TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

You Absolutely Need To Back Up Your Cloud Services Like Office 365

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
Most businesses today rely heavily on Microsoft 365 for email, documents, calendars, and collaboration. It’s the backbone of day-to-day operations.

Because Microsoft has massive data centers and strong uptime, many people assume their data is automatically “fully backed up.” That’s a dangerous assumption.

Microsoft 365 runs on a shared responsibility model. Microsoft does a great job keeping the platform running, but protecting your data is still your responsibility. In other words, they keep the lights on – but what happens to your files, emails, and Teams data is ultimately on you.

Yes, Microsoft includes some built-in safety nets. Things like file versioning in OneDrive and SharePoint, recycle bins that typically keep deleted items for up to three months, and basic retention policies can help recover from simple mistakes. Accidentally delete a file or overwrite a document? You may be able to get it back – if you catch it in time.

That “if” is the problem. Once those retention windows expire, your data is gone. There’s no rewind button. And these tools aren’t designed for full, point-in-time restores or long-term archiving across your entire environment.

Human error alone makes this risky. Someone deletes the wrong folder. An email with an important attachment is purged. A departing employee’s mailbox is removed before something critical is discovered.

These things happen every day, often without anyone realizing it until it’s too late.

Security threats raise the stakes even higher. Ransomware and account takeovers increasingly target Microsoft 365 environments through phishing and stolen credentials.

Even with good security controls in place, breaches still happen. When attackers encrypt or delete cloud data, Microsoft’s native tools don’t always provide a clean, fast way to roll everything back.

Then there are outages. While rare, Microsoft 365 service disruptions do occur. When access is interrupted, organizations without independent backups may find themselves completely stuck, unable to retrieve email, files, or records when they need them most.

Compliance requirements add another layer. Industries governed by HIPAA, GDPR, or financial regulations often need longer retention, audit trails, and reliable recovery options. Microsoft’s built-in tools help, but they’re usually not enough on their own.

That’s where third-party Microsoft 365 backups come in. Dedicated backup solutions capture your data regularly, store it independently, and let you restore exactly what you need when you need it. They’re affordable, easy to automate, and dramatically reduce risk.

Bottom line: Microsoft 365 is an excellent productivity platform, but it is not a complete backup solution. If your data matters to your business, relying on built-in tools alone is a gamble you don’t need to take.

It’s Time To Prepare For The Era Of Agentic AI

A quiet shift is happening in the digital world. But most businesses won’t notice it until it’s already reshaped how work gets done.

We’re entering the era of agentic AI. Smart, autonomous systems that don’t only assist people, but act on their behalf.

While that might sound futuristic, the foundations are already in place today.

Unlike traditional tools that wait for someone to click, type or browse, agentic AI can read data, talk to other systems, and complete entire tasks end-to-end.

It can negotiate prices, fill out forms, run processes and make decisions within rules you set.

To do that safely and effectively, it needs clean data, reliable systems and secure paths to the information it uses. That’s where lots of businesses will need to prepare.

Most companies have grown their technology stack over years, adding apps, cloud services, storage locations and workflows along the way.

It works, but it’s often messy behind the scenes. Data sits in different places. Integrations are fragile. Permissions aren’t always up to date. These things might not cause major problems today, but they’re exactly the areas agentic AI depends on.

For example, AI agents rely heavily on APIs, the simple, secure digital doors that allow one system to talk to another.

If those doors don’t exist, don’t work properly or aren’t secure, the agent’s capabilities become limited or worse, risky.

The same goes for identity management. If your business still relies on shared passwords, old login methods or inconsistent MFA, an autonomous system can only do so much safely.

Then there’s data quality. AI agents don’t guess, and they don’t “work around” human mistakes.

If your data is duplicated, inconsistent or outdated, the agent will simply act on whatever it sees. Even if that leads to poor decisions.

Good data governance suddenly becomes a business essential, not a nice-to-have.

You may also need to rethink how automations run inside your business.

Many companies already use basic workflow tools, but agentic AI expects deeper, more reliable automation pathways that don’t break the moment a system changes.

