We Don’t Have A Huge Cyber Security Need
We Don’t Have A Huge Cyber Security Need
This was the answer I heard on the other end of the line from a prospective client that had just engaged our services. The Chief Operations Officer that I was speaking with was fairly tech-savvy and felt like the discussion we were having was most likely leading to a “sales pitch”. I assured him that I was not pitching anything in particular but rather going through the essentials that every business owner/manager needed to ask themselves regardless of whether or not they ended up doing business with us.
Ironically prior to this call, I had actually been on a conference with another company that had also just engaged our services a week earlier due to a cyber security breach. The conversation with this company was much much different. Unfortunately they had fallen victim to an email hijack of their Office 365 services and over the course of a few weeks, wired several hundred thousand dollars to a fraudulent actor thinking it was one of their legitimate vendors. YES HUNDREDS OF THOUSANDS! In the initial call with this organization, the owner who was also pretty tech-savvy was devastated and understandably. Once these type of transactions occur, it is very rare to ever get the money back. He was a fairly small business with a dozen or so employees. Ultimately he was going to have to make up the loss out of his pocket. The comment he made that that stuck out in my mind was “We are a small shop with fairly technical staff and try to manage most of this ourselves… we don’t have that big of a cyber security need. But I never though this could happen or that anyone would target us”.
The disparity and similarity between the two organizations were striking no matter how you looked at it. Both felt like they weren’t a major corporation with complex security needs and because of that could handle most of it in-house. One organization was on the safe side of a cyber issue, the other was on the devastation side of a cyber issue.
Why is it that so many small business owners and manager fool themselves into thinking they don’t have to worry about cyber security? It’s our experience that most of the time, small business owners wrongly believe that in order to have a cyber security breach, you have to be “on the radar” of the bad guys and a high financial target. The reality is that most of the bad guys dont target a specific business until the software they use automatically identifies a weak target. They setup software to continually scan for vulnerabilities and more importantly – credentials that are reused between sites and have been breached in the past. Once they have one of those items, NOW you are on the bad guys radar.
So What Do You Need To Do To Protect Yourself?
- Immediately make sure you are not re-using passwords between different sites. Each and every service/site you use should have a unique and complex password associated.
- Make sure you are not using a global administrator account as your personal email/account
- Immediately enable MFA (multi-factor authentication)
- Make sure forwarding is turned off at the global configuration level for your Office 365 account
- Implement a verbal authorization policy for any banking or wire transfers to make doubly sure that any transfers are legitimate
- Make sure you have proper cyber liability insurance coverage!! Can’t stress this enough. If you don’t have coverage or your carrier does not offer this – contact our partners at Connell Insurance. They have a dedicated cyber liability specialist that can make sure you have the proper coverage.
Do You Really Have A Huge Cyber Security Need?
That is technically the wrong question to ask. You should assume that any organization regardless of the size, location, or industry has a need to protect themselves from cyber security threats because they are real and you will face threats on a daily basis. The question you need to ask is – do you have the attention and resources to address these needs on your own or should you engage with a Managed Security Services Provider to assist you with the enormous task.
Get Our Weekly Cyber Security Tips In Your Inbox To Stay Up To Speed On The Latest Threats
Our Past Posts
The final curtain call for Windows 10: What you need to know
Microsoft has announced there will be no new feature updates for Windows 10 so maybe it’s time to upgrade to Windows 11. We’ll help you make up your mind.
Windows 11 optional update: Why it’s better to wait
Microsoft has just announced an option for people to trial new features before their general release in Windows 11. This isn’t about fixes to security flaws – everyone gets those at the same time. This is an opportunity for businesses to jump the queue to receive new features and updates first. Sound exciting? Yes! Worth the risk? Not quite. Our …
Can your business go green by switching to the cloud?
Cloud computing has quickly become a popular option for businesses that want to streamline their operations, reduce costs, and become more flexible. But are you swayed by the idea that cloud services are automatically better for the environment? Could the need to do your bit ‘cloud’ your decision-making? Sorry. Bad pun. It’s true that cloud services have environmental benefits compared …
Charging in public places? Watch out for “juice jacking”
Airports, hotels, cafés, even shopping malls, offer public charging points where you can boost your phone or laptop battery on the go. They’ve been in the news after the FBI recently tweeted advice to stop using them. Crooks have figured out how to hijack USB ports to install malware and monitoring software onto devices as they charge. The security risk …
LinkedIn takes action to tackle fake accounts
LinkedIn is introducing new verification features over the coming months to help tackle fake accounts.
Microsoft hints at some exciting Windows 12 developments
Windows 11 still feels like a new toy, yet we’ve already heard speculation about Windows 12 arriving as soon as next year. It’s all we can think about!