Posts

Streamlining Security for SMBs

Security, Privacy, & ComplianceStreamlining security is a more balanced message about why and how to protect your business. Over the past year, we have covered the on-going, and increasing, threats to small businesses.  We often highlight the scope and severity of the risk.  Hopefully this information, along with cost-effective solutions, prompts you to act. At times, we may appear to be fear-mongering.

Sound business practices, not fear, should be your motivation to protect against cyber attacks.

The market is awash with security solutions. These range from single-protection products to complex advanced security monitoring and response services.  The number of options, and competing claims, is overwhelming.

Our Recommendation: Focus protections on the most common, and most damaging, types of attacks.

1. Focus on Risks

We know that:

  • More than 80% of cyber attacks start with, or involve email via phishing and other social engineering tactics
  • Ransomware is the most common type of attack
  • Business email compromise (BEC) is the most costly type of attack
  • Attacks via DNS and web content are becoming more of a risk

As such, small and midsize businesses should focus on preventing these types of attacks. Plan to limit your security approach and spending to prevention and recovery from these risks.

2. Use our CPR model as a guide

Communication and Education

Make sure your team knows how to spot an attack and what to do if they suspect an attack.  They should know the risks and steps you are taking to protect your business.

Periodically sharing articles or updates may be sufficient.  Subscribing to a security awareness training service is an affordable way to provide this education. Your cyber insurance policy may require this service.

Protect and Prevent

To protect your business from the greatest risks, put the following solutions in place:

  • Multi-Factor Authentication (MFA)
  • Encrypt data at rest, including on servers, desktops, and laptops
  • Use advanced threat protection (ATP) on all email accounts for inbound messages
  • Ensure your endpoint protection (local anti-virus) is a next-gen solution
  • Use DNS/Web protection to prevent harmful downloads

Specific to business email compromise attacks and ensuring your legitimate emails are not flagged as dangerous, ensure your domain configuration include the following protocols and services:

  • An accurate and complete Sender Policy Framework (SPF) record
  • DomainKey Identified Mail (DKIM) for all sources of email (including marketing tools)
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC)

Respond and Recover

Even with protections in place, cyber attacks can be successful.  Ensure that you can return to operations quickly, even as a full recovery may take time. Your ability to recover and respond should include:

  • Backup/Recover data stored in the cloud (Microsoft 365, Google Workspace, etc.), as well as on local servers, desktops, and laptops
  • Continuity services so you can run images of key servers, desktops, and laptops if they are damaged by an attack

Note that continuity services also protects you from the impact of hardware issues, theft, and other losses.

Start with an Assessment

For a limited time, our Rapid Security Assessment is free of charge. Complete a 3 minute survey and receive a detailed report benchmarking your basic security services with respect to the most common cyber attacks against small and midsize enterprises.  

To learn more, please join us on May 17th at 3:00 PM ET for Streamlining Security, our May 3T@3 Webcast or schedule a no-obligation call with one of our cloud advisors.


If You Have Remote Workers, Then

If you have remote workers, then how you manage your business and employees has, and will continue to change. We often talk about the technology that makes remote work efficient and that can help integrate teams. But supporting remote workers requires a broader perspective and understanding of the workplace.  As employers, we remain responsible for providing a safe, effective workplace regardless of where our employees work. Here a few considerations as you plan your hybrid and remote work strategy.

