10 Things Every Business Owner Should Know About Cyber Security  

Have you started business planning for 2024? The last few months of the year can get hectic, between trying to close out the end of the quarter strong and mapping out your plan to ramp things up in the new year. One area that small business owners often skip over when creating their new year strategy is cyber security planning. Cyber security is NOT an IT decision, it’s a business decision. Your company hinges on your ability to keep your data – and your clients’ – safe from cybercriminals.

To create a reliable plan for the next year, there are a few cyber security basics that every business owner needs to be aware of to avoid being the next victim of a data breach. Cyber issues are becoming such a regular occurrence that it’s easy to become desensitized to the effects of data breaches, which can leave you vulnerable to an attack.

 

Here are 10 BIG takeaways about cyber security that you should keep in mind. Your security depends on it!

 

1. No business is too small.

Hackers love that small business owners think this way because it makes them an easy target. If you have money or data of any size or amount, you are at risk.

Takeaway – Protect your business and consult a cyber security expert on what you need.

 

2. Your employees are putting you at risk.

They are not likely doing it on purpose, but human error is the #1 issue with cybercrime. Whether it’s a bad link that is clicked or a malicious attachment that is downloaded, these small “accidents” can create huge problems for your business.

Takeaway – Invest some of your budget in cyber security training for your team.

 

3. Software needs to be updated when you’re notified about it.

This is true for your web browsers too. If you get a notification about an available update, it often means that a bug or a vulnerability needs to be patched. If you don’t patch it, that’s a little hole in your network that hackers can and will find.

Takeaway – Have your IT team run automatic updates and always manually update if prompted.

 

4. Back up your data.

Disasters happen, whether natural, like a tornado or flood wiping out your office, or a cybercriminal locking down your network and ransoming you to return it. Having a backup will allow you to reduce downtime and further damage to your business.

Takeaway – Have an off-site backup and test it regularly to ensure it works properly.

 

5. Use a VPN when working outside of the office.

If you’re on vacation, working while traveling or even working at the local coffee shop, connecting to public WiFi can put you at risk. Hackers can break into unsecured WiFi or set up fake ones, hoping you will connect to them.

Takeaway – Use a VPN, or virtual private network, to keep your network safe from hackers while on the go.

 

6. Data breaches are expensive.

The cost of data breaches puts most small companies that get hacked out of business within six months. These can range from hundreds of thousands to millions of dollars, depending on the damage done.

Takeaway – Invest in cyber security. Don’t play around and risk everything you worked hard to build.

 

7. Having cyber insurance doesn’t mean you’re covered if you’re hacked.

If you’re hacked, cyber insurance doesn’t automatically cover you. Insurance agents will check to make sure you’ve done everything in your power to prevent the attack. If you haven’t, your claim can be denied.

Takeaway – Read the fine print on cyber insurance policies and make sure you’re following all requirements.

 

8. Compliance doesn’t mean you’re secure.

Being compliant means you are fulfilling all the requirements that the government has issued. This does not mean you are 100% secure; it means you have implemented the basics.

Takeaway – Consult with a cyber security professional who deals with clients in your industry to make sure that you’re not only compliant but that you have the proper security systems in place to protect your organization.

 

9. Basic antivirus and firewalls are not enough.

These are helpful, but they aren’t enough to keep you secure. Hackers are routinely finding ways to break through this software, so if you’re not implementing other security measures, you’re at risk.

Takeaway – Consult with a cyber security professional to find out what you need. It’s often not as expensive as people think and will cost you WAY less if you ever become a victim of a data breach.

 

10. You’ll be the one who people hold accountable if you’re hacked.

When it comes to data breaches, whether you’re at fault or not, you’ll be the one to catch the blame from your customers, employees, attorneys, the media and more, and it will be ugly.

Takeaway – You can prevent this by taking a proactive approach to cyber security.

Take your security seriously in 2024. We offer a FREE, no-obligation Security Assessment. Even if you already have a cyber security company you work with, it can’t hurt to have a second expert opinion to assess if and where you’re vulnerable to an attack.

We have limited spots available and expect to fill up before the holiday break, so if you’re interested, click here to book your assessment with our team now.

The Danger Of Holiday Phishing Scams: How To Recognize And Avoid Them To Stay Safe This Holiday Season

The holiday season is in full swing, which means so are the cybercriminals! While you’re making holiday gift lists, they’re plotting and scheming new ways to take advantage of unsuspecting online shoppers. Holiday phishing scams have become an all-too-common threat, targeting customers to steal personal information, financial data and even identities. 

To help reduce the chances that a cybercriminal will ruin your much-deserved holiday fun, we’ve outlined a few of the most common and dangerous scams that you should be on the lookout for, how they work and tips to help you avoid becoming their next victim. 

