites;
  • hack and infect legitimate websites;
  • exploit vulnerabilities in network protocols or services.

In one well-publicized example, Amazon CEO Jeff Bezos suffered a zero-click attack. A WhatsApp message compromised his texts, instant messages, and potentially even voice recordings.

Another well-known attack targeted the WhatsApp accounts of journalists, activists, and human rights defenders in several countries. The attackers installed the Pegasus spyware on the targeted device simply by placing a phone call to the device, even if the user did not answer the call. The malware could extract messages, photos, contacts, and other sensitive data from the device, as well as activate the device’s camera and microphone to record the user’s surroundings.

How to protect against zero-click software

Protect against zero-click malware by keeping your device’s software up to date. These attacks are often designed to exploit unknown vulnerabilities in software, enabling automatic updates can help ensure you run the latest, most secure software.

Also, install and use security tools such as antivirus software and firewalls, which help detect and prevent the malware from infecting your device, and remain cautious about clicking on links or downloading files from unknown sources.

Further reduce your risk by using strong passwords and two-factor authentication. Plus, limit your device exposure to public Wi-Fi networks and unknown devices.

In case of a zero-click malware or other types of data breach, regularly back up your data, too. Store backups on a separate device that uses strong encryption and two-factor authentication, or use a secure cloud storage service.

Not sure about the strength of your online protections? We can help secure your devices. Contact us at (416) 645-2469, (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Leave that USB Drive Where You Found It

You come across a thumb drive, or USB drive that you don’t recognize. Maybe you find it in the car park of your building or by the copier in the office. You’re curious or you want to plug it in to identify where to return it. Don’t do it. Risks abound.

Consider this jaw-dropping example. That’s how the Stuxnet malware virus that hit an Iranian nuclear facility got its start. It’s believed employees at the facility plugged in a USB drive they found in the car park.

From there the virus could reach the computers controlling the centrifuges, causing them to spin too fast and become damaged. The attackers couldn’t get in directly, as the computers were on a disconnected network.

 

Risk of thumb drive attack

 

Now, you might be thinking, “but I’m not an Iranian nuclear facility.” But that doesn’t prevent cybercriminals from wanting to access your network and systems. USB drives are one more way that bad actors can do so. In fact, one study found that 60 percent of people were likely to connect random thumb drives found near their building. If the business logo was on the drive, the number went up to 90 percent.

USB stands for Universal Serial Bus. Even with cloud computing, we still see these small, portable drives used universally. They are compact and convenient. That also makes them an attractive target for bad actors.

Hackers can pre-program USBs to act maliciously once connected to the network. They might:

  • steal a user’s data;
  • gain access to the user’s keyboard;
  • monitor the user’s screen;
  • encrypt user data in exchange for a ransom;
  • spread infection.

Most of these can happen without the user even knowing it, as the malware runs in the background.

Avoid USB drive attacks

How do you keep your business safe from infected USB drives? First, don’t insert unknown flash drives. Hackers will try to take advantage of human curiosity or their desire to help.

It’s also good to use different flash drives for personal and professional computers. This helps cut the chances that you’ll spread an infection from one to the other.

You might also enable security measures on USB drives, such as fingerprint authentication. This, and keeping computer software and hardware up to date, can cut vulnerabilities. Also, keep your malware and anti-virus protections current, and patch regularly.

Windows users can also disable the Autorun function. This prevents Windows from automatically opening removable media immediately upon insertion.

We’re here to help. Call us at (416) 645-2469, (905) 667-0441 or email us to contact our experts if you suspect a security threat or want to update your security posture.

Want to be notified when our next blog is posted, sign up here.

by

Stop Using Windows 8.1 and Windows 7 – Do It Now!

Few of us are big fans of change. It can be easier to keep on going down that same path or use that same computer software; it’s comfortable and familiar. As of January 10, 2023, however, Microsoft has stopped providing support for Windows 8.1, which means you need to make a change.

It’s time.

If you’re still on Windows 7, it’s really time. Microsoft stopped providing security updates and technical support for that in January 2020. Microsoft did launch an extended service update (ESU) period for Windows 7, but that’s over, and there’s no ESU program for Windows 8.1.

