How to Protect Your Microsoft Word Documents

You can protect your Word documents from prying eyes and itchy fingers.

You’ve created a critical Word document, one that you wish to keep private or that you want to share with only certain people. But perhaps you don’t want others to be able to edit the document, and you certainly don’t want it to fall into the wrong hands. How can you protect your document?

Word offers a few options:

  • You can finalize the document to alert people not to edit it.
  • You can encrypt the document with a password so only people who know the password can access it.
  • You can restrict the type of editing others can perform on the document.
  • You can add a digital signature to the document to ensure that no one can tamper with it.
  • And you can employ more than one of these tactics to truly secure your document.

Let’s look at the many ways you can protect your Word documents.

As always, I’m using Word 2016 here, but the options for protecting a document are the same for the prior couple of versions of Word.

Start by opening an existing Word document that you want to protect. Click on the File menu and then click on the button to Protect Document. From the Protect Document menu, select the first option to Mark as Final.

A message tells you: “This document will be marked as final and then saved.” Click OK.

Another message pops up saying:

“This document has been marked as final to indicate that editing is complete and that this is the final version of the document. When a document is marked as final, the status property is set to ‘Final’ and typing, editing commands, and proofing marks are turned off. You can recognize that a document is marked as final when the Mark as Final icon displays in the status bar.”

The goal of this action is to dissuade anyone from modifying the document by telling readers that it’s completed, and no more editing changes should be made.

When someone opens the document, a message appears at the top: “MARKED AS FINAL.  An author has marked this document as final to discourage editing.” An “Edit Anyway” button also appears. If someone clicks on that button, that person can still edit and re-save the document. That person could then also mark the document as final if he or she chooses. But then the document would show you as the author and that person as the one who last modified it. (You can see the author and other information on a document by clicking on the File menu.)

So the purpose is not to prevent someone from editing the document but to alert readers that it’s in its final version and that you should appear as the author and the person who last modified it.

Alternately, try this:

  • click on the File menu and click Protect Document.
  • Select the second option to Encrypt Document.
  • At the Encrypt document window, type a password and click OK.
  • At the Confirm Password window, retype the password and click OK.
  • Save and close the document.
  • Try to reopen it.
  • This time, you’re prompted to enter the password. If you don’t type the correct one or you click Cancel, the document won’t open.

So this is a secure option to ensure that only people who know the password can even view your document. Just be sure not to forget the password yourself as there is no way to recover it or unlock the document without it, at least not within Word or Windows.

To remove the password, click on the File menu, click on Protect Document, and again select Encrypt Document. Delete the dots that hide your password and click OK. Your password is deleted. Resave the document before you close it.

Here’s another trick.

  • Click on the File menu and click Protect Document.
  • Select the third option to Restrict Editing. Your document reappears, this time with a pane on the right for setting formatting and editing restrictions. This is the option to choose if you want people to be able to open your document but limit or restrict the changes they can make. This option also password-protects your file so only those who know the password can modify the document.
  • Check the box to Limit formatting to a selection of styles if you want to prevent people from changing the formatting of your document through styles.
  • Click on the link for Settings underneath.
  • In the Formatting Restrictions window, all styles are allowed by default. You can keep that setting, change it to the Recommended Minimum, or change it to None.
  • If you’re not sure, choose the option for Recommended Minimum. You can also check any of the three options under Formatting to allow the first one or block the other two.
  • Click OK to close the window.

  • Check the box to Allow only this type of editing in the document.
  • Click on the dropdown menu underneath. You can now choose from among four options. Tracked changes turns on Track Changes for any reader of your document and restricts any other type of editing. Comments allows readers to insert comments in your document but make no other changes. Filling in forms lets readers fill in forms that you’ve created but not change those forms. And No changes puts your document in read-only mode so no changes can be made.
  • Select the appropriate option.

If you check the fourth option for No changes, you can create exceptions for certain user accounts to edit your document.

  • In the Exceptions section, check the box for Everyone and select any parts of the document that you want anyone to be able to edit.
  • Click on the option for Yes, Start Enforcing Protection.
  • You’re prompted to create a password. Type and then retype the password and click OK.
  • Save, close, and then reopen the document. You’ll see now that the editing controls on the Ribbon are grayed out.
  • Click in any section of the document that you allowed for editing, and the controls are now available.

