TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

cybersecurity

The Cost Of Cyber Safety: Protecting Your Small Or Mid-Sized Business

Running a successful small or mid-sized business means keeping a close eye on key areas like operations, marketing, and customer satisfaction. But how often do you assess your cyber security?

In today’s digital world, your company handles sensitive data that could be at risk from cyber-attacks. A breach could cause not only financial losses but also serious damage to your business’s reputation.

At Tech Experts, we specialize in helping businesses like yours identify vulnerabilities and strengthen defenses to stay ahead of cyber threats. Our expert team conducts comprehensive cyber security assessments designed to protect your company from data breaches, improve efficiency, and help you stay compliant with industry regulations. Here’s a breakdown of what a typical cyber security assessment looks like:

Penetration testing

We simulate a real-world cyber-attack to identify weaknesses in your systems. This testing helps us view your company’s vulnerabilities from a hacker’s perspective, allowing us to recommend necessary improvements.

Information governance

Protecting your sensitive data means knowing exactly where it’s stored, how it’s accessed, and who controls it. We help you document this information and implement strong access controls to prevent unauthorized data exposure.

Security monitoring and employee training

Continuous system monitoring, paired with educating employees to spot threats, plays a critical role in maintaining a secure business environment. Training your team can prevent many cyber incidents caused by human error.

Patch management

Regularly updating software to fix vulnerabilities is crucial. We’ll evaluate your patch management procedures to ensure your business is up to date with the latest protections.

Business continuity and disaster recovery

Having a plan in place is essential if an attack does occur. We assist in developing strategies that minimize downtime and ensure your business can quickly recover.

Supply chain security

It’s not just your business that matters. Weaknesses in your partners’ systems can affect you too. We assess the security practices of your suppliers to make sure your entire network is secure.

Why cyber security matters for your business

Cyber security isn’t just about technology; it’s about trust. A breach could cost your business not just money but also the trust of your customers. By regularly assessing and improving your cyber defenses, you signal to your stakeholders that you take security seriously and are committed to protecting their information.

Staying on top of cyber security can provide your business with an edge. Companies that prioritize cyber security are less likely to experience downtime or disruptions due to breaches, which means more stability and productivity.

At Tech Experts, we use the latest tools and techniques to provide in-depth assessments tailored to your business’s needs. Whether it’s enhancing network performance, securing cloud services, or improving mobile operations, we help you build a stronger, more resilient organization.

9 Easy Steps To Building A Culture Of Cyber Awareness

Cyberattacks are a constant threat in today’s digital world. Phishing emails, malware downloads, and data breaches. They can cripple businesses and devastate personal lives.

Employee error is the reason many threats get introduced to a business network. A lack of cybersecurity awareness is generally the culprit. People don’t know any better, so they accidentally click a phishing link. They also create weak passwords, easy for hackers to breach.

It’s estimated that 95% of data breaches are due to human error.

But here’s the good news, these mistakes are preventable. Building a strong culture of cyber awareness can significantly reduce your risks.

Why Culture Matters

Think of your organization’s cybersecurity as a chain. Strong links make it unbreakable, while weak links make it vulnerable. Employees are the links in this chain. By fostering a culture of cyber awareness, you turn each employee into a strong link. This makes your entire organization more secure.

Easy Steps, Big Impact

Building a cyber awareness culture doesn’t require complex strategies or expensive training programs. Here are some simple steps you can take to make a big difference.

1. Start with Leadership Buy-in
Security shouldn’t be an IT department issue alone. Get leadership involved! When executives champion cyber awareness, it sends a powerful message to the organization. Leadership can show their commitment by:

  • Participating in training sessions
  • Speaking at security awareness events
  • Allocating resources for ongoing initiatives

2. Make Security Awareness Fun, Not Fearful
Cybersecurity training doesn’t have to be dry and boring. Use engaging videos, gamified quizzes, and real-life scenarios. These keep employees interested and learning.

Think of interactive modules. Ones where employees choose their path through a simulated phishing attack. Or short, animated videos. Videos that explain complex security concepts in a clear and relatable way.

