TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Your Next Best Employee Probably Won’t Be Human

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

What would happen if your competitor could suddenly get twice as much work done… without hiring anyone new?

No extra desks, recruitment fees, or bigger payroll. Just more output.

That’s the shift we’re moving into.

You’ve probably heard people talk about AI and wondered what that means for a normal business like yours.

An AI worker isn’t a robot. It’s software that can think through tasks in a surprisingly human way.

It can read documents, write emails, summarize meetings, analyze numbers, draft proposals, create job descriptions, and even help write computer code.

If you’re using Microsoft 365, you’re already seeing early versions of this built into tools like Word, Outlook and Teams.

Right now, many SMBs are dabbling. Someone asks AI to tidy up an email. Someone else uses it to help write a report.

But the real advantage comes when a business is properly set up to use AI across the organization.

And this is where some companies are going to struggle.

AI tools work best when your data is organized and accessible. If your files are scattered across personal laptops, old servers, and mystery cloud apps no one remembers signing up for, AI can’t safely “see” the information it needs.

If your security is weak, giving AI deeper access could create risk.

Being ready for AI doesn’t mean being technical. It means having tidy systems, clear permissions (who can access what), strong security, and leadership that’s willing to adapt processes.

Because this isn’t a small improvement.

The people building these tools are predicting dramatic leaps forward very quickly. Tasks that currently take hours could shrink to minutes.

Research that once required days might happen in seconds.

When that becomes normal, businesses that can plug in AI workers smoothly will accelerate. Those that can’t will feel slower, more expensive, and less responsive.

And this isn’t about replacing your team. It’s about giving them superpowers.

And in the next few years, the businesses that win won’t necessarily be the biggest or the oldest. They’ll be the ones that were ready.

If you’d like to discuss how AI could benefit your business, get in touch.

Beware The Next Generation Of Phishing Attacks

If phishing scams are supposed to trick people, why do so many of them still feel clumsy?

For years, the answer was simple: Most scams were mass-produced.

The same email, the same fake website, sent to thousands of people and hoping a few would fall for it.

That approach is still around, but it’s starting to evolve.

When generative AI first appeared, there was a lot of talk about “dynamic websites.”

Instead of one fixed site for everyone, pages would be generated on the spot, shaped by who you are, where you are, and what device you’re using.

That future never really arrived for everyday businesses. It was complex and rarely worth the effort.

Cybercriminals, however, don’t need perfect systems.

They need something convincing.

Security researchers have shown how this idea could be used for phishing. While it’s still largely experimental, it gives a clear picture of the next generation of scams.

A victim clicks a link and lands on a webpage that looks harmless. There’s no obvious malicious code sitting on the page.

Once it loads, the page asks a legitimate AI service to help generate content.

That content is then assembled and run directly in the person’s browser.

The result is a phishing page that’s created especially for that visitor.

The wording, layout, and code can all be different every time. There’s no single fake website for security systems to spot and block – because the scam doesn’t fully exist until someone opens it.

Before you panic, this method isn’t widespread yet. But the building blocks are in use.

AI is being used to write malicious code, malware is increasingly assembled as it runs, and AI-assisted scams are becoming more common.

For you, this changes the rules slightly.

Phishing is no longer just about spotting bad spelling or sloppy design.

Future scams may look even more polished, personalized, and completely legitimate. Some will appear to come from legitimate senders.

That’s why modern protection focuses less on “don’t ever click the wrong thing” and more on limiting the damage if someone does.

Tools like multi-factor authentication, secure browsers, and email filtering still work, even when a fake page looks convincing.

Remember this: phishing isn’t going away.

To stay protected now, you must assume the next scam will look professional and make sure your defenses don’t rely on people spotting obvious mistakes.

Tech Overload Or Tech Opportunity?

Has your team had to adapt to new systems recently?

Perhaps you’ve rolled out new software, introduced automation, or started experimenting with AI tools inside Microsoft 365.

A few years ago, that level of change might have left people feeling overwhelmed.

Today, something different is happening.

Research shows that most employees have experienced organizational change in the past year, and the most common reason is new technology.

You might expect that constant updates and new tools would drain energy. In reality, many workers report feeling more engaged, not less.

Artificial intelligence is playing a big role in this shift.

Around half of employees now use AI tools regularly at work. They say it helps them complete tasks faster, improve the quality of what they produce, and generally feel more productive.

