Level Up Your Business: The Power of a Strong MSP Partnership

Two people shaking hands.

Your Managed Service Provider (MSP) is more than just tech support—they’re the secret weapon that propels your business forward. Our clients know the importance of a reliable, efficient IT infrastructure. But did you know that building a rock-solid MSP partnership can take your business to the next level? Let’s dive into the simple yet powerful steps that will maximize your collaboration and empower you to unlock your full business potential.

1. Choose the Right MSP

Selecting an MSP that aligns with your business needs and culture requires thorough research and due diligence. Assess potential MSPs based on their industry experience, client testimonials, and their ability to understand and integrate with your business processes. By choosing an MSP that complements your company culture and operational style, you foster a collaborative environment where both parties can work seamlessly towards common goals. This synergy leads to more effective problem-solving and innovation, ensuring that the MSP can offer tailored solutions that drive your business forward.

2. Clearly Define Goals and Expectations

Establishing clear, measurable goals at the outset ensures that both your business and the MSP have a mutual understanding of the desired outcomes. Begin by identifying your specific pain points and desired results. Communicate these effectively to your MSP, setting out timelines and performance metrics to gauge success. This clarity not only helps your MSP tailor their services to meet your objectives but also creates a framework for accountability. When both parties understand what success looks like, it leads to more focused efforts and better results.

3. Document Internal Processes

Providing comprehensive documentation of your current workflows is crucial for enabling your MSP to understand your operations fully. This detailed information allows the MSP to identify inefficiencies and propose precise improvements. Share process maps, standard operating procedures, and any relevant data with your MSP. The benefits of this practice include streamlined operations, reduced downtime, and enhanced productivity as the MSP can implement solutions that are perfectly aligned with your business processes.

4. Establish Boundaries and Roles

Clearly delineating the responsibilities between your internal IT team and the MSP is essential for preventing overlap and ensuring efficient collaboration. Define which tasks will remain in-house and which will be managed by the MSP. This division of labor ensures that each party can focus on their core competencies, leading to more efficient operations and better use of resources. Establishing these boundaries helps prevent confusion and ensures that all IT needs are met without redundancy or conflict.

5. Build MSP Partnership into Your Culture

Facilitating a seamless integration of the MSP into your corporate culture enhances communication and collaboration. Share your company’s values, mission, and internal communication practices with the MSP. By aligning the MSP with your corporate culture, you create a more cohesive working relationship where the MSP feels like an extension of your team rather than an external entity, and truly fosters an MSP Partnership dynamic. This integration fosters mutual respect and understanding, leading to more effective and harmonious collaboration.

6. Be Receptive to Change

Embracing the changes recommended by your MSP is crucial for leveraging their expertise to enhance your IT processes. Trust their experience and be open to adopting new technologies and methodologies they suggest. The willingness to adapt can lead to significant improvements in efficiency, security, and overall performance. By being receptive to change, you enable your business to stay ahead of technological advancements and industry trends, ensuring long-term success.

7. Monitor Performance with SLAs and KPIs

Implementing Service Level Agreements (SLAs) and Key Performance Indicators (KPIs) is vital for tracking the performance and service quality of your MSP. Regularly review these metrics to ensure that your MSP is meeting the agreed-upon standards. This continuous monitoring allows for timely adjustments and improvements, ensuring that the MSP’s performance aligns with your business goals. Effective performance tracking leads to sustained high-quality service, preventing issues before they escalate and ensuring that your business operations run smoothly.

Conclusion

At Back To Business I.T., we believe that our success is intertwined with yours. By following these steps and working hand-in-hand with us, your trusted MSP, you’re not just investing in your IT infrastructure, you’re investing in the future of your business. This is about more than just meeting your IT needs—it’s about empowering you to thrive in an ever-evolving digital landscape. Together, we’ll ensure that your technology works seamlessly, allowing you to focus on what you do best: growing your business. Let’s build a partnership that drives innovation, efficiency, and ultimately, your success.

Sources:
How To Forge A Successful Relationship With Your Managed Service Provider

5 Ways To Build A Strong Relationship With Your MSP

Building A Successful MSP Relationship

How To Effectively Collaborate With Your MSP

Understanding DMARC Regulations

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol specification initially defined in early 2012.  Twelve years later, DMARC remains a powerful tool to help businesses defend against threats posed by phishing attacks and emails scams.  In 2024, new rules are fortifying the potency of DMARC’s protection against a continuously evolving threat landscape.  Ready to learn more about how DMARC’s new rules can protect YOUR business?