If you have remote workers, then you …

  • Are responsible for their work environments, including the same health and safety regulations that apply in the office.
    • Ensuring safe and appropriate workspace ergonomics, sound levels, lighting, etc. are responsibilities of the employer.
    • Provide your remote workforce with appropriate furniture, lighting, and ergonomic tools.
    • And yes, an employee working from home might be eligible for Workers’ Compensation if they trip over their dog while working.
  • Need to accurately track and manage working hours for non-exempt employees.
    • Avoid wage and employment related liabilities by ensuring hourly workers are compensated for all work time, including when they respond to the random off-hours email.
    • Setting clear policies and expectations can help avoid work hour, wage, and employment issues.
  • Are responsible for ensuring their work is secure.
    • Remote work environments must be managed and secured to the same levels as those working in the office.
    • Data privacy regulations, such as HIPAA, PCI, and SEC17, do not end at the office door.
    • Networks, systems, applications, and data require the same levels of protection regardless of location.
    • Similarly, physical protections must be in place for printed documents.
  • Can be accountable for intellectual property stored on personal devices.
    • Establish a clear policy and procedures for the use of personal devices for work.
    • Include the need for the company to install software or tools to manage the business’ information on the device, including but not limited to cyber protections, personal/work data separation, local encryption, backup/recovery, and the ability to remotely remove work related data in an emergency.
  • Want to avoid “in-person” bias.
    • Remote workers need mechanisms to participate in the informal conversations and interactions we take for granted when working in an office environment.
    • Supervisors and managers should help workers establish and build effective relationships, including those that offer mentorship and guidance, with direct co-workers and others in your firm.
    • Measures of performance should, explicitly, avoid the implicit bias that in-person visibility correlates to better involvement and teamwork.
  • Should understand the tax implications for your business, and employees related to working remote.
    • Having employees in other tax jurisdictions can make proper payroll tax withholding and filing more complex.
    • States may or may not have reciprocal agreements and some states are imposing new rules.
    • Remote workers may create nexus in some jurisdictions, triggering sales tax and other tax obligations.
    • Work with your attorney and financial advisors to understand your requirements and to ensure compliance.

Your Next Steps

Cloud technologies help facilitate remote work and hybrid work environments. You can deploy systems, apps, and tools to make remote and hybrid work efficient and secure. Remote and hybrid work models, however, span every aspect of your business.  Policies, procedures, operations, and culture all require attention, planning, and support.

Work with your legal and financial advisors, and your HR resources, to ensure  your remote/hybrid plans will benefit your business.

Business Email Compromise – The Costliest Type of Cybercrime

Email, Communications, & MobilityWhile the massive number and scale of ransomware attacks get the most media attention, Business Email Compromise (“BEC”) attacks are the costliest type of cybercrime. In a BEC attack, the criminal impersonates you and convinces somebody who trusts you to send money. While successful attacks often begin with unauthorized access to your email account, savvy criminals use email and domain impersonation techniques. They trick others into thinking that you are asking for, or instructing them to complete, a money transfer.

As we noted in this recent post, real estate agents and brokers are prime targets of Business Email Compromise attacks because they regularly discuss transferring large amounts of money with their clients. As noted in this recent article from the Associated Press, however, BEC attacks are hitting a wide range of small businesses, nonprofits, and schools.

Business Email Compromise attacks succeed when cyber criminals are able to collate enough information about you to gain access to your account or impersonate you.  Here is how they do it:

  • Given that you use your email address to log into many systems, a third party breach can provide attackers with your email address and enough information to calculate your password.
  • Third party breaches often provide hackers with enough personally identifiable information (PII) about you to launch a successful phishing attack that captures your username and password.
  • Scanning social media posts can also provide hackers with enough PII to successfully phish for your identity.
  • Malware, known as an Advanced Persistent Threat (APT), that makes it past your endpoint protections can gather usernames, passwords, and other information while running undetected on your computer.

Protect Your Identity

To keep your email account secure, you need to protect your identity.

  • Understand the risks and follow practical advice for safe online hygiene. Use unique, complex passwords across systems; avoid oversharing personal information; and learn to recognize phishing and impersonation attacks.
  • Use “Next-Gen” endpoint protections to prevent zero-day attacks, APTs, and more traditional forms malware.  These solutions use heuristics, AI, and behavioral analysis of files to identify an attack. They can also “roll back” changes to stop an attack.

Secure Your Email Service, and All of Your Services

Even as you protect your identity, you still need to secure your email service.

  • Advanced Threat Protection (ATP) protects your account from phishing attacks, bad links, infected attachments, and other risks. ATP verifies sender information and test links and attachments in a “sandbox”, allowing safe messages to arrive in your inbox.
  • Two-Factor Authentication (2FA), or Multi-Factor Authentication (MFA), can prevent access to your accounts if your username and password are compromised.
  • Ensure that all of your information is encrypted at-rest and in-motion. Your email service should use Transport Layer Security (TLS) to encrypt messages between sending and receiving services.  Encrypt files on your local disk, on any file servers, and in the cloud.