Microsoft recommends moving to a new device that can run Windows 11. They warn against “performance and reliability issues” with older, unsupported operating systems. Another option? Upgrade your current device and install a newer operating system on it.

Now, you might be suspicious, thinking, “they just want more of my money,” but the manufacturer has already been providing support for both of these tools for ten years. Plus, computing is changing enough that they need to keep up with new iterations of Windows. Then, they focus their attention on keeping the latest releases updated and secure.

Benefits of upgrading to Windows 11

According to Statcounter data in 2023, Windows 11 is only on 15.44 percent of Windows systems right now. Windows 10 has the majority (over 70 percent), but if you’re one of just under 10 percent of users still on Windows 7, make the change now.

Cybercriminals know that people will wait to make the change, and they find ways to exploit the weaknesses of unsupported software. You are particularly vulnerable when relying on Windows 7 or Windows 8.1.

Windows 11 is the latest Microsoft offering. They have worked to reduce risk from the latest cybersecurity threats. With Windows 11 you can better protect your files and cut the risk of today’s viruses and malware.

The new operating system is built to be more efficient. Microsoft has tweaked the Windows layout and navigation to help users find what they need and perform tasks more easily.

Not sure what version of Windows you’re using? In the bottom left of your screen, click on the Start Menu and press the Windows button on your keyboard. Then, type “system”. Click either the System or System Information icon. You’ll see your Windows version listed at the top of the window that opens up.

Upgrading to Windows 11 from 7 or 8 isn’t free. Only Windows 10 users can upgrade at no cost. Also, to upgrade to a Windows 11-compatible device, you’ll need to make sure you get a security chip called TPM 2.0. It’s unlikely you’ll find that chip on a computer more than four years old.

Need help with your Windows software? We can help. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Watch the Little Things in Cybersecurity

Author Richard Carlson tells the world, “Don’t Sweat the Small Stuff” in his popular book. Yet he’s not in the cybersecurity realm. When it comes to protecting your business, you do want to watch the little things. Avoiding small matters could bring big risks.

You’re already keeping an eye on the big things such as ransomware or data breaches, and you’ll also be ensuring have a data backup and disaster recovery plan in place. But don’t overlook the small issues that come up – they can be just as vital to your cybersecurity.

For one thing, don’t undervalue physical security for your business technology. In America, there have been reports recently of attacks on power stations, but these aren’t sophisticated cyber hacks. Attackers with guns are breaching the physical premises and shooting transformers. It goes to show that you focus on preventing cyber threats at the expense of perimeter protection.

This also means reminding employees not to let unknown personnel into the building and telling them to take down those post-it notes on their PCs with their passwords on them.

Allowing your people to work on software that’s past its support date could also be a bigger deal than you think. The “if it ain’t broke, why fix it?” mentality could leave you open to attack. Hackers seek out vulnerabilities tied to outdated systems. They can leverage small openings to wreak havoc on your business.

Small steps can make a big difference

Similarly, don’t fall for the idea that cybersecurity effort needs to be complicated to do the job. There are small steps your business can take to protect itself.

Cyber hygiene is a good starting point. Ensure your people aren’t reusing weak passwords across accounts. Make keeping track of complex passwords easier by using online wallets such as LastPass.

Keep computers updated and software patched. Manufacturers keep up with threats and upgrade their code to address known vulnerabilities. All you need to do is allow the update when it’s offered. It can be an inconvenience, but agreeing to that update can save you a big problem down the road.

Educate employees about using public Wi-Fi networks. They may think they are being productive by logging in while in line at the coffee shop, but that public access point could be putting your systems at risk. One big problem is that an attacker could be set up on that hotspot to intercept sensitive data.

Encrypt data. This helps you protect data wherever it may be, not just on-site. A hacker intercepting that data would still need decryption capabilities to get access.

Multi-factor authentication also helps to protect your business. After all, a criminal could get access to an employee’s username and password from a phishing attack. If you don’t add a second layer (at least) of authentication, they can easily log into your network and do damage.

