TDS Blog | Techspert Data Services

How $43,000 Got Stolen From A Small Business In The Blink Of An Eye

by Adam Siemienski | Mar 13, 2024 | Newsletter

What you are about to read is a real story showing you how a business can be devastated by cybercriminals in the blink of an eye. Most importantly, I’ll share several ways this could have been avoided. Make sure to forward this to anyone who might be making online payments and, better yet, your entire staff. The name of the company and principals have been withheld so they don’t become a further target.

$43,000 Gone In The Blink Of An Eye

Imagine, on a normal Friday night after a long week of work, you glance down at your phone and see an alert from your bank.

You open it to find that you’ve just paid a company you’ve never heard of $43,000!

This was an all-too-real situation for one small business owner a few weeks ago – and there’s NOTHING the owner, or police, or anyone else can do to get that money back. It’s gone forever.

Thankfully, for this company, $43,000 was a loss they could absorb, but it was still a huge hit and, frankly, they are lucky they weren’t taken for more.

Here’s what happened and how you can keep this from happening to you.

The E-mail That Started It All

Imagine receiving an e-mail so convincing, so utterly devoid of red flags, that you find yourself compelled to act. This isn’t a failure of judgment; it’s a testament to the sophistication of modern cyberthreats.

In this case, an employee in the accounting department received an e-mail from the company’s “CEO” saying they were starting to work with a new company and needed to get them set up in the system and make a payment to them right away.

This was NOT an abnormal type of e-mail, nor was the amount anything that aroused suspicion – they made and received large amounts of money often.

The only telltale clue might have been that it came in on a Friday afternoon and it was made clear that it was an urgent matter that had to be handled right away.

The employee, thinking they were doing exactly what their boss wanted, set the attacker’s company up in the system, including their bank routing number, and made a payment. And the minute they hit “Send,” the money was never to be seen again.

It wasn’t until the CEO called minutes later, after receiving notification of the transfer, that alarm bells started to ring! But by then it was all too late.

So What Happened?

While it’s impossible to know what exactly occurred to kick off this chain of events, the most likely culprit is that an employee, possibly even the owner, received an e-mail sent by a cybercriminal weeks or even months earlier that allowed this person to gain access to some of the company’s systems.

In all likelihood, the e-mail looked normal and had a link that, when clicked, downloaded software onto the recipient’s computer, and that’s where things started to go wrong.

Over the following weeks, the cybercriminals accessed company communications, figuring out who the players were, and devised a plan to make it look like the CEO needed a vendor to be paid urgently.

And when the criminals determined the time was right, they “attacked” and walked away with $43,000 for their efforts.

Home Alone

While this scenario may sound far-fetched, it’s not new.

If you remember seeing the classic movie Home Alone, would-be thieves watched houses immediately preceding Christmas to determine which families would be away for the holidays so they could break into those homes.

Cybercriminals do the same thing, but from a distance, and you’d never know they were ever there.

The scary fact is, your system could be compromised right now, and you would have no way of knowing it, until an attack happens.

In the cybercrime world, the kind of attack this company suffered is referred to as spear phishing. Criminals identify a single point or person in an organization who they believe could fall victim to a scam like the one that happened here, and they engineer a scheme to specifically target them.

What You And Your Employees Need To Know To Help Thwart Attacks

The sad fact is that there is no 100% safeguard against cybercriminals. But, just like our robbers in Home Alone, cybercriminals go after the low-hanging fruit. If your house has a gated entry, security system, outside cameras and lights, and has three vicious-looking dogs roaming around, would-be thieves are much more likely just to move on to a house without all these layers of security.

Cybercriminals operate in the exact same fashion, looking for companies that aren’t protected and then targeting them specifically. So, the best thing you can do is have layers of protection for your company, along with education for your employees.

3 Things To Do Right Now To Protect Your Company

Multi-factor authentication (MFA), also called two-factor authentication (2FA), is not just a tool but also a shield against the relentless barrage of cyberthreats. An example of MFA is when you try to log into a program and it sends a code to your cell phone via text that needs to be entered before granting access to the program. While often deemed a nuisance, MFA isn’t an inconvenience – it’s the digital equivalent of locking your doors at night. It’s a simple yet profoundly effective measure that can be the difference between a secure business and a cautionary tale.
Employees are your first line of defense. Just like you’d teach your kids not to open the door for someone they don’t know, you NEED to educate your employees on malicious threats. Teaching them about the common scams, how to avoid them and what to do if they think they’ve inadvertently clicked a link they shouldn’t have, is key. You need to ask your IT company to provide this training, and often they have programs that you can require your employees go through a couple of times a year. The program then quizzes them to ensure they have the knowledge. While this process isn’t something you or they will look forward to, the reality is that it could take just 10 to 15 minutes a couple times a year to keep you out of the news and your money out of someone else’s account!
Get cyber security services in place. MFA is just the start of a comprehensive security plan. You need to talk to a qualified company (not your uncle Larry who helps you on the side) about getting more than a firewall and virus scan software. What worked a decade or two ago – and may still be helpful on a home network – would be like protecting a bank vault with a ring camera. It’s just not going to cut it. NOTE: We offer a variety of security services for companies of all sizes and can certainly talk to you about options that make sense for your situation.