3. Speak Their Language
Cybersecurity terms can be confusing. Communicate in plain language, avoiding technical jargon. Focus on practical advice employees can use in their everyday work.

Don’t say, “implement multi-factor authentication.” Instead, explain that it adds an extra layer of security when logging in. Like needing a code from your phone on top of your password.

4. Keep it Short and Sweet
Don’t overwhelm people with lengthy training sessions. Opt for bite-sized training modules that are easy to digest and remember. Use microlearning approaches delivered in short bursts throughout the workday. These are a great way to keep employees engaged and reinforce key security concepts.

5. Conduct Phishing Drills
Regular phishing drills test employee awareness and preparedness. Send simulated phishing emails and track who clicks. Use the results to educate employees on red flags and reporting suspicious messages.

But don’t stop there! After a phishing drill, take the opportunity to dissect the email with employees. Highlight the telltale signs that helped identify it as a fake.

6. Make Reporting Easy and Encouraged
Employees need to feel comfortable reporting suspicious activity without fear of blame. Create a safe reporting system and acknowledge reports promptly. You can do this through:

  • A dedicated email address
  • An anonymous reporting hotline
  • A designated security champion employees can approach directly

7. Security Champions: Empower Your Team
Identify enthusiastic employees who can become “security champions.” These champions can answer questions from peers as well as promote best practices through internal communication channels. This keeps security awareness top of mind.

Security champions can be a valuable resource for their colleagues. They foster a sense of shared responsibility for cybersecurity within the organization.

8. Beyond Work: Security Spills Over
Cybersecurity isn’t just a work thing. Educate employees on how to protect themselves at home too. Share tips on strong passwords, secure Wi-Fi connections, and avoiding public hotspots. Employees who practice good security habits at home are more likely to do so in the workplace.

9. Celebrate Success
Recognize and celebrate employee achievements in cyber awareness. Did someone report a suspicious email? Did a team achieve a low click-through rate on a phishing drill? Publicly acknowledge their contributions to keep motivation high. Recognition can be a powerful tool. It helps reinforce positive behavior and encourages continued vigilance.

The Bottom Line: Everyone Plays a Role

Building a culture of cyber awareness is an ongoing process. Repetition is key! Regularly revisit these steps. Keep the conversation going. Make security awareness a natural part of your organization’s DNA.

Cybersecurity is a shared responsibility. By fostering a culture of cyber awareness your business benefits.

Think About Recovery Before The Attack Strikes

Let us set the scene. It’s an ordinary Wednesday. You’re in the zone, minding your own business, getting things done, and making those boss decisions that keep your company running smoothly. Suddenly, without warning, BAM… you get hit with a cyber attack.

Panic mode kicks in.

But here’s the thing: These attacks are far more common than you might think. And guess who the favorite targets are? Surprisingly, it’s not the big multinational corporations but small and medium-sized businesses (SMBs) like yours.

The consequences of a cyber attack? We’re talking about severe financial losses, significant data loss, and reputation damage that can take years to recover from. The whole nine yards.

However, it doesn’t have to be that way. If you have a recovery plan in place, you can turn what could be a total nightmare into merely “an annoying inconvenience.”

So, what should your recovery plan include? Well, let’s start with prevention. Prevention is absolutely key. Investing in solid cybersecurity measures such as firewalls, antivirus software, and regular security checkups can go a long way in keeping your business safe. And don’t underestimate the importance of educating your team about good cyber hygiene – this includes using strong passwords, recognizing phishing attempts, and not clicking on suspicious links.

Next, it’s crucial to have a game plan for when the inevitable happens. This means having clear protocols in place for how to respond to an attack. Know who to call, what immediate steps to take to minimize the damage, and how to communicate with your stakeholders. Quick and decisive action can significantly reduce the impact of an attack.

One of the most critical components of your recovery plan is data backups. Regularly backing up your data to a secure location can be a true lifesaver in the event of an attack. This ensures that even if your systems are compromised, you still have access to your important files. Make sure your backups are done frequently and stored in a location that is not connected to your primary network.

