4 Ways HR Leaders Can Drive Continuous Value from HR tech

Are you looking for a new HR system but know you face an uphill battle to get sign-off from the powers that be? Do the words ‘return on investment’ (ROI) and ‘total cost analysis’ fill you with dread?

The good news is that calculating ROI has evolved. There is so much more value you can extract from a cloud HR system that you can’t put a figure on.

We like to think of these as the non-quantifiable or intangible benefits – things like better employee experiences, faster decision-making, and improved engagement. They are just as important, if not more, than the quantifiable ones – but are often overlooked or not considered when it comes to investing in a new HR system. This is because they are harder to quantify. But the beauty is they deliver increased value over time and offer continual payback.

Read on for the four ways a modern HR system can deliver repeated value beyond the quantifiable.

1. Empowering HR to be leaders of change

During the pandemic, 65% of HR leaders say their teams had a vital role to play, driving change, enabling remote working, and supporting well-being. Responding swiftly to change remains critical for organizations to thrive in the constantly evolving climate, so having a flexible system is key.

A highly configurable cloud solution will let you customize and create additional fields, which allows you to instantly start capturing new employee data without the need for IT or technical support. A flexible HR system also empowers HR leaders to lead change quickly and easily through automation, actionable insights, and redesigning the way people work – value you can’t put a figure on.

2. Helping you invest now for the organization you want to become

To get continual payback and value from your HR tech, you need the ability to look ahead and establish what you want your chosen platform to do in the next three, five, or even 10 years.

You may need your system to help solve current and urgent challenges, but what big challenges are coming over the horizon? Is merger and acquisition (M&A) activity likely in your company’s future?

Having a system that can scale with you as you grow is vital and means you won’t have to buy a new system in the near future. You want one that’s future-proofed for whatever’s ahead, not just right for now.

3. Supporting you to experiment and test

For real tangible business transformation, the days of doing things once and then ticking them off your to-do list are far gone. Revisiting, testing, iterating, and trying new things are commonplace for progressive companies that want to get ahead.

The in-built features of your HR platform – such as 360 feedback, customizable dashboards, and flexible workflows –make it easy for HR and People leaders to adopt a ‘test and learn’ approach.

For example, HR and People leaders looking to deliver great hybrid experiences with well-being at the center might survey their employees every month to gauge sentiment on their return-to-work policy and then continually refine and tweak their policy based on the feedback.

The right HR system makes it easier to communicate with your entire workforce, wherever they are, gathering employee feedback in real-time and speeding up your ability to respond not just now but in the future too.

4. Enabling you to drive and accelerate digital transformation

Digital transformation allows your organization to become more employee-centric and provide consumer-like experiences to your workforce, helping you attract and retain the best talent.

Using a cloud HR platform, onboarding becomes a complete digital experience.

The solution empowers managers to improve the manager-employee relationship with digital tools to seamlessly manage performance reviews and connect more easily with their remote teams. You might not be able to put a number on that, but it continuously enriches the entire employee experience within the organization.

Choosing the best global cloud HR platform for your needs will also support your organization in having the right mindset, the right culture, and the right skills to create lasting change across the organization through digital transformation.

It’s time to go beyond the numbers

ROI, in the traditional sense, is one way of measuring the payback from your chosen tech – and it’s important to request those numbers from your chosen vendor.

However, going beyond the numbers to explore the broader value-adds is key to ensuring you get sign-off on the tech investment and reap the continual value of your HR tech both now and in the future.

Information used in this article was provided by our partners at Sage.

Focusing on employee health and well-being is not a new initiative for most companies. Organizations are increasingly valuing the holistic needs of their workforce and noting the link to productivity, engagement, and satisfaction—all markers of a successful company and key drivers for talent retention.