Need help with cybersecurity issues? We can help you with the big and the small. Contact us today at 555-5555.

by

Tackle These Four False Assumptions about Cyber Attackers

There’s one big assumption about cyber attackers that we regularly refute: “It can’t happen to me.” At this point, most businesses do recognize the serious nature of the cyberattack threat. Yet other assumptions about cyberattackers may also make your business vulnerable. Educate your employees about these four main misconceptions. Raising their awareness can help secure your systems against social engineering attacks.

Start with the assumption that any technology is 100 percent safe. This is as misguided as the idea that your business won’t be a victim of a cyberattack. Some employees may believe that Google and Microsoft activity is always secure. That’s not the case.

Google and Microsoft have massive market shares, and it makes sense that bad actors target their cloud storage and content distribution. Once they’re in, they have ample opportunity to scam people.

Another false assumption is that threat actors go in blind with a scatter-shot approach. In fact, many social engineers do their research first. They learn what they can about your employees, your org chart, and what your business does. This helps them to develop more credible attacks.

Cybercriminals take the time to build rapport before initiating an attack. They may send unassuming conversational emails first, which helps them lull your people into seeing them as a trusted source. After establishing false security, criminals make an urgent request or plea for help.

 

Counter these misconceptions too

Cyberattackers may also make their play over the phone. So, don’t assume that your online interactions are the only thing to protect. There are hundreds of thousands of “vishing” threats every day. The bad actor may send an email without any malicious links or attachments, but there’s a number to call. If your employee calls in, they’ll talk with a convincing criminal. The bad actor might act as a call center or customer service agent.

Also warn employees against the assumption that responding to an existing email is always safe. It is much easier than they might think for someone to hijack a colleague or client’s email inbox. Then, the criminals use a pre-existing email thread to send a malicious attachment or URL, or use the connection to ask the employee to perform some action for the threat actor.

Finally, emphasize the point that anything is fair game. Cybercriminals will attack anyone, in any way they can. This includes leveraging current events, pop culture, and even international health crises. One campaign exploited victims by offering early access to Season 2 of the streaming success “Squid Game”, and during COVID lockdowns, hackers offered free masks or free tests to get people to download infected files.

There is money in cybercrime – a lot of it. The bad guys are highly motivated and always looking for new ways to exploit human weaknesses. Discuss cybersecurity assumptions with your employees and put protective measures in place to secure your IT. Our experts can help. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here..

by

What You Need to Know About Browser Extension Risks

With “Googling it” now a common expression, it’s safe to say you do a lot online. To do it all you’re using a Web browser (such as Chrome, Edge, Firefox, etc.). To do it all more efficiently or effectively, you could be using browser extensions, but this article is going to warn you against doing so.

To clarify, browser extensions are code add-ons that you connect to your browser. You can use them to personalize your surfing experience, and they accomplish many different things, including:

  • saving time (e.g. Scribe, Evernote, StayFocusd);
  • checking your grammar (e.g. Grammarly);
  • managing your passwords (e.g. Keeper, LastPass);
  • securing your online activity (e.g. DuckDuckGo, Ghostery)

Even though we’ve just said they can help secure your online activity and manage your passwords, the problem is that they are also risky.

Consider the fact that we said this represents added code. Now, how much coding do you know? Most will say “not a lot.” That means you’re blindly trusting that browser extension.

If you download a malicious one, that code can wreak havoc. Suddenly, your default search engine gets changed, or you get redirected to a start page with malware on it. You might face an onslaught of pop-ups or ads. They can also track your browsing history without you knowing it.

That’s just the beginning

Many browsers today want to keep you safe from malevolent extensions. They’ll have permissions in place before allowing access. Yet you still end up giving that extension a lot of access. For example, an extension modifying google.com needs access to all your Google activity. That means your Gmail, too.

Browser extensions access everything you’re doing online. So, a malicious extension could also function as a keylogger capturing passwords or credit card details.

A browser extension can also be sold to or hijacked by a bad actor. Then, it’s easy enough for them to push out an update that turns your trusted extension into malware.

What to do about this issue

Does this mean you should do without browser extensions? There are even browser extensions out there to block other browser extensions, but abstinence from extensions is not your only solution.