Understanding Holiday Phishing Scams: 

Phishing is a deceptive technique cybercriminals use to trick individuals into sharing sensitive information such as passwords, credit card details or Social Security numbers. During the holiday season, these scams often take on a festive disguise, tricking victims with holiday-themed e-mails, messages and websites. Whether you’re ordering gifts for clients or friends and family, here are some common tactics used by holiday phishing scammers to be aware of: 

  1. Holiday-Themed E-mails: Scammers send e-mails that appear to be from trusted sources like your favorite retailers or even beloved charities. These e-mails look legit and usually offer fake exclusive holiday deals, order confirmations or requests for donations. Inside the e-mail, there is usually a link that leads to a fake website designed to steal your information or your money, or even install dangerous malware on your computer.
  2. Fake Promotions: Cybercriminals create fake holiday promotions and discounts that seem too good to be true. Unsuspecting victims see a great deal from a spoof e-mail account and are enticed to click on links or download attachments that can contain malware or lead to phishing websites.
    Sometimes cybercriminals aren’t looking to install malware but instead hoping to steal your money. They’ll duplicate popular retailer websites or set up their own, so when you make a purchase, they’ll collect the money, but you’ll never receive your order. These sites are often difficult to track, making it hard to get your money back.
  3. Delivery Notifications: With the increase in online shopping during the holidays, scammers send fake delivery notifications, claiming that a package is on its way or that there’s a problem with an order. These e-mails may prompt recipients to click on links or download attachments containing malicious software.
  4. Social Engineering: Scammers may impersonate friends or family members via e-mail or social media, asking for money or personal information under the guise of a holiday emergency or gift exchange. This is a common scam against seniors – who might not realize that the profile requesting money from them that was made “three days ago” isn’t actually their granddaughter – and young teenagers who don’t know fake profiles are an issue.  

 

Recognizing and Avoiding Holiday Phishing Scams: 

 Now that we understand how holiday phishing scams operate, it’s essential to know how to recognize and avoid falling victim to them. 

  1. Verify The Sender: Always check the sender’s e-mail address or domain. Be cautious of misspelled or suspicious e-mail addresses. Legitimate companies and organizations use official domains for their communication.
  1. Don’t Click On Suspicious Links: Hover your mouse over links to see the actual URL they lead to. Be wary of shortened links or URLs that don’t match the sender’s domain. If in doubt, visit the website directly by typing the URL into your browser.
  1. Beware Of Urgency And Pressure: Scammers often create a sense of urgency, claiming limited-time offers or imminent problems. Take your time to verify the authenticity of any claims before taking action.
  1. Double-Check Websites: Before entering personal or financial information on a website, ensure it’s secure. Look for “https://” in the URL, a padlock icon in the address bar and a valid SSL certificate.
  1. Use Two-Factor Authentication (2FA): Enable 2FA wherever possible, especially for online shopping and banking accounts. This provides an extra layer of security, even if your password is compromised.
  1. Educate Yourself And Others: Stay informed about current phishing tactics and share this knowledge with friends and family. The more people are aware, the harder it becomes for scammers to succeed.
  1. Protect Personal Information: Avoid sharing sensitive information via e-mail or text messages, even if the request seems legitimate. Use secure channels for such communication.

While the holiday season is a time for celebration and togetherness, it’s crucial to remain vigilant against holiday phishing scams. Cybercriminals prey on the festive spirit and increased online activity during this time. By recognizing the signs of phishing attempts and following best practices for online security, you can protect yourself and ensure a safe and joyous holiday season for you and your loved ones. 

Business owners: If your staff will be ordering gifts online for clients, make sure they know how to spot a phishing attack and that your network is properly secured in case something slips through the cracks. You don’t want your organization to be negatively impacted by extending holiday goodwill. If you aren’t sure if you’re protected, please give us a call or schedule a 10-minute discovery session with our team. We can help give you peace of mind this holiday season. Click here to book now, and happy holidays! 

What Should Small Businesses In Arizona Pay For IT Support And IT Services?

One of the most commons questions we get from new prospective clients calling our office is “What do you guys charge for your IT services?” 

While price certainly needs to be one consideration, it’s extremely important you make an informed decision and choose the right IT services company instead of using price as the main deciding factor. 

This seems obvious, but the reality is that most <<CEOs/CFOs/etc.>> don’t really know what questions to ask or what to look for when choosing one IT company over another and therefore put too much weight on the quote. 

What you want to avoid is getting lured into a lowball quote from an IT company that is in financial trouble, cutting corners to lower their fees to get you as a client, but then unable to afford to hire experienced, knowledgeable techs, dedicated account managers and the security tools they need to ensure YOU are actually getting the security, stability and service you need. 

So, how much is “too much” and what are the signs that someone is underpriced? 

Recently, an industry report from Service Leadership, the leading financial benchmarking organization in the IT services industry, revealed that a whopping 28% of MSPs (managed services providers, or IT services companies) were unprofitable, and nearly half of all MSPs were under 10% net profit. 

While everyone likes a “bargain,” here are the reasons why “cheaper” is not the advantage you think it is when you choose an underpriced IT company: 

  1. They are woefully short-staffed because the biggest expense in any IT company is the technical staff. THAT means if one of their techs quits, they’re quickly overwhelmed and unable to support your account, and response time suffers, not to mention critical security and backup maintenance of your network.
     
