Top 5 Most Dangerous Cyberattacks for 2023

Professional instructors from the SANS Institute recently detailed what they cite as the most dangerous forms of cyberattacks for 2023. Some of the key themes included the intersection of AI with attack patterns and the ways that attackers are taking advantage of flexible development environments.

1. SEO-Boosted Attacks

Just as regular businesses utilize search engine optimization (SEO) to boost the rankings of certain terms for the sake of marketing their products and driving traffic to revenue-generating sites, the bad guys also turn to SEO. In their case, they use it to boost the rankings of their malware-laden sites to send more victims their way.

2. Malvertising

Similar to how marketers utilize both organic search techniques via SEO and paid search techniques utilizing advertising, cybercriminals are doing the same. Drive-by attacks are also similarly fueled by malicious advertising (malvertising) campaigns that artificially boost the rankings of sites for certain keywords.

3. Developers as a Target

Developers are an extremely enticing target as they usually have elevated privileges across IT and business systems. Many systems they use can be subverted to poison the software supply chain, and they tend to work on machines that are less locked down than the average user to enable them to experiment with code and ship software daily.

4. Offensive Uses of AI

With the explosion of large language models (LLMs) like ChatGPT, defenders should expect attackers — even very non-technical ones — to ramp up their development of exploits and zero-day discovery utilizing these AI tools. 

5. Weaponizing AI for Social Engineering

In addition to technical offensive uses of AI, expect attackers this year to drastically ramp up their use of AI to make their social engineering and impersonation attempts highly believable, warned Heather Mahalik, director of digital intelligence for Cellebrite and digital forensics and incident response lead for SANS.

Protect Your Organization

Organizations must stay vigilant and implement robust security measures to safeguard against these evolving threats. From security awareness training to XDR and SIEM solutions, Yeo & Yeo Technology is here to help. Get in touch.

Source: https://www.darkreading.com/attacks-breaches/sans-lists-top-5-most-dangerous-cyberattacks-in-2023

Several shocks have hit a world economy already weakened by the pandemic: higher-than-expected inflation worldwide, which is triggering tighter financial conditions, along with further negative impacts on supply chains from the war in Ukraine.

In fact, two-thirds (63%) of adults are worried about their finances now, compared to one-third (36%) during the pandemic, and 57% expect their financial worry to continue to rise.

This worry translates into pressure on salary increases by employees seeking to offset the increasing cost of living. Yet at the same time, companies may face pressure to halt hiring and reduce headcount costs.

As organizations navigate ongoing uncertainty and unpredictability, business resilience has never been more critical. As caretakers of the organization, there are multiple ways HR can support the business and its employees while building business resilience.

1. Manage fixed costs tightly

Your people are your biggest asset and, therefore, the highest cost – but keeping your top talent will pay dividends, as they could be the linchpins needed to ride out the economic storm successfully.

If you’re fearful that valued employees might be at risk of being laid off, look at your data to see if you can create a strong business case for retaining them. Any key performing indicators (KPIs) or productivity stats might be beneficial here.

Likewise, if their requests for a salary increase will cause them to leave, can you be smart and offer other incentives such as a four-day work week or a training course or qualification if there’s pressure on fixed costs?

Focus on productivity – ensure you’re paying for performance – and look at ways to boost employee productivity sustainably.

2. Increase total compensation through variable cost incentives

Consider using bonuses, stock grants, and other incentives to offset lower base salaries, and offer gift cards or equivalent (company-branded items, especially clothing) to help maintain motivation.

Be open and transparent about pay and benefits, communicating how the grading system works and how wage levels and salary increases are decided. If employees understand what’s happening at the top, they are more likely to respond better than if they feel they are being kept in the dark.

Finally, consider well-being incentives, offer additional paid time off, and remember recognition and spot awards as additional ways of recognizing successes in your workforce.

3. Offer flexibility as a financial incentive

Flexibility is a strong bargaining chip for most employees. A shorter working week – condensing someone’s hours into four days, for example – or offering an employee the chance to work part-time could hold a lot of weight with some employees.

Likewise, unpaid sabbaticals can be the perfect motivator for an employee considering traveling or taking some unpaid leave.

Although remote hybrid working feels like the norm, perhaps your company isn’t offering it as freely as possible. Investigate to see if there’s even more flexibility in how employees work that could be offered as an incentive.

4. Personalize employee experiences

Adjust management styles and deploy situational leadership where necessary to suit individuals and teams or squads and communicate early and often. Being open and transparent in discussing company performance will make employees feel valued.

Providing employees with more autonomy in decision-making where possible and creating a listening culture so you can act on feedback and communicate necessary actions or suggestions are all ways of generating personalized employee experiences.

Also, look at offering stretch assignments, growth opportunities, and meaningful and worthwhile work, as well as automating low-value or tedious work.

