TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Would Your Business Survive A Serious Cyberattack?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It’s not a comfortable question, and it’s one many SMB owners assume they never really need to answer.

Cyberattacks feel like something that happens to other people. Big brands. Global companies. Organizations with huge IT teams and budgets.

The reality is very different.

Recent research shows that a worrying number of businesses believe they simply wouldn’t survive a major cyber incident.

That might sound dramatic, but it’s a fair reflection of how exposed many businesses still are.

Cyberattacks have changed. They’re no longer just a hacker guessing a password. Attacks today are faster, more targeted, and often designed to shut a business down completely.

Ransomware, for example, is a type of attack where criminals lock your systems and demand payment to unlock them. If you can’t access your data, your systems, or your customer information, normal business stops very quickly.

What’s interesting is that most business leaders know the risk is rising. Many openly admit they expect their staff to fall for a phishing attack.

Phishing is when a fake email or message pretends to be legitimate, tricking someone into clicking a link or handing over login details.

That single mistake can be all an attacker needs.

Despite this awareness, the basics are still being missed.

Password reuse is a big one. If someone uses the same password at work and across multiple personal accounts, one breach can quickly turn into many.

Cybercriminals know this, which is why stolen passwords are so valuable.

Basic cyber awareness training is another gap. Many employees have never been shown what to look out for or how to spot common scams.

But it’s not all doom and gloom.

High-profile attacks have made business owners more alert, especially around newer threats like AI-driven scams and deepfake video calls that pretend to be senior leaders. That growing skepticism is healthy.

The most important thing to understand is that surviving a cyberattack doesn’t need expensive tools or complex technology.

Preparation is your best tool.

Simple steps like strong, unique passwords and regular staff training make a real difference.

Do you think your business would survive a serious cyberattack? If you’re not sure, we can help you strengthen your defenses. Give us a call at (734) 457-5000.

The Real Reason You’re Struggling With AI

AI has become a regular topic in business conversations.

It comes up in meetings, strategy days and vendor pitches.

Yet for all the talk, many organizations are still struggling to turn AI from an interesting idea into something that genuinely helps people do their jobs.

In many organizations, AI is stuck in a trial phase.

Someone experiments with a tool. A small pilot runs for a few weeks. Then progress slows.

The AI works, but businesses struggle to move from experimentation to everyday use. The return on investment everyone expects stays just out of reach.

Uncertainty is usually to blame.

Leaders worry about security, privacy and compliance. They’re unsure what data AI tools are allowed to see or how decisions are being made. Others admit they don’t yet have a clear business case, so AI becomes something interesting rather than something essential.

Another big factor is confidence.

Many employees are curious about AI, but also nervous. They worry about making mistakes, relying on the wrong answers, or using tools incorrectly.

Without clear guidance, people either avoid AI altogether or use it quietly and inconsistently. That creates risk and limits the benefits.

It’s a shame, because when AI is used properly, the gains are very real. Teams can respond to customers faster, spot issues earlier, analyze data more easily and reduce time spent on repetitive admin.

In technical areas, AI can help monitor systems, improve security, and surface problems before they turn into outages.

These are practical, everyday improvements that add up quickly.

The businesses seeing progress tend to take a steady, human-first approach. They set clear rules around how AI should be used, what it can and can’t do, and where human judgment still matters. They focus on giving staff training and reassurance, not just new tools.

AI becomes a support act, not a replacement.

AI projects don’t usually stall because the technology isn’t ready. They stall because people aren’t. If you need help giving your team the confidence to use AI effectively, get in touch.

Stop Ransomware In Its Tracks: A Five-Step Proactive Defense Plan

Ransomware isn’t a jump scare. It’s a slow build.

In many cases, it begins days, or even weeks, before encryption with something mundane, like a login that never should have succeeded.

That’s why an effective ransomware defense plan is about more than deploying antimalware. It’s about preventing unauthorized access from gaining traction.

Here’s a five-step approach you can implement across small-business environments without turning security into a daily obstacle course. Each step is practical and repeatable across small-business environments.

Step 1: Phishing-resistant sign-ins

“Phishing-resistant” sign-ins are authentication methods that can’t be easily compromised by fake login pages or intercepted onetime codes.

