TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Cyberattacks

Would Your Business Survive A Serious Cyberattack?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It’s not a comfortable question, and it’s one many SMB owners assume they never really need to answer.

Cyberattacks feel like something that happens to other people. Big brands. Global companies. Organizations with huge IT teams and budgets.

The reality is very different.

Recent research shows that a worrying number of businesses believe they simply wouldn’t survive a major cyber incident.

That might sound dramatic, but it’s a fair reflection of how exposed many businesses still are.

Cyberattacks have changed. They’re no longer just a hacker guessing a password. Attacks today are faster, more targeted, and often designed to shut a business down completely.

Ransomware, for example, is a type of attack where criminals lock your systems and demand payment to unlock them. If you can’t access your data, your systems, or your customer information, normal business stops very quickly.

What’s interesting is that most business leaders know the risk is rising. Many openly admit they expect their staff to fall for a phishing attack.

Phishing is when a fake email or message pretends to be legitimate, tricking someone into clicking a link or handing over login details.

That single mistake can be all an attacker needs.

Despite this awareness, the basics are still being missed.

Password reuse is a big one. If someone uses the same password at work and across multiple personal accounts, one breach can quickly turn into many.

Cybercriminals know this, which is why stolen passwords are so valuable.

Basic cyber awareness training is another gap. Many employees have never been shown what to look out for or how to spot common scams.

But it’s not all doom and gloom.

High-profile attacks have made business owners more alert, especially around newer threats like AI-driven scams and deepfake video calls that pretend to be senior leaders. That growing skepticism is healthy.

The most important thing to understand is that surviving a cyberattack doesn’t need expensive tools or complex technology.

Preparation is your best tool.

Simple steps like strong, unique passwords and regular staff training make a real difference.

Do you think your business would survive a serious cyberattack? If you’re not sure, we can help you strengthen your defenses. Give us a call at (734) 457-5000.

Think About Recovery Before The Attack Strikes

Let us set the scene. It’s an ordinary Wednesday. You’re in the zone, minding your own business, getting things done, and making those boss decisions that keep your company running smoothly. Suddenly, without warning, BAM… you get hit with a cyber attack.

Panic mode kicks in.

But here’s the thing: These attacks are far more common than you might think. And guess who the favorite targets are? Surprisingly, it’s not the big multinational corporations but small and medium-sized businesses (SMBs) like yours.

The consequences of a cyber attack? We’re talking about severe financial losses, significant data loss, and reputation damage that can take years to recover from. The whole nine yards.

However, it doesn’t have to be that way. If you have a recovery plan in place, you can turn what could be a total nightmare into merely “an annoying inconvenience.”

So, what should your recovery plan include? Well, let’s start with prevention. Prevention is absolutely key. Investing in solid cybersecurity measures such as firewalls, antivirus software, and regular security checkups can go a long way in keeping your business safe. And don’t underestimate the importance of educating your team about good cyber hygiene – this includes using strong passwords, recognizing phishing attempts, and not clicking on suspicious links.

Next, it’s crucial to have a game plan for when the inevitable happens. This means having clear protocols in place for how to respond to an attack. Know who to call, what immediate steps to take to minimize the damage, and how to communicate with your stakeholders. Quick and decisive action can significantly reduce the impact of an attack.

One of the most critical components of your recovery plan is data backups. Regularly backing up your data to a secure location can be a true lifesaver in the event of an attack. This ensures that even if your systems are compromised, you still have access to your important files. Make sure your backups are done frequently and stored in a location that is not connected to your primary network.

Moreover, practice makes perfect! Regularly test your recovery plan to ensure it’s effective and up to date. Conducting drills and simulations can help you identify any weaknesses in your plan and make necessary adjustments. After all, you don’t want to wait until disaster strikes to discover that your plan has more holes than a block of Swiss cheese.

It’s also important to consider the legal and regulatory aspects of cybersecurity. Different industries have different requirements when it comes to data protection and breach notification. Ensure that your recovery plan complies with all relevant laws and regulations. This not only helps protect your business but also builds trust with your customers and partners.

In the aftermath of an attack, communication is key. Be transparent with your customers, employees, and other stakeholders about what happened, what steps you are taking to address the situation, and how you plan to prevent future incidents. Honest and timely communication can help mitigate reputation damage and maintain trust.

Finally, consider partnering with cybersecurity experts who can provide additional support and guidance. They can help you develop a comprehensive recovery plan, conduct regular security assessments, and stay up to date with the latest threats and best practices. Cybersecurity is a complex and ever-evolving field, and having experts on your side can make a significant difference.