Prevent Email and Domain Impersonation

As noted in this recent blog post, you can use three (3) levels of protection to prevent email and domain impersonation.

  • Sender Policy Framework (SPF): Authenticates addresses you use to send email.
  • DomainKeys Identified Email (DKIM): Digitally signs messages to ensure emails are not altered en-route.
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC): Authenticates email origin and instructs recipients how to process bad messages. A DMARC service will track and report any potential issues.

These protocols and a DMARC monitoring service offer the best protection against BEC and impersonation attacks. They also help improve the deliverability of your email. Our ebook, Email Security: Good, Better, Best, dives deeper into this topic.

For a limited time, our Rapid Security Assessment is free of charge. Complete a 3 minute survey and receive a detailed report benchmarking your basic security services with respect to the most common cyber attacks against small and midsize enterprises.  

 

Security Trends Will Impact Small Businesses

Security, Privacy, & ComplianceSpeaking at a recent CRN-hosted security summit for midsize enterprises, Paul Furtado, Gartner’s Vice President of Midsize Enterprise Security stated, “The only thing harder than defending yourself against a cyberattack is telling your executives and your partners why you didn’t do enough to protect yourself.”  His comments reflect current security trends from our historic “Trust but Verify” security model to one that is “Never Trust; Always Verify” — also known as Zero Trust.

Expectations are changing and our tolerance for breaches is dropping.  More than 56% of successful attacks exploit known vulnerabilities with patches available for more than 90 days.  Frankly, many of us are failing at the fundamentals of IT security and this needs to change.

While smaller in size, SMBs remain prime targets of cyber attacks.  With “Ransomware as a Service” readily available, finding and attacking vulnerable small businesses is inexpensive and effective.  SMBs are more likely to have fewer security protections; SMBs are less likely to be able to recover from an attack and more likely to pay ransoms.

Here are 7 security trends that warrant our attention and action:

1 Zero Day Exploits

As the name implies, Zero-Day  Exploits take advantage of newly discovered security holes before our tools and systems can be updated to prevent an attack.

Next Gen solutions are needed to protect from attacks on devices, in the flow of email, and in web traffic.

2 Insider Threats

Insider risk refers to every account that has access into an organization’s environment such as service accounts, custom integrations, and API accounts. Insider threats, meanwhile, are the small percentage of insiders actually doing something that will cause a security incident, intentionally or not.  For example, the increased use of QR codes allows attackers to create malicious QR codes that install keyloggers and screen grabbers to steal identities and multi-factor authentication tokens.

We need Security Awareness Training to help individuals understand the risks and build safe habits.

3 Regulatory Changes

As noted, security expectations are changing.  State and federal laws are changing. Passed by the Senate this year, the Strengthening American Cybersecurity Act will require businesses to report significant cyber events within 72 hours and ransomware payments within 24 hours. These requirements lay on top of other federal regulations, multiple states’ privacy laws (CCPA, MA PII, etc.), and industry regulations (PCI-DSS, etc.).

With cyber insurance and cyber response services in place, small businesses are more likely to avoid fines, losses, and legal actions.

4 IoT

Internet of Things devices, and similar automation technologies are popular and often lack basic security features.

As IoT-based solutions move into smaller businesses, we need to secure and monitor devices and the networks on which they run.

5 Supply Chain

Bad actors know that attacks on supply chains can be more effective than attacking an intended target.

If your smaller business is in the supply chain of a larger company, expect security to become an issue.  They are likely to request — or demand – additional security measures as a condition of your business relationship.  And, be ready to demonstrate (prove) that you actually do what you claim on the security checklist.

6 Data Mining

Data mining enables attackers to not only go after your business, but your vendors and customers as well.  Imagine attackers telling your customers their private data will be released if you do not pay the ransom.  Even more common, imagine your customers receiving emails “from” (impersonating) you instructing them to send money.