Whatever You Do, Don’t Do This!!!

Maybe the worst thing the owner of the company that lost $43,000 did was they then posted a video and story on social media.

While their intentions were good because they wanted to warn other business owners not to fall victim to the same scam, they might as well have had T-shirts made with a big target on the back.

It’d be like having cash from your house taken, then going online and telling people exactly how it happened – you’re just inviting more people to come try to take your cash.

Not Sure If You’re As Protected And Prepared As You Should Be?

To make sure you’re properly protected, get a FREE, no-obligation Cyber Security Risk Assessment. During this assessment, we’ll review your entire system so you know exactly if and where you’re vulnerable to an attack.

Schedule your assessment with one of our senior advisors by calling us at 216-800-7888 or going to https://tds-llc.com/initial-consultation-success/

Beware Of Cybersquatters!

by Adam Siemienski | Feb 28, 2024 | Newsletter

Have you ever searched for a specific website but landed on a completely different one after misspelling a letter or two in the URL? This deceptive tactic is known as cybersquatting. This practice not only jeopardizes the online presence of businesses and individuals but also poses a significant challenge in the ever-evolving landscape of cyber security. The scariest part is that you can be a victim of a cybersquatted domain and not even realize it.

Here’s what you need to know about this type of cybercrime:

What Is Cybersquatting?

Cybersquatting, also known as domain squatting, involves the malevolent act of registering a domain name that is confusingly similar to that of a legitimate entity, be it a business, organization or individual. The primary motive behind this maneuver is often financial gain, with cybersquatters aiming to exploit the recognition and success of well-known brands. However, the repercussions extend beyond monetary losses, as cybersquatting can stain the reputation of its victims.

Types Of Cybersquatting

There are many types of cybersquatting scams, but here are the most common ones that you need to be aware of.

1. Top-Level Domain (TLD) Exploitation:

A TLD is the final element of a domain name, such as “.com,” “.co.uk” and “.org.” Because there are so many variations, it’s difficult for small to medium-sized businesses to register all of them for their brand, and it’s even more difficult for celebrities or famous individuals.

Cybercriminals will register matching domains using different TLDs and either create offensive or inappropriate websites, requesting the original domain owner to pay them to take them down, or they will use these websites to gain customers’ trust and make them susceptible to phishing attacks.

2. Typosquatting: This form of cybersquatting involves intentionally registering misspelled domain names to capitalize on common typos, leading unsuspecting users to malicious sites.

If you take Facebook.com, for example, here’s how a cybersquatter might buy their domains:

Faecbook.com
Facebokk.com
Faceboook.com

Typos are easy to make, so misspelled domains can generate a lot of traffic.

3. Look-Alike Cybersquatting: This form of cybersquatting involves creating domains with common words added to mislead customers, even if they aren’t confusingly similar at first glance.

Here are a few examples:

Original: Google.com
Lookalike: G00gle.com
Original: Amazon.com
Lookalike: amaz0n.com or amazon1.com
Original: Microsoft.com
Lookalike: Microsofty.com

Looking at these, you might not think they’d easily trick users, but they still do!

How To Avoid Being A Cybersquatting Victim

You can avoid being a cybersquatting victim by taking a proactive approach. Here are a few steps to take:

Register Your Trademark: To benefit from the full protection of the Anti-Cybersquatting Consumer Protection Act (ACPA) and Uniform Domain Name Dispute Resolution Policy (UDRP), it can be helpful to register your trademark early. These regulations will still apply if a cybercriminal registers a cybersquatting domain name and you have an unregistered trademark; however, you’ll need to prove you were using it for business before the domain was registered. Trademarks aren’t required, but they can make this easier.
Invest In Multiple Prominent TLDs: When you register your domain, also register it with the most popular TLDs, like .co and .org.
Be Cautious Of What Websites You Visit: When typing URLs into the address bar, double-check to make sure you’re going to the correct website. This applies to links you click too! Hover over links with your mouse to confirm that it is the correct link. For extra security, skip clicking links and type them into the search bar on your own.

Cybersquatting is only one method hackers use to cause chaos. Cybercriminals are constantly coming up with new ways to scam businesses and individuals alike. If you want to double down on security to make sure you and your company are protected from sneaky attackers, we can help.

We’ll conduct a FREE, no-obligation Security Risk Assessment where we’ll examine your network security solutions to identify if and where you’re vulnerable to an attack and help you create a plan of action to ensure you’re protected. Click here to book a 10-minute Discovery Call with our team to get started.