To turn off the protection, click on the Stop Protection button at the bottom of the right pane. Type the password and click OK. You can now edit the document and permanently turn off the editing restrictions if you wish.

Finally, you can add an invisible digital signature to your document. Such a signature tells readers of your document that you and no one else signed its contents, assuring people that you were the last person to revise your document. Your document becomes read-only after the digital signature is implemented. To create a digital signature, you need a signing certificate to your identity.

  • Click on the File menu and click Protect Document. Select the fourth option to Add a Digital Signature.
  • The first time you do this in Windows, Word tells you: “To sign a Microsoft Office document you need a digital signature, would you like to get one from a Microsoft partner now?” Click Yes.
  • You’re taken to a Microsoft support page to help you find a digital ID. Try the links for the different providers to get a digital ID.
  • Then click on the link at the webpage to Add or remove a digital signature in Office files.
  • Scroll down the page to learn how to add a digital signature and how it secures a document or other file.
  • After you’ve obtained the digital ID, return to the Protect Document button and again click on the option to Add a Digital Signature.
  • At the Sign window, fill out the necessary fields and click the Sign button.
  • You may be asked to confirm the digital signature. Click OK.

Your document is now digital signed and made read-only. Anyone who opens the document will receive notice of your digital signature.

Whitney,Lance. 2018, February, 8. “How to Protect Your Microsoft Word Documents” Windows Secrets, Office

Posted in: MS Office Tips and Tricks

Leave a Comment (0) →

Microsoft OneDrive Can Now Backup and Protect Your Folders

The online service’s new folder protection will back up your documents, desktop, and pictures to your OneDrive storage space.

Microsoft OneDrive users now have a new option for backing up critical folders and files.

Currently rolling out to OneDrive on Windows, the service’s folder protection lets you add your documents, desktop, and pictures folders to OneDrive. Any files contained in those folders will be backed up to your online storage and synced to other computers and devices running OneDrive. As such, you’ll be able to access those folders and files from anywhere.

Microsoft OneDrive is a handy way for Windows users to back up, sync, and share folders and files. Until now, Microsoft required you to move any folders and files you wanted to back up into a special OneDrive folder on your computer. The new folder protection feature removes this limitation to some degree as it supports your desktop, pictures, and documents folders in their default locations.

Folder protection had already been available for OneDrive for Business users; now it’s starting to hit OneDrive personal accounts. The feature is just kicking off for personal accounts, so you may need to wait a bit before it pops up on your computer.

When the feature is ready, you’ll see a prompt to set up folder protection, according to Microsoft. Just click the prompt to get started. If you miss the prompt, you’re still in luck. Right-click the OneDrive icon in the Windows system tray and select Settings. Click the Auto Save tab. If folder protection is available, you’ll see a new section to Protect your important folders. Click the button to Update folders. By default, Desktop, Pictures, and Documents will be included in the back up. Deselect any folders you want to exclude. Click the button to Start protection. You can now close the OneDrive window while the folders are being backed up.

There are some caveats. Folder protection won’t back up certain files such as Microsoft Outlook PSTs and Microsoft OneNote files that aren’t already stored in OneDrive. You can’t sync files larger than 20GB. The folders themselves also must be in their default locations for the backup to work. Microsoft’s support page on folder protection offers further details on how to set it up and fix potential problems.

Whitney, Lance. 2018, August “ Microsoft OneDrive Can Now Backup and Protect Your Folders” CNET

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

We compared 3 of the most popular note taking apps for iPhone — but the winner depends on what you want to do

I shudder to think where I would be in life if it were not for my smartphone note-taking apps.

Surely, I would have forgotten hundreds of tasks over the years, misplaced hundreds of paper shopping lists, or lost hours-worth of notes taken at work. All those brilliant screenplay ideas that I’ve had while riding the bus or at the gym or somewhere else where I couldn’t easily get to a more traditional word processor would be simply gone forever, if it were not for my note taking apps.

There are tons of generic note taking apps for iPhone on the app store, and they’re all pretty good at the basics. However, I’ve been using Apple’s built-in Notes app, Google Keep, and Evernote for a long time now, and have found that these three stand above the rest, each for unique reasons.

And while I’ve tried (more than once) to consolidate my usage to a single app, I’ve found that each of these meets a specific need in its own way, and I truly do rely on all three for nearly everyday use.