Luckily, it’s simply a case of strengthening the digital foundations you already rely on. Better identity systems, cleaner data, solid cloud infrastructure, modern security and well-designed integrations.

Agentic AI will introduce incredible opportunities, but only for businesses whose tech environments are ready for it. If you need help getting those foundations right, get in touch.

Upgrading Your Technology Could Reduce The Impact Of Sick Leave

Most businesses have felt the pain of sick leave at some point.

A key person off for a few days can slow everything down. A longer absence can put entire projects on hold.

But did you know that upgrading your technology can help offset some of that lost time?

When people talk about tech upgrades, they often think it means buying shiny new devices. Really, it’s mostly about removing the daily friction your team faces.

You know the thing. Slow systems, unreliable tools, old software, and clunky processes. They may seem small, but over a year, they quietly drain hours, days, even weeks of productivity.

Recent research shows that improving workplace connectivity – that’s the speed and reliability of your internet and internal systems – could help employees reclaim the equivalent of several working days per year.

Why?

Because when systems are fast, secure and stable, people get more done with less frustration. And frustration is a bigger problem than most business owners realize.

A large share of employee sick leave around the world is connected to stress and mental health. And many workers say outdated or unreliable tech is part of what increases their stress.

Think about how it feels when you’re trying to do something important and your device freezes or a system keeps crashing. Modern tools remove that emotional strain by simply… working.

Better tech can also give employees more flexibility.

Cloud systems (software and data stored securely online rather than on a local computer) make it easy for people to work effectively from anywhere. And AI tools, which help automate repetitive tasks or surface information quickly, free up time and reduce cognitive load.

When people feel in control of their work, they tend to feel less stressed, more productive, and more satisfied.

There’s another benefit too: Training.

Many workers say they want better skills and clearer support as businesses adopt new tools. The advent of AI and AI-assisted tools means your team is working with new technology regularly.

When people understand the technology they’re using, confidence goes up and mistakes go down.

So while you can’t stop illness entirely, you can build a workplace where lost time hurts a lot less.

If you need help making an investment in productivity, well-being and long-term resilience, please give us a call at (734) 457-5000, or email us at info@MyTechExperts.com.

Why Hackers Love Small Businesses… And It Isn’t The Reason You Think

When people hear about cyberattacks, they usually picture giant corporations, government agencies, or well-known brands making the news.

That leads many small business owners to a dangerous conclusion: “Why would anyone bother with us?”

The reality is the opposite.

Small businesses are often more attractive targets than large enterprises – not because they’re famous or wealthy, but because they’re easier.

Hackers aren’t usually looking for a specific company. They’re running automated scans and phishing campaigns across thousands of businesses at a time, searching for the lowest resistance. The goal isn’t drama. It’s efficiency.

Large organizations invest heavily in cybersecurity teams, advanced monitoring, and formal response plans.

Small businesses, by contrast, are more likely to rely on basic protections and the hope that nothing bad happens. From a hacker’s perspective, that’s a much simpler equation.

One of the biggest reasons small businesses get hit is inconsistent security habits.

Passwords get reused. Updates get postponed. Old employee accounts linger longer than they should.

These aren’t signs of carelessness, they’re just signs of busy people juggling a lot of responsibilities. But they create openings that attackers know how to exploit.

Email is another favorite entry point. A convincing phishing message doesn’t need to fool everyone. It just needs to fool one person on a hectic morning.

Once an attacker has access to an email account, they can quietly monitor messages, reset passwords, or launch follow-up attacks from a trusted address.

By the time anyone notices, the damage is already underway.

There’s also a misconception that cybercrime is always about stealing money directly. In many cases, it’s about stealing access.

Email accounts, cloud files, and login credentials can be resold, reused, or leveraged for ransomware later. Even a small company’s data has value in the wrong hands.

Another factor is recovery. Large organizations expect incidents and practice responding to them. Small businesses often don’t.

When something goes wrong, they’re left scrambling, figuring out who to call, what data is affected, and how long systems will be down. That chaos is exactly what attackers count on.