How So-called Cheaper IT Providers Sneak In Expensive Hidden Costs

by Adam Siemienski | Feb 21, 2024 | Newsletter

Is your company looking to hire an IT firm? Unfortunately, unless you’re tech-savvy or experienced with IT contracts, there can be hidden costs that you wouldn’t expect or know to look for. While it can sound appealing to go for the cheapest firm, that decision can end up costing you more in the long run due to carve-outs and hidden fees in the contract. Cheaper IT firms will omit certain services from the original agreement and later nickel-and-dime you to add them on or by quoting you inadequate solutions that you’ll later need to pay to upgrade.

To help you weed out these companies that are not the bargains they advertise themselves to be, there are a few key elements to consider determining if your quote is insufficient, overpriced or underquoted.

Insufficient Compliance And Cybersecurity Protections:

A ransomware attack is a significant and devastating event for any business; therefore, it’s imperative that the IT company you’re working with isn’t just putting basic (cheap) antivirus software on your network and calling it a day. This is by far the one critical area most “cheaper” MSPs leave out.

Antivirus is good to have but woefully insufficient to protect you from serious threats. In fact, insurance companies are now requiring advanced cyber protections such as employee cyber awareness training, 2FA (2-factor authentication), and what’s called “advanced endpoint protection” just to get insurance coverage for cyber liability and crime insurance. We provide those standards in our offering, so not only do you greatly reduce your chances of a cyber-attack, but you also avoid being denied an important insurance claim (or denied coverage, period).

Inadequate Recovery Solutions:

One thing you also want to make sure you look for in your IT firm proposal is that they do daily backups of your servers and workstations, as well as any cloud applications your company uses (Microsoft 365, Google Workspace, etc.), because online applications do NOT guarantee to back up your data. You also need to make sure your backups are immutable or unable to be corrupted by hackers. Again, most insurance companies now require immutable backups to be in place before they’ll insure against ransomware or similar cyber events.

Transparency About On-Site And After-Hours Fees:

This might take you by surprise, but most IT firms will charge EXTRA for any on-site or after-hours visits. We include ALL of this in our agreements, but ‘cheaper’ MSPs will intentionally leave this out and add it on later to make the sticker price appear lower. Make sure you understand what is and isn’t included in your service agreement before signing.

Nonexistent Vendor Liaison And Support:

Will they help you with all of your tech, or just select pieces that they’ve installed? Some IT firms will charge you hourly to resolve tech support issues with your phone system, ISP, security cameras, printers and other devices they didn’t sell you but that still reside on the network (and give you technical problems). These fees can stack up over time. As a client of ours, you get all of that INCLUDED, without extra charges.

Cheap, Inexperienced Techs And No Dedicated Account Managers:

One way some companies cut costs is by skimping on customer support and expertise. Many of the smaller MSPs will hire technicians under a 1099 agreement or find cheaper, less experienced engineers to work on your network and systems. The more experienced and knowledgeable a tech is on networking and, more specifically, cybersecurity, the more expensive they are.

Further, many smaller MSPs can’t afford dedicated account managers, which means you’re depending on the owner of the company (who’s EXTREMELY busy) to pay attention to your account and to look for problems brewing, critical updates that need to happen, upgrades and budgeting you need.

Good account management includes creating and managing an IT budget, a custom road map for your business and reviewing regulatory compliance and security on a routine basis to make sure nothing is overlooked. You get what you pay for, and this is NOT an area you want overlooked.

BEFORE you sign on the dotted line, it’s important to make sure that you fully understand what IS and ISN’T included in the service you are signing up for. It’s VERY easy for one IT services provider to appear far less expensive than another UNTIL you look closely at what you are getting.

If you’d like to see what dependable, quality IT support looks like, book a call with our team, and we’ll be happy to give you a quote that covers everything you need. To Schedule Your FREE Assessment, please visit https://tds-llc.com/initial-consultation-success/ or call our office at 216-800-7888.

New Security Features To Protect Your Phone In 2024

by Adam Siemienski | Feb 14, 2024 | Newsletter

Long gone are the days when phones were simple devices used to make calls. Today our phones are advanced, handheld supercomputers that can do everything from pay a bill to order lunch for delivery to edit videos and more.

But with more capabilities come more risks. Because our phones are computers and connected to the Internet, they are susceptible to the same security risks that any other computer would be. Worse yet, personal devices often contain private information like bank account numbers, which, if accessed by the wrong person, could result in dangerous and expensive problems like drained bank accounts, identity theft and so on. Still, despite the obvious risks, most people do not treat phones like the security threats they pose, making them easy, no-brainer targets for cybercriminals.

To give perspective on how severe the problem is, Apple recently shared a study from MIT revealing a shocking 2.6 billion personal records were breached in 2021 and 2022 and were expected to increase in 2023. According to Kaspersky Security Network, in Q3 of 2023 alone, a total of 8,346,169 mobile malware, adware and riskware attacks were blocked, with adware being the most common tactic at 52% of total detected threats.

The risks are even more serious for business owners. Does your organization have a mobile policy for employees? Are employees accessing sensitive work documents or accounts using unprotected devices? If you’re not sure, you need your IT department to look into this immediately. It only takes one entry point for a hacker to break into your network.