It’s up to each company to identify strategies to help keep employees healthy. Not sure where to start? Here are some tips and considerations:

  • Rethink your space: Build quiet, individual work areas and larger collaboration spaces. Consider investing in mobile desks, which offer a flexible workspace option that can easily adapt to each team’s needs and each space.
  • Build a culture of movement: Offer a variety of sit-stand workstations that allow workers to easily alternate between sitting and standing throughout the day. Encourage walking check-ins and normalize standing during longer meetings.
  • Bring back ergonomics: Home workspaces often lack the proper ergonomic equipment or positioning. In the short term, this can cause minor discomfort. For the long haul, a less-than-ideal set-up or posture can lead to more significant health concerns. Consider offering a standardized set of ergonomic products for employees to choose from to meet their work-from-home and in-office needs.

Employee health and safety will remain important in the years to come. Set the foundation for a healthy workforce to ensure your team is ready to work at their best to reach your organization’s goals.

Interested in learning more about how ergonomics can boost health and wellness? Visit our booth #213 at the Michigan Safety Conference (MSC) at DeVos Place in Grand Rapids, April 18-19. Or contact us today.

New data from security vendor Lookout’s The Global State of Mobile Phishing report shows that phishing mobile devices as an attack vector is growing in popularity – mostly because it’s increasingly working… in exponential terms.

We all know phishing is the number one attack vector. But we should wonder whether phishing attacks that hit a corporate desktop email client or a mobile device are more impactful – and the users falling for the attacks are the cause.

  • 21% of enterprise users experience mobile phishing attacks
  • 36% of US users encounter mobile phishing attacks
  • More than 50% of all mobile devices were exposed to a mobile attack in 2022

Why is mobile so prevalent and why are attacks working?

Let’s start by looking at some of the data around users engaging with mobile attack. According to the report, the percentage of users that engage with six or more phishing emails when using an enterprise device was only 1.6% back in 2020. Last year that number jumped to 11.8% – more than a 6x increase! When it comes to personal devices, the increase isn’t as staggering, but the numbers are still horrible – back in 2020, 14.3% of users clicked on six or more phishing links, with 27.6% doing so in 2022, a 93% increase.

According to the report, it appears that remote use of mobile devices is a part of the problem, with a greater issue being the use of personal devices (makes sense, as the user certainly isn’t thinking about protecting the organization when on their own mobile phone, etc.)

This data makes it clear that Security Awareness Training designed to educate users on the need to be continually vigilant, regardless of the device, is critical to an organization remaining protected against attacks.

Information in this article was provided by our partners at KnowBe4.

Surprising data highlights a material security gap that enables cybercrime. According to MFA hardware vendor Yubico in their State of Global Enterprise Authentication Survey, less than one-third of organizations use some form of additional authentication factor:

  • 33% use Mobile/SMS pushes
  • 30% use a Password Manager
  • 29% use a mobile push authentication app
  • 20% use hardware keys

What’s more shocking is that 59% of employees rely on simple username and password combinations to authenticate. And according to Hive Systems, any 8-character password can be cracked in less than an hour through brute force. Further, any password containing less than seven characters can be cracked instantly.

All it takes is one really good social engineering phishing attack, and threat actors will have one or more sets of your employee’s credentials. And with no additional authentication factors, cybercriminals have the keys to whatever corporate kingdom the compromised employee has access to.

Whenever possible, use multifactor authentication (MFA) to provide another layer of security. The best tactic a user can do to prevent password hacking (after using MFA) is to avoid being socially engineered, which takes a good, in-depth combination of policies, technical defenses, and end-user education.

Security Awareness Training can educate your users on the state of phishing and social engineering attacks and help avoid providing threat actors with usernames and passwords. Contact Yeo & Yeo Technology to learn more.

Information in this article was provided by our partners at KnowBe4.

Research by Deloitte found that 91% of all cyberattacks begin with a phishing email (an email that looks like it’s from someone you know but is actually from criminals).

That’s how web giant Yahoo was targeted a few years ago, exposing the contents of half a billion user accounts to criminals. And though we often only hear about these high-profile cases, small and medium-sized businesses are prime targets for these attacks.