Behind every downturn is the chance to innovate

These things are just some of the tools are your disposal to enable you to not only support your employees but create an adaptive organization that’s agile, flexible, and resilient and one that can quickly respond to ongoing uncertainty and changing priorities.

Coupled with an agile, flexible cloud HR platform, you can enable rapid, data-driven decision-making, easily tailor employee experiences for individuals and teams, and support changing global policies and local compliance. Being prepared is always a smart move in uncertain times. That much is certain.

Information used in this article was provided by our partners at Sage.

ChatGPT is a chatbot that uses artificial intelligence, allowing you to talk to it in a very human way. It’s been making the news worldwide for some of the remarkable possibilities it seems to be creating. But what exactly is it, and why is it making such waves?

ChatGPT is trained on real human language. It can answer questions and compose documents, like emails, essays, and computer code. The exciting thing is that it allows you to have a natural-feeling conversation with it to generate different responses – perhaps adding more detail or asking it to use less technical language.

It was created by the research company OpenAI and funded and managed by some of the most influential names in tech. And while it’s still in its research and feedback-collection phase, it’s currently free to use (with limitations).

It’s different from a search engine because it’s designed with conversation in mind. While it can answer questions, it doesn’t search the internet for information. Everything is learned from training data (it has no knowledge past 2021). So, while many people have started using ChatGPT to write essays and articles, the facts may not be accurate. In fact, the tech media website CNET recently had to issue multiple major corrections after it created 78 articles using the chatbot.

Because it’s trained on vast amounts of text published online by humans, it’s had trouble telling fact from fiction and has also been found to reproduce some unwanted biases.

It’s not changing the world just yet. But it’s already clear that there is massive potential for individuals and businesses.

Information used in this article was provided by our partners at MSP Marketing Edge.

A threat is considered any malicious software or attack attempt launched at a vulnerability or weakness in your network infrastructure. There are nine major threat categories affecting most organizations today. They are:

  • Human error. This is the most common source of cyber threats. Most of these are social engineering attacks that play on the emotional state of endpoint users within the network’s infrastructure. Phishing is a prime example.
  • Unauthorized access. Hackers constantly use the latest techniques, tactics, and tips to infiltrate networks. These unauthorized users can potentially wreak havoc on internal infrastructure if they successfully bypass cybersecurity measures. Endpoint user error can also allow unauthorized access to the network through clicking a malicious link or opening an infectious file.  
  • Unauthorized users misusing data. Once inside, threat actors, unscrupulous employees, or employees without the proper knowledge of cybersecurity best practices may change, remove, or misuse data without proper approval or authorization.
  • Data breaches and leaks. Hackers, incorrect cloud configurations, and careless endpoint users can all lead to data breaches or leaks. If sensitive data like personally identifiable information is leaked, this could be potentially catastrophic for your business. Depending on your industry, the breach could land you in legal trouble – potentially owing large sums of money in fines or sanctions. Data loss prevention investment is essential to mitigate or avoid these consequences.
  • Loss or corruption of data. If hackers successfully execute a data breach or your backup and disaster recovery (BDR) processes aren’t up to par, it could result in significant data loss or corruption. 
  • Service disruption. In business, time is money. Any downtime for your system could cost future business and current revenue. Whether the downtime was accidental or intentional, service disruption costs you both money and reputation.
  • System failure. Digital threat actors may try to overwhelm and crash a system rather than send a malicious file or link. Any system failure, much like service disruption, can cause data loss or a costly pause in business operations.
  • Weather events or natural disasters. Natural disasters can cause significant damage and outages to critical server hardware and cloud resources. Fortunately, cloud technology alleviates this risk since business owners can migrate their important digital assets to cloud storage out of harm’s way.
  • Adversarial threats. These threats include any outside actors who maliciously and intentionally attack your systems. They can be perpetrated by hacker groups, unauthorized users, unscrupulous inside users, careless endpoint users, and more. 

Cybersecurity risk management can help your organization

Cybersecurity risk management is an ongoing process of identifying, analyzing, evaluating, and addressing your organization’s cybersecurity threats. Your systems can be compromised in several ways, and, unfortunately, that list continues to grow. Effective cybersecurity risk management is about adopting an attitude of – “it’s not a matter of ‘if’ your networks get compromised; it’s a matter of ‘when.’”

How cybersecurity risk management works

While every business is different, there are general steps that can help organizations align to cybersecurity and risk management best practices. Professionals agree on four main stages of a sound cybersecurity risk management plan:

  1. Identification – gauge the ability of your organization to identify current or future cyber threats. Call out and inventory any loopholes or vulnerabilities to the digital infrastructure that could affect daily business operations.
  2. Assessment – Once risks are identified, they should be evaluated to see the level of threat they pose to your business. You and your team should also consider the potential impact of each identified threat.
  3. Control – Suggest tools, techniques, tips, and technology that can be used to help you and your team minimize your organization’s cybersecurity risk.
  4. Review – Take time to constantly review, update, and improve your controls to mitigate your cybersecurity risk. Adding, removing, or recalibrating security protocols will improve the system over time.

