TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Do Your Cyber Security Plans Fall Short?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

When it comes to cyber security, many small businesses are caught off guard. Not only when cyber attacks happen… but also by what to do next.

A solid cyber security plan isn’t just about preventing attacks. It’s about knowing how to respond if the worst happens.

Cyber attacks often target smaller businesses because criminals know they’re less likely to have robust defenses in place.

The most common threats include phishing (fake emails or messages that trick you into sharing sensitive information) and malware (malicious software that can steal data or shut down your systems).

You can’t stop these risks entirely, but you can reduce your chances of being hit by:

Training your team: Make sure everyone knows how to spot phishing emails, avoid dodgy downloads, and use strong passwords. This is your first line of defense.

Keeping software updated: Regular updates for apps and systems fix security flaws that cyber criminals might exploit.

Using Multi-Factor Authentication (MFA): This adds an extra layer of security, like a one-time code sent to your phone, making it harder for attackers to get in.

But even the best defenses aren’t foolproof. That’s why your cyber security plan also needs to cover what happens if you’re attacked. Without a plan, an incident can cause panic, downtime, and serious financial loss. Here’s what you should have in place:

A response team: Decide in advance who will handle the situation – your IT team, an outside expert, or both?

Backup systems: Regularly back up your data and store it securely. If ransomware locks your files, backups can mean you won’t lose everything.

A communication plan: Know how you’ll inform your team, customers, and any necessary authorities about the breach. Remember, cyber security isn’t just for big companies. A single attack could be enough to seriously damage your business. By planning ahead, you’re not just protecting your data, you’re safeguarding your reputation and your future.

We help businesses create their own plans for defense and remediation. If we can help you too, get in touch.

Is Your Business Prepared for a Cyber Disaster?

Imagine walking into your office tomorrow morning to find that your entire network is down. Your files are inaccessible, client data is missing, and your email system is unresponsive. You scramble to troubleshoot, only to realize your company has fallen victim to ransomware.

What happens next?

For too many businesses, the answer is panic. Without a solid business continuity and disaster recovery (BCDR) plan, an unexpected cyberattack, power failure, or hardware crash can bring operations to a grinding halt. The longer the downtime, the more damage is done—not just financially, but to your reputation as well.

Downtime is costly – and avoidable

Every minute your business is offline costs money. Missed sales, delayed projects, lost customer trust—it all adds up quickly. According to industry reports, even a single hour of downtime can cost small businesses thousands of dollars. For larger organizations, the losses can skyrocket into six figures.

While cybersecurity measures like firewalls and email security tools help prevent attacks, they don’t eliminate risk entirely. What matters just as much is how quickly your business can recover.

The key components of a strong BCDR plan

A well-designed BCDR plan isn’t just about having backups—it’s about having a strategy to keep your business running, no matter what happens. Here are the essential components:

Automated, Secure Backups – Regular, offsite backups ensure your files and systems can be restored quickly after an attack, hardware failure, or accidental deletion.

Incident Response Plan – If a disaster strikes, who does what? A clear, documented step-by-step response plan ensures that your team knows how to act fast to minimize downtime.

Cyber Resilience Strategy – Preventive security measures reduce the risk of data loss while redundant systems and cloud-based infrastructure help maintain operations during an outage.

Testing & Drills – Having a recovery plan isn’t enough—it needs to be tested. Simulated attacks and downtime exercises help identify weak points before a real crisis occurs.

What happens without a BCDR plan?

Businesses without a recovery strategy often face severe consequences when disaster strikes:

Permanent data loss – Without proper backups, recovering lost files may be impossible.

Extended downtime – A slow recovery means lost revenue, frustrated clients, and operational chaos.

Reputational damage – Customers expect reliability. If they can’t reach you, they may take their business elsewhere.

Regulatory penalties – Depending on your industry, data protection laws may require businesses to have a recovery plan in place.

Why you shouldn’t wait to put a plan in place

It’s tempting to assume that disasters only happen to other businesses, but cyberattacks, power failures, and hardware issues can strike at any time. Without a plan, even a small incident can escalate into a full-blown crisis.

At Tech Experts, we help businesses design and implement comprehensive business continuity and disaster recovery plans that keep operations running smoothly—no matter what happens. From secure backups to fast recovery solutions, we ensure that your company is prepared for the unexpected.

