In November, I sat in a meeting of business owners who had gathered to spend a full day focused on their business and running it well. The pre-arranged discussion materials were focused on IT safety, security, and in my world, ‘IT 101’ requirements for anyone running a business in our technology age. Wow! I was blown away by what I heard and some of the responses to the materials.
I feel like I’ve written on this topic to the point where many of our clients might say ‘Again?’ to running this article, but I think I might be off-base. You are focused on running your business, so perhaps I haven’t been as ‘in your face’ as I think, so here we go!
Business Computer Safety 101—Let’s review a few basics, then layer on the important topics for you and your IT support team, whether that’s internal, with us, or with an outside IT team.
MFA, Multi-Factor Authentication: This basically means, that just because you have a password, you have to prove it’s really you! Authenticate yourself in at least two ways, so if the password is hacked, we can still confirm if it’s really you or not. We’ve written various articles on this, we have a short flyer with info, insurance companies have ‘forced’ you to do this in order to write a Cyber security policy, and so on. We recommend a ‘strong’ password, which basically means at least 8 characters made up of upper case, lower case, numbers, and a special character. Yes, you already hate this, I get it! The problem is, you use something like a pet’s name, an anniversary date, your company’s street address, or something similar. Well unfortunately all that’s available on LinkedIn and Facebook, so with the sophisticated tools hackers have available, or an inexpensive purchase from the Dark Web, they have your password! So having a second form of authentication GREATLY reduces the risk of being hacked. Requesting a two-digit code that comes directly to your cell phone means you can prove it’s you who entered the password in the
first place. And, it shows you where the request was made, so make sure it’s the right continent!
The next topic in our meeting was Cyber Security insurance. I was blown away by how many companies did not have this insurance coverage. Small businesses are THE number one target for hackers. You have cash on hand to cover payroll, share passwords (Ugh!), lack MFA enforcement, have older equipment that is often not patched, and often lack security protocol. And you think you’re ‘too small’ to be a target, but it’s a numbers game. If their success rate is 20%, the more businesses they target, the more money they can make!
We have a very smart, very thoughtful client with excellent systems in place who was tricked into over $750,000 of fraudulent vendor payments. Hackers also use Social Engineering, preying on your wonderful, good, sincere team, tricking them! It’s sinful, to say the least! I’ve said it before; I can’t get past your receptionist and I’m an existing vendor! When it comes to email, the very same person on your team is not as suspicious and takes the bait. I would add that this client had Cyber Insurance so all the experts they needed were at their disposal.
Let’s talk about computers, next. At a minimum, you need a business-class anti-virus/EDR (Endpoint Detection & Response) solution in place with continuous updates. Next, an automated patch management solution that automatically installs Microsoft-specific security updates, other MS updates, and even third-party patches. When vulnerabilities are found, these vendors provide patches to keep things current and safe. As a Managed Solution Provider (MSP), we review the patches each week and any that are security-specific or stable are approved and pushed out, automatically, to all computers we manage. In addition to keeping computers patched and safe, this greatly cuts down on the time to do maintenance!
Anyone with M365 should have additional backups in place. These cloud backups cover the email as well as documents in SharePoint and OneDrive. For specific software programs installed on the computer, there are additional backup solutions available.
At the next level, we provide security that monitors activity on the computers, as well as the M365 accounts, and enforce MFA. M365 is a HUGE target! If a bad actor can get in one of the company’s M365 accounts, it can hijack the account, create rules, and even allow email to go out looking like it was from you, but it isn’t. Other advanced tools include the award-winning Sentinel One, DNS filtering, the use of InTune to roll out solutions and services, and of course, our Dark Web monitoring. There’s more, but this gives you an idea of the types of tools in use and their importance. As your partner, we take our responsibilities seriously so you can focus on running a great company! –CMW