Getting started with cybersecurity risk management

One of the simplest ways to get started with cybersecurity risk management is to choose the right partner, and Yeo & Yeo Technology is here to help. We can help you choose the best tools for your business model and your team. Get in touch.

Information used in this article was provided by our partners at ConnectWise.

Your security stack is the foundation of your cybersecurity protection. Whether you’re building a stack from scratch or making updates and changes to your existing setup, it’s a task that needs to be done correctly and with cybersecurity best practices in mind.

Tech Stack

Determining your needs

The first step in properly building your security stack is assessing your needs. In general, there are six areas of business risk most organizations are likely to face:

  • Network perimeter security. This is a business’s first line of defense. It concerns risks of initial threat detection, remediation, and hardening endpoint terminals.
  • Internal security. Human error and data mismanagement can often lead to leaks or breaches from the inside. This usually happens when information is passed back and forth during internal communications. Internal security seeks to limit those occurrences and other internal threats – widely considered the most dangerous threat to cybersecurity.
  • Physical security. This risk area concerns the security of a system’s software and hardware. Mitigating this risk involves cybersecurity frameworks like Access Control and Zero Trust.
  • Incident response. No matter your cybersecurity setup, it won’t always offer 100% protection. How to respond to threats that get through the defenses is an integral part of a business’s risk and overall cybersecurity plan.
  • Long-term response. Businesses also need to focus on learning and reporting after successful attacks. Cyber forensics and in-depth reporting of previous cyber threats provide the necessary knowledge to strengthen defenses moving forward.
  • Cloud security. As the interest in cloud technology grows, so does the potential risk. 95% of security professionals have expressed some concern about the security of public cloud systems. This means that cloud security systems will need to keep pace as these environments become more complex.

Keep these six key areas in mind as you assess your current cybersecurity infrastructure and look for opportunities to optimize your security stack.

Essential tools for your security stack

One thing remains constant no matter how different security stacks can be. That constant is the fact that you need to use the right tools. As mentioned, it’s easy to become overwhelmed by the wealth of options and include too many tools when building your stack.

Here are five must-have tools when building your security stack (in alphabetical order):

  1. Cloud security posture management (CSPM)
  2. Endpoint detection and response (EDR) tools
  3. Mobile device management (MDM)
  4. Penetration testing capabilities
  5. Remote access platform

Building your cybersecurity stack effectively is a balancing act. In theory, it’s easy to assume that the more tools you include, the better your protection will be. While this is true to a point, there is a point of diminishing returns.

Along with that, adding too many tools can make your stack overly complex and, ultimately, leave your system open to vulnerabilities. The goal is to build an IT security stack that includes as many useful tools as possible but doesn’t take away from its primary purpose.

Are you interested in building a comprehensive security stack for your business? We’re here to help. Contact us today.

My employees want fewer video meetings. Should we cut down?

Yes, if you can condense or combine them. Follow in the footsteps of big tech companies like Shopify and reduce the number of big meetings you hold. Your people will be happier, and you’ll likely save a lot of time.

 I think I’ve clicked an unsafe link. What should I do?

The faster you act, the less damage or data loss you’ll have. Get in touch with your IT support partner immediately. It’s always a good idea to have a response and recovery strategy in place for when this happens.

I know I need a password manager, but which is best?

Good question… and there are lots of options. Different businesses have different requirements, so it all depends on you. We’d be happy to make a recommendation once we understand your needs. Get in touch.

Information used in this article was provided by our partners at MSP Marketing Edge.

Even as employees return to the office or enter a hybrid work schedule, wellness, and productivity remain top of mind for most organizations.

Why Does Employee Wellness Matter?

One of the biggest health concerns impacting wellness is physical inactivity. According to the World Health Organization (WHO), people who lead a sedentary lifestyle are at an increased risk of:

  • Cardiovascular diseases
  • Diabetes
  • Obesity
  • Colon cancer
  • High blood pressure
  • Osteoporosis
  • Depression
  • Anxiety

Another employee health concern is work-related musculoskeletal disorders (MSDs). About 1.8 million workers report MSDs like carpal tunnel and back injuries, and about 600,000 workers must take time off to recover from those injuries.

The work environment can positively or negatively impact these health risks and more, including productivity and overall satisfaction. That’s why employee wellness, which also encompasses mental health, is important to the individual and the company.

How to Improve Employee Wellness

One way employers can improve the work environment and positively impact employees’ well-being is through ergonomics. This means replacing a one-size-fits-all approach to an office set-up with individual accommodations that support employee safety, comfort, and health anywhere they work.