Your business email needs to be as secure as possible.

What’s the damage?

The impact of phishing attacks can vary, but the criminals have three main objectives:

  • Data theft – scammers will use ‘credential phishing’ to steal your customers’ personal information.
  • Malware – some attacks will install malicious software onto your device, which can potentially spread through your network. This could include spyware, which can log your keystrokes and track you online, or ransomware, which encrypts your data and demands a ransom to get it back.
  • Wire transfer fraud – CEO fraud and Business Email Compromise (BEC) attacks, in particular, attempt to persuade a target to transfer money to an account controlled by the attacker.

It’s a people problem

All email attacks rely on someone in your business falling for the con. So, it’s important to create a culture of security within your business to reduce the chances that a ‘social engineering attack’ – a scam that convinces someone to act – will succeed.

  • Everyone should know what to look out for and what to do if they think an incident has occurred. This includes who to report it to and what immediate action to take.
  • Have an email use policy that describes how your people should use their business email accounts and the importance of following the rules.
  • And consider putting your team to the test from time to time, maybe by simulating a phishing attack or holding refresher sessions where you quiz them on their knowledge.

Failure to make your whole team aware of the importance of good cybersecurity can be a costly mistake.

How we can help

Staff training will be one of the strongest tools in your arsenal, but we can also help by putting technical measures in place to lessen the chances of an attack and to reduce the impact if it does happen.

We can create a gateway to block or quarantine suspicious emails, scanning incoming and outgoing emails for malicious content. We can install software to help protect you from email spoofing and your email being used in BEC attacks, phishing scams, and spam emails.

And we can deploy end-to-end encryption, which stops anyone from reading the content of your email unless they have the correct encryption key. That means your email is only ever received by the intended person, and data can’t be tampered with.

It’s a lot to think about, but email attacks are one of the biggest security threats to businesses. They need to be taken seriously.

So, if you need expert support or are worried that making these changes might cause disruption, get in touch. We do this every day.

Information used in this article was provided by our partners at MSP Marketing Edge.

The human layer continues to be the most enticing attack vector for cybercriminals. Sadly, most organizations neglect this easily penetrable entry point. Throughout 2022, the world continued to see significant increases in phishing attacks. No industry vertical, size of business, or geography was immune.

Read Now

The use of email, phone calls, texts, social media, and other outreach methods all work together to evade an organization’s secure infrastructure as workforces and individuals remain more distracted and exposed than ever.

Phishing by Industry Benchmarking ReportIn this eBook, we discuss:

  • Industries and their phishing risk level
  • How phishing tests can drastically decrease vulnerabilities
  • The value of security awareness training

Ready to start phishing your users? We offer baseline testing to assess the phish-prone percentage of your users through a simulated attack. From there, we can provide access to the world’s largest library of training content, including interactive modules, videos, games, posters, and newsletters, so you can start educating and building your human firewall. Contact us to get started.

Should I monitor my remote employees?

If you want to maintain a culture of trust in your business, probably not. But you will want to understand their productivity. Many apps can help with this. Get in touch for recommendations.

Where should I focus my IT spending?

Security is critical, but beyond that, more businesses are looking at cloud solutions. It’s an in-depth subject, so you should take expert advice before making big decisions.

Should I allow my employees to install apps on work-issued phones?

Yes – and they’ll need some apps to do their job. However, you should make sure they install only what’s needed. And make sure they’re genuine downloads from the main app stores – there are a lot of malicious apps in the wild!

Information used in this article was provided by our partners at MSP Marketing Edge.

Windows Server 2012 and Windows Server 2012 R2 will end on October 10, 2023. After this date, these products will no longer receive updates, bug fixes, or technical support. As the upgrade process often takes upwards of a year, we urge users not to delay the transition further.

Why do I need to upgrade?