When technology removes repetitive or frustrating parts of a job, it creates breathing space.

That said, there is a clear warning for business owners.

When companies don’t provide approved, secure AI tools quickly enough, employees don’t stop using them. They find their own.

This is known as shadow AI, where staff use unapproved tools without IT oversight.

It usually comes from good intentions. People want to work efficiently. But it can expose sensitive company data and create security risks.

The demand for smarter tools is coming from inside your business, not from software vendors pushing features.

There’s another factor that matters just as much as the technology itself: employees want to feel listened to during periods of change.

When leadership checks in, explains decisions clearly, and responds to feedback, engagement rises sharply.

When change feels imposed without conversation, enthusiasm drops.

The businesses thriving right now are guiding innovation carefully.

They are introducing new tools with structure, strengthening security, and having regular conversations about what support people need.

Technology isn’t settling down any time soon.

Handled properly, though, it can energize your workforce rather than exhaust it.

And if you need help working out the right tech for your business, we can help. Give us a call at (734) 457-5000, or email info@mytechexperts.com.

The “Session Cookie” Hijack: Why MFA Can’t Always Save You

MFA is a strong front-door lock. But it’s not the only thing that decides whether someone can get in.

After you sign in, your browser keeps you logged in using a session token (often stored as a cookie). It’s the digital version of a wristband at an event: once you’ve been checked, the wristband proves you belong there.

If an attacker steals that wristband, they may not need to beat your MFA prompt at all.

That’s the core of session cookie hijacking. The attacker isn’t “cracking” MFA. They’re skipping it by replaying your already authenticated session.

This isn’t a reason to stop using MFA. It’s a reason to stop treating MFA as the finish line.

Why MFA isn’t a “game over” control

MFA is still one of the best upgrades most businesses can make, but it doesn’t end an attack on its own.

The reason is that attackers don’t always try to beat the login step. They try to go around it.

Cloudflare notes that “attackers are finding new ways to circumvent MFA” and that modern incidents are rarely one isolated technique. They’re “part of a chain of attacks.”

In other words, MFA can block a lot of credential theft, but it doesn’t automatically protect what happens after a user successfully signs in.

That’s where session cookie hijacking comes in.

What a session cookie is and why attackers want it

When you sign into a web app, the site needs a way to remember that you’ve already proved who you are.

That’s what a session is: a temporary “logged-in” state that saves you from entering your password and MFA code on every click.

Kaspersky explains that session hijacking is “sometimes called cookie hijacking” because cookies are commonly used to store the session identifier that keeps you authenticated.

Proofpoint describes session tokens as digital “keys” that let a user stay authenticated. It warns that stealing valid tokens lets attackers impersonate legitimate users and potentially bypass authentication measures “like MFA.” That’s why session cookie hijacking is so highly leveraged.

If an attacker can steal the cookie or token that represents your active session, they’re not trying to defeat the login process. They’re attempting to reuse what you already completed and access the same apps and data as if they were sitting at your keyboard.

How session cookie hijacking actually happens

AiTM phishing – Adversary-in-the-middle (AiTM) phishing is the “proxy login” trap. You think you’re signing into a normal service, but you’re actually signing into a lookalike page that sits between you and the real site.

The attacker relays the login in real time, so everything appears to work, including MFA.

Browser-in-the-Middle session stealing. It’s similar in spirit, but it’s even more “hands- on” from the attacker’s side. Instead of stealing a password and running away, the attacker effectively places themselves in control of the browsing session.

Cookie theft from the endpoint. Not every session hijack starts with a fancy proxy. Sometimes, the attacker simply steals session data from the device itself, allowing attackers to impersonate legitimate users.

MFA is a baseline, not a finish line

MFA is still essential. It blocks a huge amount of credential theft and makes basic account takeover harder.

But session cookie hijacking is a reminder that attackers don’t always try to defeat the login step. Sometimes, they reuse what happens after it.

The practical response is layered and realistic. When those controls work together, MFA stops being a checkbox and becomes a strong baseline backed by protections around the session itself.

Would Your Business Survive A Serious Cyberattack?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It’s not a comfortable question, and it’s one many SMB owners assume they never really need to answer.

Cyberattacks feel like something that happens to other people. Big brands. Global companies. Organizations with huge IT teams and budgets.