That’s where our, “Understanding DMARC Regulations,” comes in. We’ve poured everything you need to know about DMARC into this guide – what it is, why it matters, and how to optimize the new regulations to keep your business safe.

Inside the guide, you’ll discover:

  • DMARC demystified: We’ll break down exactly what DMARC is and how it works to block fraudulent emails from reaching your inbox. (Think of it as a digital bouncer for your email!)
  • Staying on the right side of the rules: Compliance is key. We’ll share tips for staying up-to-date with the latest DMARC standards.
  • Why DMARC is a Big Deal: We’ll review why these regulations, and DMARC itself, are so important for protecting your business reputation and keeping sensitive information safe.

Why You Can’t Afford to Ignore DMARC

Email might feel old-school, but it’s still a primary channel of communication for most businesses. That makes it a prime attack vector for bad actors. One wrong click by a company employee on a phishing email, and you could be dealing with a serious data breach or financial loss. That’s where DMARC steps in, helping to ensure emails that land in your employees’ inboxes are actually from verified sources.

Ready to Dive In?

The new DMARC regulations are a clear signal: email security is more important than ever. Don’t risk your business by putting it off. Download our white paper, “Understanding DMARC Regulations” today, and get equipped with the knowledge and tools you need to safeguard your communications in 2024 and beyond.

Implementing DMARC creates significant benefits for businesses, including:

  • Identifying and flagging potential phishing emails to alert employees
  • Preventing spoofing attacks by verifying and authenticating senders
  • Reducing the volume of spam messages
  • Validating your company’s credibility and brand reputation as an email sender

Download your free copy of “Understanding DMARC Regulations” today and take charge of your email security!

Understanding DMARC Regulations: Your Essential Guide to Email Security in 2024

Don’t be a Statistic: Protect Your Manufacturing Business Against Cyberattacks by Establishing a Policy of Cyber Resilience

Last year, the United States faced a staggering financial toll of over $10 billion due to cyberattacks. Alarmingly, a considerable portion of these losses impacted the manufacturing sector, making it the second most targeted industry for cybersecurity threats. The concept of cyber resilience—preparing for, responding to, and recovering from cyber incidents—has never been more critical for manufacturers. In this blog, we offer a foundational guide for manufacturers to fortify their operations against cyber threats.

What is Cyber Resilience?

Defined by the National Institute of Standards and Technology (NIST), cyber resilience is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” Consider cyber resilience as the protective armor your company dons against cyberattacks. While it may not prevent an attack entirely, it can mitigate the damage and help your organization recover more efficiently.

Why is Cyber Resilience Important for Manufacturers?

While technological advancements are revolutionizing every sector, they also introduce new vulnerabilities. For manufacturers, this means an increased number of entry points for cyber threats. A Deloitte report reveals that 40% of manufacturers have fallen victim to a cyber incident, and 38% of these incidents led to financial damages exceeding $1 million.

Further emphasizing the urgency is research from Statista, which shows the manufacturing industry was the target of 23% of all cyberattacks in 2021, making it the second most targeted sector. The FBI’s Internet Crime Complaint Center (IC3) 2022 Internet Crime Report indicates a 20% increase in reported cybercrime incidents affecting the manufacturing sector over the past year.

Given these alarming statistics, cyber resilience is no longer just a security measure; it’s a business imperative or manufacturers. Building a cyber resilient manufacturing ecosystem can mitigate the impact of these threats, ensure operational continuity, safeguard sensitive data, and ultimately protect your financial health.

5 Essential Elements of Building a Cyber-Resilient Manufacturing Ecosystem

1. Risk Assessment

The foundation of a robust cybersecurity strategy lies in a thorough risk assessment. While it’s impossible to foresee every potential risk, identifying vulnerabilities in your manufacturing system is a critical first step. Leveraging established frameworks, such as NIST’s Cybersecurity Framework, can provide a structured methodology for this assessment. These guidelines are designed to be adaptable across various industries, including manufacturing, and can serve as a valuable roadmap for your organization.

2. Employee Training

The human element is often the weakest link in cybersecurity. According to the 2023 Verizon Data Breach Investigations Report, human error was a contributing factor in 74% of all data breaches. Employee training is not just beneficial but essential for bolstering cybersecurity in manufacturing.