  • Cybersecurity: The older an operating system gets, the more exploitable it becomes, making it easier for cybercriminals to gain access. Once Microsoft stops supporting a product, an attacker can easily find and download exploits from the internet almost immediately. The lifespan of this operating system is well-publicized, which means cybercriminals are aware of it too.
  • Compliance: If your business must meet regulatory compliance standards, such as CMMC or HIPAA, running an unsupported operating system means you’ll fail compliance checks. The minute an operating system is out of support, you’re out of compliance and can experience substantial fines.
  • Cyber insurance: Your cyber insurance policy might also stipulate that you must run supported software to qualify for coverage. If a cyberattack happens and you need to file a claim, it may be denied.

Additionally, newer versions like Windows Server 2019 and 2022 offer more features and better performance.

Your options for migrating to the latest operating system include the following:

  1. Spinning up a new virtual server using existing server hardware
  2. Buying new server hardware (if needed)
  3. Moving to the cloud

The good news is that you don’t have to do it alone. If you need help planning, scoping, or implementing your Windows Server 2012 migration, give us a call. We’d be happy to help you determine the best next steps for your organization and accomplish your IT goals.

Sources:

Accent Computer Solutions, Inc.: Windows Server 2012 End-of-Life: What’s Happening, Why it’s Important, and What to Do Next

Microsoft.com: Windows Server 2012 and 2012 R2 Reaching End of Support

Have you ever felt like you’ve wasted money on technology that you thought would change your world?

The right tech can be truly transformative. You can grow your business more quickly, help employees be more productive, and make your systems run more smoothly. That allows you to focus on strategy and stop sweating the small stuff.

But the wrong choices can be more trouble than they’re worth. That leaves you to foot the bill for a solution that solves nothing or, worse, creates its own problems.

Here’s our best advice for making the right tech choices in your business.

  • Don’t fixate on digital transformation for its own sake. Focus on what you want to achieve and choose the tech that helps you to get there.
  • Be open to process change if the tech can create efficiencies. But your tech should support you – not force you to work the way it wants you to.
  • Define your objectives and seek expert advice before making a big change. That software might look like the answer to everything, but is it well-established? Is it reliable? Is there good support, and are there regular updates? Could an alternative do the same thing for a smaller investment?
  • Focus on your data. Think about how you can access your data, how you can protect it, and what it can tell you about your choices.
  • Enter the cloud. Cloud solutions can help you keep your data better protected and are often more scalable so that they can grow with you.
  • Ask for help. You can’t be an expert in everything, so if there’s something you don’t understand or if you can’t decide what’s best for you, ask an expert.

If you’re thinking about change and want to make the right tech decisions for your business, we’re here to support you. Just get in touch.

Information used in this article was provided by our partners at MSP Marketing Edge.

New data from Acronis in their End-of-Year Cyberthreats Report shows that 11.7% of all attacks still make it to the endpoint. This is a slight increase from 9.4% in Q2 2022. These high percentages show that one out of 10 threats still make it to the endpoint, despite organizations’ best efforts at awareness training and patching.

Modern cyberattacks, data leaks, and ransomware outbreaks all show the same thing: cybersecurity is failing. This failure results from weak technologies and human error, often caused by clever social engineering.

Here are some ways you can boost your cybersecurity resilience and prevent cyberattacks:

  • Patch your OS and apps. This is crucial, as many attacks succeed due to unpatched vulnerabilities. Users tend to ignore system messages, especially when Windows asks for a restart — this is a big mistake. Be sure that auto-updates to popular software vendors like Adobe are enabled and apps like PDF Reader are updated promptly.
  • Prepare for phishing attempts, and don’t click on suspicious links. Malicious links can come from anywhere — instant messenger apps, email, forum posts, etc. Never click links you don’t need to click or that you didn’t expect to receive, and consider implementing security awareness training to help your employees recognize malicious emails.
  • Use a VPN while working with business data. Whether you connect to remote company sources and services, or if your work doesn’t require those activities and you just need to browse some web resources and use telecommunication tools, use a Virtual Private Network (VPN). VPNs encrypt all your traffic, making it secure against attackers who may attempt to capture your data in transit.
  • Keep your passwords and your working space to yourself. Ensure that your passwords — and your employees’ passwords — are strong and private. Never share passwords with anyone. Use different and long passwords for every service. Where possible, use multi-factor authentication for an extra layer of security.