We need to start protecting unregulated data in the same ways we protect regulated data.  Encryption, for example, does not prevent a breach but ensures the data cannot be used.

7 Ransomware

It would be nice to think we are past the ransomware pandemic, but we are not.  Over 80% of ransomware attacks are on small and mid-size businesses. Because attacks have moved beyond encryption to data exfiltration, attackers are likely to understand your business and set ransoms that are steep, but payable (often 1% to 1.5% of annual revenue).  Businesses hit by ransomware average more than 20 days of significant business disruption. On average, they permanently lose more than 35% of their data.

A response and recovery plan that includes business continuity ensures that you can keep your business running while you recover from and respond to an attack.

Your Next Step

Please contact us to evaluate your security footprint and needs, and discuss possible next steps, or schedule a no-obligation introductory call with one of our Cloud Advisors.

Resources for Small Businesses and Solopreneurs

Email Security – Good, Better, and Best

When launched Cumulus Global 15 years ago to provide small and midsize businesses (SMBs) with email security and security solutions. As early adopters, we saw how cloud solutions made enterprise grade solutions affordable and effective for small businesses.  While much as changed over the past decade and a half, we still face email-based threats.

Email Attacks are Easy

According to Verizon’s 2021 Data Breach Report, email remains one of the most common vectors for attacks. And, phishing attacks are at the top of the list. Email phishing attacks remain prevalent because they are relatively easy. Cyber attackers are able to say one step ahead of our defenses, in large part to the rise in social engineering. With more of our personal information available through social media, attackers can use psychological tactics and personalized messaging to target specific individuals (spear phishing) and business leaders (whaling). In doing so, they garner sensitive information and gain access to systems and data.

Business Email Compromise

Business Email Compromise (BEC) attacks impersonate your email domains or emails for specific users. In most instances, BEC attacks look and feel like legitimate emails from your business. Combined with social engineering tactics and personalize information, they are hard to spot and often successful.  Attacks can be “internal” that target your employees, or “external” that use your business to defraud your customers and associates.

Email and Domain Impersonation

Preventing email and domain impersonation attacks bypass account level security, including multi-factor authentication. To prevent these attacks, recipients should only accept email that can be authenticated as coming from your domain.

Protection: Good, Better, Best

Currently, you have three levels of email domain security that can protect your business and your identity: Good, Better, and Best.

Good: SPF Sender Policy Framework

SPF verifies emails sent from valid IP addresses, either from your domain or authorized senders. While most small businesses have an SPF record configured, errors cause individual emails, or emails from marketing and CRM systems, to be flagged as spam by the recipient. Cyber attackers can spoof email addresses to give the appearance of a validated sender.

Better: DKIM DomainKeys Identified Mail

DKIM verifies that have been digitally signed by the sending domain, or by services sending email on behalf of the domain. Proper configuration is technical and involves cryptographic key management; errors can lead to fake messages with valid DKIM signatures. Cyber attackers can remove the DKIM signature using sophisticated relay attacks.

Best: DMARC Domain-based Message Authentication, Reporting,
and Conformance

DMARC authenticates email origin by aligning identifiers from SPF and DKIM, and instructs recipients to deliver, quarantine, or reject failed emails by policy. DKIM helps improve email deliverability. Is the best protection against email and domain impersonation attacks, whether they target your employees, vendors, or customers. Reporting enables you to see email sources and manage your policies.

Call to Action

While you set up SPF and DKIM with DNS record entries, DMARC is best implemented as a service. Doing so provides you access to settings, reports, and analysis tools. For most small and midsize businesses, the level of protection DMARC provides is worth the minimal cost.

You can learn more with our eBook: Email Security: Good, Better, Best.

To discuss your email security configuration, make an appointment with one of our Cloud Advisors, send us an email, or fill out our contact form.

Four Cornerstones for Cloud Security

October is Cyber Security month.  In what seems like a never-ending process, we continue to face new and advancing threats to the integrity of our data, identities, and businesses.  For those of use with small and midsize businesses, we need to ensure our systems and information are secure. At the same time, we want to keep our IT systems simple and manage our budgets.