Moreover, practice makes perfect! Regularly test your recovery plan to ensure it’s effective and up to date. Conducting drills and simulations can help you identify any weaknesses in your plan and make necessary adjustments. After all, you don’t want to wait until disaster strikes to discover that your plan has more holes than a block of Swiss cheese.

It’s also important to consider the legal and regulatory aspects of cybersecurity. Different industries have different requirements when it comes to data protection and breach notification. Ensure that your recovery plan complies with all relevant laws and regulations. This not only helps protect your business but also builds trust with your customers and partners.

In the aftermath of an attack, communication is key. Be transparent with your customers, employees, and other stakeholders about what happened, what steps you are taking to address the situation, and how you plan to prevent future incidents. Honest and timely communication can help mitigate reputation damage and maintain trust.

Finally, consider partnering with cybersecurity experts who can provide additional support and guidance. They can help you develop a comprehensive recovery plan, conduct regular security assessments, and stay up to date with the latest threats and best practices. Cybersecurity is a complex and ever-evolving field, and having experts on your side can make a significant difference.

Cyber attacks may be scary, but with a solid recovery plan in place, you can rest easy knowing your business is armed and ready. Remember what they say: Fail to prepare, prepare to fail.

If you need assistance in creating your recovery plan, don’t hesitate to get in touch. We’re here to help you safeguard your business and ensure you’re prepared for whatever comes your way.

Insights from the 2023 Annual Cybersecurity Attitudes and Behaviors Report

We are living in an era dominated by digital connectivity. As technology advances, so do the threats that lurk in the online world.

Often, it’s our own actions that leave us most at risk of a cyberattack or online scam. Risky behaviors include weak passwords and lax security policies, as well as thinking “This won’t happen to me.” This is why human error is the cause of approximately 88% of data breaches.

The National Cybersecurity Alliance and CybSafe publish a report on cybersecurity attitudes and behaviors. The goal is to educate both people and businesses on how to better secure their digital landscapes.

This year’s study surveyed over 6,000 people across the U.S., Canada, the U.K., Germany, France, and New Zealand. The survey asked about several things including knowledge of cybersecurity risks, security best practices, and challenges faced.

The report reveals some eye-opening insights, including how people perceive and respond to cyber threats as well as what they can do to improve their cybersecurity posture.

We are online… a lot

It’s no surprise that 93% of the study participants are online daily. The logins we create continue to expand, as well as those considered “sensitive.” Sensitive accounts hold personal information that could be harmful if stolen.

Nearly half (47%) of the study’s respondents have ten or more sensitive online accounts. This amplifies risk, especially if people are using the same password for two or more of those accounts.

Online security makes people frustrated

Most people (84%) feel that online security is a priority. But as many as 39% feel frustrated, and nearly the same amount intimidated. It can seem that you just can’t get ahead of the hackers. Just over half of people thought digital security was under their control. That leaves a whole lot that don’t think so.

But that is no reason to let down your defenses and become an easy target. There are best practices you can put in place to safeguard your online accounts that work, including:

  • Enabling multi-factor authentication on your accounts
  • Using an email spam filter to catch phishing emails
  • Adding a DNS filter to block malicious websites
  • Using strong password best practices

People need more access to cybersecurity training

One way to reduce human errors associated with cybersecurity is to train people. The survey found that just 26% of respondents had access to cybersecurity training.

It also broke this down by employment status. We see that those not actively employed are most lacking. Even those employed can use more training access and encouragement. Just 53% report having access to cybersecurity awareness training and using it.

Employers can significantly reduce their risk of falling victim to a data breach by improving their security awareness training.

Cybercrime reporting is increasing

Over a quarter (27%) of survey participants said they had been a victim of cybercrime. The types of cybercrimes reported include:

  • Phishing (47%)
  • Online dating scams (27%)
  • Identity theft (26%)

Millennials reported the most cybercrime incidents. Baby Boomers and the Silent Generation reported the fewest.

No matter where you fall in the generations, it’s important to adopt security best practices and be vigilant about your online security.