There are a few ways to protect your devices now. Both Apple and Android have developed powerful security systems with advanced protective features you can start utilizing today.

Apple:

End-to-end encryption has been the default for Apple iMessage, iCloud Keychain, and Health data, but with a recent update, Apple rolled out Advanced Data Protection (ADP). This feature is an optional setting that offers Apple’s highest level of cloud data security by encrypting messages in iCloud, iCloud Backup, Notes, Photos, Safari bookmarks, Siri Shortcuts and more.

Activating this setting protects your data in the event of a cloud-based data breach by only allowing trusted devices added by you to decrypt the information. Not even Apple can access your data.

Here’s how to enable Apple’s Advanced Data Protection Setting:

1. Make sure devices signed in with your Apple ID have been updated to at least iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2 or later.

2. Open the Settings app on your iPhone.

3. Tap your name at the top.

4. Select iCloud, scroll to the bottom, and tap Advanced Data Protection.

5. Tap Turn On Advanced Data Protection.

NOTE: If you don’t have a recovery contact or key set up, you’ll be prompted to do that first.

6. Once a recovery contact/key is set up, return to Settings > iCloud > Advanced Data Protection and tap Turn On Advanced Data Protection.

7. Follow the prompts.

NOTE: You may be asked to update other devices signed into your iCloud account before enabling end-to-end encryption (E2E).

You can also remove devices with old software to continue the process.

If your device is new, for security reasons, Apple might make you wait to enable the feature. If that’s the case, that timeframe will show on your screen during setup.

Android:

While Apple is known for having a robust security system that reduces vulnerabilities and protects users’ data, Android’s security features are not far behind. Google Play Protect analyzes every app before it’s available for download, and any new apps where a security risk is detected are unable to be accessed. The software also runs daily scans to help identify and disable malware and other harmful applications installed on your phone to protect your data.

Furthermore, Android backups are regularly uploaded to Google servers and encrypted with your Google Account password for security purposes.

How to keep data secure if you’re using an Android:

If you’re using Google One, you can set up automatic backups on your Android device to ensure that if disaster strikes, your data is securely stored in the cloud:

1. Open the Google One app on your Android.

2. At the bottom, tap Storage.

3. Scroll to “Backup” and tap View.

o If this is your first phone backup, tap Set up data backup.

o If this isn’t your first phone backup, tap View Details.

4. To review backup settings, tap Manage backup.

5. Choose your backup settings.

NOTE: If you get a message to install an app, update an app or change your settings, follow the onscreen steps. Then, go back to the Google One app to finish.

6. If asked, tap Allow Permissions.

7. At the top left, tap Back.

NOTE: Google One backups may take up to 24 hours to complete.

How To Protect All Of Your Devices:

These features are not the end-all, be-all for phone security, but they will add a layer of protection for your data. To ensure every device on your network is secure, we recommend getting a third-party Cybersecurity Risk Assessment. This is a free, no-obligation assessment where one of our experts will examine your network and let you know if and where you’re vulnerable to an attack, including your mobile device policy.

Schedule your assessment with one of our senior advisors by calling us at 216-800-7888 or going to https://tds-llc.com/initial-consultation-success/

5 New Cybersecurity Threats You Need To Be Very Prepared For This Year

by Adam Siemienski | Feb 6, 2024 | Newsletter

The year of 2023 marked a significant turning point for cyber-attacks with the introduction and wide proliferation of AI (artificial intelligence), now in the hands of people who wish to do you harm and who are actively using it to find faster and easier ways to rob you, extort you or simply burn your business to the ground.

As I write this, I’m well aware there’s a tendency to shrug and just accept the “we’re all gonna get hacked anyway” mantra to avoid having to deal with it. Further, like overhyped weather reports, it’s also tempting to just ignore the warning signs, thinking all of this is just fearmongering rhetoric designed to sell stuff.

However, it truly is becoming a situation where the question is no longer IF your organization will be hacked, but WHEN. The Hiscox Cyber Readiness report recently revealed that 53% of all businesses suffered at least ONE cyber-attack over the last 12 months with 21% stating the attack was enough to threaten the viability of their business.

This year is going to be a particularly nasty one, given the U.S. presidential election along with the ongoing wars between Russia and Ukraine and Israel and Hamas. Tensions are high and hacking groups are often motivated by revenge as well as money.

Now, here are the 5 biggest developments in cyber threats you need to know about.

1. The Proliferation Of AI Powered Attacks:

If cybersecurity is a chess game, AI is the Queen, giving the person in possession the most powerful advantage for whomever plays it best. All cyber-related reports expect to see highly sophisticated deepfake social engineering attacks on the rise designed to separate you from your money.

We’ve already seen scams using AI-generated voices of family members, calling relatives to claim they’ve been injured, kidnapped or worse, to extort money. This is also being used to hack into companies by getting employees to provide login information to people they think are their IT department or boss.