Guide To Secure File Storage And Transfers

File storage and transferring hold a very dear place in most people’s lives.

However, the safety of files is really tough to maintain. In this guide, we are going to help you protect your files. We will explore ways to store and send files securely.

What is secure file storage?

Secure file storage protects your files. It prevents others from accessing your files or altering them in any way. Good storage grants protection to your files using locks. You alone can unlock such files.

Types of secure storage

Files can be stored securely in various ways, as listed below.

  • Cloud
  • External hard drives
  • Encrypted USB drives

Cloud storage saves files on the internet. External drives save files on a device you can hold. Encrypted drives use special codes to lock files.

Why is secure file storage important?

Secure storage keeps your information private. It stops thieves from stealing your data. It also helps you follow laws about data protection.

Risks of unsecured storage

Unsecured files can lead to huge troubles, including but not limited to the following:

  • Identity theft
  • Financial loss
  • Privacy breaches

These risks give a reason why secure storage is important. You need to protect your personal and work files.

How can I make my file storage safer?

You can do so many things to make your storage safer, such as:

  • Using strong passwords
  • Enabling MFA
  • Encrypting your files
  • Keeping your software up to date frequently

Strong passwords are hard to guess. Two-factor authentication adds an extra step to log in. Encryption scrambles your files so others can’t read them. Updates fix security problems in your software.

Best practices for passwords

Good passwords are important in keeping your files safer. Here are some tips:

  • Use long passwords
  • Mix letters, numbers, and symbols
  • Don’t use personal info in passwords
  • Use different passwords for each account

What is secure file transfer?

Secure file transfer is a way of sending files safely between individuals or devices. It prevents unauthorized access to files and prohibits modification of files in transit. The better methods of transfer protect the files with encryption.

Common secure transfer methods

Here are several ways to securely transfer files:

  • Secure FTP (SFTP)
  • Virtual Private Networks (VPNs)
  • Encrypted email attachments
  • Secure file-sharing services

How to transfer files safely?

These steps will keep your files safer while in transit:

  • Select a secure method of transfer
  • Encrypt the file before you send it
  • Give strong passwords for file access
  • Authenticate the recipient
  • Send the access details separately

How to email attachments safely

  • Encrypt important attachments
  • Use a secure email service
  • Avoid writing sensitive information in the body of an email
  • Double-check the recipient’s email address

Ready to secure your files?

Protect your data from thieves and snoopers. Use strong passwords, encryption, and safe methods of transfer.

Feel free to reach out today and let us walk you through setting up safe systems for your files to take the next step in protecting critical data.

Protect Your Business From Email Fraud With DMARC

Email is the backbone of modern business, but it’s also one of the easiest ways for cybercriminals to attack.

If you’ve ever received a fake email that looks like it came from a trusted company, you know how convincing these scams can be. Worse, what if scammers used your business’s email to trick your customers?

That’s exactly what happens with email spoofing—when hackers send emails pretending to be from your domain to steal information, spread malware, or commit fraud. The result? Lost trust, damaged reputation, and even financial losses.

Fortunately, there’s a solution: DMARC (Domain-based Message Authentication, Reporting, and Conformance).

What is DMARC?

DMARC is a security standard that protects your business from email spoofing and phishing attacks. It ensures that emails sent from your domain are legitimate and blocks fraudulent emails before they reach customers, vendors, or employees.

Think of it like a security checkpoint for your email. Only verified messages get through, while fake ones get stopped.

Why your business needs DMARC

Many business owners believe email fraud is only a problem for large corporations. But in reality, small and mid-sized businesses are prime targets because they often lack strong security measures.

Without DMARC:

Your emails could be marked as spam – Clients and vendors may never see important messages like invoices or proposals.

Scammers can impersonate your company – Fraudsters can send emails pretending to be from your business, putting your reputation at risk.

You could face compliance and legal issues – Industries like finance, healthcare, and retail are tightening cybersecurity requirements, and failing to secure your email could lead to penalties.

With DMARC, you can:

Prevent email fraud and phishing attacks – Keep criminals from impersonating your business.

Ensure your emails get delivered – No more important messages going to spam.

Protect your reputation – Customers and partners will trust that emails from your domain are legitimate.

Stay ahead of security compliance – Meet industry regulations and avoid costly fines.