The reality is very different.

Recent research shows that a worrying number of businesses believe they simply wouldn’t survive a major cyber incident.

That might sound dramatic, but it’s a fair reflection of how exposed many businesses still are.

Cyberattacks have changed. They’re no longer just a hacker guessing a password. Attacks today are faster, more targeted, and often designed to shut a business down completely.

Ransomware, for example, is a type of attack where criminals lock your systems and demand payment to unlock them. If you can’t access your data, your systems, or your customer information, normal business stops very quickly.

What’s interesting is that most business leaders know the risk is rising. Many openly admit they expect their staff to fall for a phishing attack.

Phishing is when a fake email or message pretends to be legitimate, tricking someone into clicking a link or handing over login details.

That single mistake can be all an attacker needs.

Despite this awareness, the basics are still being missed.

Password reuse is a big one. If someone uses the same password at work and across multiple personal accounts, one breach can quickly turn into many.

Cybercriminals know this, which is why stolen passwords are so valuable.

Basic cyber awareness training is another gap. Many employees have never been shown what to look out for or how to spot common scams.

But it’s not all doom and gloom.

High-profile attacks have made business owners more alert, especially around newer threats like AI-driven scams and deepfake video calls that pretend to be senior leaders. That growing skepticism is healthy.

The most important thing to understand is that surviving a cyberattack doesn’t need expensive tools or complex technology.

Preparation is your best tool.

Simple steps like strong, unique passwords and regular staff training make a real difference.

Do you think your business would survive a serious cyberattack? If you’re not sure, we can help you strengthen your defenses. Give us a call at (734) 457-5000.

The Real Reason You’re Struggling With AI

AI has become a regular topic in business conversations.

It comes up in meetings, strategy days and vendor pitches.

Yet for all the talk, many organizations are still struggling to turn AI from an interesting idea into something that genuinely helps people do their jobs.

In many organizations, AI is stuck in a trial phase.

Someone experiments with a tool. A small pilot runs for a few weeks. Then progress slows.

The AI works, but businesses struggle to move from experimentation to everyday use. The return on investment everyone expects stays just out of reach.

Uncertainty is usually to blame.

Leaders worry about security, privacy and compliance. They’re unsure what data AI tools are allowed to see or how decisions are being made. Others admit they don’t yet have a clear business case, so AI becomes something interesting rather than something essential.

Another big factor is confidence.

Many employees are curious about AI, but also nervous. They worry about making mistakes, relying on the wrong answers, or using tools incorrectly.

Without clear guidance, people either avoid AI altogether or use it quietly and inconsistently. That creates risk and limits the benefits.

It’s a shame, because when AI is used properly, the gains are very real. Teams can respond to customers faster, spot issues earlier, analyze data more easily and reduce time spent on repetitive admin.

In technical areas, AI can help monitor systems, improve security, and surface problems before they turn into outages.

These are practical, everyday improvements that add up quickly.

The businesses seeing progress tend to take a steady, human-first approach. They set clear rules around how AI should be used, what it can and can’t do, and where human judgment still matters. They focus on giving staff training and reassurance, not just new tools.

AI becomes a support act, not a replacement.

AI projects don’t usually stall because the technology isn’t ready. They stall because people aren’t. If you need help giving your team the confidence to use AI effectively, get in touch.

Stop Ransomware In Its Tracks: A Five-Step Proactive Defense Plan

Ransomware isn’t a jump scare. It’s a slow build.

In many cases, it begins days, or even weeks, before encryption with something mundane, like a login that never should have succeeded.

That’s why an effective ransomware defense plan is about more than deploying antimalware. It’s about preventing unauthorized access from gaining traction.

Here’s a five-step approach you can implement across small-business environments without turning security into a daily obstacle course. Each step is practical and repeatable across small-business environments.

Step 1: Phishing-resistant sign-ins

“Phishing-resistant” sign-ins are authentication methods that can’t be easily compromised by fake login pages or intercepted onetime codes.

It’s the difference between “MFA is enabled” and “MFA still works when someone is specifically targeted.”

  • Enforce strong MFA across all accounts, with priority given to admin and remote accounts
  • Eliminate legacy authentication methods that weaken your security baseline
  • Implement conditional access rules, such as step-up verification for high-risk sign-ins, new devices, or unusual locations

Step 2: Least privilege + separation

“Least privilege” means each account gets only the access it needs to do its job – and nothing more.