Enabling Well-Being at Home

For many, working from home means finding quiet corners and carving out workspaces in crowded homes shared by multiple workers or students. As a result, it’s not unusual to have a makeshift workstation that doesn’t provide good ergonomics.

As an employer, try these tips to help improve wellness for work-from-home employees:

  • Learn more about each employee’s working environment
  • Ask workers about their individual workspace needs
  • Provide ergonomic standing desks and monitor arms to encourage more movement
  • Schedule virtual lunches or social events to lift morale

Enabling Well-Being at the Office

Ergonomics is also essential for traditional office spaces where many employees struggle to create a comfortable, personalized set-up like they have at home.

Consider these options for your office:

  • Offer a standardized set of ergonomic products for employees to choose from
  • Provide personalized ergonomic assessments with a certified professional to ensure workspaces meet the needs of each user
  • Ask for feedback from employees about changes

Remember, the investment is worth it if employee wellness helps increase productivity and morale.

Enabling Well-Being for Hybrid Workers

Hybrid workers may be the employees who need ergonomic support the most. A 2022 survey showed that employees with a hybrid schedule reported that it was more emotionally draining than fully remote work and more taxing than full-time office-based work.

A hybrid worker has a different working environment and routine on different days of the week, making it difficult to adjust to each setting. Many hybrid employees use shared workspaces, which takes time and effort to adjust.

Try offering these solutions to meet the needs of hybrid workers:

  • Mobile standing desks that can be moved around the office for individual work or collaboration
  • A height-adjustable standing desk converter so each employee can quickly find their most comfortable working height, sitting or standing
  • Monitor mounts, monitor stands, and monitor arms that support personalized screen views

How to Put an Employee Wellness Plan in Place

Every organization and employee culture is different, so there’s no set way to implement an employee wellness plan. That said, here are a few steps to get you started:

  1. Assess the current state of employee wellness and where to improve.
  2. Plan for changes that need to be made and prepare management accordingly.
  3. Implement changes through communication and culture shifts.
  4. Evaluate the effectiveness of changes and adjust for future success.

In ever-changing work environments, it is vital to support employee wellness to care for employees, and to help boost productivity and efficiency. Want to learn more about ergonomic solutions for your organizations? Contact us today.

Information used in this article was provided by our partners at Ergotron.

Are you looking for a new HR system but know you face an uphill battle to get sign-off from the powers that be? Do the words ‘return on investment’ (ROI) and ‘total cost analysis’ fill you with dread?

The good news is that calculating ROI has evolved. There is so much more value you can extract from a cloud HR system that you can’t put a figure on.

We like to think of these as the non-quantifiable or intangible benefits – things like better employee experiences, faster decision-making, and improved engagement. They are just as important, if not more, than the quantifiable ones – but are often overlooked or not considered when it comes to investing in a new HR system. This is because they are harder to quantify. But the beauty is they deliver increased value over time and offer continual payback.

Read on for the four ways a modern HR system can deliver repeated value beyond the quantifiable.

1. Empowering HR to be leaders of change

During the pandemic, 65% of HR leaders say their teams had a vital role to play, driving change, enabling remote working, and supporting well-being. Responding swiftly to change remains critical for organizations to thrive in the constantly evolving climate, so having a flexible system is key.

A highly configurable cloud solution will let you customize and create additional fields, which allows you to instantly start capturing new employee data without the need for IT or technical support. A flexible HR system also empowers HR leaders to lead change quickly and easily through automation, actionable insights, and redesigning the way people work – value you can’t put a figure on.

2. Helping you invest now for the organization you want to become

To get continual payback and value from your HR tech, you need the ability to look ahead and establish what you want your chosen platform to do in the next three, five, or even 10 years.

You may need your system to help solve current and urgent challenges, but what big challenges are coming over the horizon? Is merger and acquisition (M&A) activity likely in your company’s future?

Having a system that can scale with you as you grow is vital and means you won’t have to buy a new system in the near future. You want one that’s future-proofed for whatever’s ahead, not just right for now.

3. Supporting you to experiment and test

For real tangible business transformation, the days of doing things once and then ticking them off your to-do list are far gone. Revisiting, testing, iterating, and trying new things are commonplace for progressive companies that want to get ahead.

The in-built features of your HR platform – such as 360 feedback, customizable dashboards, and flexible workflows –make it easy for HR and People leaders to adopt a ‘test and learn’ approach.

For example, HR and People leaders looking to deliver great hybrid experiences with well-being at the center might survey their employees every month to gauge sentiment on their return-to-work policy and then continually refine and tweak their policy based on the feedback.

The right HR system makes it easier to communicate with your entire workforce, wherever they are, gathering employee feedback in real-time and speeding up your ability to respond not just now but in the future too.

4. Enabling you to drive and accelerate digital transformation

Digital transformation allows your organization to become more employee-centric and provide consumer-like experiences to your workforce, helping you attract and retain the best talent.