Regularly, businesses need to determine what new employees need and whether there are better ways to secure IT infrastructure and sensitive data. Let us help you assess, measure, and track the costs of preserving your company’s cybersecurity.

Information used in this article was provided by our partners at KnowBe4.

Just because manufacturers may not sell directly to consumers doesn’t mean they’re not at risk of a cyberattack. Indeed, they may be directly affected when their customers or vendors get hit by a cyberattack. And while news media gives play to data breaches that occur at large retailers or financial institutions, manufacturers are becoming a more common target. Let’s identify the reasons why and what you can do to get ahead of cybercriminals.

Exposing vulnerabilities

Cybercriminals may target manufacturers because, in many cases, they’re more vulnerable than other types of businesses. For one thing, the manufacturing supply chain is complex, with an intricate network of suppliers, logistics firms, distributors, retailers and others often connected by the Internet. Members may have access to each other’s systems, so a vulnerability in one link of the supply chain can expose the entire chain to cyber risks.

Also, as the digital revolution continues, manufacturers increasingly rely on Internet-connected devices on the shop floor that can be monitored and operated remotely. At the same time, the manufacturing industry has been slower than other industries to upgrade IT infrastructures and develop robust security practices designed to prevent, detect and mitigate cybercrime.

Hacking the system

Manufacturers’ systems generally don’t store customers’ credit card numbers and other sensitive data that criminals can use to perpetrate identity theft and similar crimes. Instead, cyberattacks against manufacturers are designed to disrupt operations and extort money.

For example, a hacker that gains access to Internet-connected devices could shut down operations or cause you to produce defective products. Or the criminal could introduce ransomware into your systems, blocking access until a ransom is paid.

Another technique is to steal valuable intellectual property stored on a manufacturer’s system and sell it on the black market. Examples include patents, designs, manufacturing processes, research and development documents, customer lists, contracts, bidding information, business plans, marketing plans, and proprietary software.

Manufacturers also aren’t immune to ordinary fraud. For example, a cybercriminal may send a phony email from an actual vendor, updating its payment information and asking the manufacturer to send all future payments to a bank account the criminal controls.

Minimizing risks

To avoid potentially devastating cyberattacks, conduct a risk assessment to take inventory of your hardware, software and data and identify any vulnerabilities. It’s critical to examine all the ways employees, vendors and other partners can access your network. Then implement policies, procedures and controls designed to prevent unauthorized access.

Equally important is to create an incident response plan to mitigate the damages in the event of a breach. Finally, have a solid backup plan that enables you to resume operations if a hacker destroys or blocks access to data.

Adding cyber insurance

One way to protect your business is with cyber insurance. General liability policies normally exclude cyber claims. Insurance carriers are limiting coverage to specific ransomware claims, excluding coverage for specific known vulnerabilities, and requiring applicants to provide more details about their data security control efforts before extending coverage, according to the 2022 Cyber Insurance Market Conditions Report published by insurance consulting firm Gallagher.

Manufacturers may want to consider switching some property insurance coverage over to cyber insurance. After all, in today’s digital world, cyberattack claims may be as likely — or even more likely — than fire, tornado or other natural disaster claims.

Educating your team

Ransomware and malware take advantage of sloppy security. To avoid falling prey to a cyberattack, educate your staff on cybersecurity best practices and potential vulnerabilities. Every employee is a link in your cybersecurity chain. Ignoring the risks isn’t an option in today’s interconnected marketplace.

© 2023

The Michigan Association for Computer Users in Learning (MACUL) conference will be held at Huntington Place in Detroit, March 15-17. 