Rather than arguing that one should be the ubiquitous note-taking solution, I’ve pitted these three apps against each other, identified each of their strengths and weaknesses, and identified which you should use based on which kind of notes you’re taking.

Cost Comparison (Luckily, all three of these apps have a free version for iPhone.)

  • Apple’s Notes app comes pre-installed with every iOS and OS device. So if you use an iPhone, congratulations! You’re already a third of the way there.
  • Google Keep can be downloaded from the app store for free on iOS mobile devices, and a desktop version can be installed as an extension of Google Chrome, also for free.
  • Evernote has a free mobile and desktop version for Apple devices, but reserves several features and extras for premium (paid tier) customers.

Ease of Use:

Apple’s Notes app essentially acts and looks like a very minimal word processor which anyone can use with little to no instruction, although some of the most powerful features are a bit harder to get to for a first-time user.

The app allows mobile users to format their text (with bold text, italics, headings, etc) very quickly and easily on mobile, but doesn’t offer any instructions or labeling for many of the buttons, making many of the features (like check lists, photo embeds, and sketching) harder to identify.

Notes can be placed into different folders, so you won’t mix up your work notes with your screenplay ideas, and can be sorted based on the device on which you wrote them.

Google Keep offers a sleek and straightforward take on note-taking, which heavily focuses on images, lists and color-coding.

Rather than organizing your notes in a bare bones list format, Google’s Keep works a lot like cork board covered in post-it notes.

Images, check lists, maps, sketches, and regular ol’ text entries are kept on the static front page, rather than tucked away into folders, so you don’t have to go digging for that entry you made last week. Just scroll down until you see the big headline on the appropriately color-coded tile.

While Keep doesn’t offer the same formatting options for text, it does make the other features more prominent and easier to get to, so I’m more likely to open up Keep when I need to make a quick shopping list or want to draw a picture.

This view can be much more appealing on the eyes, but is clearly not ideal for long-winded musings or journal entries.

I suspect that fans of Pinterest will prefer this approach to notes, while Facebook fans might not.

Meanwhile, Evernote is ideal for long, organized notes that you can keep coming back to, rather than jotting down quick entries or to-do lists.

Evernote is easily the most fleshed-out between the three, and offers the most extensive service. Although, with more features comes added complication, and the app definitely takes some getting used to for new users.

If Notes feels like a lightweight word processor, then Evernote’s powerful formatting capabilities are giving Microsoft Word a run for its money.

To put it simply, the makers of Evernote have thought of everything. The app can easily replace every need for a paper notebook or filing system, by allowing the user to store documents, capture audio, organize and tag their own notes, and even chat with collaborators right there inside the app.


Apple’s Notes app lets users sort their entries into folders, so you can easily keep your work notes separate from your to-do lists or quickly-scribbled thoughts. They also allow you to “Pin” individual notes to the top of the app with a swipe.

Google Keep allows you to “label” all your notes, for ease of sorting and finding them again, as well as archive old ones that you might not need anymore.

Evernote smartly uses a “notebooks” system, which allows users to sort their notes by topic, and share entire collections of entries with their collaborators.

In addition to Notebooks, Evernote also includes the ability to tag individual posts and create shortcuts to your most frequently-visited entries.

Search Functions

Notes allows the user to search for keywords through their text and attachments, but that’s about as far as this feature goes for the built-in service. I’ve had multiple frustrating experiences trying to unearth very old writings that I remembered taking down, but couldn’t remember any of the words in the actual text.

Google Keep lets users narrow their search by filtering the type of note (text, check lists, those containing images, etc), as well as searching by label, in the event that you can’t remember any of the right keywords.

Evernote has easily got the other two apps beat in this category, by offering a whole array of search options, including by tag, notebook and source, as well as the time the note was created or last modified, to name a few.

The app can even search for keywords among notes hand-written with a stylus or scanned in through the camera.

Which app is superior to the others?

Actually, these three apps each have invaluable qualities that I believe are unique for the function that they do best. For that reason, I think they are each superior when it comes to specific tasks.

  • Google Keep is best for making lists
  • Apple Notes is best for jotting down thoughts on the go
  • Evernote is best for taking notes at work or school

So, depending on what you need to accomplish one of these apps should suit your needs! As the title of the article states, in comparing three of the most popular note taking apps the winner depends on what you want to do!