Cyber attacks may be scary, but with a solid recovery plan in place, you can rest easy knowing your business is armed and ready. Remember what they say: Fail to prepare, prepare to fail.

If you need assistance in creating your recovery plan, don’t hesitate to get in touch. We’re here to help you safeguard your business and ensure you’re prepared for whatever comes your way.

Cyber-Compliance Is Serious Business

If you’ve never experienced a cyberattack, you might not think it’s such a big deal.

Especially if you work in management, you’re so busy focusing on the so-called squeaky wheels of every day; does it really matter if you keep up with the intricacies of modern cybersecurity compliance protocol? YES!

Increased digitization across the globe plus ever-advancing cyber threats equals a constantly evolving market, and legislation that scrambles to keep up.

Why Reporting Matters in a Data Breach

Have you ever experienced a cyberattack, either aimed at you or leveled at your organization? If so, then you might already know how important it is to report the breach – and we don’t just mean to your direct managers or the police!

When a data breach happens, you are often beholden to laws detailing what, how fast and to whom you must disclose. For example, financial institutions have to notify the Federal Trade Commission within thirty days.

You typically have to disclose the breach to anyone affected too, depending on what information was stolen. Where do you work? Do you know the laws set upon your industry and role?

So not only does cyber-compliance affect your ability to protect yourself and your customers from a data breach, but that hack will affect customers’ trust in your ability to keep their personal and financial information safe.

There are also legal concerns to think about. Lawsuits can cost millions between legal fees, penalties, profit losses and disruptions to the daily workflow.

Consider that the average company spends $10K per employee on cyber-compliance, and you see why maintaining compliance saves millions – about half of what you’d spend if you let vulnerabilities lay rampantly unpatched.

Maintaining compliance isn’t just smart; it’s necessary. To foster good relationships with your customers and shareholders, and avoid fines and breaches, companies must maintain a compliant cybersecurity structure.

These regulations change over time but do so to keep up with the latest tricks up cybercriminals’ sleeves.

Our IT services include compliance as part of our all-in-one package to reduce excess labor on your end. We’ll stay up to date on changing regulations so you stay cyber-compliant!

Reporting is one of many important regulations that make you more cyber-secure. Think about it: If your bank accounts, or health records, or mailing information got leaked, wouldn’t you want to know?

It’s not just about preferences, though. Data privacy is a right in many countries across the globe. More and more, people and legislation are all pushing for better data privacy protections.

How can we keep our accounts and data private if we don’t know when a breach has occurred? If you don’t know YOUR reporting requirements, now is the time to find out! Give us a call.

Satellites Are Safe In Space…But Not Cyber-Space!

Yes, satellites are indeed vulnerable to cyberattacks.

As sophisticated technologies, satellites are not immune to the risks posed by cyber threats. While they operate in space, they are still managed and controlled through ground stations on Earth, making them susceptible to various types of cybervulnerabilities.

Think about it…

Like any computer system, satellites can be infected with malware or viruses, affecting their functionality and data integrity. They can also be overwhelmed with excessive traffic, causing temporary or permanent disruptions, like any other DDOS attack.

Attackers can also send false signals or information to satellites, leading to incorrect data processing or navigation errors.

Imagine if a company’s computer systems crash, or there’s a big cyber-attack, or a natural disaster like a flood or fire strikes their office.

With a well-thought-out plan in place, you (and your coworkers)can quickly get back on your feet, minimize the damage and continue serving customers.

The disaster recovery plan includes things like data backups, so important information doesn’t get lost forever. It also outlines who’s in charge of what during the crisis, so everyone knows what to do.

If hackers gain access to the ground stations or satellite control systems, they may be able to manipulate or disrupt satellite operations. Intercepting that communication signal could expose sensitive information!

While less common, physical attacks on satellites or their infrastructure in space can also occur, leading to a loss of functionality.

If someone successfully hacked a satellite, it could impact critical services such as communication, navigation, weather forecasting and national security.

For this reason, space agencies, satellite operators, government organizations and other stakeholders are continuously working to enhance satellite cybersecurity measures and stay ahead of potential threats!

Do you have a disaster recovery plan?

Having a disaster recovery plan might seem like extra work, but it’s a smart and responsible thing to do.

It helps keep the company running smoothly even when bad things happen, and it shows that you’re ready for anything! So, just like how we prepare for unexpected situations in our daily lives, companies need to have a disaster recovery plan to be ready for anything that comes their way.