Ironically, many small businesses do have good tools in place, but they’re not consistently configured, monitored, or tested.

Backups may exist but haven’t been verified. Security features may be available but not fully enabled. The gap between “having technology” and “actively managing it” is where problems start.

The good news is that this isn’t about spending enterprise-level money or turning your office into a high-security bunker.

Most successful attacks rely on very basic weaknesses – things that can be addressed with the right planning, consistency, and oversight.

Hackers don’t love small businesses because they’re small. They love them because they’re busy, trusting, and often stretched thin. When security becomes intentional instead of reactive, that appeal fades quickly.

The goal isn’t to be perfect. It’s to be prepared. And in today’s environment, preparation is one of the smartest business decisions you can make.

Why You Should Treat Scam Alerts Like A Fire Drill

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

As business owners, we’re used to handling risk. We lock the doors at night, back up data, check accounting. But when it comes to scams like phishing, vishing, and bogus security alerts many of us treat the warnings like background noise. Once in a while, we glance, nod, and move on.

That’s a mistake.

Scammers are still using the same basic tricks but dressing them up in newer clothes.

As highlighted recently in a post by tech-advisor Leo Notenboom, many of the messages you see these days come from people claiming to be banks, government agents, or “security departments.” They try to scare you, tell you there’s unusual activity on your account, or warn you about imminent fines.

The goal: make you panic and then make you act before you think. Transfer your money. Give remote access. Submit credentials. Before you know it, the damage is done.

Here’s the problem: far too many of us assume we can spot a scam based on “common sense.” But when those messages are timed right like late at night, during a busy day, or right after another stressful event, even savvy folks get caught.

That’s why it’s time to treat scam prevention like a core business process, not a “nice to have.”

Core lies scammers tell

Most scams rely on one of three basic lies:

“Your accounts have been compromised – act now or lose everything.”

“Your identity is being used in a crime, you must respond immediately.”

“Your computer or system has a serious security problem. Call now for help.”

None of these are legitimate openers. Real banks, real agencies don’t call randomly, don’t demand immediate action, and won’t threaten legal consequences over a phone call or email.

Make this your test: if someone pressures you to act right now, hang up. Then take five minutes, step away, and verify using contact information you already have.

Build guardrails around your company

As an owner or manager, you can lead the charge on this. Set clear policies for how you and your team respond to unexpected calls, emails, even pop-up alerts.

Require that anyone getting a “security alert” call must first hang up and call back the official support number.

Never rely on caller ID to verify identity. It’s trivial to fake.

Prohibit transferring funds or sharing sensitive credentials unless someone else signs off, even if the “call” claims to be from your bank.

Consider call-block tools or spam filters. Less clutter means fewer chances to get tricked.

Those few simple steps dramatically reduce the odds of someone making a mistake on a bad day.

Protecting data is about psychology, not just tech

You might be thinking, “We already have firewalls, anti-virus, secure endpoints.” That’s good. But none of that protects you from a human being tricked into handing over access.

Real protection comes from building a mindset: skepticism, calm, and verification. When your team treats every unexpected alert like a potential fire — a threat until proven safe — you build the reflexes necessary to stop scams.

If you wait until after disaster strikes, you’re already reacting. Instead, lead with prevention.

How To Use A Password Manager And Virtual Cards For No-Risk Holiday Shopping

Have you ever been concerned about your credit card or personal data getting stolen while shopping online? You’re not alone.

Each holiday season, as millions of shoppers flock online for convenience, hackers ramp up their activity.

The Federal Trade Commission (FTC) has warned that scammers often create fake shopping websites or phishing emails to steal consumers’ money and personal information, especially during the holidays.

If you’re planning to shop this holiday season, now is the perfect time to boost your online security. Two simple tools, password managers and virtual cards, can make a big difference. But how exactly?

People prefer password managers for online shopping

Shopping online is quick, easy, and often cheaper than going to physical stores. However, it is fraught with security risks. Many people now use password managers and virtual cards for safer transactions.

