Real-World Example: A food distributor received an invoice email. The email looked real: “from” the expected vendor, arrived at the expected time, and equaled the expected amount. The thieves had been watching. The company didn’t discover the problem until the real vendor got in touch to ask why the payment was late. By then, nothing could be done. The cybersecurity measures were not previously in place. Loss: $23,500.
Understand
What is cybersecurity?
Well it’s not just one thing; it is many things.
“Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.”
Cybersecurity can change based on industry, size, and services you already have in place or want to have in place.
Many people are afraid of cybersecurity because they think it is difficult, outside their knowledge level, and it can often be hard to implement. Many companies ignore it. This is not a solution.
Your risks of not implementing cybersecurity measures include hackers, attackers, intruders, malicious codes/malware, and vulnerabilities.
(Thanks to Homeland Security for the above quoted info.)
Analyze
So, what is the solution? How do you figure out what your business needs?
Do you have a dedicated IT department to analyze your business’s specific needs? Or do you simply use hosted email with default security settings and take your chances with your daily computing platform?
Are you proactively training staff on cybersecurity issues and searching for security holes in your system?
Have you implemented single sign on and MFA across cloud applications?
Are you monitoring devices on your networks to ensure they are not bringing in intrusions from outside?
Are you paying attention to how and where company data is being stored and accessed?
In today’s world, remote work is becoming increasingly popular and needed. Is your company implementing security measures to protect remote workers along with company-owned data?
Protect
You could spend as much money as you want to and still not achieve 100% protection. Making sure you spend the right money on the right solutions is the right way forward.
There are many areas that cybersecurity needs to be applied to. Having these particular areas properly managed by a professional team can mitigate your exposure to threats.
Some security solutions include:
- Firewalls with active security subscription.
- Protecting users from inbound threats, phishing, and other external compromises via email.
- Monitoring the DarkWeb for data which is already compromised.
- Ensuring you are using next generation endpoint anti-virus solutions that monitor for behavior not just signatures.
- Auditing how employees are using, accessing, and storing company-owned data.
- Having a reliable source to call when you have questions.
What’s next?
Cybersecurity doesn’t have to be hard, scary, or overwhelming when you have professionals handling it. It can be as expensive as you want it to be, or you can get solutions that are customized to your needs.
If you have questions, we are here to make cybersecurity easy, affordable, intelligent, and a perfect fit for your needs. At PremierePC, Cybersecurity is built into all we do.
Q and A : Antivirus
The field of anti-virus has expanded significantly in the past few years. Most business owners and consumers alike are aware they need something. The legacy solutions use database signatures to protect endpoints (devices). This older technology relies on updates from the vendor to keep you safe.
Owing to this fact, very few compromises are made with file-based virus intrusions or trojan programs these days. Instead, the majority of bad actors are focusing on social engineering and what is now known as fileless malware and script-based attacks to compromise endpoints.
In fact, the Majority of Successful Attacks are Fileless
54 % of companies experience successful attacks that compromise data and/or IT infrastructure
77 % of those attacks utilized exploits or fileless techniques
*The 2017 State of Endpoint Security Risk Report
So, what should you be doing to protect your business?
Most experts agree that no single solution is 100% effective against all threats, so a layered security approach is the best defense.
At PremierePC, we think that means 4 layers of protection.
Using the model above, a business can mitigate most compromises. No solution or combination of solutions is 100% effective, humans still are your best defense. Hosting regular security awareness sessions with your team can go a long way to preventing a compromise.
Whatever you choose, make an informed decision and be sure to understand the real-world risks.
How many small to medium size businesses outsource their IT work to a manage service provider?
Honestly? Not enough. The rumor is that “My business is too small for anyone to try to compromise us.”
Consider this:
“Small businesses are especially vulnerable to threats since they often don’t have the resources for extensive security products or teams like larger enterprises. It’s arguably more important for small businesses to protect themselves, since, unfortunately, when these organizations get hit with malware, it can cripple or end their business entirely.