The IBM Cost of a Data Breach Report 2023 further highlights the importance of employee training. Organizations that invested in comprehensive training programs saw a significant reduction in the average cost of a data breach—by as much as $1.5 million or 33.9%. This underscores the financial and operational benefits of incorporating cybersecurity into both employee onboarding and ongoing education.

3. Data Backup and Recovery

Data is the cornerstone of modern manufacturing, driving insights that enhance production efficiency and quality. Losing access to vital data can have severe repercussions, from production halts to financial losses and damage to your reputation.

A well-structured data backup and recovery plan serves as a safety net, enabling quicker restoration of operations in the event of a cyber incident. It’s not merely about preventing downtime; it’s about maintaining the integrity of your manufacturing processes and retaining customer trust. In essence, a robust data backup and recovery strategy is indispensable for any manufacturing company aiming for cyber resilience.

4. Incident Response Planning

IBM reports that only 46% of organizations have specific incident response plans for different types of cyberattacks. This leaves a majority of organizations vulnerable, lacking a structured plan should they experience a cyberattack. An effective incident response strategy should encompass preparation, identification, containment, eradication, recovery, and lessons learned.

NIST also offers valuable guidelines, suggesting that an incident response plan should be a set of instructions designed to detect, respond to, and mitigate the impact of cyberattacks against an organization’s information systems. Whether you consult with your internal IT department or partner with a Managed Services provider, implementing a comprehensive incident response plan is essential for safeguarding your digital assets and ensuring operational continuity.

5. Regular Updates and Proactive Patch Management

Outdated software is a glaring vulnerability, akin to an unlocked front door for cybercriminals. Software developers routinely release updates and patches to address security vulnerabilities. Neglecting these updates can expose your manufacturing operations to a myriad of risks, including data breaches and system failures, as emphasized by Stay Safe Online.

To bolster your manufacturing ecosystem, it’s imperative to have a proactive patch management strategy. This involves not only updating your software but also vigilantly monitoring for new vulnerabilities and applying patches as they become available. In doing so, you’re not merely patching up security gaps; you’re constructing a more resilient and secure operational environment.

Conclusion

The concept of cyber resilience—preparing for, responding to, and recovering from cyber incidents—is no longer optional; it’s a business imperative. From conducting comprehensive risk assessments and employee training to implementing robust data backup and recovery plans, incident response strategies, and proactive patch management, each component plays a critical role in building a cyber resilient manufacturing ecosystem.

These measures not only protect your digital assets but also ensure the continuity of your operations, thereby safeguarding your reputation and financial stability. If you find yourself overwhelmed by the complexities of achieving cyber resilience or simply wish to fortify your existing cybersecurity measures, don’t hesitate to contact Back To Business IT. Our team of experts is here to guide you through every step of the process, ensuring that your manufacturing operations are as secure and resilient as they can be.

5 Essential Cybersecurity Tips for Small Business Owners

Photo of Cybersecurity button and a person pressing on a graphic of a lock

In the modern business landscape, reliance on technology by small business owners is increasing, fueling both growth and efficiency. Technology tools add many essential benefits but also introduce complex challenges with cybersecurity. A survey conducted by Connectwise in 2022 revealed a startling trend: 76% of small businesses had fallen victim to at least one cyberattack, a significant surge from 2020 when only 55% reported such an experience. The data underscores the critical importance for small business owners to safeguard digital assets.

Cybersecurity is a vast and complex field, with numerous aspects for businesses to consider. The task of shoring up security may seem overwhelming and daunting. To simplify this challenge, here are five actionable steps to enhance small business cybersecurity.

1. Inventory Technology Assets

Begin with identifying vulnerabilities potential threats can exploit to access  business data. Understanding the technology, you have in your small business is the foundation of a robust cybersecurity strategy.

  • Why it’s vital: Knowing what devices are connected to your network helps you monitor and control access. Neglecting this can lead to unauthorized access, resulting in data loss or manipulation of sensitive information.
  • How to do it: Create a detailed inventory list of all devices, including their make, model, and purpose. Regularly update this list to reflect any changes.

2. Ensure Technology is Up to Date

Once you know what technology you have within your business, keep it current. Keeping technology up to date is a critical cybersecurity measure for small businesses.