Why DIY isn’t the best option

Implementing DMARC is not as simple as flipping a switch. If done incorrectly, it could accidentally block legitimate emails from reaching their destination.

It requires careful setup, monitoring, and ongoing adjustments to ensure your emails are secure but still get delivered. This is where Tech Experts comes in.

How Tech Experts can help

At Tech Experts, we specialize in setting up and managing DMARC policies to keep your business protected without disrupting your communication. Our process includes:

Proper setup – We configure DMARC correctly to secure your domain while ensuring your real emails don’t get blocked.

Ongoing monitoring – We track and analyze email activity, making adjustments as needed.

Compliance & best practices – We ensure your business stays in line with security regulations and industry standards.

Peace of mind – You can focus on running your business while we handle the technical details.

Don’t wait until it’s too late

Cybercriminals are getting smarter, and email-based scams are on the rise. Don’t wait for a phishing attack to damage your business. Protect your email, your reputation, and your customers with DMARC.

Ready to secure your business email?

Tech Experts can help. Contact us today at (734) 457-5000, or email us at info@mytechexperts.com, to set up your DMARC protection and keep scammers out of your inbox.

Here’s Why You Should Stick To Work-Specific Tools

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

When it comes to communicating with your team, it can be tempting to stick with what’s familiar. Apps like WhatsApp or Facebook Messenger are quick and easy to use. And everyone already has them on their phones, right?

But while these tools are great for sharing vacation photos or planning a get-together, they’re not the best choice for work-related conversations. In fact, they could cause serious problems for your business.

You and your team often share information that’s sensitive – customer details, employee records, or even financial data. Sharing this kind of information over apps that aren’t designed for business use can be risky. Many of these apps don’t have the advanced security measures needed to protect your business from threats like cyber criminals or malware (malicious software designed to steal or damage your data).

If this happens on a personal app which doesn’t have the right security in place, your business could end up facing serious consequences. Losing access to important accounts or having private data leaked, for example.

Using business-specific communication tools, like Microsoft Teams, isn’t just about security, it’s also about keeping things organized. It lets you set up separate channels for different projects, share files securely, and even integrates with other apps you might be using. That means your team spends less time scrolling through endless chat threads and more time getting things done.

Personal apps can quickly get messy. Important messages get buried under GIFs and memes, and it becomes all too easy to accidentally share the wrong file – or worse, send something confidential to someone outside the company.

Switching to a proper business communication tool isn’t difficult, and it’s one of the best ways to protect your company’s information while keeping your team running smoothly.

Need help getting started with the right tools for your business? Get in touch.

The Ultimate Guide To Encryption Methods

Encryption is a method of securing information. It converts readable data into secret code. Only the right key can decode it. This guide will help you understand different encryption methods.

What is encryption?

Encryption is like a secret language. It converts regular text into unreadable text. This unreadable text is called ciphertext. Only people who have the right key will be able to convert it into normal text, called plaintext.

Why do we use encryption?

We use encryption to keep our information safe. It makes our data safe from hackers. This is very important for privacy and security.

How does encryption work?

Encryption uses algorithms and keys. An algorithm is a set of rules for solving problems. A key is somewhat like a password that unlocks the secret message.

There are two types of encryption: Symmetric encryption and asymmetric encryption. Symmetric encryption uses the same key for encryption and decryption. The same key is shared between the sender and receiver. It’s fast but less secure when the key is shared.

Asymmetric encryption uses two keys: a public key and a private key. A public key can encrypt a message, while a private key can decrypt it. It’s more secure since only the private key unlocks the message.

What are some common encryption methods?

  • AES (Advanced Encryption Standard)
  • RSA (Rivest-Shamir-Adleman)
  • DES (Data Encryption Standard)
  • ECC (Elliptic Curve Cryptography)

How do we use encryption in everyday life?

Online Shopping. When you purchase online, your payment information is encrypted. This protects your credit card information against hackers.

Messaging Apps. Apps like WhatsApp use encryption to keep your messages private. Only you and the person you are chatting with can read them.

Email Security. Many email services use encryption to protect your emails from being read by others.

What are the challenges of encryption?

Key Management. If some person loses their key, they probably will lose their data.

Performance Issues. Encryption could slow down the systems since it needs processing power for encryption and decryption.

How can you stay safe with encryption?