Fagen,Kaylee. 2018, August 1 “We compared 3 of the most popular note taking apps for iPhone-but the winner depends on what you want to do,” content taken from Business Insider



Posted in: Mobile Computing

Leave a Comment (0) →

How to Get the Most From a Managed IT Services Provider

As the managed services provider market matures, CIOs should resist the urge to go with the lowest-cost provider in favor of partners that understand your business and can help you achieve strategic goals.

Leaning on a managed service provider (MSP) for a subset of your IT services can be a boon. More than just tackling a specific domain such as email hosting or customer relationship management, having an MSP as part of your IT mix can free up internal IT staff for more strategic projects.

But establishing a strong, strategic partnership with your MSP is essential. Here we take a look at the current state of managed IT services, where companies are employing the MSP model and how to get the most of your MSP partnership.

Managed services growth is steady

Managed services comprise the second-most popular business model in the channel today, according to IT industry trade association CompTIA’s Fifth Annual Trends in Managed Services study. Three-in-10 MSPs surveyed by CompTIA ranked managed services as the leading generator of revenue in the previous 12 months, second to the 44 percent that pointed to IT solutions (such as projects incorporating hardware, software and services), but ahead of other business model choices like value-added resellers (VARs), IT support, and held desk and consulting services.

The study, authored by Carolyn April, senior director of industry analysis at CompTIA, found that the rate of growth of managed services is continuing, but more or less at a steady pace.

“I think the managed services space is moving slowly at sort of the same pace as we’ve seen over the past five years,” April says. “Where we’re seeing more momentum right now is the channel that’s growing around SaaS applications and SaaS ISVs.”

“A lot of these SaaS players are actually MSPs themselves: They’ve either been born in the cloud or they are existing MSPs that are adding a SaaS component to what they sell in their portfolio,” she adds.

Resist the urge to bargain shop for managed IT services

Organizations are continuing to turn to MSPs to handle elements of their IT needs as part of a collaborative arrangement with the internal IT department, according to CompTIA’s research. Companies have become more familiar with managed services and are turning to them for certain IT functions, particularly email hosting, customer relationship management (CRM) applications, storage, backup and recovery and network monitoring.

However, CompTIA is also seeing commoditization occurring because of oversupply, especially at the lower end of the stack. April says this may tempt CIOs to bargain shop for managed services, but they should resist the urge.

“Look for MSPs that understand your business and that speak less about the technology,” she says. “I think that’s important across the board. You want a partner that can talk about business outcomes and how their services are going to help further your goals from a business perspective, not a technology perspective.”

Here, April says a proven track record is key — especially customer testimonials from existing customers. She warns that it should be a red flag if an MSP offers you a cookie-cutter service-level agreement (SLA). It’s a much better sign if they seek to craft a customized contract based on your business and needs.

Top MSPs extending their reach to meet demand

Strategic MSP use doesn’t have to be confined to commodity IT services. Many CIOs, says April, are looking for MSPs that can deliver advanced services, including cloud infrastructure management, application management and business process outsourcing.

April also notes increased demand for services around data analytics, business intelligence (BI) and advanced application monitoring. And while some upper echelon services are offering managed services to meet those needs, most MSPs have yet to extend beyond their heritage in managing network infrastructure and basic software infrastructure.

“I think mobile is an area where the channel is getting some traction but they’re really not tapping the full opportunity there,” she adds.

Partners, not replacements

It is also important to note that while companies are increasingly relying on outside providers for part of their IT needs, MSPs generally complement rather than replace internal IT.

“Very few of these companies get rid of their IT staffs just because they join up with an MSP,” April says.

Instead, especially in larger companies, bringing an MSP into the mix frees up existing IT staff to focus on more strategic projects.

“It elevates the IT staff and brings them out of the shadows within the organization,” she says. “It allows them to focus on a custom app dev project or cloud initiative — something highly strategic. I think that’s a win-win for your IT staff.”

That also highlights that the reasons that organizations turn to MSPs have begun to change. In the past, April says, cost savings were seen as the primary benefit of MSPs. Now, she says, cost benefits are considered table stakes and customers are looking for additional benefits like generating revenue and helping the company become more efficient. Even security has evolved from being considered a roadblock to using MSPs to a reason for doing so.

April explains that companies have shifted their views over security as it has become clear that security problems are often the result of human error by internal staff.

