tech gen it service logo

Productivity Boosting Apps

We all have favorite apps that we use every day. Here are a few that will make you more productive and efficient.

Jog.ai – This is a neat web service that you can use to take meeting notes for you. Jog.ai acts as a middle-man recording your telephone calls. It not only gives you a high-quality recording, but will also transcribe your call, so it is searchable later. While you’re on a call, you can use the jog.ai web app to ‘mark’ important parts to refer back to later. Best of all, it will “listen” for keywords like “action item” and automatically highlight that part of your call. Just make sure you let the other caller know if you’re talking to someone in a state that requires that kind of notification.

LastPass – Lastpass stores your passwords securely behind a super-strong “master password” and also supports multi-factor authentication to further protect your credentials.  Lastpass syncs between your different computers, and mobile devices, so you can always access your important sites.    Other really useful features;  securely sharing credentials with others, and storing credit card and bank information – automatically filling out web-forms so you don’t need to track down your wallet!

Boomerang – A great plugin for Outlook or gmail.com  Boomerang reminds you to follow up on emails at some point in the future if the recipient doesn’t send you a reply.  But – one of the most powerful features is the ability to “share” preferred meeting dates with someone via email.  For example; if you’re trying to setup a conference call, you can pick a couple of dates/times that are available on your calendar and include those in the message.  Boomerang will automatically send an invite to both of you with the time-slot that the recipient selects.   I find this to be a little more personal than services like Calendly.com

Calendly – This is a great service that automatically syncs with your calendar and creates a simple website that shows your availability.  You can create different “booking templates” for things like 30-minute calls, 60-minute face-to-face meetings.   Calendly will let you specify specific minimum & maximum availability ranges, as well as custom fields that are added to the meeting.    Now when someone says; “Hey are you available next week?”   You can reply with your Calendly link, and they can pick a time that you’re available – that works for them too!

Interested in trying out any of these apps?  We can help you install them and integrate them with your existing systems!  Just contact us and we’ll be happy to help!

minnesota-it-support

End of Year Scams

It’s the end of the year, and with the holidays wrapping up it means “time to get back to work” for most of us, but it means “time to kick into high gear” for hackers. With many companies running with partial staff, identity thieves see them as prime targets. When employees have extra workloads, they can’t spend as much time carefully reading emails, but that just means we need to train ourselves to be cautious.

Every year scammers start bringing out their old standbys for year’s end because people still respond to them. Here are some of the most common tactics, so you and your users can be ready:

  • Employee benefits/Health Savings Account scams

These types of scams rely on employees not being informed of company policies. The scammer will send an email telling the employee that their benefits are about to expire, or they need to renew them for the new year. They provide a fake website to “log in” and steal credentials. Avoid this by making sure to ask the appropriate person in your organization about anything benefit related – don’t rely on random emails.

  • Microsoft (or other software) End of Year upgrade:

This type of scam involves an email telling you that your software is about to expire, and you need to send money to renew it. Typically, they will try to scare you and tell you that your email account will be closed by Microsoft or something similar. Always ask your IT vendor about the status of your licenses. TechGen will be happy to work with you to manage your software licenses and keep you in compliance.

  • Phone call scams (“Vishing”):

With staff overworked, hackers are more likely to try to leverage employee exhaustion by calling directly instead of sending an email. These types of scammers will pretend to be from the IRS, or Microsoft, or some other group that needs credentials, passwords, or access to a computer. None of these organizations will call you out of the blue and make you resolve an issue on the spot.

  • Charity scams:

Lots of people want to contribute to charities toward the end of the year, and who doesn’t like making the world a better place? Scammers will utilize this to send fake charity emails, hoping people will send them money. You can avoid these by navigating directly to the website of the charity you want to go to. Don’t send money to people who ask for it over email.