Use Strong Passwords. Always use strong passwords for accounts and devices. That will make hacking difficult as it will take time to access.

Keep Software Up-to-Date. Regularly update your software to protect against security vulnerabilities in software.

Use Caution with Public Wi-Fi. If you need to use public Wi-Fi, avoid sensitive transactions unless you can encrypt your internet connection using a VPN.

Ready to secure your data?

Encryption helps protect your personal information from threats. Understanding different methods can help you choose the right one for your needs. If you need help securing your data, contact us today – info@mytechexperts.com.

Top Cybersecurity Threats Small Businesses Face in 2025

Cybersecurity is no longer a problem exclusive to large enterprises. Small and mid-sized businesses (SMBs) are increasingly targeted by cybercriminals because they often have fewer resources to defend against sophisticated attacks. Being proactive about cybersecurity can mean the difference between thriving and struggling to recover from a serious breach. Here are the top ten cybersecurity threats your business faces in 2025 and tips to protect yourself.

Ransomware attacks

Ransomware remains one of the most damaging threats. Cybercriminals encrypt your business data and demand a ransom for its release. SMBs are targeted because they may lack robust backup and recovery systems. Preventative measures like regular data backups and strong endpoint security are critical.

Phishing emails

Phishing attacks trick employees into providing sensitive information, such as login credentials. These attacks have evolved to include highly personalized emails that are harder to recognize as scams. Employee training and email filtering tools can reduce the likelihood of a successful phishing attack.

Credential theft

Cybercriminals are constantly searching for login credentials to access business systems. They often steal these through phishing, malware, or by exploiting weak passwords. Implementing multi-factor authentication (MFA) can significantly improve your security posture by requiring additional verification beyond a password.

Insider threats

Insider threats—whether malicious or accidental—pose a serious challenge for small businesses. Employees, contractors, or even former staff may misuse access to your systems. Limiting access to sensitive data and monitoring user activity can reduce the chances of insider incidents or account compromises.

IoT device exploits

As more businesses adopt Internet of Things (IoT) devices like smart cameras, thermostats, and inventory trackers, these devices have become a growing attack surface. Many IoT devices have weak security protocols, making them vulnerable. Ensure that all devices are updated regularly and segregated from critical business networks.

Supply chain attacks

Cybercriminals are increasingly targeting SMBs by compromising third-party vendors or software suppliers. This can result in malware infections and data breaches without any direct attack on your business. Vetting vendors, limiting their access to your systems, and monitoring for suspicious activity can help defend against supply chain attacks.

Zero-day vulnerabilities

Zero-day vulnerabilities are newly discovered flaws in software that hackers can exploit before developers issue a fix. These vulnerabilities are difficult to prevent entirely but can be mitigated by keeping your software up to date and using security tools that detect abnormal behavior.

Distributed Denial-of-Service (DDoS) attacks

DDoS attacks flood a business’s network or website with traffic, causing service disruptions. While these attacks are often used to target large companies, SMBs can also be affected. Implementing DDoS protection services can prevent attacks from overwhelming your network and keeping you from doing business.

Social engineering scams

Social engineering involves manipulating people into revealing confidential information or performing harmful actions. Attackers may impersonate trusted contacts or authority figures to gain access to your systems. Training employees to recognize these tactics and verifying unusual requests can reduce risk.

How to protect your business

Understanding these threats is only the first step. Here are some actionable strategies to help secure your business:

Invest in Employee Training: Regularly educate employees on cybersecurity best practices and how to recognize threats.

Use Multi-Factor Authentication (MFA): Adding an extra layer of security to logins helps prevent unauthorized access.

Regular Backups: Ensure you have automated backups of critical data and test your recovery procedures.

Implement Network Monitoring: Continuous monitoring of your network can detect suspicious activity early, allowing you to respond quickly to potential threats.

Partner with a Managed Service Provider (MSP): A trusted MSP can monitor your systems, provide threat intelligence, and ensure security updates are applied consistently.

Cybersecurity doesn’t have to be overwhelming. By addressing these top threats and taking a proactive approach, your business can stay one step ahead of cybercriminals and safeguard your operations in 2025.

Business Premium Is Your Next Smart Move

Running a business comes with challenges you might not expect, like phishing emails, stolen devices, or ex-employees still accessing your systems.