It’s like having an emergency kit ready for unexpected disasters. Just like how we keep a flashlight, some snacks, and first aid supplies handy for emergencies, a disaster recovery plan is a strategy for what to do when major problems occur that disrupt operations.

A disaster recovery plan also ensures that you have a safe place to work from in case their usual office is unavailable (like, say, if a global pandemic were to strike?).

When something major happens, it’s normal for people to panic. A disaster recovery plan that has been routinely tested, updated and studied will save you from the panic, and headache, of what to do when the worst goes down.

Instead, you’ll be back to business as usual in no time.

Proven Ways To Mitigate The Cost Of A Data Breach

Cybersecurity is an essential aspect of running a business. In today’s digital world, it’s crucial to have a plan in place to respond to incidents, adopt a zero trust approach to security, and use tools with security AI and automation.

By taking these measures, you can help reduce the cost of a data breach and lower the risk of cyberattacks.

Putting in place an incident response plan is crucial for any organization. In the event of a cyberattack, having a well-planned and executed response can help contain the breach and prevent further damage.

In fact, a practiced incident response plan can greatly reduce the cost of a data breach, by an average of $2.66 million per incident. It’s important to regularly practice and update this plan to ensure that your organization is prepared for any potential cyber threats.

Another effective cybersecurity measure is to adopt a zero trust approach. This means that instead of trusting everything within your network, you should verify everything and everyone.

By adopting a zero trust approach, you can significantly reduce the cost of a data breach. Organizations that don’t deploy zero trust tactics pay about $1 million more per breach.

It’s important to carefully evaluate the access levels of your employees and partners, and ensure that they only have access to the information and systems they need to do their jobs.

Using tools with security AI and automation is also an effective way to reduce the cost of a data breach. These tools use machine learning and artificial intelligence to detect and respond to cyberattacks. By automating your cybersecurity processes, you can free up your IT team to focus on other tasks while ensuring that your organization is protected against cyber threats.

Advanced Threat Protection (ATP) is an example of a tool that uses security AI and automation to detect and respond to cyberattacks. By using these types of tools, you can reduce the cost of a data breach by 65.2%.

If you’re feeling overwhelmed by the thought of improving your organization’s cybersecurity, working with a trusted IT partner can help.

A trusted IT partner can help you develop a cybersecurity roadmap, implement best practices, and ensure that your organization is protected against cyber threats. They can also provide regular security assessments and help you stay up-to-date with the latest threats and vulnerabilities.

Cybersecurity is a critical aspect of running a business in today’s digital world. By putting in place an incident response plan, adopting a zero trust approach, and using tools with security AI and automation, you can greatly reduce the cost of a data breach and lower the risk of cyberattacks.

If you need help improving your organization’s cybersecurity, consider working with a trusted IT partner like Tech Experts who can guide you through the process and ensure that your organization is protected against cyber threats.

What Are The Top Cybersecurity Attack Trends For 2023?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

As the world becomes increasingly reliant on technology, cyber attacks have become a major concern for individuals and organizations alike. In 2023, it is likely that we will see a continuation of current trends, as well as the emergence of new threats. Here are some things to look out for:

Ransomware attacks

Ransomware attacks involve hackers encrypting a victim’s data and demanding a ransom in exchange for the decryption key. These attacks can be extremely disruptive, as they can prevent businesses from accessing important data and systems.

It is likely that we will see an increase in the number of ransomware attacks, as well as more sophisticated and targeted attacks.

[Read more…] about What Are The Top Cybersecurity Attack Trends For 2023?

What Does ‘Zero Trust’ Actually Mean?

It’s nothing to do with the fear that your teenage children will hold a party when you go away for the weekend.

Zero trust is actually about technology security. It’s one of the most secure ways to set up your network, although it can have a very negative effect on productivity.

Most networks take a ‘trust but verify’ approach. They assume every device that connects is supposed to be there. Access the network once and you can go anywhere.
Imagine you’re using a security pass to access a building… and once inside there are no further security checks, so you can get into every single room.

Cyber criminals love this approach, for obvious reasons.

Zero trust is the opposite approach. Every login and device is treated as a potential threat until it’s authenticated, validated, and authorized.

Once in, you can’t access other parts of the network without going through this process again.
Back to the building analogy – once inside the building you are surrounded by security doors and must use your security pass to get through each one. If your pass isn’t valid, you’re limited where you can go.

Zero trust has its uses, especially with so many people working remotely these days. But it can have a negative effect on your workflow and can slow down your team.

