by Gretchen Korn | Apr 6, 2023 | Uncategorized
As we look back on 2022, it’s clear that the cyber attacks continue to pose a significant threat to small to medium size businesses (SMB’s). In fact, a report by the National Cyber Security Alliance found that 60% of SMB’s that experienced a cyber attack went out of business within six months.
Here are some ways that cyber-attacks affected SMBs in 2022:
1. Increased frequency of attacks
Cyber attacks on SMB’s continued to increase in frequency in 2022. This was due in part to the rise of ransomware-as-a-service (RaaS) platforms, which make it easier for hackers to launch attacks. According to a report by SonicWall, there were over 300 million ransomware attacks in 2022, a 62% increase over the previous year.
2. More sophisticated attacks
In addition to being more frequent, cyber attacks on SMBs also became more sophisticated in 2022. Hackers began using more advanced tactics, such as spear phishing, which involves targeting specific individuals within a company with highly personalized emails or messages. These attacks are often difficult to detect and can be very effective at stealing sensitive data.
3. Increased costs
The costs of cyber attacks continued to rise in 2022, with SMBs bearing a significant portion of these costs. According to a report by IBM, the average cost of a data breach for an SMB was $2.5 million in 2022. This includes the costs of remediation, lost business and reputational damage.
4. Regulatory compliance
SMBs also faced increased pressure to comply with regulatory requirements related to cybersecurity. In 2022, the California Consumer Privacy Act (CCPA) went into effect, requiring companies to provide consumers with more control over their personal data.
What can SMBs do to protect themselves against cyber attacks in 2023? We discussed some in a previous blog, but will recap again:
1. Educate employees
Employees are often the weakest link in a company’s cybersecurity defenses. SMBs should provide regular training to employees on how to identify and avoid common cyber threats like phishing attacks.
2. Implement Multi-factor Authentication
Multi-factor Authentication, which requires uses to provide two or more forms of identification to access a system or application, is a simple yet effective way to improve cybersecurity.
3. Back up data regularly
Regularly backing up data to an offsite location can help minimize the impact of a ransomware attack or other data breach.
4. Partner with a reputable provider
SMBs should consider partnering with a cybersecurity partner that specializes in working with small businesses. A partner can help identify and address potential vulnerabilities and provide ongoing monitoring and support.
Cyber attacks will continue to be a threat to SMBs in 2023 and beyond. However, by taking proactive steps to improve their cybersecurity, SMBs can reduce their risk and protect their sensitive data. The cost of prevention is far lower than the cost of remediation and reputational damage that can result from a cyber-attack. As the old saying goes “An ounce of prevention is worth a pound of cure”.
by Gretchen Korn | Mar 6, 2023 | Blog, Uncategorized
Tiered managed service providers offer a variety of services that can be tailored to your specific needs. This means that you can select the services that you feel you need and for them on a pay-as-you-go basis or a monthly set fee for that platform. This can be beneficial for businesses that have limited budgets, smaller scale needs or have specific requirements that may not be covered under an all-inclusive plan.
On the other hand, all-inclusive managed service providers provide all of the services you need in one package. This can be much more cost-effective for businesses that can benefit from the comprehensive service.
While selecting a provider and choosing between the two platforms, speak to your sales representative, understand the difference between the two, look at the contract or agreement and make sure there are no hidden fees- especially if your provider is only providing remote maintenance versus on-site. On-site hourly work rates can be very costly and can result in spending more money than if they chose an all-inclusive program.
When it comes to customer support, it’s important to consider how both types of providers handle customer issues. Tiered providers typically offer customer support on a pay-as-you-go basis with limited time per month and calling into a general help desk center. This means you will be charged for the services you use, which again can become very costly to the business. Additionally, be aware in tiered services of availability for customer support. Do they have limited hours and response times?
All-inclusive providers offer more comprehensive customer support, as they typically have dedicated teams that are available beyond normal working hours. This can be beneficial for businesses that need constant customer support, such as those that operate in global markets or run three shifts that may require technical assistance. Additionally, all-inclusive providers have a team of technicians that know your business infrastructure and will not have to repeat your issues to multiple technicians to get the problem resolved.