This is where employee awareness training comes in, as well as controls such as MFA (multi-factor authentication), come into play. One of the things we do here at Techspert Data Services is phishing monitoring to ensure limited bot interference.

2. Increased Risk Of Remote Workers:

The expansion of remote work is a trend that is not going away; and with that comes an exponentially greater risk for cyber threats. From laptops being carried around and connected to suspicious Wi-Fi to mobile phones providing a “key” to logging into critical applications (like your bank account, Microsoft 365, line-of-business and credit card applications), these devices pose a high risk for being easily lost or stolen. Further, when people use their own devices or work remote, they tend to mix business and personal activities on the same device.

That employee who frequents gambling or porn sites may be using the same device used to login to company e-mail or critical applications. Even logging into personal social media sites that get hacked can provide a gateway for a hacker to get to YOUR company’s information through a user’s (employee’s) personal accounts.

3. Escalation Of Ransomware Attacks:

There are an estimated 1.7 million ransomware attacks every day, which means every second 19 people are hacked worldwide. If you’ve been lucky enough to avoid this, know that someone else is getting hacked on a very frequent basis, and you are very likely to be hit.

Last year, ransomware attacks increased by 37% with the average ransom payment exceeding $100,000, with an average demand of $5.3 million.

Fortunately, not all ransom attacks are successful. Businesses are getting much smarter about cyber protections and have been able to put in place protections that prevent hackers from successfully extorting their victims. One of the ways we protect our clients from ransomware is by employing cutting-edge technologies and advanced monitoring systems to detect and respond to cyber threats in real-time. Our proactive approach ensures that potential issues are identified and addressed before they can cause harm to your business

4. IoT Attacks:

IoT, or “Internet of Things,” is a term to describe the proliferation of Internet-connected devices. Today, even kitchen appliances, like a refrigerator, can be connected to the Internet to tell you when it’s time to change the water filter to alerting you if there’s a power outage.

This means hackers have a FAR greater number of access points into your world. If there are 100+ more doors to walk through in a house, you have a much greater security risk than if there are only five. That’s why IoT attacks present such a problem for us, and a huge opportunity for the hackers.

While many people know they should lock their PC, they might not be as meticulous in locking down their fridge or their dog’s tracking collar, but those could all provide access to you, your devices, e-mail, credit card and personal information.

5. Cyber Protection Legal Requirements:

To try and combat the out-of-control tsunami of cybercrime, the government is initiating more comprehensive federal and state laws requiring business owners to have in place “reasonable security” protections for their employees and clients.

The FTC (Federal Trade Commission) has been the most active in this space, bringing numerous actions against companies it alleges failed to implement reasonable security measures, issuing monetary penalties.

Of course, all 50 states plus Washington D.C. have passed laws imposing security requirements as well as data breach notification laws that require businesses to notify anyone whose data and PII (personally identifiable information) has been stolen or accessed by hackers via the company. For example, in California, under the California Privacy Rights Act (CCPA), a business could face a penalty of $100 to $750 per consumer and per incident if that company gets hacked and the court determines they failed to put in place reasonable security procedures.

That also means compliance is equally prominent to make sure your business is following the right processes and laws.

Not Sure If You’re As Protected And Prepared As You Should Be?

To make sure you’re properly protected, get a FREE, no-obligation Cybersecurity Risk Assessment. During this assessment, we’ll review your entire system so you know exactly if and where you’re vulnerable to an attack.

Schedule your assessment with one of our senior advisors by calling us at 216-800-7888 or going to https://tds-llc.com/initial-consultation-success/

How to Make 2024 a Profitable Year

by Adam Siemienski | Jan 16, 2024 | Newsletter

If you’re hoping to cut costs and boost profitability in 2024 without compromising productivity or efficiency, assessing the technology you use in day-to-day operations is one of the first areas in your business to examine.

We’ve created a road map that you can use to go step-by-step through your organization to determine if and where you can be saving money or utilizing new or better technology to improve operational efficiency.

1. Technology Inventory:

Conduct a comprehensive inventory of your current technology assets, including hardware, software licenses and peripherals like monitors, printers, keyboards, etc.
Identify outdated or underutilized equipment that can be upgraded or decommissioned.

2. Software Licensing And Subscriptions:

Review all software licenses and subscriptions to ensure compliance.
Identify any unused or redundant software and eliminate unnecessary expenses.

3. Cloud Services Optimization:

Evaluate your usage of cloud services and consider optimizing resources based on actual needs.
Monitor and adjust cloud service subscriptions to match fluctuating business demands.
Evaluate security protocols for cloud-based services to ensure you’re not at risk of a data breach. This can be an expensive problem, so do not skip it.

4. Energy Efficiency:

Implement energy-efficient practices, such as consolidating servers, using energy-efficient hardware and optimizing data center cooling.
Consider virtualization to reduce the number of physical servers, saving both energy and hardware costs.

5. Remote Work Infrastructure:

Optimize remote work capabilities to support flexible working arrangements. Inefficiency in this area will decrease productivity, inflate costs and increase cyber security risks.
Invest in secure collaboration tools and virtual private network (VPN) solutions for remote access.