  1. The staff they hire are at the lower end of the pay scale, which means you’re not getting the most competent people working on backing up your data, keeping your network secure and handling the critical operations and data your business needs.
     
  1. They are very unlikely to have a dedicated account manager and team to work on your account because they can’t afford to hire them.
     
  1. They are one or two bad months away from going out of business because they have no buffer. That means you could wake up one morning and find yourself without an IT company, scrambling to find a new one.
     
  1. They are not “operationally mature.” Operational maturity means their business has the people and professional processes aligned to provide the highest level of QUALITY services to the end client (you).  

In general, according to Service Leadership, the average “per user” fee for managed IT services is $205.07 to $249.73. Those IT firms with an operational maturity level of below average is $146.08 to $157.49 per “user” (or employee using a computer or device they are supporting).  

As you can see, if someone quotes you $120 a user for managing your network, it might feel like a good deal, but you have to ask yourself how they are able to charge nearly 50% less than IT firms that are operationally mature. The answer is obvious – they’re cutting corners, hiring cheap labor and leaving out critical security and compliance services. 

If you want to know what types of questions you should be asking your IT firm (managed services provider), then click here to download our executive guide, “19 Questions You Should Ask Any IT Company Before Signing A Contract Or Letting Them Touch Your IT.” 

This report discusses in detail exactly what to look for to get exactly what you need without unnecessary extras, hidden fees and bloated contracts. But most importantly, it will show you how to get the right support you want in order to lower your risk and eliminate the frustration of dealing with a less than competent IT company. 

May A Force Field Be With You

“That won’t happen to me” is something many business owners say when discussing cyber-scams and the need for adequate protections for their business, but these days it’s getting to be a really, really stupid statement that you definitely don’t want your clients, employees and banker to hear.  

Generative AI (artificial intelligence) tools are allowing scammers to produce deep fakes to defraud their targets. Earlier this year, Clive Kabatznik, an investor in Florida, called his local Bank of America representative to discuss a big money transfer he was planning to make.  

Immediately after this legitimate call, a scammer called the bank back using an AI-generated deepfake voice of “Clive” to convince the banker to transfer the money to another account. Fortunately, the banker was suspicious enough that no money was transferred, but not everyone is as lucky. 

According to a report titled The Artificial Imposter by McAfee, a well-established cyber security firm, 77% of AI voice scams were successful in securing money from their target. Even scarier, AI tools can clone a voice from just three seconds of audio.  

A UK-based energy firm’s CEO was the victim of a voice scam when he thought he was talking to his boss, the CEO of the parent company based in Germany. The voice on the other end of the line instructed him to send the equivalent of $233,000 to a Hungarian supplier. The voice was so convincing, down to the slight German accent, that the CEO complied without hesitation. By the time they realized what had happened, the money had already been transferred to Mexico and distributed to other locations that weren’t traceable.   

But big businesses aren’t the only ones targeted.  

Jennifer DeStefano, a mother of a 15-year-old daughter, recounted during a US Senate hearing her terrifying encounter with an AI scammer who used the voice of her daughter to attempt to convince her that the girl had been kidnapped. Fortunately, her daughter was in her bed sleeping at the time, and Jennifer was able to realize it was a scam. Many others aren’t as lucky as Jennifer and are getting scammed by AI voices of grandchildren, children and other loved ones who “urgently need money.” 

This approach is still so new that there’s no comprehensive accounting of how often it’s happening, but the CEO of Pindrop, a security company that monitors audio traffic for many of the largest US banks, said he had seen a jump in its prevalence this year – and in the sophistication of scammers’ voice-fraud attempts. Another large voice-authentication vendor, Nuance, saw its first successful deepfake attack on a financial services client late last year. 

With the rapid advancement of AI technology and its wider availability as costs come down, coupled with the broad availability of recordings of people’s voices on TikTok, Facebook, Instagram and YouTube, the perfect conditions have been created for voice-related AI scams. 

What do you need to do to protect yourself?  

For starters, share this article to make sure your staff is aware of these types of scams. Next, instruct them to ALWAYS check with you via a text message or other means BEFORE transferring money. If you’re not a business owner, you can do the same with your family, using a code word or other means of verifying the caller’s legitimacy.  

Also, check the caller ID. If it’s something you don’t recognize, or it’s a blocked number, that’s a BIG red flag that it’s a scam. Even if it sounds like them on the other end of the line, hang up and call their phone direct or the place they’re supposed to be (school, office, etc.).  

If the person calling has on-fire urgency and wants money wire-transferred or a Bitcoin payment, that’s another huge red flag. Real emergencies don’t come with highly skeptical payment demands.   

In business, you’ve clawed and climbed your way to the top, dodging all sorts of pitfalls and predators that have tried to make you their meal. Such threats are everywhere, and the higher you climb, the more you’ll find hiding behind every tree, every rock and every step. No matter how small and insignificant you might think you are, you ARE a target for someone, and being casual about cyber security and the threats they pose is an absolute surefire way to be robbed. 

If you don’t want this to happen to you, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.  

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.