While Microsoft 365 Business Standard is a great package for getting work done, it doesn’t offer the advanced security and management tools needed to handle these risks.

That’s where Microsoft 365 Business Premium comes in.

Business Premium gives you everything you love about Business Standard – apps like Word and Excel, email hosting, Microsoft Teams, and OneDrive for cloud storage. And it adds powerful features to keep your business secure and efficient.

Take cyber threats, for example. Phishing emails, designed to trick you into clicking dangerous links, can install malware (malicious software) that locks your files or steals sensitive data. With Business Premium, Microsoft Defender for Business scans for these threats and stops them in their tracks. It’s like having a 24/7 security guard for your data.

Device management is another big advantage. If an employee loses their laptop, Business Premium’s Microsoft Intune lets you remotely erase company data, protecting your sensitive information. You can also set policies to ensure every device connected to your business is secure.

And then there’s protecting your confidential information. Business Premium uses Purview Information Protection to label sensitive files and control who can access them. Even if an email gets forwarded outside your company, the protections stay in place, safeguarding your data wherever it goes.

These tools aren’t just nice to have, they’re essential for modern businesses facing growing cyber security threats. The added cost is a small investment for the confidence that your team, data, and reputation are protected.

Upgrading to Business Premium can help prepare your business for the future. If you’re ready to take that step, it’s worth every penny. We can help you get started – get in touch.

Should You Use A Password Manager?

Password managers keep our online accounts safe. They store all our passwords in one place. But are they hackable?

What are password managers?

Password managers are like digital vaults: they save all your passwords inside themselves. You need only remember one master password to then gain access to all of your other passwords. This makes keeping a lot of accounts much easier to handle.

Dedicated password managers are difficult to hack if configured properly. While hackers are always hunting for ways to steal your information, a properly configured password manager has a complex password and two-factor authentication. This makes it very difficult to crack.

You can protect your password manager by using a strong master password. The master password is the “key” that unlocks all of your other passwords. Use a mix of letters, numbers, and symbols, or better yet, a secure passphrase that is easy to remember, but hard to guess.

Be sure to enable two-factor authentication. 2FA adds an important layer of security.

What happens if a password manager gets hacked?

If you’ve set up your password manager properly, the chance of it being hacked is extremely low. However, if your password manager is compromised, you should:

  • Change your master password immediately.
  • Determine which accounts could be affected and change their passwords as well.
  • Consider shifting to another password manager.
  • Keep up to date with any security news about your manager.

The benefits of using a password manager usually outweigh the risks. They help you create strong, unique passwords for each account.

Choosing a reputable password manager with good reviews and security features is key. Do some research before deciding which one to use.

Using a password manager will go a long way in enhancing your online security. If you need help in selecting which one, give us a call at (734) 240-0200.

Are Your Tech Tools Helping Or Hurting Your Business?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

In the rush to stay competitive, businesses have been trying out new tech tools left, right, and center. It’s great to embrace change. But here’s the thing: Having too many tools – or the wrong kind – can create more headaches than solutions.

That means lots of businesses are now stuck with a jumble of software that doesn’t play nicely together, making work slower and more frustrating than it should be.

Over the past few years, companies have thrown tools at every problem:

• HR needed a way to track time off requests… there’s software for that
• Finance needed help with tax compliance… another tool added to the mix
• Add in the scramble to adapt to remote work and fast growth, and suddenly, every department has its own tool

The result? A patchwork quilt of systems that just don’t connect.

Now the focus is shifting to working smarter, not harder, and those cracks in your tool stack are showing. Instead of helping your team, too many disconnected tools are slowing them down. Data gets stuck in silos, workflows feel clunky, and employees are juggling software. To make matters worse, you’re likely paying for tools no one’s even using.

So, what can you do?

Look at the bigger picture. Think about consolidating your tool stack. Cut out the extras and focus on systems that work together smoothly. When your tools are aligned, your data flows properly and your team can do what they do best.

It’s not just about saving money (though you’ll probably do that too). It’s about making work easier and more efficient. Automation can also help you spot inefficiencies and connect the dots between systems, so everything runs more smoothly.

If your team isn’t working as efficiently as they could, before you start pointing fingers consider that your stack might be the reason.

We can help you create a tool stack that helps, not hinders, your workflow. Get in touch.