It’s the difference between “MFA is enabled” and “MFA still works when someone is specifically targeted.”

  • Enforce strong MFA across all accounts, with priority given to admin and remote accounts
  • Eliminate legacy authentication methods that weaken your security baseline
  • Implement conditional access rules, such as step-up verification for high-risk sign-ins, new devices, or unusual locations

Step 2: Least privilege + separation

“Least privilege” means each account gets only the access it needs to do its job – and nothing more.

“Separation” means keeping administrative privileges distinct from everyday user activity, so a single compromised login doesn’t hand over control of the entire business.

  • Keep administrative accounts separate from user accounts
  • Eliminate shared logins and minimize broad “everyone has access” groups
  • Limit administrative tools to only the specific people and devices that genuinely require them

Step 3: Close known holes

“Known holes” are vulnerabilities attackers already know how to exploit, typically because systems are unpatched, exposed to the Internet or running outdated software.

  • Set clear patch guidelines: critical vulnerabilities addressed immediately, high-risk issues next, and all others on a defined schedule
  • Prioritize Internet-facing systems and remote access infrastructure
  • Cover third-party applications

Step 4: Early detection

Early detection means identifying ransomware warning signs before encryption spreads across the environment. Think alerts for unusual behavior that enable rapid containment.

A strong baseline includes:

  • Endpoint monitoring that can flag suspicious behavior quickly
  • Rules for what gets escalated immediately vs what gets reviewed

Step 5: Secure, tested backups

“Secure, tested backups” are backups that attackers can’t easily access or encrypt, and that you’ve verified you can restore successfully when it matters most.

Both NIST’s ransomware guidance and the UK NCSC emphasize that backups must be protected and restorable. NIST specifically calls out the need to “secure and isolate backups.”

  • Keep at least one backup copy isolated from the main environment
  • Run restore drills on a schedule
  • Define recovery priorities ahead of time, what needs to be restored first, and in what sequence

If you’d like help assessing your current defenses and building a practical, repeatable ransomware protection plan, contact us today.

What Happens The Day After An IT Disaster?

It’s easy to think about an IT disaster in dramatic terms.

A ransomware attack. A server failure. A cybercriminal locking down systems. A major internet outage. Maybe even a fire, flood, or power issue that suddenly takes critical technology offline.

But the real question for most businesses isn’t just how the disaster happens.

It’s what happens the day after.

That’s the moment when the headlines and panic wear off, and reality sets in. Staff still need to work. Customers still expect answers. Orders still need to be processed. Vendors still need to be paid. Phones still need to be answered.

If your systems are unavailable, even for a short time, the disruption spreads quickly across the business.

This is where many companies discover a hard truth: they may have thought about prevention, but they never fully planned for recovery.

Most businesses have at least some level of protection in place. They may use antivirus, firewalls, cloud services, or data backups. Those are all important. But recovery is about more than simply having tools. It’s about knowing how the business will function when something critical is suddenly unavailable.

For example, if your main files were inaccessible tomorrow morning, would your team know what to do first? If email was down, how would employees communicate internally and with customers? If your line-of-business software stopped working, could you still access the information needed to keep operations moving? If phones were affected, would calls be rerouted somewhere else? These questions are uncomfortable, but they matter.

A business continuity plan is what helps answer them. It doesn’t need to be a huge binder gathering dust on a shelf. In fact, the most effective plans are often simple, practical, and easy to follow.

The purpose is to define what is most important, what needs to happen first, and who is responsible for making decisions during a disruption.

The starting point is identifying your critical systems. Every business depends on certain tools more than others. That might be your email, accounting platform, CRM, file server, phones, remote access system, scheduling software, or industry-specific applications.

Not every system needs to be restored immediately, but some absolutely do. If you don’t define those priorities in advance, the recovery process becomes slower, more chaotic, and more expensive.

Communication is another major piece that often gets overlooked.

During an outage, confusion can become just as damaging as the technical issue itself. Employees need to know where updates will come from. Customers may need reassurance. Vendors may need instructions. If the usual communication channels are down, you need a backup plan. That could mean alternate email accounts, mobile phones, a cloud-based phone failover option, or even a documented call tree for urgent updates.