Strategy

To strike the right balance, we need to assess our current security foundation, identify gaps, and fill in services where needed. Doing so creates a security foundation that covers your basic needs.  From there, you can add services and build the security footprint you need to meet industry expectations and regulatory requirements.

A sound cloud security foundation is built on four cornerstones for cloud security.

1 Basic C/I/A

Ensure the confidentiality, integrity, and availability (C/I/A) of information you create, receive, maintain, or transmit.

This cornerstone establishes your basic security infrastructure that protects against attacks and prevents breaches across your IT systems.  It also creates your ability to respond to issues and recover, key to ensuring business continuity and resilience.

2 External Threat Protection

Identify and protect against reasonably anticipated threats.

This cornerstone focuses on the attacks and threats from outside your business. From phishing, ransomware, and business email compromise, to DNS and advanced persistent threats, the focus is on protecting your data, applications, systems,  and people from harm.

3 Data Loss Protection

Identify and protect against reasonably anticipated uses and disclosures.

Data breaches and data loss result from configuration issues, application errors, and individual actions. Permission errors, inappropriate sharing, and other actions are often accidental, resulting from a lack of understanding of policies and/or how systems work. They can, however, result from intentional acts of misconduct. Solutions that set this cornerstone protect against these internal risks and threats.

4 Compliance

Ensure workforce and business compliance.

Nearly all businesses must meet basic legal requirements to protect sensitive information. Most businesses must also adhere to industry and additional legal requirements.  This cornerstone encompasses the policies and procedures that ensure your team, and your business meet your compliance requirements. IT also includes the tools and methods to enforce policies and report on compliance.

Tactics

To ensure your cornerstones are set and your security foundation is place, conduct a security footprint assessment.  For each cornerstone, identity the services you have in place and those that may be needed. The assessment should cover the “CPRs” of security:

  • Communication/Education
  • Protect / Prevent
  • Respond / Recover

For more information, send us an email or complete our contact form.

The Kaseya Attack Effect

Data Protection & SecurityThe Kaseya attack demonstrates how cyber crime is a big, organized business.  How big? You can subscribe to “Ransomware as a Service” and outsource attacks on your intended targets.  How organized? Hacker groups and service providers, such as the REvil Ransomware Group and DarkSide, actively manage their brands and reputations.  The REvil attack on Kaseya shows us that cyber criminals are technically advanced and operationally sophisticated. The nature of the attack, and its scope, should scare you.

By using known vulnerabilities in Kaseya’s VSA Remote Monitoring and Management system, REvil was able to create an automated ransomware distribution network. They used the very systems that Managed Service Providers (MSPs) use to monitor and manage customer servers, computers, and networks.

The Impact

MSPs update their Kaseya VSA servers automatically installed the Ransomware on their customers’ systems, as well as their own. Best estimates are that up to  1,500 small and medium-sized companies are victims. While this number seems small, those 1,500 business face an existential threat. Remember: more than half of businesses victimized by ransomware fail within six months.

Most MSPs shut down their Kaseya VSA services before spreading the ransomware. These firms had no ability to monitor, manage, or remotely support their customers. Customers facing IT issues were met with longer diagnostic and resolution times, resulting in business disruption, lost productivity , and the possibility of data loss.

As a managed cloud service provider, Cumulus Global does not use the Kaseya VSA system.  Our clients were not at risk, via our services, from this attack.

The Lessons

We were on the sidelines for the Kaseya attack. We understand, however, that the way in which may cloud services are managed create connections between vendors, resellers, partners, and customers. While these connections do not generally provide any access to customer data, they do provide access to management functions and information about users.  This information, in turn, could be used to improve the effectiveness of phishing attacks, spoof identities, and gain access to systems.

As a trusted IT advisor and a managed cloud service provider, we are part of a connected supply chain. We take our responsibility to secure our part of that chain seriously. While we follow commercially accepted best practices for security and privacy, the Kaseya attack warns us to step back and re-evaluate our strategy, policies, and procedures.