6. Data Storage Optimization:

Assess data storage needs and implement data archiving strategies to free up primary storage. Are you saving documents you don’t need? Are there redundant files that should be removed?
Consider cloud storage options for scalability and cost-effectiveness.

7. Network Performance:

Regularly monitor and optimize network performance to ensure faster and more reliable data transfer, reduce downtime, enhance the user experience and support cost savings, ultimately contributing to the overall efficiency and success of your business operations.
Implement quality of service (QoS) settings to prioritize critical applications and services.

8. IT Security Measures:

Regularly update and patch software to address security vulnerabilities.
Ensure that antivirus, anti-malware and other security solutions are up-to-date and active.
Conduct regular security audits and employee training to prevent security breaches.

NOTE: This cyber security measures list barely scratches the surface. If you haven’t had a professional dig into your security solutions, this needs to be a priority. Data breaches are expensive and can shut a business down. Click here to book a call with our team.

9. IT Help Desk Efficiency:

Implement or optimize an IT help desk system to streamline support requests.
Use a faster, more efficient ticketing system to track and prioritize IT issues, improving response times and resolution rates.

10. Mobile Device Management (MDM):

Implement MDM solutions to manage and secure mobile devices used by employees.
Enforce policies that ensure data security on company-issued or BYOD (bring your own device) devices.

11. Vendor Management:

Review vendor contracts and negotiate better terms, or explore competitive options.
Consolidate vendors where possible to simplify management and potentially reduce costs.
Evaluate vendor cyber security practices to ensure your data is as secure as possible. If they are breached and your data is released, you’re still at fault.

12. Employee Training Programs:

Provide ongoing training programs to enhance employees’ IT skills and awareness.
Reduce support costs by empowering employees to troubleshoot common issues independently.

13. Energy-Efficient Hardware:

Invest in energy-efficient hardware to reduce electricity costs and contribute to environmental sustainability.
Consider upgrading to newer, more power-efficient devices when replacing outdated equipment.

14. Paperless Initiatives:

Explore paperless solutions to reduce printing and document storage costs.
Implement digital document management systems for greater efficiency and cost savings.

15. Telecommunications Optimization:

Review telecom expenses and consider renegotiating contracts or exploring alternative providers.
Utilize Voice over Internet Protocol (VoIP) for cost-effective and scalable communication solutions.

By systematically addressing these areas, business owners can enhance their IT infrastructure, drive productivity and achieve cost savings that contribute to overall profitability. Regularly revisiting and updating this checklist will help businesses stay agile in the ever-changing landscape of technology and business operations.

If you need help implementing the action steps on this list, our team is ready to help. Click here to book a FREE 10-Minute Discovery Call with our team, where we’ll discuss what your company needs and answer questions you might have.

Be Aware: Newest And Urgent Bank Account Fraud Alert

by Adam Siemienski | Dec 6, 2023 | Newsletter

The infamous Xenomorph Android malware, known for targeting 56 European banks in 2022, is back and in full force targeting US banks, financial institutions and cryptocurrency wallets.

The cyber security and fraud detection company ThreatFabric has called this one of the most advanced and dangerous Android malware variants they’ve seen.

This malware is being spread mostly by posing as a Chrome browser or Google Play Store update. When a user clicks on the “update,” it installs the malware designed to automate the process of accessing your online accounts and extracting and transferring funds.

Besides being alert to this scam (and you should let your spouse, partners and family know as well), you should be aware of a few ways to protect yourself:

Avoid links and attachments in any unsolicited e-mail. Simply previewing a document could infect your device, so never open or click on anything suspicious.
To update your browser, simply close it and reopen. You don’t have to download an application to update it. Furthermore, the Google Play Store app will not ask you for an update, so don’t fall for any website alert or text stating you need to download an update.

But remember, bank fraud can manifest itself in several forms, including:

Phishing Scams: Cybercriminals send deceptive e-mails or messages, often impersonating trusted entities like banks or government agencies, to trick you or your employees into revealing sensitive information like login credentials. Sometimes these are facilitated by phone calls, so make sure your team is fully aware of this. The latest MGM hack happened when a hacker called the company’s IT department requesting a password reset.
Check Fraud: Criminals may forge or alter your business’s checks to siphon funds from your account, making it essential for you to secure your checkbook and be careful about sharing or e-mailing your account information. You might consider going checkless to cut down on the chances of your account being hacked.
Unauthorized Wire Transfers: Hackers may compromise your online banking credentials to initiate unauthorized transfers, diverting funds to their accounts.
Account Takeover: Criminals may gain control of your business’s online banking accounts by exploiting weak passwords, reused passwords or security gaps, such as e-mailing your passwords to others or storing your bank password in your browser, allowing them to make unauthorized transactions.
Employee Fraud: Sometimes, even employees may engage in fraudulent activities, such as embezzlement or manipulating financial records.