In fact, 43% of data breaches are from small businesses, according to the 2019 Verizon Data Breach Investigations Report. This means SMBs have to be scrappy and do more with less.”
https://www.business.com/articles/malware-small-business-prevention/
More than one-third of small businesses (37%) currently outsource a business process. Outsourcing can not only cut costs and increase available skills but also can present challenges related to information confidentiality, communication, and differing expectations.
Businesses most commonly outsource more technical tasks, including their accounting (37%), IT services (37%), and digital marketing (34%) responsibilities.
https://clutch.co/bpo/virtual-assistants/resources/small-business-outsourcing-statistics
That leaves a large portion of the SMB community to fend for themselves. Most smaller firms are doing their best to maximize each dollar towards growth, but often when we assume a new client, we find many services were purchased that are not performing as expected, were over-sold, or worse, are actually harming productivity.
Having a trusted resource like PremierePC to call when you have questions about your business technology or want to learn what is available in the marketplace can be invaluable. Our service plans were purpose built for the SMB community. As an SMB ourselves, we understand the day to day challenges and work to find solutions that bring real value from day one.
Q and A : Cloud Email Solutions
PremierePC has been selling and supporting both the Microsoft Office 365 and Google G Suite platform for years.
Both have their place based on the business need and feature set demanded. Over the last few years, Microsoft has done a very good job of building a platform that offers a much more comprehensive feature-set without the privacy invasions of Google which as led us to steer more clients in that direction.
Recently, Microsoft has also brought more value to the non-profit space allowing us to help those firms with the latest software and communication tools at a fraction of the cost.
With the introduction of teams, Microsoft has really become focused not only on Applications, Email, but all forms of communication and productivity.
We find the flexibility of the platform as well as include features in the base plan to fit in-line with out cybersecurity stance.
True, the 365 platform is large and complicated, but working with a partner like us, you get the benefit of a powerful platform as well as a local dedicated resource to call to help implement and support it.
We help with migrations, day to day support, and advanced implementations and integrations with other solutions.
Q and A : Cybersecurity lapses
Hands down, Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA).
Multi-Factor Authentication (MFA for short) is one of the single best ways to help keep you and your associated accounts safe, yet it is often the one of the most hated methods.
What is MFA?
Simply stated, MFA uses a second (or third) device to allow you to authenticate your account. This is most common with Email and Banking applications. When you go sign-in, your MFA device is sent an activation code. This process attempts to ensure that you are the one who is requesting a login. The logic goes that it is more difficult for a hacker to compromise both your password and your MFA devices.
MFA is one of the most effective tactics used to combat phishing scams. Let’s say that a user at your firm is targeted and they disclose their password during a scam. While that is a problem, the bad guys would still need the MFA device in order to actually login. During this time, the user can report the disclosure to IT and we can make changes before anything happens.
Why don’t more people use it?
The simple reason is its perceived as a hassle. Having to have your phone nearby to login to email may add an additional few moments to the sign-in process, but in the end it can make your life much more secure.
Complexity weighs in too. Not knowing how to properly setup MFA and integrate with your applications is a huge obstacle.
Another reason seems to be about awareness.
What are the costs?
Depends on your environment. Microsoft and Google both offer free MFA as part of their core email offering. Several 3rd party solutions like Duo exist as well.
Can you help?
If you are a managed IT client then yes we can! We are actively advising all our managed clients of the importance of MFA and reviewing the methods we can use.
Our goal is to integrate your on-premise environment and your cloud infrastructure.
Create a Smart Return to Office Plan During COVID-19
Here are four comprehensive checklists detailing plans concerning your people, office space, technology, and clients.
While some of the guidelines seem like no-brainers, several points highlight easy, actionable items to improve employee satisfaction, client retention, and overall success of your business.
People
Preparing properly can alleviate employee concerns, allowing them to focus on the work not the global health crisis.