Backups are also a big part of the conversation, but businesses sometimes misunderstand what backups really solve. Having backups is important, but backup files alone do not guarantee a fast or smooth recovery. You also need to know how long restoration will take, which systems get restored first, and whether the restored data has been tested recently. A backup that has never been verified is more of a hope than a plan.

Then there’s the people side.

When something goes wrong, employees are often unsure whether they should keep working, shut devices off, report suspicious activity, or wait for instructions.

Without clear guidance, people make inconsistent decisions, and that can make a bad situation worse. Even a basic incident response checklist can go a long way toward reducing panic and helping staff respond appropriately.

The businesses that recover best are rarely the ones with the fanciest technology. They’re usually the ones that prepared in advance, practiced their response, and made sure people understood their role. They know which systems matter most. They know how to communicate. They know how to restore operations in a sensible order.

An IT disaster doesn’t have to become a business-ending event.

But survival depends on more than prevention alone. It depends on recovery, coordination, and preparation before the crisis begins.

Because when the day after arrives, you don’t want to be figuring everything out for the first time.

You want a plan.

If you’re not sure how your business would operate after a serious IT disruption, now is the time to find out. We can help you build a practical recovery and continuity plan before you ever need it.

Did One Of These Fool You Last Year?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

You’re not imagining it. Scam emails are getting harder to spot.

Phishing attacks are becoming more convincing, more targeted, and more frequent.

Let’s rewind a moment…

Phishing is when criminals pretend to be a company you trust and try to trick you into clicking a link, opening an attachment, or logging in to a fake website.

Their goal is usually to steal passwords, money, or access to your systems.

The reason it works so well is simple: It relies on familiarity and distraction.

Last year, the company most often impersonated by scammers was Microsoft.

That’s not because Microsoft has done anything wrong, but because so many businesses rely on its email, files, and cloud services.

One stolen Microsoft login can open the door to email accounts, documents, and even financial data.

Close behind were Facebook and Roblox, with other familiar names like Amazon, Google, and PayPal also commonly abused.

Security researchers noticed a big spike in phishing toward the end of last year. That makes sense.

People are busy, inboxes are full, and there’s a lot going on with shopping, renewals, year-end tasks, and business and personal income tax preparation.

Scammers know this and time their attacks carefully.

What makes things more worrying is how realistic these messages have become. Criminals now use AI to create fake login pages and “security alerts” that look almost identical to the real thing.

Some attacks don’t just steal your password but also grab the extra security codes you use to log in, allowing attackers straight through the front door.

So how do you stay safe?

The most important habit is to slow down. Any email or text that claims there’s an urgent problem with an account should immediately raise suspicion.

Instead of clicking, open your browser and go directly to the company’s website yourself to check. If something feels off, it probably is.

Extra protection also matters. Using multi-factor authentication, which is a second check like a code sent to your phone, can stop criminals even if they get your password.

Keeping devices protected with up-to-date security software and making sure your team knows what phishing looks like can make a huge difference.

Phishing isn’t going away.

But with the right awareness and a few sensible safeguards, it doesn’t have to catch you out.

Implementing Zero Trust For Small Business

Think about your office building. You probably have a locked front door, security staff, and maybe even biometric checks.

But once someone is inside, can they wander into the supply closet, the file room, or the CFO’s office?

In a traditional network, digital access works the same way: a single login often grants broad access to everything. The Zero Trust security model challenges this approach, treating trust itself as a vulnerability.

For years, Zero Trust seemed too complex or expensive for smaller teams. But the landscape has changed.

Today, it is a practical, scalable defense, essential for any organization.

It’s about verifying every access attempt, no matter where it comes from. It’s less about building taller walls and more about placing checkpoints at every door.

And it’s not just about outsiders. It also limits damage from everyday mistakes – like clicking a bad link – or from a compromised vendor account. With Zero Trust, access is granted based on identity, device health, and context, and only to the specific resources needed. That “least privilege” approach shrinks the blast radius when something goes wrong, making incidents easier to contain and faster to recover from.

