Securing Your Own Business

• Use a good antivirus, or better yet, a reputable EDR (Endpoint Detect and Response) solution, to protect your systems and your data. We are currently in the process of moving from BitDefender managed antivirus, which has never let us down, to an even better managed EDR solution. Keep in mind that Microsoft Defender is built right into every current version of Windows, and in recent years it has become one of the top-rated antivirus solutions available, and there are tons of features and options that most people aren’t even aware of: https://cybernews.com/best-antivirus-software/microsoft-defender-review/#:~:text=Is%20Microsoft%20Defender%20any%20good,only%20possible%20with%20Microsoft%20Edge.
• Consider signing up for some kind of third-party e-mail virus and spam filtering solution. Statistics show that anywhere from 70% to 90% of all data breaches begin with a phishing e-mail attempt. If you can find a way to prevent dangerous messages from reaching your employees’ Inbox, you will already have a good head start on the latest AI-driven phishing campaigns. Phishing e-mails used to be rather easy to identify because of spelling errors or bad use of grammar; Artificial Intelligence doesn’t give itself away like that, and it designs much craftier e-mails than traditional hackers in Russia and China do. https://www.forbes.com/sites/emilsayegh/2023/04/11/almost-human-the-threat-of-ai-powered-phishing-attacks/?sh=374414283bc9
• Check your computer systems monthly to make sure that they have the latest available security patches and updates. Here are some statistics and some helpful tips for managing your updates: https://blog.scalefusion.com/risks-and-remedies-of-failed-patch-management/#:~:text=Recently%20published%20research%20shows%20that,or%20processes%20could%20be%20better.
• Make sure that your Windows Firewall is turned on for all of your computers. We have seen a lot of Windows business systems over the years that had their built-in Microsoft firewalls disabled because it was interfering with a piece of software working. Over 99% of those kinds of problems can be resolved by adjusting the firewall settings properly - without having to turn if off completely - so please resist that temptation. https://www.31west.net/blog/what-does-the-windows-firewall-do/#:~:text=According%20to%20AV%2DTest%2C%20the,safeguard%20the%20integrity%20of%20data.
• Have a good, business-class hardware firewall between your Internet modem (Comcast, Ting, Brightspeed, etc.) and your business network. That box that your Internet Service Provider installs IS NOT an actual firewall; it is a modem that can also act as a router. While it does provide some basic protection from outside forces getting into your network, it does not actually inspect the traffic or scan for malicious code. A good UTM (Unified Threat Management) firewall is going to cost you a bit, but it should be able to block you from going to malicious websites and prevent you from downloading infected content. It can also provide the ability to control your Internet traffic flow so that you can optimize the performance of a VoIP phone system, and most advanced firewalls also provide you with the ability to connect into your business network over a secure VPN connection. In addition to security, there are other reasons why buying a home firewall/router from Best Buy to put in your work office is not in your best interest: https://www.office1.com/blog/why-you-shouldnt-use-consumer-grade-routers-on-a-business-network#:~:text=Consumer%20grade%20routers%20are%20for,that%20your%20business%20network%20needs.
• Keep your employees educated about the many risks they face on the Internet, in e-mails, in texting, and even live phone calls. Employee Vulnerability Awareness is probably one of the strongest defenses you have against hackers, both human and AI-driven. There are plenty of free or nearly free resources out there to provide them with some basic training that will help to protect your data: https://www.edapp.com/top-10-cyber-security-training-for-employees/
• Use MFA (Multi-Factor Authentication) with your Microsoft 365 accounts and every online account that you can. It’s a little bit of an annoyance to have to provide that extra security code when you log into online resources, but you’re probably already using it with your online banking services; it’s really not a lot of extra effort to give yourself a lot of extra security. We had a business come to us a few months ago after they got taken for $800,000 in a Business Email Compromise (BEC) scam that would not have been possible if they had enabled MFA on their main Microsoft e-mail account. And, because they had checked off a box on their Cyber Insurance application indicating that they were using MFA, their insurance company denied their claim. Their saving grace was that the bank was supposed to call the recipient of the bank transfer to confirm the routing and account numbers (which the scammers had replaced with their own), and they did not. The “happy ending” to this story is that the bank ended up having to reimburse the company that got scammed. That business is now a fully managed and protected client of PJ Networks.
• Get your business some Cyber Insurance and answer the application questionnaire honestly. If you answer any of the questions incorrectly and you get breached, when you file your claim there is a good chance that your claim will be denied, so a Cyber Insurance policy is worthless if you just check “Yes” on all of the questions without knowing the real answers.

All of the above recommendations are things that PJ Networks takes care of with a Managed Services support plan, but there are other local MSPs who can provide most or all of the same services. If you don’t want to sign up with PJ Networks, then please consider signing up with somebody else who has your best interests in mind. Whether you engage someone else or choose to manage these responsibilities on your own, please believe me when I say that the threats are real, and they are already on our doorstep. I cannot stress enough how dangerous things are getting out there on the Internet now that hackers have access to Artificial Intelligence to turbo-boost their cybercriminal activities.

The cybersecurity challenges that are already starting to impact businesses here in central Virginia are not just threat big or medium-sized businesses. Sadly, many mall businesses will wind up being collateral damage in the war between cyber criminals using AI-powered tools and the cybersecurity experts who are doing their best to fight them off.  We are also using tools that employ Artificial Intelligence to detect and block suspicious and malicious activity on client business networks, and so far we are holding them off...but the war is far from over, and to be honest, things may never be the same again.  This cyber war between good guys and bad guys is here to stay.

Don't let your business become collateral damage - reach out to us today, or sign up for one of our upcoming seminars and webinars that will be focused entirely on the things that you need to know to protect your organization from cyber criminals.