“Separation” means keeping administrative privileges distinct from everyday user activity, so a single compromised login doesn’t hand over control of the entire business.

  • Keep administrative accounts separate from user accounts
  • Eliminate shared logins and minimize broad “everyone has access” groups
  • Limit administrative tools to only the specific people and devices that genuinely require them

Step 3: Close known holes

“Known holes” are vulnerabilities attackers already know how to exploit, typically because systems are unpatched, exposed to the Internet or running outdated software.

  • Set clear patch guidelines: critical vulnerabilities addressed immediately, high-risk issues next, and all others on a defined schedule
  • Prioritize Internet-facing systems and remote access infrastructure
  • Cover third-party applications

Step 4: Early detection

Early detection means identifying ransomware warning signs before encryption spreads across the environment. Think alerts for unusual behavior that enable rapid containment.

A strong baseline includes:

  • Endpoint monitoring that can flag suspicious behavior quickly
  • Rules for what gets escalated immediately vs what gets reviewed

Step 5: Secure, tested backups

“Secure, tested backups” are backups that attackers can’t easily access or encrypt, and that you’ve verified you can restore successfully when it matters most.

Both NIST’s ransomware guidance and the UK NCSC emphasize that backups must be protected and restorable. NIST specifically calls out the need to “secure and isolate backups.”

  • Keep at least one backup copy isolated from the main environment
  • Run restore drills on a schedule
  • Define recovery priorities ahead of time, what needs to be restored first, and in what sequence

If you’d like help assessing your current defenses and building a practical, repeatable ransomware protection plan, contact us today.

What Happens The Day After An IT Disaster?

It’s easy to think about an IT disaster in dramatic terms.

A ransomware attack. A server failure. A cybercriminal locking down systems. A major internet outage. Maybe even a fire, flood, or power issue that suddenly takes critical technology offline.

But the real question for most businesses isn’t just how the disaster happens.

It’s what happens the day after.

That’s the moment when the headlines and panic wear off, and reality sets in. Staff still need to work. Customers still expect answers. Orders still need to be processed. Vendors still need to be paid. Phones still need to be answered.

If your systems are unavailable, even for a short time, the disruption spreads quickly across the business.

This is where many companies discover a hard truth: they may have thought about prevention, but they never fully planned for recovery.

Most businesses have at least some level of protection in place. They may use antivirus, firewalls, cloud services, or data backups. Those are all important. But recovery is about more than simply having tools. It’s about knowing how the business will function when something critical is suddenly unavailable.

For example, if your main files were inaccessible tomorrow morning, would your team know what to do first? If email was down, how would employees communicate internally and with customers? If your line-of-business software stopped working, could you still access the information needed to keep operations moving? If phones were affected, would calls be rerouted somewhere else? These questions are uncomfortable, but they matter.

A business continuity plan is what helps answer them. It doesn’t need to be a huge binder gathering dust on a shelf. In fact, the most effective plans are often simple, practical, and easy to follow.

The purpose is to define what is most important, what needs to happen first, and who is responsible for making decisions during a disruption.

The starting point is identifying your critical systems. Every business depends on certain tools more than others. That might be your email, accounting platform, CRM, file server, phones, remote access system, scheduling software, or industry-specific applications.

Not every system needs to be restored immediately, but some absolutely do. If you don’t define those priorities in advance, the recovery process becomes slower, more chaotic, and more expensive.

Communication is another major piece that often gets overlooked.

During an outage, confusion can become just as damaging as the technical issue itself. Employees need to know where updates will come from. Customers may need reassurance. Vendors may need instructions. If the usual communication channels are down, you need a backup plan. That could mean alternate email accounts, mobile phones, a cloud-based phone failover option, or even a documented call tree for urgent updates.

Backups are also a big part of the conversation, but businesses sometimes misunderstand what backups really solve. Having backups is important, but backup files alone do not guarantee a fast or smooth recovery. You also need to know how long restoration will take, which systems get restored first, and whether the restored data has been tested recently. A backup that has never been verified is more of a hope than a plan.

Then there’s the people side.

When something goes wrong, employees are often unsure whether they should keep working, shut devices off, report suspicious activity, or wait for instructions.