Transform your security posture

Adopting Zero Trust isn’t just a technical change, it’s a cultural one. It shifts the mindset from broad trust to continuous monitoring and validation.

Your teams may initially find the extra steps frustrating, but explaining clearly why these measures protect both their work and the company will help them embrace the approach.

The goal is to foster a culture of ongoing governance that keeps Zero Trust effective and sustainable.

Your actionable path forward

Start with an audit to map where your critical data flows and who has access to it. While doing so, enforce MFA across the board, segment your network beginning with the highest – value assets, and take full advantage of the security features included in your cloud subscriptions.

Achieving Zero Trust is a continuous journey, not a one-time project. Make it part of your overall strategy so it can grow with your business and provide a flexible defense in a world where traditional network perimeters are disappearing.

Contact us to schedule a Zero Trust readiness assessment for your business.

Beyond Chatbots: Preparing Your Company For “Agentic AI” In 2026

AI chatbots can answer questions. But now picture an AI that goes further, updating your CRM, booking appointments, and sending emails automatically. This isn’t some far-off future. It’s where things are headed in 2026 and beyond, as AI shifts from reactive to proactive, autonomous agents.

This next wave of AI is called “Agentic AI.” It describes AI that can set a goal, figure out the steps, use the right tools, and get the job done on its own. For a small business, that could mean an AI that takes an invoice from inbox to paid, or one that runs your whole social media presence. The upside is massive efficiency, but it also means you need to be prepared. When AI gets more powerful, having the right controls matter.

What makes an AI agent “agentic?”

A research article on the evolution and architecture of AI agents explains the big shift like this: AI is moving from tools that wait for instructions to systems that work toward goals on their own. Instead of just helping with tasks, AI starts doing the work, making it possible to hand off whole processes and collaborate with it like a teammate.

The 2026 opportunity for your business

For small businesses, this is about real leverage. Agentic AI can work around the clock, clear out repetitive bottlenecks, and cut down errors in routine processes. That means things like personalizing customer experiences at scale or even adjusting supply chains in real time become possible.

And this isn’t about replacing your team. It’s about leveling them up. AI takes the busywork so your people can focus on strategy, creativity, tough problems, and relationships, the things humans do best. Your role shifts too, from doing everything yourself to guiding and supervising your AI.

What you need before you launch agentic AI

Before you hand over your processes to an AI agent, you need to make sure those processes are rock solid. The reasoning is simple: AI will amplify whatever it touches, order or chaos, with equal efficiency. That’s why preparation is key. Start with this checklist:

Clean and Organize Your Data: AI agents make decisions based on the data you give them. Garbage in means not just garbage out; it can lead to major errors. Audit your critical sources.

Document Workflows Clearly: If a human can’t follow a process step by step, an AI won’t be able to either. Map out each workflow in detail before you automate.

Building your governance framework

Just like with human team members, delegating to an AI agent requires oversight. That means setting up clear guardrails by asking a few key questions:

  • What decisions can the AI agent make on its own?
  • When does it need human approval or guidance?
  • What are its spending limits if it handles finances?
  • Which data sources is it allowed to access?

Answering these questions lets you build a framework that becomes your company’s rulebook for its “digital employees.”

Security is another critical piece. Every AI agent needs strict access controls, following the principle of least privilege. Regular audits of agent activity are now a non- negotiable part of good IT hygiene.

Embracing the role of strategic supervisor

Agentic AI is a true force multiplier, but it depends on clean data and well-defined processes. It rewards careful preparation and punishes the hasty. By focusing on data integrity and process clarity now, you position your business not just to adapt, but to lead. Contact us today for a technology consultation on AI integration. We can help you audit workflows and create a roadmap for reliable, effective adoption.

Passwords Protect People, Not Just Data

Machines start up. Systems exchange signals. Processes run quietly in the background, hour after hour, day after day. For many businesses, that technology isn’t just supporting the operation – it is the operation.

Behind it sits something called Operational Technology (OT).

Unlike office IT systems such as email, file storage, and accounting software, OT controls the physical world. It’s the hardware and software that tells equipment what to do, when to do it, and how to do it safely.