Unlocking The Power Of Encryption For Your Small Business: Safeguard Your Digital Assets

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Keeping sensitive business data safe is a top priority. When you’re managing a team of employees that use PCs, phones, and tablets, the importance of encryption can’t be stressed enough.

Encryption is a secret code for your digital information. It scrambles your data into an unreadable format, and only someone with the right “key” can unscramble and access it. Think of it as a lock and key system for your digital assets, ensuring that even if someone gains unauthorized access to your devices or data, they can’t make head nor tail of it without the key.

Your business likely stores tons of sensitive information, from financial records to customer data. Encryption ensures that even if a device is lost or stolen, your data remains safe and confidential.

And there are loads of other benefits too. Lots of industries have strict regulations regarding data security and privacy (think HIPAA). Encryption helps you stay compliant, avoiding expensive fines and legal troubles. [Read more…] about Unlocking The Power Of Encryption For Your Small Business: Safeguard Your Digital Assets

Cybersecurity Tips For Everyday Life

When it comes to cybersecurity, we often rely on our IT experts and installed software to protect our systems from digital threats.

From tech support to firewalls, a lot of tools and people contribute to our online safety!

In the midst of all of this, we can sometimes forget that we, too, play a critical role in guarding our systems and networks. At home or in the office, we each have a responsibility to protect the private data in our care.

Human error

Human error is actually responsible for 95% of cyberattacks. YOU are the number one threat to your own private data! You can also be its greatest defense.

How might you put yourself at risk? It can be as simple as clicking on malicious links, opening attachments from unknown senders, or sharing sensitive data by mistake. One wrong click, if your devices and systems aren’t properly equipped to defend themselves, can be disastrous.

Social engineering

Then there are social engineering attacks, which use human psychology to trick people into revealing sensitive information or taking actions that compromise security. Because they rely on you acting emotionally against your better instincts, even people who are aware of the risks can easily fall victim to social engineering attacks. It only takes one moment of weakness!

We also play a part in protecting private data whenever we brush up on our Security Awareness Training. That knowledge helps us to identify and track potential threats, which help prevent them from happening in the first place! We are also responsible for reporting suspicious activity to the appropriate teams, which can help identify and respond to attacks early on, before they cause significant damage.

They say “it takes a village,” and that rings just as true in the digital landscape of cyberspace! Together we can make the Internet a safer place to spend our time.

Always back up your data

Data loss can happen to anyone, at any time. It can be caused by a hardware failure, software corruption, malware attack, fire, theft, or simply human error. Backing up your data is crucial to protect yourself from these events. It will also save you the time, money, and stress of losing your data.

When you’re wondering what to back up on your system, the answer is simple: Save everything that you don’t want to lose. That includes personal documents, like photos, music, videos, emails, financial documents, and other memories and files that you don’t want to lose. You might also want to do this for application data, which includes settings and save files for those programs that you use frequently.

System files are essentially the applications and processes which your computer (or whatever device you’re considering) need to run. Backing up system files helps make system recovery seamless if anything happens. If a crucial file is corrupted or destroyed, it could crash your whole system irrecoverably.

Then, at least once per month, you should back up your storage files to another, separate location so you have two versions saved in case one file gets corrupted. Some cybercriminals go straight after your saved storage, hoping to excavate a large amount of data at once.

Automatic backups ensure your continued protection whether you forget or are otherwise prevented from doing it on time.

How Can Your Business Be Impacted By The New SEC Cybersecurity Requirements?

Cybersecurity has become paramount for businesses across the globe. As technology advances, so do the threats. Recognizing this, the U.S. Securities and Exchange Commission (SEC) has introduced new rules. They revolve around cybersecurity. These new requirements are set to significantly impact businesses.

Understanding the new SEC cybersecurity requirements

The SEC’s new cybersecurity rules emphasize the importance of proactive cybersecurity measures. These are for businesses operating in the digital landscape.

One of the central requirements is the timely reporting of cybersecurity incidents. The other is the disclosure of comprehensive cybersecurity programs.

The rules impact U.S. registered companies, as well as foreign private issuers registered with the SEC.