Instead, we’d recommend reviewing the safety and credibility of that extension. This means you should:

  • Check to see who published the extension.
  • Look at the reviews. A high number of positive reviews is a good sign. Thousands of people are unlikely to give five stars to a malicious extension.
  • Pay attention to the permissions required. If an extension claims to modify only one website, check that it accesses that site only.
  • Protect yourself with a good antivirus solution.
  • Keep your antivirus solution and other software updated.

It’s also easier to stay safe by limiting the number of installed extensions you use. If you have browser extensions that you aren’t using, uninstall them. This can cut your exposure to potential threats.

Another way to secure your online activity? Work with our IT experts. We can check permissions and review your extensions. We’ll also ensure your antivirus and software are up to date. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Making Smart IT Purchases with CPI Networks

There is no shortage of business technology out there to choose from. The sheer volume of options is overwhelming, and it can be challenging to identify the right solution for your business. This article provides ideas to help you make smart IT purchases.

You want to get the most out of your IT budget in 2023, but these common factors can derail smart IT purchases:

  • Many small and medium-sized business owners don’t have a lot of technical expertise.
  • Making buying decisions based only on a budget can lead to getting tech that won’t suit your needs.
  • People get drawn in by marketing appeals or salesperson charisma.
  • Buyers want to simplify their lives, so it seems to make sense to go with the same supplier or brand. But that’s not always the best answer.

All this means that even the best-intentioned buyers can choose the wrong technology. Maybe that new system isn’t compatible with existing software and hardware. You make things more difficult for your employees instead of improving productivity. Or you can end up wasting money on something you don’t need, or getting the perfect product but at an exorbitant price.

Strategies to Support Better Tech Purchases

When it’s time to buy technology, several strategies can improve your results.

Establish your requirements

This is more than thinking, “I want X to do this and that.” Map out your current technology to see what might already meet those requirements. Plus, learn what compatibilities will be essential to effectively use the new tech.

Talk to your employees

Ask about what they would change and what they like best about the tech you’re replacing. They’re the ones who are going to be using your tech purchases on a daily basis. Buying decisions made in isolation could saddle staff with IT that frustrates them.

Think long term

This can prevent you from getting caught up in glitzy marketing or salesperson enthusiasm. Yes, it’s human to want that cool, shiny gadget with all the bells and whistles, but it may not be what your business needs, either today or down the road.

In fact, if you’re oversold technology, you could face IT budget woes in the future. On the other hand, you don’t want to buy something that you’re going to have to replace soon. That’s setting yourself up to do this all over again. You want to make a choice that is the right fit for your current requirements but that can also scale with you.

The Solution to Tech Purchase Miscues

Of course, all this takes time – a long time if you lack IT expertise. That’s time away from running your business and revenue-generating activity. Partner with a managed service provider (MSP) like CPI Networks to simplify the process. We can look at your existing setup and learn what you need. Then, we’ll use our experience and vendor connections to get you the best deals on smart tech purchases. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Do you want to be notified when our next blog is posted, sign up here.

by

Avoid Holiday Hoodwinks

The holidays are busy. We’re trying to get work done to have some fun, and we’re hosting family and friends. Plus, parents that have the holiday Elf tradition must remember to move the doll every night. It’s a lot, and it can make us more likely to fall for scams that can lead to data theft.

Hackers like to take the path of least resistance. Why work harder than they have to for their ill-gotten gains? Instead, they’ll use social engineering to get you to give them your data or download their malware. Look out for these top holiday scams.

Parcel delivery scams

More people are expecting packages this time of year. Bad actors take advantage of this with what’s called a smishing scam. It’s a particular type of scam using text/SMS messaging. You get a message from a known service telling you a delivery needs rescheduling, or that there’s an outstanding fee that needs to be paid.

Recipients, who are already expecting a package, are quick to fall for the request. Clicking on the message link, they enter personal information or download malicious software.

Tip: Go to the source of the package you’re expecting and see what they’re saying about your package delivery.

E-card scams

Another common holiday season scam takes advantage of our enthusiasm for money. Scammers send e-cards to your email. When you click on the link, you’ll download a virus or other malware (e.g. ransomware).

Tip: Check the credibility of any e-card sender before downloading the “gift.”