To protect yourself, use strong, unique passwords for your online banking accounts and never store them in your browser. Also, update your passwords monthly with significant changes to them, using uppercase and lowercase, symbols and numbers that are at least 14 to 16 characters.

Second, always turn on multifactor authentication (MFA) so you’re notified if anyone tries to log into your accounts without your knowledge. Click here to learn more about MFA and the best apps to implement.

Third, set up alerts for large withdrawals. You can ask your bank to require a physical signature for wire transfers to protect you from someone taking money from your account without your signature.

Fourth, get fraud insurance that specifically covers employee and online theft so you are protected in the event a cybercriminal steals money from your account.

And, as always, make sure you have strong cyber protections in place for ANY

device that logs into a bank account or critical application. Far too many businesses think that if their data is “in the cloud,” they are safe. Remember, your bank account is “in the cloud,” and the bank likely has a secure portal, but that doesn’t mean YOU can’t be hacked.

If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.

Prepare Your Business For A Successful 2024

by Adam Siemienski | Nov 28, 2023 | Newsletter

As we step into the promising realm of 2024, it’s the perfect moment to set ambitious goals for the year ahead. Whether your aim is to boost sales, enhance customer loyalty, or achieve other vital key performance indicators, making intentional and specific resolutions is crucial. Avoid vagueness; instead, start small and build a solid foundation that propels you toward your objectives.

Embracing technology can be a game-changer in achieving your business goals this year. Here are some tech resolutions that can significantly impact your success:

Enhance Your Customer Experience

Most businesses have a website, but the real question is: Is your website driving sales, and are your customers enjoying the experience? If the answer is uncertain, it’s time for a reevaluation. For businesses selling products, ensure that web pages are easy to navigate, and the checkout process is seamless. If your business doesn’t sell products online, leverage your website for informative blogs about your industry or community events.

Consider integrating artificial intelligence chatbots if you haven’t already. These bots work tirelessly, providing customers with instant answers to their inquiries, and some are even capable of learning for more personalized communication.

Strengthen Your Cybersecurity

Cyberthreats persist on a daily basis, posing risks to businesses of all sizes. Take time this month to assess your cybersecurity practices and identify areas for improvement. Update outdated hardware promptly and stay vigilant about software updates, which often include essential patches against new cyber threats.

Crucially, prioritize employee education in your cybersecurity plan. Conduct cybersecurity training for your entire team at least once a year, covering topics such as password security, recognizing phishing scams, maintaining social media etiquette, and stressing the importance of safeguarding company and customer data.

Leverage Managed Services Providers (MSPs)

For small-business IT needs, Managed Services Providers (MSPs) offer a comprehensive solution, handling tasks behind the scenes. This allows you and your team to focus on core responsibilities. MSPs manage data backup and disaster recovery, enhance computer systems and networks, and ensure timely software updates. They can proactively identify and address issues before they escalate. The affordability of MSPs has increased in recent years, making it an opportune time to consider hiring one to fortify your business against cyber threats.

The dawn of a new year is a chance to recalibrate and refocus on improving your business. To turn aspirations into reality, strategic planning is essential. By implementing these resolutions, you’ll witness tangible benefits that positively impact your business.

Ready to take the next step in fortifying your business? Schedule a free discovery assessment with us to identify how our expertise can elevate your tech resolutions. Contact us today!

Turkey and Technology: A Thanksgiving Toast to Our Valued Clients

by Adam Siemienski | Nov 21, 2023 | Newsletter

As the autumn leaves paint a vibrant tapestry and the aroma of roasting turkey fills the air, it’s a sure sign that Thanksgiving is just around the corner. Beyond the delicious feasts and cherished family gatherings, Thanksgiving offers a unique opportunity to reflect on gratitude and appreciate the meaningful aspects of our lives. At Techspert, we find ourselves particularly grateful for the incredible clients who entrust us with their technological needs.

Thanksgiving, at its core, is a celebration of gratitude and appreciation. It serves as a reminder to pause and reflect on the positive aspects of our lives, fostering a sense of thankfulness for the relationships and experiences that shape us. Similarly, in the world of managed services, cultivating a culture of gratitude is not just a seasonal affair but a year-round practice.

At Techspert, we understand that our success is intricately tied to the trust and partnership we share with our clients. In the fast-paced digital landscape, businesses rely on technology more than ever, and we are privileged to be the ones helping them navigate this complex terrain. Our clients are more than just business relationships; they are our partners on the journey toward technological excellence.

Just like the varied dishes that make up a Thanksgiving feast, our clients come from diverse industries, each with its own set of challenges and aspirations. Whether it’s providing robust cybersecurity solutions, optimizing IT infrastructure, or ensuring seamless communication through cloud services, we take pride in tailoring our services to meet the unique needs of each client.

This Thanksgiving, we extend our heartfelt thanks to our clients for their continued trust and partnership. It is through their feedback, collaboration, and shared successes that we find inspiration to continually improve and innovate. In the spirit of the holiday, we encourage everyone to take a moment to express gratitude for the relationships that make a positive impact on their lives.