Reporting of cyber-security incidents

The first rule is the disclosure of cybersecurity incidents deemed to be “material.” Companies disclose these on a new item 1.05 of Form 8-K.

Companies have a time limit for disclosure. This is within four days of the determination that an incident is material. The company should disclose the nature, scope, and timing of the impact.

It also must include the material impact of the breach. One exception to the rule is where disclosure poses a national safety or security risk.

Disclosure of cyber-security protocols

This rule requires extra information that companies must report. They report this on their annual Form 10-K filing.

The extra information companies must disclose includes:

  • Their processes for assessing, identifying, and managing material risks from cybersecurity threats.
  • Risks from cyber threats that have or are likely to materially affect the company.
  • The board of directors’ oversight of cybersecurity risks.
  • Management’s role and expertise in assessing and managing cybersecurity threats.

Potential impact on your business

Here are some of the potential areas of impact on businesses from these new SEC rules.

Increased Compliance Burden – Businesses will now face an increased compliance burden as they work to align their cybersecurity policies with the new SEC requirements.

Focus on Incident Response – The new regulations underscore the importance of incident response plans. Businesses will need to invest in robust protocols. These are protocols to detect, respond to, and recover from cybersecurity incidents promptly. This includes having clear procedures for notifying regulatory authorities, customers, and stakeholders.

Heightened Emphasis on Vendor Management – Companies often rely on third-party vendors for various services. The SEC’s new rules emphasize the need for businesses to assess vendor practices. Meaning, how vendors handle cybersecurity. This shift in focus necessitates a comprehensive review of your vendor’s security policies.

Impact on Investor Confidence – Cybersecurity breaches can erode investor confidence and damage a company’s reputation. With the SEC’s spotlight on cybersecurity, investors are likely to take note. This includes scrutinizing businesses’ security measures more closely. Companies with robust cybersecurity programs may instill greater confidence among investors.

Innovation in Cybersecurity Technologies – As businesses strive to meet the new SEC requirements, they will seek innovation. There is bound to be a surge in the demand for advanced cybersecurity solutions. This increased demand could foster a wave of innovation in the cybersecurity sector.

How To Organize Your Cybersecurity Strategy Into Left And Right Of Boom

In the pulsating digital landscape, every click and keystroke echoes through cyberspace. The battle for data security rages on.

Businesses stand as both guardians and targets. Unseen adversaries covet their digital assets. Businesses must arm themselves with a sophisticated arsenal of cybersecurity strategies.

On one side, the vigilant guards of prevention (Left of Boom). On the other, the resilient bulwarks of recovery (Right of Boom). Together, these strategies form the linchpin of a comprehensive defense. They help ensure that businesses can repel attacks. And also rise stronger from the ashes if breached.

What Do “Left of Boom” and “Right of Boom” Mean?

In the realm of cybersecurity, “Left of Boom” and “Right of Boom” are strategic terms. They delineate the proactive and reactive approaches to dealing with cyber threats.

“Left of Boom” refers to preemptive measures and preventative strategies. These are things implemented to safeguard against potential security breaches. It encompasses actions aimed at preventing cyber incidents before they occur.

“Right of Boom” pertains to the post-breach recovery strategies. Companies use these after a security incident has taken place. This phase involves activities like incident response planning and data backup.

Together, these terms form a comprehensive cybersecurity strategy. They cover both prevention and recovery aspects.

Left of Boom: Prevention Strategies

User education and awareness: One of the foundational elements of Left of Boom is employee cybersecurity education. Regular training sessions can empower staff.

Robust access control and authentication: Access control tactics include:

  • Least privilege access
  • Multifactor authentication (MFA)
  • Contextual access
  • Single Sign-on (SSO) solutions

Regular software updates and patch management: Left of Boom strategies include ensuring all software is regularly updated.

Network security and firewalls: Firewalls act as the first line of defense against external threats. Install robust firewalls and intrusion detection/prevention systems that alert quickly when a breach is in progress.

Regular security audits and vulnerability assessments: Conduct regular security audits and vulnerability assessments. This helps to identify potential weaknesses in your systems.