Using a cloud HR platform, onboarding becomes a complete digital experience.

The solution empowers managers to improve the manager-employee relationship with digital tools to seamlessly manage performance reviews and connect more easily with their remote teams. You might not be able to put a number on that, but it continuously enriches the entire employee experience within the organization.

Choosing the best global cloud HR platform for your needs will also support your organization in having the right mindset, the right culture, and the right skills to create lasting change across the organization through digital transformation.

It’s time to go beyond the numbers

ROI, in the traditional sense, is one way of measuring the payback from your chosen tech – and it’s important to request those numbers from your chosen vendor.

However, going beyond the numbers to explore the broader value-adds is key to ensuring you get sign-off on the tech investment and reap the continual value of your HR tech both now and in the future.

Information used in this article was provided by our partners at Sage.

Focusing on employee health and well-being is not a new initiative for most companies. Organizations are increasingly valuing the holistic needs of their workforce and noting the link to productivity, engagement, and satisfaction—all markers of a successful company and key drivers for talent retention.

It’s up to each company to identify strategies to help keep employees healthy. Not sure where to start? Here are some tips and considerations:

  • Rethink your space: Build quiet, individual work areas and larger collaboration spaces. Consider investing in mobile desks, which offer a flexible workspace option that can easily adapt to each team’s needs and each space.
  • Build a culture of movement: Offer a variety of sit-stand workstations that allow workers to easily alternate between sitting and standing throughout the day. Encourage walking check-ins and normalize standing during longer meetings.
  • Bring back ergonomics: Home workspaces often lack the proper ergonomic equipment or positioning. In the short term, this can cause minor discomfort. For the long haul, a less-than-ideal set-up or posture can lead to more significant health concerns. Consider offering a standardized set of ergonomic products for employees to choose from to meet their work-from-home and in-office needs.

Employee health and safety will remain important in the years to come. Set the foundation for a healthy workforce to ensure your team is ready to work at their best to reach your organization’s goals.

Interested in learning more about how ergonomics can boost health and wellness? Visit our booth #213 at the Michigan Safety Conference (MSC) at DeVos Place in Grand Rapids, April 18-19. Or contact us today.

New data from security vendor Lookout’s The Global State of Mobile Phishing report shows that phishing mobile devices as an attack vector is growing in popularity – mostly because it’s increasingly working… in exponential terms.

We all know phishing is the number one attack vector. But we should wonder whether phishing attacks that hit a corporate desktop email client or a mobile device are more impactful – and the users falling for the attacks are the cause.

  • 21% of enterprise users experience mobile phishing attacks
  • 36% of US users encounter mobile phishing attacks
  • More than 50% of all mobile devices were exposed to a mobile attack in 2022

Why is mobile so prevalent and why are attacks working?

Let’s start by looking at some of the data around users engaging with mobile attack. According to the report, the percentage of users that engage with six or more phishing emails when using an enterprise device was only 1.6% back in 2020. Last year that number jumped to 11.8% – more than a 6x increase! When it comes to personal devices, the increase isn’t as staggering, but the numbers are still horrible – back in 2020, 14.3% of users clicked on six or more phishing links, with 27.6% doing so in 2022, a 93% increase.

According to the report, it appears that remote use of mobile devices is a part of the problem, with a greater issue being the use of personal devices (makes sense, as the user certainly isn’t thinking about protecting the organization when on their own mobile phone, etc.)

This data makes it clear that Security Awareness Training designed to educate users on the need to be continually vigilant, regardless of the device, is critical to an organization remaining protected against attacks.

Information in this article was provided by our partners at KnowBe4.

Surprising data highlights a material security gap that enables cybercrime. According to MFA hardware vendor Yubico in their State of Global Enterprise Authentication Survey, less than one-third of organizations use some form of additional authentication factor:

  • 33% use Mobile/SMS pushes
  • 30% use a Password Manager
  • 29% use a mobile push authentication app
  • 20% use hardware keys

What’s more shocking is that 59% of employees rely on simple username and password combinations to authenticate. And according to Hive Systems, any 8-character password can be cracked in less than an hour through brute force. Further, any password containing less than seven characters can be cracked instantly.

All it takes is one really good social engineering phishing attack, and threat actors will have one or more sets of your employee’s credentials. And with no additional authentication factors, cybercriminals have the keys to whatever corporate kingdom the compromised employee has access to.

Whenever possible, use multifactor authentication (MFA) to provide another layer of security. The best tactic a user can do to prevent password hacking (after using MFA) is to avoid being socially engineered, which takes a good, in-depth combination of policies, technical defenses, and end-user education.

Security Awareness Training can educate your users on the state of phishing and social engineering attacks and help avoid providing threat actors with usernames and passwords. Contact Yeo & Yeo Technology to learn more.

Information in this article was provided by our partners at KnowBe4.