As we gather around the metaphorical table of technology, we also want to express our commitment to excellence. Our team at Techspert is dedicated to providing top-notch managed services, ensuring that our clients can focus on their core business while we handle the intricacies of their IT infrastructure.

To express our gratitude in a tangible way, we are offering a FREE consultation to both existing and potential clients. Whether you’re looking to enhance your cybersecurity, streamline your IT processes, or explore new opportunities in the digital landscape, our team is ready to assist. Let’s continue this journey together, building a future where technology empowers and inspires.

This Thanksgiving let’s not only savor the turkey and pumpkin pie but also relish the relationships that make our professional lives richer. From all of us at Techspert, Happy Thanksgiving!

10 Things Every Business Owner Should Know About Cyber Security

by Adam Siemienski | Nov 15, 2023 | Newsletter

Have you started business planning for 2024? The last few months of the year can get hectic, between trying to close out the end of the quarter strong and mapping out your plan to ramp things up in the new year. One area that small business owners often skip over when creating their new year strategy is cyber security planning. Cyber security is NOT an IT decision, it’s a business decision. Your company hinges on your ability to keep your data – and your clients’ – safe from cybercriminals.

To create a reliable plan for the next year, there are a few cyber security basics that every business owner needs to be aware of to avoid being the next victim of a data breach. Cyber issues are becoming such a regular occurrence that it’s easy to become desensitized to the effects of data breaches, which can leave you vulnerable to an attack.

Here are 10 BIG takeaways about cyber security that you should keep in mind. Your security depends on it!

1. No business is too small.

Hackers love that small business owners think this way because it makes them an easy target. If you have money or data of any size or amount, you are at risk.

Takeaway – Protect your business and consult a cyber security expert on what you need.

2. Your employees are putting you at risk.

They are not likely doing it on purpose, but human error is the #1 issue with cybercrime. Whether it’s a bad link that is clicked or a malicious attachment that is downloaded, these small “accidents” can create huge problems for your business.

Takeaway – Invest some of your budget in cyber security training for your team.

3. Software needs to be updated when you’re notified about it.

This is true for your web browsers too. If you get a notification about an available update, it often means that a bug or a vulnerability needs to be patched. If you don’t patch it, that’s a little hole in your network that hackers can and will find.

Takeaway – Have your IT team run automatic updates and always manually update if prompted.

4. Back up your data.

Disasters happen, whether natural, like a tornado or flood wiping out your office, or a cybercriminal locking down your network and ransoming you to return it. Having a backup will allow you to reduce downtime and further damage to your business.

Takeaway – Have an off-site backup and test it regularly to ensure it works properly.

5. Use a VPN when working outside of the office.

If you’re on vacation, working while traveling or even working at the local coffee shop, connecting to public WiFi can put you at risk. Hackers can break into unsecured WiFi or set up fake ones, hoping you will connect to them.

Takeaway – Use a VPN, or virtual private network, to keep your network safe from hackers while on the go.

6. Data breaches are expensive.

The cost of data breaches puts most small companies that get hacked out of business within six months. These can range from hundreds of thousands to millions of dollars, depending on the damage done.

Takeaway – Invest in cyber security. Don’t play around and risk everything you worked hard to build.

7. Having cyber insurance doesn’t mean you’re covered if you’re hacked.

If you’re hacked, cyber insurance doesn’t automatically cover you. Insurance agents will check to make sure you’ve done everything in your power to prevent the attack. If you haven’t, your claim can be denied.

Takeaway – Read the fine print on cyber insurance policies and make sure you’re following all requirements.

8. Compliance doesn’t mean you’re secure.

Being compliant means you are fulfilling all the requirements that the government has issued. This does not mean you are 100% secure; it means you have implemented the basics.

Takeaway– Consult with a cyber security professional who deals with clients in your industry to make sure that you’re not only compliant but that you have the proper security systems in place to protect your organization.

9. Basic antivirus and firewalls are not enough.

These are helpful, but they aren’t enough to keep you secure. Hackers are routinely finding ways to break through this software, so if you’re not implementing other security measures, you’re at risk.

Takeaway – Consult with a cyber security professional to find out what you need. It’s often not as expensive as people think and will cost you WAY less if you ever become a victim of a data breach.

10. You’ll be the one who people hold accountable if you’re hacked.

When it comes to data breaches, whether you’re at fault or not, you’ll be the one to catch the blame from your customers, employees, attorneys, the media and more, and it will be ugly.

Takeaway – You can prevent this by taking a proactive approach to cyber security.

Take your security seriously in 2024. We offer a FREE, no-obligation Security Assessment. Even if you already have a cyber security company you work with, it can’t hurt to have a second expert opinion to assess if and where you’re vulnerable to an attack.

We have limited spots available and expect to fill up before the holiday break, so if you’re interested, click here to book your assessment with our team now.

« Older Entries

Next Entries »

Search

Select Catagory

Find Us