Finally, scammers have been watching the news as well, and they’ve seen the confusion resulting from the new tax law that congress has passed. Expect there to be lots of phishing emails sent out on this topic. Hackers may be sending fake articles for you to click, asking for your information to “help you calculate your new tax liability” or most dangerously, pretending to be government agents and demanding money. The IRS has released a page talking about fake IRS communications and how to avoid them. You can see that here https://www.irs.gov/privacy-disclosure/report-phishing

Stay warm, and stay safe.

mn-help-desk-support

Identifying a Phishing Email

No matter how secure your network is, the first line of defense is always your employees. They are the gatekeepers to your network – deciding which emails are opened and allowed in. Hackers know that they can’t do anything until they get inside. Just like someone who wasn’t invited to the party, they will pretend to know someone, pretend to be someone else, or make up whatever other lies they can to get inside. In the computer world, those fake and malicious emails are called “phishing emails.” Because of how dangerous they can be, the ability to recognize phishing emails is critical to network security.

Here are some things to look for to help you and your employees determine if an email is legitimate, or a party crasher.

Make sure the email is something you were expecting to get. Unsolicited requests, invoices, and links should be suspicious.
Hover your mouse over every link before you click it. You will see a small popup that tells you where the link goes. Make sure the link goes to the correct place before you click. One way to always be safe is to navigate to the website yourself in your browser and don’t click the link at all.
Double check the email address that the email is coming from. Sometimes fake emails will use addresses similar to real sites (e.g. “Techgem.com” instead of “techgen.com”)
Did they misspell my company name or make other mistakes on the email? Do they use a generic name instead of mine?
Do you know the person sending the email? Is this the type of email they usually send? Look at the signature of the email and make sure it matches their usual signature. If their identity is in doubt, you can always call them and verify the authenticity of the email.
Phishing emails will try to make you click without reading. Check to see if the email implies urgency or extreme importance. For example: “IMMEDIATE ATTENTION – YOUR ACCOUNT WILL BE CLOSED”
Look for misspellings and poor grammar. Many people who send phishing emails don’t speak English as a first language.
There can be other, subtle red flags. For instance, does the email have a strange subject line, signature, or layout?
Sometimes, a legitimate email may have one of the above, but by looking at a combination of the above, you can usually tell a phishing email from a normal one.

Attached below is an example of a real phishing email, with the suspicious features we used to identify it pointed out. Take a look at how we applied the tips mentioned above.

Stay safe out there.

non-profit-it-photo

2017 Password Security Recommendations

Everyone has heard a lot about password security, but as of June the suggested practices have changed. With the constantly evolving world of cyber threats in mind, researchers at the National Institute of Standards and Technology (NIST) have gathered a significant body of evidence about what types of passwords work and which ones don’t. A lot of the old rules we learned decades ago have been found to be very inefficient and don’t really protect us as much as we thought. The new recommendations are summarized below:

  • All passwords should be at least 8 characters long, but significantly longer when possible. Passwords under 8 characters are simply too easy to crack with modern computers. Research has determined that the length of the password is the most important factor in making it secure.
  • Using special characters (!@#$) is no longer suggested when making passwords. These are just going to make your password hard to remember. It’s much safer to just make your password easy to remember, but very long – such as a series of random words. Note that using one word, no matter how long is never secure, you should use multiple.
  • Don’t use repetitive or sequential characters in a password. That means 1234abcd, qwertyui, and aaaaaaaa are all very insecure passwords. Hackers figured out all of the patterns years ago, and can crack your password easily if you use them.
  • Don’t use your username, or the name of the website as part of your password. Even though this adds length and complexity, it is very easy to guess.
  • Don’t use “hints” or other tools to make it easier to get your password. If you use these, a hacker just needs to figure out your mother’s maiden name or other simple facts about you in order to access your accounts. If you use password hints, they don’t need to guess your password at all.
  • Don’t change your password too frequently. While it is still good practice to change your password if you click on a suspicious link, if you got infected with malware, or your password was hacked in the past; arbitrarily changing your password every X number of days is just going to increase the likelihood you select insecure passwords or passwords that are very similar, and thus are no more secure.

And finally:

  • You should use a password manager. Writing down your password is still not considered a good practice because people can easily find your sticky notes with passwords on them. Password managers like LastPass will hold all of your passwords in a secure database, which means they can’t be seen by others or copied. Then you can make long, complex passwords and you won’t have to memorize them. The only password you need to know is the super-strong password for LastPass. We’ve used LastPass here at TechGen for a long time, and are reaching out to clients recommending that they use it too. We will be very happy to help you set up. The time savings and added security are absolutely worth it. Please contact us if you are interested for pricing/features/etc.