Our Next Steps

Cumulus Global is conducting an internal review of all of our internal and operational systems, including vendor portals and services we use to order, provision, manage, and support cloud services. As part of this review we are examining our policies and procedures related to:

  • Identity management and protection
  • Access to the systems
  • System level permissions related to function and data
  • Roles and responsibilities with respect to security and privacy
  • Business continuity plans and capabilities

Through this process, we are challenging our assumptions, re-assessing how we operate security and effectively, and raising our expectations for how well we protect ourselves and our customers.

We will also be making recommendations to our clients, and the broader community, on steps they can take to improve their security profile and protections.

Your Next Steps

As a user of cloud services, and technology in general, have responsibilities as well.

We Can Help

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

The State of SMB Cyber Security

Data Protection & SecurityGone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk, regardless of their size or industry. Today, we recognize that implementing a cyber security program, much like hiring people and growing sales, is an essential part of running our companies.

With 43% of cyberattacks targeted at SMBs, it’s not surprising that many have identified cybersecurity as a priority. And while most of us have deployed protections, it is challenging to know if you have the right balance of protection relative to your risk.

Here are 4 key findings from research conducted by Microsoft:

01 Businesses understand that cybercrime is a problem, but understate the severity of the threat and overestimate their preparedness

The vast majority of businesses (85%) cite cybercrime as a concern, and more than half (56%) believe it is a top priority. Businesses are backing up this belief with action. Most have begun to invest both time and dollars into protecting their company from hackers and other malicious actors.

However, when you look a little deeper, it becomes clear that many have underestimated their risk. 74% of businesses don’t believe they are likely to be attacked at all and that corporations are two times as likely to be attacked.

90% of businesses say they have the right protections in place to prevent an attack, and those with more than 50 employees are even more confident. It is encouraging that businesses are investing in security, but the reality is that they are at greater risk than they think. Nearly half (41%) have been attacked

02 Small and medium-sized businesses are just as likely to be attacked as large corporations

For solutions that do cost money, businesses allocate about 15% of IT budgets go to cybersecurity,  and  21% plan to increase how much they spend protecting the company. Businesses recognize that this investment is worth it because three out of four know that it costs more to recover from an attack than it does to prevent one.

03 Employees can be a business’s biggest protection and also their biggest threat

As a small business owner, you face many of the same threats as larger businesses, but also unique challenges.

Given the number of security events tied to employees, businesses run the risk of underestimating the threat of employees leaking data or  sharing sensitive information, whether maliciously or accidentally.

Insider threats take several forms. Employees or partners may find it more convenient to transfer sensitive data using personal email or an unsecure cloud drive, not realizing the risk to your company. In fact, 30% of security events are attributed to careless or uninformed employees. More alarming is the roughly 36% of attacks where a malicious employee steals sensitive data.

04 Businesses have begun taking steps to protect themselves and there is a set of solutions and practices available to them

Most small and midsize businesses don’t have the same scale of resources to combat security threats and implement cyber security solutions as larger entities.

Fortunately, there are right-sized solutions and strategies designed to overcome the unique vulnerabilities of smaller companies. An effective security strategy doesn’t have to be expensive—or time-consuming. With a few simple, no-cost/low-cost steps, you can make a significant  impact on your company’s overall security profile. The key is to match security to your business needs and your budget.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Security Threats: 3 You Know and 1 You Should

Data Protection & SecuritySecurity threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.

1 Viruses

According to research conducted by Microsoft, infection by a computer virus is the most commonly cited among security threats facing businesses. Preventing viruses requires an integrated approach to endpoint and identity management, including:

  • Deploy next-gen antivirus software, with advanced threat protection, installed and updated, on all devices
  • Use web filtering and monitoring services to prevent infection, even from trusted sites
  • Roll out mobile device management to secure work devices (including laptops and desktops), as well as personal devices used for work
  • Enforce the use of multi-factor authentication as part of an integrated identity and access management solution

2 Ransomware

Ransomware is a type of malware that restricts access, encrypts files, or even stops you from using your systems. Like viruses, ransomware can enter the company through insecure endpoints or unsuspecting users.