Research by Deloitte found that 91% of all cyberattacks begin with a phishing email (an email that looks like it’s from someone you know but is actually from criminals).

That’s how web giant Yahoo was targeted a few years ago, exposing the contents of half a billion user accounts to criminals. And though we often only hear about these high-profile cases, small and medium-sized businesses are prime targets for these attacks.

Your business email needs to be as secure as possible.

What’s the damage?

The impact of phishing attacks can vary, but the criminals have three main objectives:

  • Data theft – scammers will use ‘credential phishing’ to steal your customers’ personal information.
  • Malware – some attacks will install malicious software onto your device, which can potentially spread through your network. This could include spyware, which can log your keystrokes and track you online, or ransomware, which encrypts your data and demands a ransom to get it back.
  • Wire transfer fraud – CEO fraud and Business Email Compromise (BEC) attacks, in particular, attempt to persuade a target to transfer money to an account controlled by the attacker.

It’s a people problem

All email attacks rely on someone in your business falling for the con. So, it’s important to create a culture of security within your business to reduce the chances that a ‘social engineering attack’ – a scam that convinces someone to act – will succeed.

  • Everyone should know what to look out for and what to do if they think an incident has occurred. This includes who to report it to and what immediate action to take.
  • Have an email use policy that describes how your people should use their business email accounts and the importance of following the rules.
  • And consider putting your team to the test from time to time, maybe by simulating a phishing attack or holding refresher sessions where you quiz them on their knowledge.

Failure to make your whole team aware of the importance of good cybersecurity can be a costly mistake.

How we can help

Staff training will be one of the strongest tools in your arsenal, but we can also help by putting technical measures in place to lessen the chances of an attack and to reduce the impact if it does happen.

We can create a gateway to block or quarantine suspicious emails, scanning incoming and outgoing emails for malicious content. We can install software to help protect you from email spoofing and your email being used in BEC attacks, phishing scams, and spam emails.

And we can deploy end-to-end encryption, which stops anyone from reading the content of your email unless they have the correct encryption key. That means your email is only ever received by the intended person, and data can’t be tampered with.

It’s a lot to think about, but email attacks are one of the biggest security threats to businesses. They need to be taken seriously.

So, if you need expert support or are worried that making these changes might cause disruption, get in touch. We do this every day.

Information used in this article was provided by our partners at MSP Marketing Edge.

The human layer continues to be the most enticing attack vector for cybercriminals. Sadly, most organizations neglect this easily penetrable entry point. Throughout 2022, the world continued to see significant increases in phishing attacks. No industry vertical, size of business, or geography was immune.

Read Now

The use of email, phone calls, texts, social media, and other outreach methods all work together to evade an organization’s secure infrastructure as workforces and individuals remain more distracted and exposed than ever.

Phishing by Industry Benchmarking ReportIn this eBook, we discuss:

  • Industries and their phishing risk level
  • How phishing tests can drastically decrease vulnerabilities
  • The value of security awareness training

Ready to start phishing your users? We offer baseline testing to assess the phish-prone percentage of your users through a simulated attack. From there, we can provide access to the world’s largest library of training content, including interactive modules, videos, games, posters, and newsletters, so you can start educating and building your human firewall. Contact us to get started.

Should I monitor my remote employees?

If you want to maintain a culture of trust in your business, probably not. But you will want to understand their productivity. Many apps can help with this. Get in touch for recommendations.

Where should I focus my IT spending?

Security is critical, but beyond that, more businesses are looking at cloud solutions. It’s an in-depth subject, so you should take expert advice before making big decisions.

Should I allow my employees to install apps on work-issued phones?

Yes – and they’ll need some apps to do their job. However, you should make sure they install only what’s needed. And make sure they’re genuine downloads from the main app stores – there are a lot of malicious apps in the wild!

Information used in this article was provided by our partners at MSP Marketing Edge.

Windows Server 2012 and Windows Server 2012 R2 will end on October 10, 2023. After this date, these products will no longer receive updates, bug fixes, or technical support. As the upgrade process often takes upwards of a year, we urge users not to delay the transition further.

Why do I need to upgrade?

  • Cybersecurity: The older an operating system gets, the more exploitable it becomes, making it easier for cybercriminals to gain access. Once Microsoft stops supporting a product, an attacker can easily find and download exploits from the internet almost immediately. The lifespan of this operating system is well-publicized, which means cybercriminals are aware of it too.
  • Compliance: If your business must meet regulatory compliance standards, such as CMMC or HIPAA, running an unsupported operating system means you’ll fail compliance checks. The minute an operating system is out of support, you’re out of compliance and can experience substantial fines.
  • Cyber insurance: Your cyber insurance policy might also stipulate that you must run supported software to qualify for coverage. If a cyberattack happens and you need to file a claim, it may be denied.

Additionally, newer versions like Windows Server 2019 and 2022 offer more features and better performance.