Olavsrud, Thor. 2017, June 30 How to get the most from a managed IT services provider. Retrieved from “”

Posted in: Business, IT Support

Leave a Comment (0) →

Use Eyedropper Tool to Match Colors in PowerPoint

With the eyedropper tool in PowerPoint you can match the color from a shape or picture to another element of your presentation for a more cohesive look.

Select and apply a color with the eyedropper tool

Double-click the shape or other thing you want to match colors for. (To select multiples, press Ctrl and then click the shapes.) Then click any of the color options, such as Shape Fill in the Shapes Style group, found on the Format tab under Drawing Tools.

Shape Fill dropdown menu showing the Eyedropper

Using the eyedropper, click the color you want to match and apply to the selected shape or object.

Eyedropper cursor and matched color

As you move your pointer around the different colors, a live preview of the color appears. Hover or pause on a color to see its RGB (Red Green Blue) color coordinates. Click on the color you want. For a more accurate way of getting the exact color you want when many colors are clustered together, select the color by pressing Enter or spacebar instead.

Numbers for RGB colors selected using the Eyedropper

To cancel the Eyedropper without picking a color, press Esc.

Tip:   You can also match colors from elsewhere on your screen. After clicking Eyedropper, click and hold the mouse button as you drag your mouse to the color you want to match. The eyedropper tool disappears when you move outside the PowerPoint window, but the color will still preview and be matched.

Posted in: Mac OS, MS Office Tips and Tricks

Leave a Comment (0) →

Getting the most from OneNote, Part I: A hidden Office gem

The more information you put into OneNote the more useful it is. You can tag, flag, recognize, record and search just about anything.

Microsoft’s cross-platform notebook tool OneNote has long been a hidden gem in Office. In the last few years its success in the education market has prompted Microsoft to invest more in the application. As well as adding specific Learning Tools. Microsoft is bringing the Mac and web versions closer to parity with the desktop Windows version of OneNote, improving the iOS and Android mobile applications and building a brand-new Windows Store OneNote app that will soon replace OneNote 2016. It’s also making OneNote notebooks part of every SharePoint team site and Teams team. But what can you actually do with OneNote and how do you make it useful?

OneNote is ideal for storing unstructured information — not just the notes you take in lectures or meetings, or digital versions of Post It notes, but also photos, videos, receipts, emails (and attachments), web pages, PDFs, presentations, your optical prescription in case you break your glasses, the frequency for your favorite radio stations in cities to which you travel. In short, anything you can print, write down or photograph and might need to refer to one day.

Individual notes live in the sections of a notebook; you can have multiple sections in multiple notebooks that you keep private or share with colleagues and sync across devices. You can open a notebook that someone else has shared with you and have it fully synced on your own device, making it easy to collaborate. As you can rename and move all of these, you don’t need to get the perfect structure straight away. Instead, the first step of making OneNote useful is to put as much information that you might need later as possible in there, so that you can search for it.

Send everything to OneNote

You can type, handwrite, record audio and video, and paste in text, images, video and other content in OneNote. You can even do simple math in OneNote; just type in the equation, followed by ‘=’ and OneNote will work it out for you. You can also share and print from other applications straight into OneNote, but the different tools give you slightly different results.

OneNote 2016 has a snipping tool (trigger it from the toolbar, the Windows system tray or make a keyboard shortcut for it) that lets you drag to select an area and choose the notebook section or even individual page where you want to save an image of what you snip. You can find the section or page by searching for the title, so you don’t have to scroll through long lists of sections and pages.

In the Windows 10 OneNote app, you can use the Windows snipping tool, then either find the note you want and paste in by hand or open the Screen Sketch tool then use the Share charm (which can only target the current page or notebook section).

You can print from any application using the OneNote printer drivers. The OneNote 2016 printer driver is automatically installed and can print into any page or notebook section, which you choose in the same snipping dialog. The OneNote Store printer driver you have to install yourself from the Store, and can only print a new page into notebook sections, which you have to painstakingly navigate to rather than being able to search for. Both drivers save images of the individual pages you print. You can also import files into the current page in OneNote 2016 as printouts or attachments. Outlook on Windows (and Mac for Office 365 users) has a Send to OneNote button that copies email text and attachments, or the details of meeting attendees, into OneNote. You can also grab the details of an Outlook meeting that you want to take notes on from inside OneNote 2016 and OneNote 10, to get the list of everyone who’s there quickly.