Production lines, control panels, monitoring systems, sensors, and the networks that connect them all fall into this category. If IT is where information gets created and shared, OT is where information becomes motion, pressure, temperature, speed, and output.

The challenge is that OT security often hasn’t matured at the same pace as modern cyber threats. Many OT environments were built years ago, designed for reliability and safety rather than hostile internet-era conditions.

They were expected to run for a long time, change slowly, and stay stable. That mindset makes sense in an industrial setting – but it can leave gaps when today’s reality includes remote access, vendor connectivity, cloud reporting, and increasing links between the plant floor and the business network.

One of the biggest weak spots is still surprisingly simple: passwords.

In OT environments, it’s common to find shared logins, default credentials that were never changed, passwords written down near the equipment, or accounts that haven’t been updated in years.

Sometimes it happens because “everyone has always used the same operator login.”

The problem is that the old assumption – “OT is isolated” – is often no longer true.

As OT and IT become more connected, a compromise that starts in the office can reach operational systems. A criminal who gains access to a user’s email account or laptop can look for saved passwords, reused credentials, remote access tools, mapped shares, or documentation that reveals how OT systems are managed.

If passwords are reused between environments, that attacker may not need a clever exploit. They can simply log in.

That matters because OT attacks don’t just affect data. They can halt production, disrupt critical services, damage equipment, create safety risks for staff, or force a shutdown while you verify what changed.

Even when nothing catastrophic happens, uncertainty is expensive: if you can’t trust system readings or configurations, the safest choice is often to stop and inspect.

The good news is that improving password security is one of the highest-impact steps most organizations can take without rebuilding their entire OT environment.

A few practical moves make a major difference:

Use longer passwords or passphrases. Length dramatically increases the effort required to guess or crack a password.

Make passwords unique. Unique credentials reduce lateral movement.

Add multi-factor authentication (MFA) wherever possible. MFA can stop intruders even if a password is stolen.

Of course, OT environments need care. You can’t treat a production controller like a disposable laptop. Changes should be planned, tested, documented, and scheduled to avoid downtime.

OT systems are designed to be dependable and almost invisible when they’re working properly. That “quiet reliability” can make security easy to overlook. Yet the systems that control physical processes deserve the same discipline and attention as office IT – often more, because the consequences are bigger.

Cyber Resilience Matters More Than You Think

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Most businesses still picture cybersecurity like an old-school castle. Tall stone walls. Heavy iron gates. A moat full of alligators, if possible.

The idea is simple: keep the bad guys out, and everything inside stays safe.

That model made sense once. But it doesn’t anymore.

Today’s workplace isn’t a castle. Your employees work from home, the office, hotels, and coffee shops. Your data lives in the cloud. Your systems connect to dozens of outside vendors, apps, and services every day. Files are shared constantly. Logins happen from everywhere.

There is no single wall to defend anymore, and cybercriminals know it.

That’s why the focus of cybersecurity has quietly shifted over the last few years. It’s no longer just about trying to block every possible attack. It’s about assuming something will eventually get through, and making sure your business can recover quickly when it does. That mindset is called cyber resilience.

Frankly, even well-protected organizations get hit. Someone clicks the wrong link. A trusted supplier suffers a breach. A password gets reused. A convincing, AI-powered scam slips past email filters. It happens to smart, careful companies every single day.

The difference between a crisis and a minor disruption is what happens next.

A cyber-resilient business is built to spot trouble early, contain it quickly, and recover without chaos. Instead of panic, finger-pointing, and downtime, the response is calm and methodical. Accounts get locked down. Systems are isolated. Data is restored. Business resumes. That doesn’t happen by accident.

One major piece of cyber resilience is visibility – having systems that constantly watch for unusual behavior, not just obvious “alarms.” Modern security tools look for things like strange login locations, unusual file access, or activity that doesn’t match a user’s normal pattern. Many of these tools now use AI to spot problems long before a human ever would.

This is important because today’s attacks often don’t announce themselves. Hackers don’t always smash windows. More often, they log in quietly and try to blend in.

Then there’s the safety net: backups.