While virus protections also protect against ransomware, no protection is perfect. You need to be ready to respond and recover in the event of a successful cyber attack. Here are some solutions and services you should have in place:

  • Backup your data and system images, in the cloud, to ensure your ability to restore and recover
  • Encrypt all data, at rest and in motion
  • Deploy business continuity services to spin-up copies of servers in parallel with remediation
  • Pre-arrange access to forensic, legal, and communications resources to ensure a proper business response
  • Acquire cyber insurance to cover remediation, recovery, and regulatory costs, along with lost revenue

3 Phishing Attacks

The majority, 67 percent, of cybersecurity professionals surveyed consider phishing to be the greatest security threat facing your business and employees. To protect your people, your data, and your business:

  • Configure advanced threat protection services to identify and block attacks via email using links and/or attachments
  • Monitor inbound and outbound email traffic
  • Provide your team with awareness training to recognize problem emails, and how to respond/act
  • Instruct your team to report suspicious messages, links, and attachments
  • Deploy domain level services to prevent identity-spoofing

!! Internal Leaks & Threats

Insider security threats are often overlooked. Surveys indicate that 53% of organizations have experienced insider attacks against their organization.

These risks take several forms. About 37% of internal leaks can be attributed to careless or uninformed employees. In many cases, these employees are using personal, less secure or unsecured services to conduct business.  Whether consumer versions of email or cloud drives for sync and share, these “shadow IT” services pose a significant risk.

While the majority of internal leaks and threats are unintentional, 36% of internal leaks are identified as attacks by a malicious employee.

To prevent data leaks and breaches, you should:

  • Actively manage access and permissions to networks, systems, applications, and data; periodically review permissions for compliance
  • Leverage features within your systems that help you manage and protect confidential and proprietary information
  • Deploy information protection solutions, such as Data Loss Prevention (DLP) and document/message level encryption, to block sensitive data from leaving your control

>> Take Action

All of the suggestions, above, fall within our CPR best-practice model for cyber security: Communicate & Educate; Prevent & Protect; Respond & Recover.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

library

State of Security for Small and Midsize Businesses

State of Security for SMBseBook | Source: Microsoft

If you work at a small or medium-sized business (SMB), you probably juggle multiple roles, including cyber security.

Gone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk regardless of their size or industry. Businesses recognize that a cyber security  program is an essential part of running a company.

This eBook identifies key findings from studies and surveys for small and midsize businesses and makes recommendations to ensure your business is protected, and can recover, from cyber attacks.

Please confirm the information, below, to view and download the ebook



Protect Your Business – Top 3 Security Threats

Protect Your BusinesseBook | Source: Microsoft

Security threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.

You face many of the same threats as larger organizations, but also the unique challenges around budgeting and setting priorities as the leader of a small or medium-sized business.

This eBook explores how you can safeguard your business against the top three security threats, plus the one threat your business is probably overlooking.

Please confirm the information, below, to view and download the ebook



Crash Course in Office 365

Office 365 Crash CourseeBook | Source: Microsoft

How Microsoft 365 and Office 365 can help you grow your business.

You already know the productivity power of Office applications like Word, PowerPoint, and Excel. Full adoption empowers you to access your content from any device, coauthor with anyone in real time (regardless of whether or not they’ve purchased a copy of Office), and use the power of artificial intelligence (AI) to create more impactful content with less effort.

This eBook is a six step crash course in empowering your team by leveraging the capabilities and features of Office 365 and Microsoft 365.

Please confirm the information, below, to view and download the ebook



Global Year in Breach – 2021

eBook | Source: ID Agent

Fundamental changes in the way we lived and worked made 2020 a wild year for cybersecurity professionals. The resilience of every company was tested in the midst of a pandemic-induced, volatile economy as threats snowballed in the wake of a rapid shift to remote workforce support.

Adding to, and perhaps fueled by, those challenges, a cybercrime boom that included record-breaking phishing and ransomware threats ratcheted up the stress. Sectors unaccustomed to being targeted by cybercriminals suddenly found themselves under siege while unprepared companies quickly learned the cost of failing to take cybersecurity seriously.

The Global Year in Breach 2021 report, gathers and analyzes data from industry-leading cybersecurity
solutions, combined with illuminating industry statistics to give you a clear picture of how the data breach landscape evolved in 2020.