If you use the OneNote Web Clipper extensions for Edge, Chrome and Firefox, you get the editable text and images (you can choose whether to clip the whole page or just the main content); you can clip into any notebook section that’s stored in OneDrive or OneDrive for Business (even ones that are shared with you) if you don’t have the notebook open on your device, but again not into existing pages. If you have a lot of notebooks and sections, having to scroll through the alphabetical list is much slower than the OneNote 2016 word wheel search. You can’t clip PDFs, so if you’re viewing them in a web browser, print them to OneNote instead.

OneNote is also a share target in the iOS and Android browsers, although that saves a printout rather than the editable text of the web page.

Microsoft’s Office Lens app on iOS and Android (and Windows Phone) can save images directly into OneNote sections, which is a good way of capturing whiteboards, presentations, business cards and documents. (The Office Lens feature is also built into OneNote on iOS and Android, so you can snap photos on your phone and have them show up in the right place in a note you’re editing on your Mac or PC).

OneNote is also an  “If This Then That” target  (IFTTT) so, you can do things like archiving tweets, RSS feeds, Reddit posts, DropBox files, starred Gmail messages or articles from Pocket, Feedly or Instapaper into OneNote. This isn’t always reliable and high-volume archiving will quickly hit the size limit of OneNote sections, but it’s very convenient when it does work.

If you record audio or video into OneNote (on Windows or Mac), any notes you take while recording or playing back the recording are time synced, so you can easily jump to the most important section of a meeting or lecture. (OneNote can also record unlimited audio on iOS, but you can’t take notes at the same time.) The audio is also searchable in OneNote 2016, but as it’s just matching the sounds of words it’s not very accurate.

Searching in OneNote

OneNote 2016 has one search box and two keyboard shortcuts for searching: Ctrl-E searches across all your notes (or a subset that you choose), while Ctrl-F searches within the current note. OneNote for Windows 10 has the same keyboard shortcuts, although they select from a unified search dropdown. Either way, that makes it easy to find the right note and then the right sentence. Both versions of OneNote use the same Ctrl-M shortcut to open a new window, so you have multiple notes open at once.

You can also see a list of recently edited notes, as a way of getting back to what you were working on recently. In OneNote 2016 you can pick multi-time periods (from ‘today’ to the last six months or even a chronological view of all notes in the section) or search for changes by specific people.

If you have a digital pen, or a touchscreen PC or iPad, you can draw and handwrite notes, and OneNote uses handwriting recognition to make them searchable even if you don’t convert them to text. If you want to draw with your finger, turn that on in the Draw toolbar — and then turn it off again when you want to go back to using your finger for scrolling. If you want more space for drawing, both OneNote 2016 and OneNote 10 have a full-screen mode that hides all the toolbars and other controls.

Images in OneNote are automatically OCR’d, so you can search for text shown in an image or a printout. You can also right-click on them to copy the recognized text to use elsewhere, making this a quick way of scanning paper documents.

Image OCR and handwriting recognition work locally in OneNote 2016, which also gives you the widest choice of where to store notebooks — in OneDrive, on your local PC or on a network file share. Notebooks stored in OneDrive can sync automatically to your other devices and you can share them with colleagues for live co-editing. Content syncs right into the page, marked by the initials of the person adding it. Notebooks stored on a network file share can sync onto other PCs that have access to the network, including over a VPN, but you can’t open them on other devices.

Branscomb, Mary. “Getting the most from OneNote, Part I: A hidden Office Gem” TechRepublic July 30, 2018

Posted in: Mobile Computing, MS Office Tips and Tricks, Tech Tips for Business Owners

Leave a Comment (0) →

Scam of the Week: “Another” New CEO Fraud Phishing Wrinkle

So, here’s a new CEO Fraud phish: see these fresh screen shots from emails reported to us through the free KnowBe4 Phish Alert Button. Bad guys spoof the managing partner and CPA and an accounting & consulting firm and ask an employee for the  “Cash/Bank Statement Reconciliation” for June of this year.


Now, it’s not immediately clear what the bad guys could do with the data from such a statement, but this may simply be a first step of a one-two punch that is meant to establish credibility. The next step would be a malicious request for salary payment records like a pay stub that allow the bad guys to change bank accounts for direct deposit salary payment to accounts they control.

Here is another variant, where the employee seems to be willing to comply:

And here is another variant

See the payroll phish screenshot, which asks an employee at a credit union to change the email associated with another employee’s ADP account to a non-company email address.