Your options for migrating to the latest operating system include the following:

  1. Spinning up a new virtual server using existing server hardware
  2. Buying new server hardware (if needed)
  3. Moving to the cloud

The good news is that you don’t have to do it alone. If you need help planning, scoping, or implementing your Windows Server 2012 migration, give us a call. We’d be happy to help you determine the best next steps for your organization and accomplish your IT goals.

Sources:

Accent Computer Solutions, Inc.: Windows Server 2012 End-of-Life: What’s Happening, Why it’s Important, and What to Do Next

Microsoft.com: Windows Server 2012 and 2012 R2 Reaching End of Support

Have you ever felt like you’ve wasted money on technology that you thought would change your world?

The right tech can be truly transformative. You can grow your business more quickly, help employees be more productive, and make your systems run more smoothly. That allows you to focus on strategy and stop sweating the small stuff.

But the wrong choices can be more trouble than they’re worth. That leaves you to foot the bill for a solution that solves nothing or, worse, creates its own problems.

Here’s our best advice for making the right tech choices in your business.

  • Don’t fixate on digital transformation for its own sake. Focus on what you want to achieve and choose the tech that helps you to get there.
  • Be open to process change if the tech can create efficiencies. But your tech should support you – not force you to work the way it wants you to.
  • Define your objectives and seek expert advice before making a big change. That software might look like the answer to everything, but is it well-established? Is it reliable? Is there good support, and are there regular updates? Could an alternative do the same thing for a smaller investment?
  • Focus on your data. Think about how you can access your data, how you can protect it, and what it can tell you about your choices.
  • Enter the cloud. Cloud solutions can help you keep your data better protected and are often more scalable so that they can grow with you.
  • Ask for help. You can’t be an expert in everything, so if there’s something you don’t understand or if you can’t decide what’s best for you, ask an expert.

If you’re thinking about change and want to make the right tech decisions for your business, we’re here to support you. Just get in touch.

Information used in this article was provided by our partners at MSP Marketing Edge.

New data from Acronis in their End-of-Year Cyberthreats Report shows that 11.7% of all attacks still make it to the endpoint. This is a slight increase from 9.4% in Q2 2022. These high percentages show that one out of 10 threats still make it to the endpoint, despite organizations’ best efforts at awareness training and patching.

Modern cyberattacks, data leaks, and ransomware outbreaks all show the same thing: cybersecurity is failing. This failure results from weak technologies and human error, often caused by clever social engineering.

Here are some ways you can boost your cybersecurity resilience and prevent cyberattacks:

  • Patch your OS and apps. This is crucial, as many attacks succeed due to unpatched vulnerabilities. Users tend to ignore system messages, especially when Windows asks for a restart — this is a big mistake. Be sure that auto-updates to popular software vendors like Adobe are enabled and apps like PDF Reader are updated promptly.
  • Prepare for phishing attempts, and don’t click on suspicious links. Malicious links can come from anywhere — instant messenger apps, email, forum posts, etc. Never click links you don’t need to click or that you didn’t expect to receive, and consider implementing security awareness training to help your employees recognize malicious emails.
  • Use a VPN while working with business data. Whether you connect to remote company sources and services, or if your work doesn’t require those activities and you just need to browse some web resources and use telecommunication tools, use a Virtual Private Network (VPN). VPNs encrypt all your traffic, making it secure against attackers who may attempt to capture your data in transit.
  • Keep your passwords and your working space to yourself. Ensure that your passwords — and your employees’ passwords — are strong and private. Never share passwords with anyone. Use different and long passwords for every service. Where possible, use multi-factor authentication for an extra layer of security.

Regularly, businesses need to determine what new employees need and whether there are better ways to secure IT infrastructure and sensitive data. Let us help you assess, measure, and track the costs of preserving your company’s cybersecurity.

Information used in this article was provided by our partners at KnowBe4.

Just because manufacturers may not sell directly to consumers doesn’t mean they’re not at risk of a cyberattack. Indeed, they may be directly affected when their customers or vendors get hit by a cyberattack. And while news media gives play to data breaches that occur at large retailers or financial institutions, manufacturers are becoming a more common target. Let’s identify the reasons why and what you can do to get ahead of cybercriminals.

Exposing vulnerabilities

Cybercriminals may target manufacturers because, in many cases, they’re more vulnerable than other types of businesses. For one thing, the manufacturing supply chain is complex, with an intricate network of suppliers, logistics firms, distributors, retailers and others often connected by the Internet. Members may have access to each other’s systems, so a vulnerability in one link of the supply chain can expose the entire chain to cyber risks.

Also, as the digital revolution continues, manufacturers increasingly rely on Internet-connected devices on the shop floor that can be monitored and operated remotely. At the same time, the manufacturing industry has been slower than other industries to upgrade IT infrastructures and develop robust security practices designed to prevent, detect and mitigate cybercrime.