Through this lens, this report provides insights into how global events can rapidly transform the cybersecurity landscape. The report forecasts continuing and emerging cybersecurity trends for 2021 and provides helpful advice about smart risk mitigations that fit every business and every budget.

Please confirm the information, below, to view and download the ebook



Google Workspace Security

Google Workspace SecurityeBook | Source: Google

We fully understand the security implications of powering your business in the cloud.

Because Google and our enterprise services run on the same infrastructure, your organization will benefit from the protections we have built and use every day.

      • Secure by design
      • Product security innovation
      • Compliance, eDiscovery, and analytics
      • Transparency

Our robust global infrastructure, along with over 700 security professionals and our drive to innovate, enables Google to  stay ahead of the curve and offer a highly secure, reliable, and compliant environment.

Please confirm the information, below, to view and download the ebook



Make it Work: The Future of Collaboration and Productivity

Make it WorkeBook | Source: Google

Many of the technologies , trends , and cultural norms that will shape tomorrow’s workplaces are already transforming forward thinking organizations around the world. In other words , the future of work is here it’s just not evenly distributed.

This report identifies three important and impactful changes businesses  can make to catch up with competitors that are already working in the  future:

  • Give people the tools to save time and work faster
  • Empower people to access knowledge and share ideas
  • Let people work how they want: flexibly and collaboratively

Armed with these three strategies , businesses can improve productivity and encourage innovation while better  meeting the needs of their customers and their employees now and in the decade (or more) ahead.

Please confirm the information, below, to view and download the ebook



Unblocking Workplace Collaboration

Unblocking Workplace CollaborationeBook | Source: Microsoft

A lack of workplace collaboration – a work environment that doesn’t encourage teamwork – is one of the top 5 reasons people quit their jobs.

Today’s workforce is more collaborative than ever. Unfortunately, though, many modern workplaces lack the tools to make collaboration efficient, effective, and enjoyable.

The solution lies in building workplace collaboration. Strategically break down collaboration blockers so that teams can work together with ease. To accomplish that, business are turning to  collaboration suites that allow employees to communicate and share through a single platform.

This eBook explores 5 collaboration blocks that likely impact your business and outlines solutions, featuring the capabilities and features of Office 365 and Microsoft 365.

Please confirm the information, below, to view and download the ebook



Google Workspace Migration Guide

Google Workspace Migration GuideeBook | Source: Google

Whatever your business’s reasons for considering a switch in collaboration tools — a merger or acquisition, the desire to become a  more collaborative, innovative and transparent organization, or simply a  technology audit — change can provoke anxiety and disruption, even  when it is for the better.

What are your goals, and what makes one technology solution the best fit?

Here are some insights that can help facilitate a smooth transition to new workplace productivity tools at all stages — with specifics on Google Workspace — from decision to preparation to deployment to upkeep.

Please confirm the information, below, to view and download the ebook



Six Types of Remote Workers and How to Support Them

Six Types of Remote WorkerseBook | Source: Microsoft

Great teams build great companies. And remote workers will be part of your team.

How do you best use technology to keep your employees and business as efficient as possible? Understand the six types of remote workers who impact your team and

  • Evaluate their technical needs
  • Assess their remote work styles
  • Help them simplify and enhance their work, across devices

Solutions like Microsoft 365 Business and Office 365 Business Premium bring new levels of productivity to your business.

Please confirm the information, below, to view and download the ebook



The Ultimate Meeting Guide

Ultimate Meeting GuideeBook | Source: Microsoft

Do you want, or need, better meetings?

Meetings remain an essential part of doing business as they ensure your teams stay on the same page with the information they need to get things done.

Unfortunately, meetings get a bad rap for taking up time and resources — ultimately costing your business. Many businesses experience a sizable gap between the increasing number of meetings and the value derived from the time spent in these meetings.

What can you do? The simple answer for better meetings is to:

  • Conduct simple, direct meetings
  • Focus on clear action items
  • Ensure time spent feels convenient and useful for your employees.

Please confirm the information, below, to view and download the ebook