A password manager creates and keeps complicated, distinct passwords for all accounts. This minimizes the chance of unauthorized access and theft. The Cyber-security and Infrastructure Security Agency (CISA) recommends using password managers to reduce password reuse and protect sensitive data from hackers.

Virtual cards also add an extra layer of protection when shopping online. Although the card numbers are linked to your real credit or debit card account, the merchant never sees your card details. This helps prevent identity theft and financial fraud.

Use virtual cards for online purchases

Before you start adding items to your cart, the safety of your money comes first. Here are smart ways to use these tools to improve online security during the holidays.

• Choose a Reputable Password Manager. Select a trusted provider with strong encryption and a solid reputation.
• Create a Strong Master Password. Your master password protects all your other passwords and should be the most secure.
• Turn On Two-Factor Authentication (2FA). Even if hackers steal your password, they can’t access your account without your verification code.
• Generate Virtual Cards for Each Store. This way, if one store is compromised, only that temporary card is affected your main account stays safe.
• Track Expiration Dates and Spending Limits. Virtual cards often expire after a set time or after one purchase. Set spending limits as well, as this helps with budgeting and prevents unauthorized charges.
• Shop Only on Secure Websites. Be sure to purchase only from websites you are familiar with.

Common mistakes to avoid for safer online shopping

Even with the best security tools, simple mistakes can put your data at risk. Here are some common pitfalls to watch out for when shopping:

• Reusing Passwords. One hacked password can put all your accounts at risk.
• Using Public Wi-Fi for Shopping. Hackers can easily monitor public Wi-Fi networks, making them unsafe for any online activity.
• Ignoring Security Alerts. If your bank, password manager, or virtual card provider alerts you to suspicious activity, act immediately. Follow their instructions to protect your data.
• Saving Card Details in Your Browser. If hackers access your browser, your saved cards are compromised.

Need help improving your cybersecurity before the holiday rush? We can help you protect your data with smarter, easy-to use security solutions. Stay safe, stay secure, and shop online with confidence this season. Contact us today to get started.

Help Your Team Bridge The AI Gap

A few years ago, most business owners were only beginning to hear about tools that could generate text, summarize information, or help with research. Now those tools are woven into everyday operations. They write drafts, sort data, prepare reports, and quietly support a thousand small tasks that used to take real time and attention.

The pace of change has been remarkable. The challenge is that the technology is sprinting ahead while the people expected to use it are still trying to get their footing. Many employees simply haven’t had the time, training, or confidence to understand how these tools fit into their actual job responsibilities.

A common misconception is that “AI training” requires expensive courses, certifications, or hiring specialists. That’s rarely the issue. What most organizations need right now is far simpler: helping regular staff get comfortable, capable, and confident using the tools already at their fingertips.

In practice, people learn far more from hands-on experience than from technical lectures. Forward-thinking companies are building safe places to experiment – controlled “sandboxes” where employees can try prompts, explore features, and make mistakes without risking sensitive data or business operations. It’s a low-pressure way to build skill and curiosity.

Others are embedding short, practical lessons directly into the systems their teams already use. Instead of long training sessions that nobody remembers the next day, employees get small nudges or examples right at the moment they’re most useful. It’s learning that fits naturally into the workday.

There’s also a mindset shift happening. These tools are fast and helpful, but they don’t replace human judgment. They don’t understand context, goals, or strategy the way your team does. The organizations getting the best results are the ones encouraging people to pair human insight with the tool’s speed, using it to clear the grunt work so employees can focus on the parts of the job that actually require a brain.

Ignoring all this and “dealing with it later” isn’t a great strategy. The skills gap is getting wider, not smaller. The longer a company waits to bring its team up to speed, the harder it becomes to catch up. Employees who receive even light, consistent exposure to these tools quickly discover ways to streamline their day, reduce repetitive work, and improve the quality of what they produce.

So it may be time to rethink what training really means. It doesn’t have to be formal or intimidating. It doesn’t require turning employees into experts.

What it does require is giving people room to explore, experiment, and build trust in the tools they’re expected to use.