MACULAttending the MACUL conference is a great opportunity for educators to learn more about technology and how it can be applied in the classroom. The conference includes hands-on workshops and presentations conducted by industry leaders.

Yeo & Yeo Technology is a REMC SAVE Awarded Vendor and will be an exhibitor featuring Ergotron’s height-adjustable desks and Kore stools. We invite you to visit us at booth #421 to test these products and learn how they can turn classrooms into active learning environments while promoting better physical health.

March 15-17

Huntington Place, Detroit, Booth #421

Learn more about YYTECH’s Ergonomic Solutions for home, school, and the workplace.

The web browser you choose can significantly impact your online security. And as a business, you mustn’t take any unnecessary risks, even if you’re someone who likes to steer clear of the IT megabrands.

As well as allowing advertisers to track your online activity, there are often bugs and vulnerabilities in lesser-known browsers that cybercriminals can exploit to steal your data and compromise your entire network.

And while you must choose your browser carefully (and stick to the same browser across the business), it’s equally important to ensure you run updates and patches as soon as they become available to keep your browsing as secure as possible.

You may already know that Google’s Chrome is the most popular desktop browser in the world – more than 6 in 10 people use it. It’s fast, easy to use, and has built-in phishing and malware protection (though you shouldn’t rely solely on that).

Next comes Apple’s Safari, followed by Microsoft Edge. Edge is similar to Chrome because it’s fast, customizable, and straightforward. It also gives you clear privacy options, which are essential when using a browser for business. As a Microsoft product, it’s the default browser for Windows 11 and comes with some Microsoft-specific links. So, if you use Windows 11 and haven’t tried Edge, give it a go.

The key thing to keep in mind when choosing your browser is security. Don’t just stick with the standard settings – customize them to suit your business. Look at the threats you may face, the settings that can help protect against them, and the usability… all in equal measure.

It seems like a relatively simple task to choose a web browser, but there’s more to it than you think if you want to take security seriously.

Can we help recommend the best browser for your business? Or make sure you’re getting the most from your current browser’s security settings? Get in touch – we’re here to help.

Information used in this article was provided by our partners at MSP Marketing Edge.

We want to think that the attackers only move in a game of cyberattack chess is “attack.” Then once you begin to mitigate their intrusion, lateral movement, modification of user accounts, etc., the threat actor gives up and you win. But a new analysis of several attacks by security vendor Crowdstrike shows that while your team is busy trying to undo everything attackers have done to facilitate their access, hackers are equally busy either reversing your actions or setting up additional means of entry, privilege, and access.

According to the analysis, Crowdstrike observed the following activity mid-attack when response actions weren’t being taken swiftly:

  • Setup of additional VPN access
  • Setup of multiple RMM tools
  • Re-enabling accounts disabled by security teams

It’s like chess; you make a move, and your adversary makes another.

There are two takeaways from this story:

  • Response actions need to be swift; you need to cut off attacker access quickly and effectively
  • Based on the initial attack vectors – mainly social engineering designed to harvest credentials, Security Awareness Training for every user is needed to keep users vigilant whether they’re using email, the phone, or the Internet.

Want to learn more about improving your cybersecurity resilience? Visit Yeo & Yeo Technology’s website.

Information used in this article was provided by our partners at KnowBe4.

What’s Focus Assist in Windows 11?

Focus Assist takes Do Not Disturb a step further. It can hide distracting icons from your Taskbar and give some notifications more priority. Use it together with Do Not Disturb, and you’ll be able to block out distractions to focus better on work.

Can I share a Word document without someone changing it?

Yes! Just click the editing button next to the share button in the top right of your screen. Then select whether you’d like people to be able to edit, view, or review the document. You can switch it back whenever you’re ready.

Can I unsend an email in Outlook?

Sometimes. If both you and your recipient have Outlook email addresses, if the email hasn’t already been read or opened, and if you’re working on a PC, not a Mac. Open the email, go to File, and select Resend or Recall.

Information used in this article was provided by our partners at MSP Marketing Edge.