Without clear guidance, people make inconsistent decisions, and that can make a bad situation worse. Even a basic incident response checklist can go a long way toward reducing panic and helping staff respond appropriately.

The businesses that recover best are rarely the ones with the fanciest technology. They’re usually the ones that prepared in advance, practiced their response, and made sure people understood their role. They know which systems matter most. They know how to communicate. They know how to restore operations in a sensible order.

An IT disaster doesn’t have to become a business-ending event.

But survival depends on more than prevention alone. It depends on recovery, coordination, and preparation before the crisis begins.

Because when the day after arrives, you don’t want to be figuring everything out for the first time.

You want a plan.

If you’re not sure how your business would operate after a serious IT disruption, now is the time to find out. We can help you build a practical recovery and continuity plan before you ever need it.

Did One Of These Fool You Last Year?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

You’re not imagining it. Scam emails are getting harder to spot.

Phishing attacks are becoming more convincing, more targeted, and more frequent.

Let’s rewind a moment…

Phishing is when criminals pretend to be a company you trust and try to trick you into clicking a link, opening an attachment, or logging in to a fake website.

Their goal is usually to steal passwords, money, or access to your systems.

The reason it works so well is simple: It relies on familiarity and distraction.

Last year, the company most often impersonated by scammers was Microsoft.

That’s not because Microsoft has done anything wrong, but because so many businesses rely on its email, files, and cloud services.

One stolen Microsoft login can open the door to email accounts, documents, and even financial data.

Close behind were Facebook and Roblox, with other familiar names like Amazon, Google, and PayPal also commonly abused.

Security researchers noticed a big spike in phishing toward the end of last year. That makes sense.

People are busy, inboxes are full, and there’s a lot going on with shopping, renewals, year-end tasks, and business and personal income tax preparation.

Scammers know this and time their attacks carefully.

What makes things more worrying is how realistic these messages have become. Criminals now use AI to create fake login pages and “security alerts” that look almost identical to the real thing.

Some attacks don’t just steal your password but also grab the extra security codes you use to log in, allowing attackers straight through the front door.

So how do you stay safe?

The most important habit is to slow down. Any email or text that claims there’s an urgent problem with an account should immediately raise suspicion.

Instead of clicking, open your browser and go directly to the company’s website yourself to check. If something feels off, it probably is.

Extra protection also matters. Using multi-factor authentication, which is a second check like a code sent to your phone, can stop criminals even if they get your password.

Keeping devices protected with up-to-date security software and making sure your team knows what phishing looks like can make a huge difference.

Phishing isn’t going away.

But with the right awareness and a few sensible safeguards, it doesn’t have to catch you out.

Implementing Zero Trust For Small Business

Think about your office building. You probably have a locked front door, security staff, and maybe even biometric checks.

But once someone is inside, can they wander into the supply closet, the file room, or the CFO’s office?

In a traditional network, digital access works the same way: a single login often grants broad access to everything. The Zero Trust security model challenges this approach, treating trust itself as a vulnerability.

For years, Zero Trust seemed too complex or expensive for smaller teams. But the landscape has changed.

Today, it is a practical, scalable defense, essential for any organization.

It’s about verifying every access attempt, no matter where it comes from. It’s less about building taller walls and more about placing checkpoints at every door.

And it’s not just about outsiders. It also limits damage from everyday mistakes – like clicking a bad link – or from a compromised vendor account. With Zero Trust, access is granted based on identity, device health, and context, and only to the specific resources needed. That “least privilege” approach shrinks the blast radius when something goes wrong, making incidents easier to contain and faster to recover from.

Transform your security posture

Adopting Zero Trust isn’t just a technical change, it’s a cultural one. It shifts the mindset from broad trust to continuous monitoring and validation.

Your teams may initially find the extra steps frustrating, but explaining clearly why these measures protect both their work and the company will help them embrace the approach.

The goal is to foster a culture of ongoing governance that keeps Zero Trust effective and sustainable.

Your actionable path forward

Start with an audit to map where your critical data flows and who has access to it. While doing so, enforce MFA across the board, segment your network beginning with the highest – value assets, and take full advantage of the security features included in your cloud subscriptions.

Achieving Zero Trust is a continuous journey, not a one-time project. Make it part of your overall strategy so it can grow with your business and provide a flexible defense in a world where traditional network perimeters are disappearing.

Contact us to schedule a Zero Trust readiness assessment for your business.