  • Why it’s vital: Hackers often exploit known vulnerabilities in outdated systems. Keeping technology up to date ensures that you have the latest security patches. Failure to update can lead to financial loss due to cyberattacks.
  • How to do it: Regularly check for updates for your operating system, antivirus software, and other critical applications. Enable automatic updates where possible.
  • Checking for Updates: Most operating systems and software have an option to check for updates in the settings or preferences menu. For hardware, consult the manufacturer’s website or support for firmware updates.

3. Implement Multi-Factor Authentication and Unique Passwords in Your Small Business

Passwords and logins are often the first line of defense in small business cybersecurity.

  • Why it’s vital: Simple or reused passwords can be easily cracked. Multi-factor authentication adds an extra layer of security. Ignoring this can lead to reputational damage if personal or financial information is compromised.
  • How to do it: Encourage employees to use strong, unique passwords for different accounts. Implement multi-factor authentication wherever possible.
  • Understanding Multi-Factor Authentication (MFA): Multi-factor Authentication, also known as MFA or Two-Step Verification, is a security process that requires more than just a username and password to verify the user’s identity. Traditional authentication methods that rely solely on usernames and passwords are often inadequate, as usernames can be easily discovered, and passwords may be simple or reused across different sites. MFA adds an additional layer of security by requiring a second “factor” to prove who you are. This second factor can be something you know (like a password or PIN), something you have (like a smartphone or secure USB key), or something you are (like a fingerprint or facial recognition).
Image of Cybersecurity Multi Factor Authentication Types of Factors. Text reads, "Types of Factors: Something You Know (Examples: PIN, Password), Something You Have (Examples: Code sent by text, MFA app), Something You Are (Examples: Face scan, Fingerprint)

4. Install a Firewall for Your Small Business

A firewall is a fundamental cybersecurity measure for small businesses. Implementing a firewall can prevent DDoS attacks, which saw a 60% increase in malicious attacks in the first half of 2022.

  • Why it’s vital: Firewalls filter incoming and outgoing traffic. Without a firewall, networks are exposed to potential threats.
  • How to do it: Consider both software and hardware firewalls. Ensure that remote employees also have adequate protection.
  • Understanding Firewalls: A firewall is a crucial component of cybersecurity, especially for small businesses. It serves as a virtual barrier between your internal network and the external internet, monitoring and controlling the flow of traffic based on predetermined security rules. There are two main types of firewalls: hardware firewalls and software firewalls. A hardware firewall is a physical device that sits between a network and the internet, while a software firewall is installed on individual computers within a network.

5. Educate Staff on Cybersecurity in Your Small Business

Your employees play a crucial role in any small business cybersecurity strategy. In fact, according to Gartner, “82% of data breaches were a result of employee behaviors that were unsecure or inadvertent.”

  • Why it’s vital: Human error can lead to breaches. Educating staff about common cyber threats and safe practices can prevent many potential attacks.
  • How to do it: Conduct regular training sessions and education, including:
  • Workshops and Seminars: Regularly conduct workshops to educate employees about the latest threats and safe online practices.
  • Online Resources: Share informative articles, videos, and tutorials.
  • Simulated Attacks: Conduct simulated phishing attacks to test employees’ awareness and provide feedback.
  • Regular Reminders: Send regular email reminders about safe practices, updates, and company policies.

Cybersecurity is not just a concern for large corporations; it’s a vital consideration for every size business. By taking these five actionable steps, you can significantly enhance the cybersecurity posture of your small business. For a more comprehensive list of things you can do to protect your business, download our Cybersecurity Essentials Checklist for Small and Medium Sized Businesses.

At Back To Business I.T., we offer comprehensive cybersecurity services tailored to your needs. If you are looking for assistance with your cybersecurity strategy, contact us today.


What to Expect When Applying for Cyber Insurance

cyber insurance
Several years ago, cyber insurance was just an add-on to larger policy discussions, but with the rise of malicious online attacks, it’s jumped to the forefront and has become one of the most expensive policies under a company’s insurance coverage. Here’s how to ace your application and get the best rates.

Cybercrime is a multibillion-dollar industry. Even with careful security measures in place, it remains a constant struggle for businesses to stay one step ahead of hackers looking to extort them. Phishing emails, malware, security breaches, network security issues, and computer system breakdowns are just a few examples of the kinds of cyber risk that can cause serious liability or revenue loss. That’s why proper cyber liability insurance remains a vital risk-transfer tool for organizations of all sizes.