Recent attacks are helping cyber insurers better understand what security strategies need to be in place and how to price policies based on the risk those policies cover.

Remember, insurance companies are in business to stay in business. That means that while they are willing to share the risk with your organization, they’re not in the business of paying out on a claim without a fight. And because that’s not a good look for cyber insurers, it makes more sense for them to be proactive and do one or more of the following:

  • Help to reduce the risk of attack by establishing what cyber defenses must be in place.
  • Price policies across the board correctly, so there’s enough revenue to cover the percentage of claims that should be paid.
  • Limit what attack scenarios are covered – sometimes specific down to the kind of attack, the role of the attacker, the role of internal employees in the attack, etc.

According to a recent Wall Street Journal article, cyber insurers are getting savvy at limiting risk. With premiums rising by 92% in 2021, according to reinsurance company Swiss Re, the focus now is on the impact an attack could have. Insurers are looking at which cloud providers the insured use and possibly requiring insureds to hold capital in reserve for worst-case scenarios.

In other words, cyber insurers are learning about the nature of cyber risk. While news of premiums hiking isn’t pleasing, in the end, it may be a necessary step until there’s enough data for insurers to determine what the risk reality looks like.

Until then, it’s up to organizations to continue to put up strong cyber defenses designed to keep attackers from succeeding – something that should include Security Awareness Training and possibly outsourced cybersecurity management.

Information used in this article was provided by our partners at KnowBe4.

According to Cisco’s Annual Security Outcomes Report, 62% of surveyed organizations share that they have experienced a security event in the past two years that impacted business. Common types of incidents were network or data breaches (51.5%), system outages (51.1%), ransomware events (46.7%), and distributed denial of service attacks (46.4%).

These incidents had harsh consequences for the companies that went through them, as well as the other businesses they work with. The most common effects were IT and communication problems (62.6%), supply chain disruptions (43%), weakened internal operations (41.4%), and long-term damage to their reputation (39.7%).

The report’s findings reveal that security resilience is a top priority for 96% of surveyed executives. Furthermore, preventing incidents and mitigating losses are the main objectives for security leaders and their teams when it comes to security resilience.

What is security resilience?

Security resilience doesn’t always mean full recovery from an event or condition that has knocked you down. Instead, it means continuing to operate during an adverse situation, either at full or partial capacity and mitigating the effects on stakeholders. Ideally, security resilience also means learning from the experience and emerging stronger.

Resilience requires the ability to manage change, which may be positive or negative. For example, it can be a new partner acquisition, a positive, or be the target of an attack, a negative. The starting point for security teams is resilience planning. Use a risk-based approach and look at the threat, the vulnerability, the probability, and the impact. Continuity and recovery plans are built around these scenarios.

Six pillars of a resilient security strategy

  • Leadership buy-in
  • Recognize the problem areas
  • Invest in your people
  • Converge information security with operational technology
  • Have a security-by-design mentality
  • Implement multi-factor authentication (MFA) everywhere

A more robust security culture boosts resilience by as much as 46%. By “culture,” we don’t mean annual compliance-driven awareness training. Cybersecurity awareness is what you know; security culture is what you do. When organizations score better at being able to explain just what it is that they need to do in security and why, they make better decisions in line with their security values, and that leads to better overall security resilience.

It is loud and clear that an ounce of prevention is worth a pound of cure. Stepping your employees through new-school security awareness training and enabling them to report suspicious emails that can quickly be responded to easily is a highly efficient way to test and improve your security culture. 

Want to learn more about Yeo & Yeo Technology’s security awareness training solutions? Contact us today.

Cybercrime is predicted to cost the world $8 trillion in 2023, according to Cybersecurity Ventures. If it were measured as a country, cybercrime would be the world’s third-largest economy after the U.S. and China. 

“We expect global cybercrime damage costs to grow by 15 percent per year over the next three years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015.”