Not just “we think we have backups,” but properly designed, secure, and tamper-proof backups that attackers can’t delete or encrypt. When backups are set up correctly, recovery can be surprisingly fast. In some cases, systems are restored so quickly that customers never even realize something went wrong.

But technology alone isn’t enough.

Cyber resilience also depends on people. Employees need to recognize suspicious emails and feel comfortable reporting mistakes immediately.

Leadership needs a simple, clear plan for who does what when something goes wrong. Everyone needs to understand that speaking up early is always better than staying quiet and hoping a problem disappears.

Cyber resilience is about preparation and accepting reality, staying calm under pressure, and having the ability to bounce back quickly when the unexpected happens.

If your business hasn’t thought beyond “keeping the bad guys out,” it may be time to rethink your approach.

And if you’d like help building a practical cyber resilience strategy that fits how your business actually operates, we’re here to help.

Hackers Aren’t Hacking – They’re Just Logging In

When most business owners picture a cyberattack, they imagine a hoodie-wearing genius furiously typing code, breaking through firewalls, and “hacking” their way into a network.

That image is outdated.

Today’s cybercriminals usually aren’t hacking anything at all. They’re logging in – using real usernames and real passwords.

And that’s what makes modern cybercrime so dangerous. Attackers have figured out that breaking in is hard. Logging in is easy.

Instead of trying to defeat security systems, they steal or buy login credentials and walk right through the front door. Once inside, they look exactly like a normal employee.

Your systems don’t raise alarms because, technically, nothing unusual is happening. This shift has changed the rules of the game.

How Do Hackers Get Logins?

Most of the time, it starts outside your business. Employees reuse passwords across multiple websites. A breach at a social media platform, online retailer, or personal email account exposes those passwords. Criminals collect them, bundle them together, and sell them on underground marketplaces.

From there, automated tools try those same email-and-password combinations against business systems like Microsoft 365, Google Workspace, VPNs, and remote access portals.

If one works, they’re in. No malware. No warning pop-ups. No dramatic breach notification. Just access.

Why Small Businesses Are Prime Targets

Large companies make headlines, but small businesses are easier and more profitable targets.

Smaller organizations often assume they’re “too small to bother with.” Attackers know better.

They know smaller businesses tend to have weaker security, fewer safeguards, and limited monitoring.

Even more appealing: small businesses often serve larger ones. Law firms, accountants, manufacturers, contractors, medical offices – these are gateways to valuable data and trusted relationships.

Once attackers log in, they take their time. They read emails. They learn how invoices are sent. They figure out who approves payments. Then they strike.

That’s how wire fraud happens. That’s how fake invoices get paid. That’s how ransomware spreads quietly before detonating.

Why Passwords Alone No Longer Work

Passwords used to be enough. They aren’t anymore.

Even strong passwords fail if they’re reused or stolen somewhere else.

You can do everything “right” internally and still get compromised because the password was exposed on an unrelated site years ago.

That’s why breaches today often leave business owners stunned.

“We didn’t click anything.”

“We didn’t download anything.”

“Our antivirus never went off.”

All true – and all irrelevant. The attacker didn’t force their way in. They logged in.

The One Control That Stops Most Attacks

There’s a simple reason cybersecurity professionals push so hard for multi-factor authentication (MFA). It works.

MFA requires something you know (your password) and something you have (a phone app, text code, or hardware key). Even if a criminal has the password, they can’t complete the login without the second step.

It’s not flashy. It doesn’t feel dramatic. But it stops the vast majority of account-based attacks cold.

When businesses skip MFA because it’s “inconvenient,” they’re betting the company on convenience.

That’s rarely a good trade.

What Business Owners Should Take Away

Cybersecurity today isn’t about fighting hackers in dark basements. It’s about controlling access. Ask yourself a few simple questions:

Could someone log in as one of my employees from another country?

Are email, remote access, and cloud systems protected with MFA?

Would we even notice if someone quietly accessed our systems today?

If the answers aren’t clear, that’s a risk – not a technical problem, but a business one.

Hackers aren’t breaking in anymore. They’re logging in.

And the businesses that recognize that reality are the ones staying ahead of the next incident, instead of reacting after the damage is done.