Of course, ADP already allows employees to do this on their own:

We are expecting the scheme to work like this: once the email address is changed, the bad guys who control that email address can force a password change by selecting the “I forgot my password” option on the ADP portal, change the password, then effectively hijack the account. From there they can change the direct deposit info, mine the account for identity/tax refund theft, and so forth.

Presumably this same scheme could work with similar services (SAP, Paychex, Zenefits, etc.).

The “beauty” of this approach is that targeted employees as well as their employers would remain blind to all the fraudulent changes made after the email address is switched. How often do employees tend to log in to their ADP accounts anyway? Once every few months would be my guess. Perhaps even as infrequently as once a year. Two interesting observations about this particular phish:

  1. The bad guys didn’t bother spoofing the targeted employee’s corporate email address. They used the same address submitted as a substitute.
  2. The targeted employee doesn’t appear to be very senior in the organization. So, this might be some kind of initial test to see if the scheme works.

Sjouwerman, Stu. “Scam of the Week:”Another” New CEO Fraud Phising Wrinkle” blog July 20, 2018

Posted in: Security, Tech Tips for Business Owners

Leave a Comment (0) →

7 Tips to Using a Password Manager Safely

Password security can look pretty grim! However, the benefits of a good password manager – generating and saving complex, unique passwords you can easily update – mean that most experts recommend using one. “While it’s impossible to be completely immune from the most advanced threats, selecting the right third-party password manager can help users to protect their credentials from the majority of attacks that they may face,” says Baumgartner.

You can also take the following seven steps to ensure you’re protecting your accounts:

  1. Choose a password manager without master password recovery

Whatever you do, choose a password manager that does not allow for recovery of the master password. “If a malicious actor is able to get ahold of the master password through account recovery tools, this renders even the most secure password management programs useless,” says Baumgarten.

  1. Use Two-factor authentication

Any online account has a risk of being hacked. One way to circumvent this risk is to use two-factor authentication to protect your password manager. Chrome supports two-factor authentication with your smartphone, and, along with Firefox and Edge, also works with authentication hardware keys such as Yubico. Third-party password managers including Dashlane, LastPass and Sticky Password supports two-factor authentication with your smartphone. “While two-factor authentication may still have some risks due to threats like SIM hijacking, at a minimum it puts one more layer of defense between the cybercriminal and your full arsenal of login information,” says Baumgarten.

  1. Turn off autofill

You may want to consider turning off autofill. This also means logging into your password manager, then copying and pasting your passwords into the login screen.

  1. Use strong passwords

When composing your master password, make it strong. “By today’s standards this means 20 characters or more, randomly generated passwords that contain lower and uppercase letters, digits and symbols,” says Palfy.  You might be proud of how devilishly uncrackable it is – but don’t reuse your master password.

  1. Make sure all of your passwords are unique

Make sure all your other passwords are unique. Dashlane Premium is one of the options that can automatically check for weak or repeated passwords then automatically replace them with a random, complex password.

  1. Keep your software up to date

Download security updates for your password manager as soon as available – often, they will be patching newly discovered vulnerabilities.

  1. Be wary of downloads and browser extensions

In general, be wary of your downloads especially browser extensions – unwittingly installed malware could end up logging keystrokes or copying logins.

Choosing the right password manager

The best password managers do not allow you to recover your master password, they let you use two-factor authentication, they monitor your accounts for password breaches and weak passwords, they generate strong passwords for you, they back up your passwords securely online and they let you use a fingerprint or face ID to log in on your smartphone. Our favorite password manager, Dashlane Premium($60 per year), has all of the aforementioned features and more. It also fills out forms, including your credit card information, syncs across all of your devices, scans the Dark Web for personal data and account information and provides VPN service for your computer and smartphone to encrypt all of your data when using internet-based services over public WiFi.

This excerpt is taken from “Is it Safe to Use a Password Manager?”, an article written by Natasha Stoke, Click here if you would like to read the article in its entirety.

Posted in: Security, Tech Tips for Business Owners

Leave a Comment (0) →

Your Google Account Might Be Giving Outside Developers Access to Your Data – Here’s How to Disconnect Apps You Don’t Trust Before They Read Your Mail

You may not be the only one reading your messages in your Gmail Account.