If you want to talk through whether it’s right for your business, get in touch.

Small Businesses Are Attacked By Hackers Three Times More Often Than Larger Ones

Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want?

Didn’t think they even knew about your small business?

Well, a new report out by cyber-security firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security.

Barracuda Networks found something alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.

Why Are Smaller Companies Targeted More?

There are many reasons why hackers see small businesses as low-hanging fruit and why they are becoming larger targets of hackers out to score a quick illicit buck.

Small Companies Tend to Spend Less on Cybersecurity

When you’re running a small business, it’s often a juggling act of where to prioritize your cash. You may know cybersecurity is important, but it may not be at the top of your list. So, at the end of the month, cash runs out, and it’s moved to the “next month” wish list of expenditures.

Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus program and think that’s enough to cover them.

But with the expansion of technology to the cloud, that’s just one small layer. You need several more for adequate security.

Hackers know all this and see small businesses as an easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation.

Every Business Has “Hack-Worthy” Resources

Every business, even a 1-person shop, has data that’s worth scoring for a hacker. Credit card numbers, SSNs, tax ID numbers, and email addresses are all valuable. Cyber-criminals can sell these on the Dark Web. From there, other criminals use them for identity theft.

Here are some of the data that hackers will go after:

  • Customer records
  • Employee records
  • Bank account information
  • Emails and passwords
  • Payment card details

Small Businesses Can Provide Entry Into Larger Ones

If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies, including digital marketing, website management, accounting, and more.

Vendors are often digitally connected to their client’s systems.

This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus.

Small Business Owners Are Often Unprepared for Ransomware

Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organizations experienced ransomware attacks.

The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.

Who’s To Blame For A Cyber Security Breach?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We all know what a huge danger a cyber security breach can be for a business. And just how many businesses are being breached right now. You hear about it on the nightly news and read about it almost daily in the newspaper.

In truth, we hate having to write this. We don’t want to feel like we’re scaring you or sound all doom and gloom! But it’s really important that you’re fully aware of the risk to your business if you suffer a breach.

Last year, the number of reported data breaches rose 68% compared to 2020.

And while it’s a good idea to implement the right cyber security tools to help reduce the risk of an attack, it’s practically impossible (or definitely unworkable) to give your business 100% protection from attack by only using software tools. You also have to manage the human element of data protection. [Read more…] about Who’s To Blame For A Cyber Security Breach?

Top 5 Cybersecurity Mistakes That Leave Your Data At Risk

The global damage of cybercrime has risen to an average of $11 million USD per minute, which is a cost of $190,000 each second.

Sixty percent of small and mid-sized companies that have a data breach end up closing their doors within six months because they can’t afford the costs.

The costs of falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, and more.

Many of the most damaging breaches are due to common cybersecurity mistakes that companies and their employees make.

Here are several of the most common missteps when it comes to basic IT security best practices.

Not implementing multi-factor authentication (MFA)

Credential theft has become the top cause of data breaches around the world, according to IBM Security.

MFA reduces fraudulent sign-in attempts by a staggering 99.9%.

Ignoring the use of shadow IT

Shadow IT is the use of cloud applications by employees for business data that haven’t been approved and may not even be known about by a company.

Shadow IT use leaves companies at risk for several reasons:

  • Data may be used in a non-secure application
  • Data isn’t included in company backup strategies
  • If the employee leaves, the data could be lost
  • The app being used might not meet company compliance requirements

It’s important to have cloud use policies in place that spell out for employees the applications that can and cannot be used for work.

Thinking you’re fine with only an antivirus

No matter how small your business is, a simple antivirus application is not enough to keep you protected. In fact, many of today’s threats don’t use a malicious file at all.

Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware.

Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.

You need to have a multi-layered strategy in place that includes things like:

  • Next-gen anti-malware (uses AI and machine learning)
  • Next-gen firewall
  • Email filtering
  • DNS filtering
  • Automated application and cloud security policies
  • Cloud access monitoring

Not having device management in place

A majority of companies around the world have had employees working remotely from home since the pandemic. However, device management for those remote employee devices as well as smartphones used for business hasn’t always been put in place.

A device management application in place, like Intune in Microsoft 365 can help manage this.

Not providing adequate training to employees

An astonishing 95% of cybersecurity breaches are caused by human error.

Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process.

Some ways to infuse cybersecurity training into your company culture include:

  • Short training videos
  • IT security posters
  • Webinars
  • Team training sessions
  • Cybersecurity tips in company newsletters