Less theory. More hands-on practice. Fewer rules. More guided experimentation.

When your team feels capable instead of cautious, you’ll see improvements in productivity, problem-solving, and overall momentum. Confidence turns technology from something employees fear into something they rely on.

If you want help building an approach that fits your business – and keeps your staff moving forward instead of falling behind – get in touch. Tech Experts can guide you through the process.

Is It Time to Rethink Your Phishing Training?

If we’re being straightforward about it, a lot of phishing training programs simply miss the mark.

Once a year, employees sit through a mandatory cybersecurity module. They click through slides about “being cautious,” guess their way through a quiz, and check the completion box. Management gets a report showing 100% participation, and everyone moves on.

Meanwhile, cybercriminals haven’t hit the pause button.

Phishing – emails or messages designed to trick someone into clicking a link, sharing credentials, or opening the door to a larger attack – continues to be one of the most common entry points for data breaches. Roughly 15% of breaches start with someone being fooled by a message that looked legitimate enough in the moment.

Awareness has gone up. The attacks have gotten better. And the old training methods aren’t keeping pace.

The core issue is simple: traditional training doesn’t change habits.

Employees are overwhelmed, rushed, and trying to move through their inbox quickly. A realistic phishing email doesn’t announce itself. It shows up during a busy morning, looks like a routine request, and catches someone who’s trying to get through a stack of tasks.

A once-a-year slideshow doesn’t prepare anyone for that.

Most people learn best when training is ongoing, practical, and relevant to what they actually see day to day. They need to experience situations that feel real – not just read about them. And they need repetition. Cybersecurity isn’t something you absorb one time and remember forever; it’s something you reinforce over and over.

That’s why phishing training needs a full overhaul.

Instead of a yearly “compliance event,” think of phishing awareness the same way you think about good hygiene. You don’t brush your teeth once a year. You do it regularly, because small habits prevent big problems. Cybersecurity works the same way.

Effective programs deliver short, frequent lessons that become part of the workplace rhythm. Simulated phishing tests keep people sharp and build real-world instincts. Small tips are delivered at the right moments – like inside email clients – so learning happens naturally. When done well, this kind of training stops feeling like homework and starts feeling like a shared responsibility.

Culture plays an important role too. Employees must feel safe reporting suspicious messages. No finger-pointing. No embarrassment. The companies that reduce incidents the most are the ones where people feel comfortable saying, “This looks strange, can someone check it?”

Engagement matters as well. Dry presentations don’t work. Interactive challenges, short quizzes, friendly competition, and real examples make people pay attention. Many businesses are surprised at how much participation jumps when training is practical and even a little fun.

Of course, no training replaces the need for strong security controls. Staff can be thoughtful and well-trained and still make a mistake – that’s human nature. This is why tools like multi-factor authentication, strict access controls, email filtering, and secure backups are non-negotiable.

Training reduces the odds of a bad click. Technology ensures that one mistake doesn’t shut your business down.

If your phishing training program hasn’t evolved in several years, now is the right time to revisit it. The threats have changed. Your staff’s workload has changed. And your defenses should change with them.

Your team deserves training that works. Your business deserves protection that holds up under real pressure.

If you’re ready to build a program that actually improves security – not just checks a box – Tech Experts can help. Reach out and we’ll walk you through the next steps.

Your Best Defense Against A Cyberattack

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Cyberattacks rarely make headlines when they hit SMBs. But behind the scenes, they’re happening every day.

In fact, while you’re reading this, a company somewhere is quietly dealing with the fallout of being locked out of its own systems.

What separates the businesses that recover quickly from those that don’t isn’t luck. It’s preparation.

Hackers have become very good at sneaking in, stealing data, and causing disruption. Even strong security can’t block every attempt. That’s why having a recovery plan matters so much.

A disaster recovery plan is simply a playbook for your business. It sets out what happens if the worst occurs:

  • Who takes charge
  • How you communicate with staff and customers
  • The steps to bring systems back online

When people know what to do, they can act fast and confidently rather than wasting precious hours figuring it out on the spot.