Office Space
Practicing social distancing will maintain employee safety and allow for some employees to return to in-office work, returning your employees in waves, or allowing for part-time remote work.
Technology
Your technology goal is to ensure employees have what they need to do their jobs effectively.
Clients
If you are a business serving other businesses, you play an important role in helping your clients get back to the office as well.
Click here to view the full checklists created by one of our valued vendors.
Hackers are Targeting SMB Data: Enter Automated Breach Detection
What is Huntress and how does it fit into a broader Cybersecurity plan?
Huntress collects and analyzes metadata about every application scheduled to execute when a computer boots up or a user logs in.
When a hacker establishes access, Huntress is there to help identify the breach, provide remediation steps, and monitor for any remnant footholds.
Huntress discovers new and existing footholds in shady email attachments, malicious website content, unpatched vulnerabilities, and tainted USB drives.
Breach detection alone is not a plan. Pairing this solution with a smart network design and backup and recovery plan help mitigate many risks and allows for flexible restorations.
PremierePC includes Huntress on every server we monitor.
Service plan clients can also add Huntress to each supported device for an additional fee.
New Features
Huntress has just added two new services at no additional cost: Ransomware Canaries and External Recon.
Ransomware Canaries is an early warning and detection system, sounding the alarm that the network has been hit and triggering protocol to restore their system from backups. This happens the moment a part of the network gets “ransomed.”
Networks have become harder to secure as endpoints move from office to homes and other mobile work locations. Ransomware canaries is a key solution.
External Recon is an automated tool which monitors the network, on a constant search for exploits that hackers have used in the past to penetrate security.
Huntress automated what hackers do to find vulnerable ports and make the client aware of them before hackers find them.
Additionally, there is a threat mitigation report that is automatically generated for customers to show the dangers that security software has intercepted and display the persistent nature of cyber-attacks.
Contact us today to learn more about automated breach detection and reporting from PremierePC.
Increasing Remote Workforce Technology in 5 Easy Steps
Install secure VPN connections
Installing a business VPN will secure connections with encryption, reducing the risk of a security breech into your company data. PremierePC offers fully managed network services and has introduced an enterprise HaaS service model allowing to lease first-class equipment.
Prepare to use video conferencing intensively
Video conferencing is the best alternative to in-person meetings, keeping employees connected to each other and clients. Reliable conferencing platforms are a must to ensure secure and consistent communication. We offer several managed solutions to help accomplish this including our GoTo Connect and GoTo Meeting bundle as well as Microsoft Teams.
Business Phone Systems
Ensure cloud application connections are securely in place
If your business uses cloud applications, ensure they are ready for remote logins and your team has the correct devices needed to connect. Ensure that you are using 2FA / MFA/ SSO to secure and integrate access. If your business does not use cloud applications, it is time to do so.
Devise a remote communications plan
Make use of communications solutions such as Microsoft Teams to boost employee communication. Keep everyone on the same page and working together.
What is Office 365 for Business?
Explore remote IT support options
Having a dedicated IT firm to turn to in these times can provide a ton of value to your team. Give your team an edge and improve your cybersecurity posture by letting us advise, consult, and implement your solutions. Using encrypted remote connections and appropriate authentication, our technicians can access your devices and resolve issues remotely while you keep an eye on all the work performed.
Business Computer and Network Support
Cybersecurity and the Small Business: What You Need to Know
Real-World Example: A food distributor received an invoice email. The email looked real: “from” the expected vendor, arrived at the expected time, and equaled the expected amount. The thieves had been watching. The company didn’t discover the problem until the real vendor got in touch to ask why the payment was late. By then, nothing could be done. The cybersecurity measures were not previously in place. Loss: $23,500.
Understand
What is cybersecurity?
Well it’s not just one thing; it is many things.
“Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.”
Cybersecurity can change based on industry, size, and services you already have in place or want to have in place.
Many people are afraid of cybersecurity because they think it is difficult, outside their knowledge level, and it can often be hard to implement. Many companies ignore it. This is not a solution.