Right of Boom: Recovery Strategies

Incident response plan: Having a well-defined incident response plan in place is crucial.

It should include things like:

  • Communication protocols
  • Containment procedures
  • Steps for recovery
  • IT contact numbers

Data backup and disaster recovery: Regularly backing up data is a vital component of Right of Boom. Another critical component is having a robust disaster recovery plan.

Forensic analysis and learning: After a security breach, conduct a thorough forensic analysis. It’s essential to understand the nature of the attack. As well as the extent of the damage, and the vulnerabilities exploited.

Legal and regulatory compliance: Navigating the legal and regulatory landscape after a security breach is important.

Cyber Security Threats Your Team Must Know About

Your employees are your first line of defense in cyber security, and their training is as crucial as the cutting-edge tools you’ve invested in. Are you overlooking this vital element?

We strongly advise you make an ongoing commitment to regular cyber security training for every single one of your team. That means keeping them up to date on the latest cyber threats, the warning signs to look out for, and of course, what to do should a situation arise.

If you’re not already doing that, arrange something now (we can help).

While you wait, here are some urgent cyber threats to address right away:

Admin attack

Email addresses like “info@” or “admin@” are often less protected due to perceived low risk. But several teams may require access to these accounts, making them an easy target. Multi-factor Authentication (MFA) can double your security. Even if it seems tedious, don’t neglect it.

MFA fatigue attacks

MFA can feel intrusive, leading employees to approve requests without scrutiny. Cyber criminals exploit this complacency with a flood of fake notifications. Encourage your team to meticulously verify all MFA requests.

Phishing bait

Phishing remains a top threat. Cyber criminals mimic trusted sources with deceptive emails. Teach your team to inspect email addresses closely. Implementing a sender policy framework can also enhance your protection.

Phishing scams are attempts to trick you into revealing your personal information, such as passwords, credit card numbers, or Social Security numbers.

Scammers often send emails or text messages that appear to be from legitimate companies, such as banks, credit card companies, or government agencies. They may also create fake websites that look like real websites.

The three most common phishing scams are:

  • Fake shopping websites, which sell counterfeit products – or even sell nothing at all. They collect your credit card information to sell to other hackers.
  • Romance scams to trick people into falling in love, so they’ll be more willing to send money.
  • Social media scams that either impersonate real people, or invent new personas entirely.

Other common internet scams include:

  • Investment scams (yes, people still fall for these every day) that promise victims high returns on their investments, but the investments are actually fake.
  • Tech support scams which claim to be a tech support company, but then charge for unnecessary services or steal personal information.
  • Lottery and sweepstakes scams tell people that they have won a lottery or sweepstakes, but they need to pay a fee to claim their prize.
  • Charity scams impersonate legitimate charities and ask for donations.

Cyber security training doesn’t have to be tedious. Try simulated attacks and think of them like an escape room challenge—fun yet enlightening. It’s about identifying vulnerabilities, not fault-finding.

Don’t exclude your leadership team. They need to understand the response plan in case of a breach, much like a fire drill.

If you receive an email, text, or call from someone who is asking for your personal information or money, be suspicious! Don’t click on anything until you verify the sender is who they say they are!

Eight In 10 Businesses Were Targeted With Phishing In The Last Year. Was Yours?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Despite all the buzz about high-tech threats like ransomware and malware, good old phishing has held on to its title as the number one trick in a cyber criminal’s toolkit.

Phishing is when someone tries to trick you into giving them your personal information, like your password or credit card number. They do this by sending you emails or text messages that look like they’re from a real company.

According to the latest annual cyber breaches survey, 79% of businesses were targeted with a phishing attempt in the past year. And if your employees aren’t trained in cyber security awareness, 1 in 3 of them are likely to fall for a phishing attack. Scary!

You might be thinking, “Sure, it’s bad, but it can’t be that bad, right?” Well, let’s break down the consequences of a successful phishing attack.

[Read more…] about Eight In 10 Businesses Were Targeted With Phishing In The Last Year. Was Yours?