Security experts (like us) often run practice scenarios, pitting “attackers” against “defenders.” What becomes obvious in these exercises is that the technical side of an attack is only half the battle.

Clear communication, calm decision making, and having tested plans ready to go make the biggest difference in whether a business survives intact.

Preparation also means knowing where your vital data is stored, making sure backups are reliable, and checking that everyone understands their role if trouble strikes. And sorry to be the bearer of bad news, but these aren’t one-time jobs. You need to revisit and test them regularly.

The reality is that cybercriminals aren’t going away. But you can take the fear out of the unknown by being ready.

Preparation turns a crisis into something manageable, helping you protect your data, your reputation, and your customers’ trust.

If you need expert help creating a plan for if things go wrong, my team and I are on hand. Get in touch.

QR Codes: A New Favorite Tool For Scammers

QR codes have slipped into daily life so smoothly that most of us barely register them anymore. They’re on tables in restaurants, taped to windows, printed on flyers, and sitting on parking meters. They offer quick access to menus, payment portals, and websites without any typing.

Because of that convenience, many people scan them automatically without pausing to think about where they might lead.

Unfortunately, that same convenience is exactly what criminals are taking advantage of.

There is a growing scam called quishing. The term comes from QR code phishing, and it works the same way traditional phishing does, but with a twist. Instead of clicking a suspicious link, you hold your phone camera over a code that quietly directs you somewhere you shouldn’t go.

When you scan a malicious QR code, you might be sent to a fake payment page designed to steal your card information, a false login screen meant to harvest your username and password, or a website that attempts to install malicious apps or spyware on your device.

The code itself looks harmless, which makes people less cautious than they might be with a strange link in an email.

One of the biggest challenges with QR codes is that you can’t tell where they lead until after you’ve scanned them. The printed square gives no clues about its destination. People often assume that because a QR code looks official or appears in a familiar location, it must be safe. Criminals take full advantage of that misplaced trust.

It doesn’t take much effort for scammers to cause trouble. Many simply print their own QR code stickers and place them over legitimate ones. A quick peel-and-stick is enough to redirect unsuspecting scanners to a fraudulent site.

This happens frequently in high-traffic areas such as parking lots, transit stops, coffee shops, or shop doors. Busy people rushing from one place to another rarely stop long enough to spot the switch.

Others send scam emails crafted to look like messages from legitimate companies. They may use believable wording, familiar logos, and professional formatting. Hidden inside is a QR code that sends you somewhere dangerous.

Because people are used to scanning codes from everything from delivery services to loyalty programs, these fake emails blend in easily.

These scams often play on urgency. You might be told that your account is in danger, a bill is overdue, a delivery is waiting, or that you’ll miss out on something if you don’t act immediately.

When people feel pressured, they tend to react quickly rather than carefully. Scammers count on that moment of distraction, that second where you scan first and think later.

The good news is that there are simple ways to protect yourself. Awareness and caution go a long way.

Be careful with QR codes that arrive in unexpected emails or messages, especially if the sender is unfamiliar or something feels off. If you’re asked to log in, reset a password, or make a payment, go directly to the official website instead of using the QR code. A few extra seconds can prevent a major headache.

When scanning QR codes in public spaces, take a moment to look at them closely. If a sticker looks crooked, worn, or placed on top of another label, avoid it. If the surface appears tampered with or altered, treat it as suspicious. It may feel like you’re being overly cautious, but it’s far better than walking straight into a scam.

Even after you scan a code, stay alert. Before you enter any personal information, double-check the website address. Make sure the URL looks correct, the site is secure, and nothing seems unusual. If something feels wrong, close the page immediately.

QR codes are not going anywhere. They’ve become a convenient tool for both businesses and customers. Most codes are perfectly safe, but now that criminals have figured out how to exploit them, everyone needs to build a habit of pausing before scanning.

The same guidance applies to your staff. A simple moment of caution could prevent data, financial information, or access to systems from ending up in the wrong hands.

If you want to make sure your team stays informed about current cybersecurity threats and knows what to watch out for, we can help. Reach out anytime.