Christmas hamper scams

Everyone wants to be a winner, but don’t fall for the scammer calling or emailing to say you’ve won a Christmas hamper. They’ll claim to be from a legit organization and have some of your personal information already. That helps them make it all seem genuine. Then, they’ll ask for you to provide more personal details to collect your prize or gift.

They may ask only for your full name, address, and phone number (if the request was emailed). They’ll be collecting this information for a more focused attack in the future.

Tip: Use strong passwords and be careful about what personal details you put on social media.

Fake websites

Many people shop sites that are unfamiliar to them at this time of year. Grandparents (even parents) know nothing about that latest trendy shop! Bad actors will set up fake sites offering gifts and services. They’re looking to get your personal details and money.

Tip: Prefer secure website addresses starting with “https” and displaying a locked padlock.

Shopping scams

Every season has its in-demand items. Scammers take advantage of this and set up ads for amazing deals on those items. Desperate to get this year’s toy for your toddler, you might be hooked. Or they’ll ensure people click on their ads by offering ridiculous deals. If you do get the item purchased via these ads, it’s likely to be a sub-par counterfeit.

Tip: Shop with retailers you know and trust.

Bank scams

This scam operates year-round, but bad actors have an edge in the holiday season when people spend more. Fraudsters typically call, text, or email as your bank having noticed suspicious activity. They get you feeling anxious and then urge you to take action (e.g. click a link or share personal details) to address the issue.

Tip: Remember that banks never use unsolicited calls to ask for personal details, pressure you to give information, or tell you to move your money to a safe account.

Protecting yourself this season

The tips shared throughout this article will help. At the same time, setting up password managers and antivirus software can also be useful. We can help you secure your online activity year-round. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Backup Your Apple Computer

There are many moments in life when we would like to travel through time. One common instance is when an important document disappears from our computer screen. Making things worse, we forgot to save it! That’s hours of work lost. Fortunately, Apple users have Time Machine’s built-in backup feature for added protection.

This software automatically backs up apps, music, photos, email, documents, and system files. You can backup to:

  • external storage devices;
  • another Mac set up as a backup destination;
  • network-attached storage (NAS).

It’s simple. Connect your Mac to an external drive, then Open Time Machine to select your backup destination. You can select when backups happen and what gets backed up, and you’ll also have the option of encrypting your backup, which is a good idea.

Time Machine keeps hourly backups for 24 hours, daily backups for a month, and weekly backups for previous months until full. The oldest backups get deleted when space is needed.

All you need to do to restore your original files is turn on and connect the Time Machine backup disk. Then, you can use the timeline on the Time Machine screen to find the items to restore.

We recommend all Mac users set up Time Machine to backup to at least an external drive, and Apple makes it easy to setup this minimum level of backup. With the local device, you’ll have a first line of defense close at hand if you need to recover or restore your computer.

However, this basic backup does limit your options. To amplify your protection, consider these alternatives.

Gaining More Control of Your Backup

Third-party software offers additional layers of protection. You gain detailed control of what is backed up and when, and what happens afterwards (perhaps you’ll want the software to eject the external device or shut down). You can also find software that backups operating systems and settings too. This could prove useful if your Mac gets stolen or damaged. You’ll be able to move to another device and quickly get all your data and applications configured as they were.

Another alternative for enhanced backup is the cloud. Time Machine and third-party software solutions require a local device to hold the backup. But if your computer is stolen, the thief is likely to have taken your backup too. Or, if your laptop is damaged in a flood or fire, the backup is probably also destroyed.

You’re also at risk of ransomware with Time Machine and third-party software. If malicious software compromises a device (yes, Macs are vulnerable too), it’s going to spread to connected or networked devices. So, the USB backup drive or NAS is as susceptible to encryption as the main Mac device.

Cloud backup provides a solution that helps avoid all these issues. Your backup data is stored in a datacenter that the thief, fire, flood, or ransomware can’t touch. Most cloud backup providers boast rigorous security protocols.

Eventually, all hard drives will fail. Backing up important data to one device leaves you at risk of a single point of failure. Cloud backup removes the fear that the one backup drive isn’t going to be working when you need it.

Need help setting up Time Machine, a third-party backup, or configuring your cloud backup? Let our computer experts help! We don’t want anyone to go without the safety and security of a reliable backup.

Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.