While Google itself has stopped scanning Gmail users’ email, some third-party developers have created apps that can access consumers’ accounts and scan their messages for marketing purposes, according to a new report in the Wall Street Journal. In some cases, it’s not just the developer’ computers but their human employees who are reading Gmail users’ messages, according to the report.

Google has long allowed software developers the ability to access users’ accounts as long as users gave them permission.  That ability was designed to allow developers to create apps that consumers could use to add events to their Google Calendars or to send messages from their Gmail accounts.

But marketing companies have created apps that take advantage of that access to insights into consumers’ behavior, according to the report.  The apps offer things such as price-comparison services or travel-itinerary planning, but the language in their service agreements allows them to view users’ email as well.  In fact, it’s become a “common practice” for marketing companies to scan consumers’ email, The Journal reported.

It isn’t clear how carefully google is monitoring such uses.  Many consumers may not be aware that they’ve given apps such access to their accounts.  Even if they are, Facebook’s Cambridge Analytica scandal offers a worrisome example of how similar access to consumer data can be abused.

Here’s how to see which apps have access to your Google account and how to block them from accessing it in the future.

From your Google Account homepage, go to the Sign-in & Security section.

To get to your Google Account page, select the “Account” icon from the app menu in the top right-hand corner of your Gmail account or navigate to

Click on the “Apps with account access” link or scroll down to the very bottom of the page.

In that section, you’ll see all of the apps to which you’ve given any kind of access since you created your account.

Select “Manage Apps” to see more details.

You’ll see what kinds of information and services inside your Google account to which the apps have access.

Google organizes apps that have access to your account into three different groups.

The three groups are apps that allow for “Signing in with Google,” “Third-party apps with account access,” and “Google apps.”

It’s obvious what Google apps are — things like Chrome and Drive. But here’s how the two other groups differ:

Apps in the “Signing in with Google” section have access to your name, email address, and profile picture. But in some cases they may have access to more of your information — potentially a lot more, such as the ability to read and delete your email messages.

You most likely gave the “Signing in with Google” apps permission to access such data because you wanted to use your Google login to sign into your accounts with them instead of having to create separate user accounts and passwords. But some companies that use Google’s apps in their workplaces also require their employees to use their Google login to sign in to other apps and services.

The “Third-party apps with account access” typically have access to much more than just your basic profile information. In fact, according to a Google support page, these apps often “can see and change nearly all information in your Google Account.”

Developers whose apps have such access to your account can’t change your password, delete your account, or use Google Pay on your behalf, but they can read your email — or have their employees do it.

Some apps require those kinds of permissions to do what you’ve asked them to do. If you want to be able to use a mail app on your computer to manage your Gmail account or your Google calendar, it needs to be able to read and delete messages or appointments.

But you should make sure you trust the apps and developers that have such access to your accounts and that you are giving them only as much access as they need.

If you see one you don’t trust, you can block it by clicking on “Remove Access.”

After clicking on that button you’ll have to click “OK” to confirm that you really want to block the app. The app should then disappear from the list of apps that have access to your account and should no longer have any ability to view or do anything else with your email or other data.

It’s a good idea to check the “Apps with access to your account” page every few months to keep your account safe from wandering eyes.


Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

One of Microsoft Outlook’s Hidden Gems: “Advanced Find”

Our days keep getting busier and busier! Which in return equates to our need to be more efficient than ever.

Outlook has many features that can help us battle this busy culture.

Did you know that within minutes you can put your finger (or in this case, your mouse), on that one piece of mail that you know you received last week but didn’t have the time to file it properly, and now it’s buried beneath a plethora of recent mail? A general search can help a little, but will still produce a lot of unnecessary mail to weed through.

This hidden gem is Outlook’s “Advanced Find” – this quick and easy feature will save you lots of time.

So, let’s get started!

Begin by making sure you are in the mailbox you want to search.

Next, click your mouse in the search box on the top right; the option for Search Tools will then become available on the title bar.


Click on Search Tools>Advanced Find

In the Advanced Find box, you can specify much more complex criteria and even search in your calendar, contacts list, notes, and tasks. But for this demonstration we will choose an email search with detailed specifics.


Ideally, we would all like to be so organized that we would never have to search for that unfiled email, note, or calendar entry.  But I hope we can agree that this is a great tip for that occasional slip!

Go ahead and give it a try!


Posted in: Tech Tips for Business Owners

Leave a Comment (0) →
Page 5 of 26 «...34567...»