Your risks of not implementing cybersecurity measures include hackers, attackers, intruders, malicious codes/malware, and vulnerabilities.
(Thanks to Homeland Security for the above quoted info.)
Analyze
So, what is the solution? How do you figure out what your business needs?
Do you have a dedicated IT department to analyze your business’s specific needs? Or do you simply use hosted email with default security settings and take your chances with your daily computing platform?
Are you proactively training staff on cybersecurity issues and searching for security holes in your system?
Have you implemented single sign on and MFA across cloud applications?
Are you monitoring devices on your networks to ensure they are not bringing in intrusions from outside?
Are you paying attention to how and where company data is being stored and accessed?
In today’s world, remote work is becoming increasingly popular and needed. Is your company implementing security measures to protect remote workers along with company-owned data?
Protect
You could spend as much money as you want to and still not achieve 100% protection. Making sure you spend the right money on the right solutions is the right way forward.
There are many areas that cybersecurity needs to be applied to. Having these particular areas properly managed by a professional team can mitigate your exposure to threats.
Some security solutions include:
What’s next?
Cybersecurity doesn’t have to be hard, scary, or overwhelming when you have professionals handling it. It can be as expensive as you want it to be, or you can get solutions that are customized to your needs.
If you have questions, we are here to make cybersecurity easy, affordable, intelligent, and a perfect fit for your needs. At PremierePC, Cybersecurity is built into all we do.
Solution Highlight: DarkWeb Monitor + SAT
What is the Dark web?
According to Experian, dark web monitoring, also known as cyber monitoring, is an identity theft prevention product that enables you to monitor your identity information on the dark web, and receive notifications if your information is found online.
The dark web is seen as the underbelly of the internet, a shrouded area of the internet hidden from search engines and only accessible with a special web browser. It also masks IP addresses, which essentially allows fraudsters to operate undetected to commit crimes, including identity theft.
Is My Information on the Dark Web?
PremierePC offers an identity theft protection product called DarkWeb ID, which includes Dark Web Surveillance for comprehensive dark web monitoring to protect you from the financial and reputational harm that can result from identity theft.
This product is available for your company’s entire domain, meaning we can gather and report on any compromises for your entire team. Unlike other solutions which are sold by the user, our service is sold by the domain (yourcompany.com)
Additionally, you may add up to 5 personal email accounts at no cost. Help bolster the protection of your C-Level executives who are often targets of social and spearhead phishing campaigns.
Security Awareness Training (SAT): Protect Against Human Error.
Monitoring the dark web for stolen credentials is critical for clients who want to provide comprehensive security to their users. Our SAT solution complements that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime.
This solution is INCLUDED with our Dark Web ID solution. No additional costs to layer on a proactive security awareness program.
For a limited time, we are offering these solutions to our service plan clients at a discounted rate of $79 per domain (normally $99), Signup by the end of April to lock in this pricing.
Learn More >>
Not a service plan client? Why not? Learn more about our service plans
If you company does not have an active service plan, you may still purchase the solutions above at the regular rate. month-to-month terms, setup is super simple and takes less than 30 mins.Prefer a one-time report? We are offering that for $349 per domain.
Connect PRO Bundle: GoToMeeting with Every Jive Seat
LogMeIn has made that possible by offering the Connect PRO Bundle, a cloud communication and collaboration offering made possible by LogMeIn’s acquisition of Jive Communications. The Connect PRO Bundle includes a GoToMeeting PRO license with every Jive seat purchased. This means that every member of your organization not only receives over 80 of Jive’s great VoIP features, but high-quality face-to-face meetings with anyone, anywhere, from any device.
The bundle is designed to simplify and extend customers’ UCC (unified communications and collaboration) solutions by combining GoToMeeting’s cloud-based video conferencing solutions with Jive’s cloud-based telephony solutions to offer more value, savings, and — most importantly — more valuable connections.