Hacking the system

Manufacturers’ systems generally don’t store customers’ credit card numbers and other sensitive data that criminals can use to perpetrate identity theft and similar crimes. Instead, cyberattacks against manufacturers are designed to disrupt operations and extort money.

For example, a hacker that gains access to Internet-connected devices could shut down operations or cause you to produce defective products. Or the criminal could introduce ransomware into your systems, blocking access until a ransom is paid.

Another technique is to steal valuable intellectual property stored on a manufacturer’s system and sell it on the black market. Examples include patents, designs, manufacturing processes, research and development documents, customer lists, contracts, bidding information, business plans, marketing plans, and proprietary software.

Manufacturers also aren’t immune to ordinary fraud. For example, a cybercriminal may send a phony email from an actual vendor, updating its payment information and asking the manufacturer to send all future payments to a bank account the criminal controls.

Minimizing risks

To avoid potentially devastating cyberattacks, conduct a risk assessment to take inventory of your hardware, software and data and identify any vulnerabilities. It’s critical to examine all the ways employees, vendors and other partners can access your network. Then implement policies, procedures and controls designed to prevent unauthorized access.

Equally important is to create an incident response plan to mitigate the damages in the event of a breach. Finally, have a solid backup plan that enables you to resume operations if a hacker destroys or blocks access to data.

Adding cyber insurance

One way to protect your business is with cyber insurance. General liability policies normally exclude cyber claims. Insurance carriers are limiting coverage to specific ransomware claims, excluding coverage for specific known vulnerabilities, and requiring applicants to provide more details about their data security control efforts before extending coverage, according to the 2022 Cyber Insurance Market Conditions Report published by insurance consulting firm Gallagher.

Manufacturers may want to consider switching some property insurance coverage over to cyber insurance. After all, in today’s digital world, cyberattack claims may be as likely — or even more likely — than fire, tornado or other natural disaster claims.

Educating your team

Ransomware and malware take advantage of sloppy security. To avoid falling prey to a cyberattack, educate your staff on cybersecurity best practices and potential vulnerabilities. Every employee is a link in your cybersecurity chain. Ignoring the risks isn’t an option in today’s interconnected marketplace.

© 2023

The web browser you choose can significantly impact your online security. And as a business, you mustn’t take any unnecessary risks, even if you’re someone who likes to steer clear of the IT megabrands.

As well as allowing advertisers to track your online activity, there are often bugs and vulnerabilities in lesser-known browsers that cybercriminals can exploit to steal your data and compromise your entire network.

And while you must choose your browser carefully (and stick to the same browser across the business), it’s equally important to ensure you run updates and patches as soon as they become available to keep your browsing as secure as possible.

You may already know that Google’s Chrome is the most popular desktop browser in the world – more than 6 in 10 people use it. It’s fast, easy to use, and has built-in phishing and malware protection (though you shouldn’t rely solely on that).

Next comes Apple’s Safari, followed by Microsoft Edge. Edge is similar to Chrome because it’s fast, customizable, and straightforward. It also gives you clear privacy options, which are essential when using a browser for business. As a Microsoft product, it’s the default browser for Windows 11 and comes with some Microsoft-specific links. So, if you use Windows 11 and haven’t tried Edge, give it a go.

The key thing to keep in mind when choosing your browser is security. Don’t just stick with the standard settings – customize them to suit your business. Look at the threats you may face, the settings that can help protect against them, and the usability… all in equal measure.

It seems like a relatively simple task to choose a web browser, but there’s more to it than you think if you want to take security seriously.

Can we help recommend the best browser for your business? Or make sure you’re getting the most from your current browser’s security settings? Get in touch – we’re here to help.

Information used in this article was provided by our partners at MSP Marketing Edge.

We want to think that the attackers only move in a game of cyberattack chess is “attack.” Then once you begin to mitigate their intrusion, lateral movement, modification of user accounts, etc., the threat actor gives up and you win. But a new analysis of several attacks by security vendor Crowdstrike shows that while your team is busy trying to undo everything attackers have done to facilitate their access, hackers are equally busy either reversing your actions or setting up additional means of entry, privilege, and access.

According to the analysis, Crowdstrike observed the following activity mid-attack when response actions weren’t being taken swiftly:

  • Setup of additional VPN access
  • Setup of multiple RMM tools
  • Re-enabling accounts disabled by security teams

It’s like chess; you make a move, and your adversary makes another.

There are two takeaways from this story:

  • Response actions need to be swift; you need to cut off attacker access quickly and effectively
  • Based on the initial attack vectors – mainly social engineering designed to harvest credentials, Security Awareness Training for every user is needed to keep users vigilant whether they’re using email, the phone, or the Internet.

Want to learn more about improving your cybersecurity resilience? Visit Yeo & Yeo Technology’s website.

Information used in this article was provided by our partners at KnowBe4.