Cybercrime costs include: damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

The 2022 Official Cybercrime Report provides cyber economic facts, figures, predictions, and statistics that convey the magnitude of the cyber threat we are up against and market data to help understand what can be done about it.

The report provides a breakdown of the cybercrime damage costs predicted in 2023:

  • $8 trillion a Year.
  • $667 billion a Month.
  • $154 billion a Week.
  • $21.9 billion a Day.
  • $913 million an Hour.
  • $15.2 million a Minute.
  • $255,000 a Second.

Who’s at risk?

Moody’s recently named the riskiest industries: Critical infrastructure — including electric, gas, and water utilities and hospitals — faces very high cyber risk exposure. Banks, telecommunications, technology, chemicals, energy, and transportation services face high cyber risk exposure.

More than half of all cyberattacks are committed against small-to-midsized businesses (SMBs), and 60 percent of them go out of business within six months of falling victim to a data breach or hack.

Protecting your organization

Cybersecurity solutions have become complex and are rapidly changing, with more cyber threats coming from every direction. Yeo & Yeo Technology is an industry-leading IT and cybersecurity consulting firm in Michigan. We provide solutions to help you detect and stop advanced cyberattacks, meet compliance requirements and educate your employees. Contact us to learn more about how we can protect your business from cybercrime.

Source: https://cybersecurityventures.com/cybercrime-to-cost-the-world-8-trillion-annually-in-2023/

Yeo & Yeo Technology (YYTECH) is proud to have secured another one-year contract with the Regional Educational Media Center Association of Michigan (REMC) to sell Ergotron products. The contract allows YYTECH to continue providing competitively bid and awarded pricing to schools, local and state government entities and teaching hospitals.

REMC SAVE works with top technology providers to procure large-volume bid prices on a variety of educational resources. YYTECH was selected to participate for the fifth consecutive year based on selection criteria such as price, product quality, customer input and satisfaction, and trained experience with products.

As a REMC SAVE Awarded Vendor, YYTECH offers numerous discounted ergonomic products, including:

  • Kore wobble chairs and stools
  • LearnFit® sit-stand desks
  • WorkFit® desk converters
  • Charging carts and cabinets

“It is an honor to continue to serve educators, healthcare providers, and government leaders who purchase through the REMC SAVE contract,” President Jeff McCulloch said. “I am thrilled that we can work with partners like REMC SAVE to offer cost-effective solutions that can boost productivity and well-being.”

To learn more about ergonomic solutions for your organization, contact Yeo & Yeo.

Phishing via Short Message Service (SMS) texts, known as smishing, is becoming increasingly common. There is probably not a person on Earth who does not get at least one smishing message a month. It is a big problem.

The Problem with SMS Messages

Unlike Internet browsers and email programs that display URL links, you cannot “hover” over a link to see what it really is or where it will take you. Links shown in SMS are often “shortened” links that lead to other links with no good way to inspect or filter them before you and your phone arrive at the final destination.

When In Doubt, Throw It Out

A good choice is to discard any unexpected SMS message with a link. Occasionally you may get valid SMS messages from vendors, but nothing that is an emergency that requires clicking on a link right away. Ninety-nine percent of the time, it is a spam or phishing attack, so it can safely be ignored.

Education Is the Key

You need to tell your employees (and family and friends) about SMS-based phishing messages. First, explain what SMS-based phishing is and give some popular examples (e.g., FedEx and Amazon messages seem very popular). Most people know about SMS-based phishing, but I guarantee a few people do not.

Second, teach them how to recognize a smishing attack and how to treat it. If the message is unexpected, is requesting something new for the first time from the sender, and if doing what the sender is requesting you to do could potentially harm you or your organization’s interests (i.e., they want you to provide confidential information or download a file), then slow down and investigate more before clicking.

SMS phishing is gaining steam. There is more of it than ever. We can expect smishing to get more mature and tricker as time passes. It is best to develop and teach good SMS URL inspection habits while you can.

Information used in this article was provided by our partners at KnowBe4.