Finally, it is important to consider the cost of both types of managed service providers. Tiered providers generally appear more cost-effective, as you can select your service needs with lower monthly reoccurring costs- but additional billing and more time auditing. All-inclusive can offer more comprehensive coverage and generally will be more expensive on a monthly basis- but with complete coverage and budget simplicity. Ultimately, the true costs of a provider should be carefully considered as well as reputation, both client and staff tenure, and business stability/longevity; you want to make sure your company is safe and secure at all times.
by Gretchen Korn | Feb 7, 2023 | Blog, Uncategorized
Multi-factor Authentication has become increasingly important for companies as cyber threats and data breached are on the rise. MFA provides an extra layer of security by requiring users to provide two or more forms of authentication before accessing sensitive information or systems. In this blog, we will be discussing why companies should be using MFA to secure their data and systems.
First and foremost, MFA helps to prevent unauthorized access to sensitive information and systems. Passwords are often the first line of defense for companies, but they can be easily compromised through methods such as phishing attacks or social engineering. MFA adds an additional layer of security by requiring users to provide a second form of authentication, such as a fingerprint, security token or a code sent to your mobile device. This makes it much more difficult for attackers to gain access
Another reason why companies should be using MFA is to comply with regulations and industry standards. Many industries have specific regulations that require companies to implement MFA for their systems and data, such as HIPAA, NIST & CMMC. By using MFA, companies can ensure they are complying with these regulations and standards, as well as possibly lowering their cybersecurity premiums.
MFA also helps to reduce the risk of data breaches. Data breaches can be incredibly damaging to a company’s reputation, not to mention the financial losses that can result from the theft of information. Even if an attacker is able to obtain a user’s password, they still need to provide the second form of authentication.
With MFA, only authorized users are able to access information and the additional layer of authentication makes it much more difficult for unauthorized users.
Finally, MFA can also help to improve the overall security posture of a company. By requiring users to provide two or more forms of authentication, companies can ensure that only authorized users are able to access information and systems. Additionally, companies can demonstrate to their customers and stakeholders that they are committed to protecting sensitive information and systems, which can help improve trust and confidence in the company.
by Gretchen Korn | Jan 24, 2023 | Blog
Outsourcing IT services can be cost-effective way for businesses to access specialized expertise and support. However, the use of outsourced IT providers also introduces new security risks that businesses need to be aware of. In particular, there is the risk of hacked outsourced IT providers, which can have serious consequences for businesses.
One of the main risks of hacked outsourced IT providers is the potentials for data breaches. If an outsourced IT provider is hacked, sensitive business data such as customer information, financial records and intellectual property could be compromised. This can lead to serious financial losses, reputational damage and legal consequences for the business.
Another risk of hacked outsource IT providers is the potential for unauthorized access to business systems. If an outsourced IT provider is hacked, cyber-criminals may be able to gain access to the business’s systems and networks. This can allow them to plant malware, steal data or even disrupt operations.
There are several ways that businesses can protect themselves from the risks of hacked outsourced IT providers. One of the most effective ways is to carefully vet any potential IT providers before entering into a contract with them. This should include conducting thorough background checks and reviewing their security policies and practices.
Another important step is to ensure that all outsourced IT providers are properly trained in security best practices. This includes educating them on the importance of strong passwords, regularly updating software and detecting and reporting potential security threats.
It is also important for businesses to have strong internal security measures in place. This includes regularly updating software and security protocols, implementing multi-factor authentication and regularly backing up data.
Additionally, businesses should have a plan in place for responding to a security breach. This should include procedures for identifying and mitigating the breach, as well as procedures for communicating with stakeholders and reporting the breach to authorities as required.
Overall, while outsourcing IT services can b a cost-effective way for businesses to access specialized expertise, it is important to carefully consider the risks and take steps to mitigate them. By properly vetting IT providers, educating them on security best practices and implementing strong internal security measures, businesses can help protect themselves from the risks of hacked outsourced IT providers.