For businesses attempting to acquire cyber insurance, the application process itself can be daunting. Application forms aren’t standard and can be very complex — what used to be a seven-question application has evolved over the last few years into a multi-page document broken out into various categories. Truth be told, it can read less like an application and more like an audit questionnaire. (Check out a sample cyber insurance application here.)

Insurers want to be as thorough as possible when evaluating an organization’s cybersecurity infrastructure and deciding their level of risk. They depend on the detail contained in the application to determine how well the people, processes, and technology can protect and respond to cyber threats. Any vagueness or incorrect information can create major issues later on if (or when) a claim is filed.

If you’re planning on applying for cyber insurance, it’s important to identify your company’s cyber risks prior to submitting the application. Specifically, insurers will ask for:

  • The basics — What industry you operate in, as well as how much and what type of information your organization stores, processes, and transmits. In addition, underwriters want to see how you manage data security and who oversees cyber-related matters.
  • Information security — Do you have a formal program in place to test and audit security controls? Underwriters also typically look to see if you have basic controls in place, including firewall technology, anti-virus, and intrusion detection software.
  • Breach history — Have you been breached before? Is the data you house vulnerable? How effective are your data security techniques moving forward?
  • Data backup — Underwriters want to know if you back-up all your valuable data on a regular basis, if you utilize a redundant network, and if you have a disaster recovery plan in place.
  • Company policies and procedures — What type of cybersecurity and incident response policies do you have in place? For example, how do you handle password updates, the use of personal devices, and revoking network access to former employees?
  • Compliance with legal and industry standards — Failing to comply with cyber-related legislation can be incredibly costly, and insurers want to know how you handle compliance. Specifically, whether you are compliant with applicable regulatory frameworks, are a member of any outside security or privacy groups, or utilize out-of-date software and hardware.

Although the cyber insurance application is more rigorous than most insurance applications, you can secure the best rate by doing your due diligence and prepping ahead of time. Being honest about the risks and vulnerabilities your company may face from cyber threats will also help you get the right policy coverage.

Need help applying for cyber insurance or meeting specific criteria? Talk to an expert at Back To Business I.T. today!

Benefits of Robotic Process Automation (RPA)

benefits of robotic process automation (RPA)

If you’re thinking about ways to implement automation in your company, you’re not alone. A recent study entitled “The State and Fate of Small and Medium Business” conducted by Xerox with Morning Consult surveyed 1,200 business decision makers from companies with 25-1,000 employees in the US, Canada, and UK. The study indicated that digital transformation and automation have become top priorities in the post-pandemic world:

  • 80% of small and medium-sized business (SMB) leaders saw automating tasks and processes as important to their survival during the pandemic and moving forward.
  • 82% strongly emphasize the importance of digitizing paperwork.
  • Two-thirds plan on upgrading their automation tools.
  • Three out of four observed an increased reliance on workflow solutions over their pre-pandemic setups.
  • 65% have already upgraded their workflow solutions.

HOW CAN RPA BENEFIT YOUR BUSINESS?

Robotic Process Automation (RPA) is a software technology that mimics human actions for high volume, repetitive, rule-based tasks. It can achieve high levels of efficiency for these mundane and often boring tasks that are better suited to be handled by computers, freeing up humans to focus on creative, strategic, and innovative idea-making. It is important to think of RPA as a “digital assistant” that helps humans to be more efficient and focus their time on activities that require higher levels of cognition, empathy, and ingenuity. While RPA implementation is highly successful in many appropriate applications, it does not replace human workforces or populate your office with robots!

Since its inception and early introduction, RPA has experienced meteoric growth in the marketplace, supported by a significant body of highly successful use cases and measured, sustained, and demonstrable return-on-investment. It involves low/no-code programming and is relatively inexpensive and quick to implement and scale, generating ROI in a matter of months, not years. Because of its success with large businesses (100% of Fortune 500 Companies now have robust RPA programs) and the emergence of many competitive and highly versatile software platforms in the marketplace, it has reached an affordable, low-risk level of accessibility for small and medium-sized businesses who can truly begin to take advantage of its many benefits. The current job market and limited availability of staff combined with increasing demands on businesses to thrive in the digital space have accelerated our arrival at a “sweet spot” for RPA adoption.

To successfully begin implementing RPA in your organization, you must first create a strategic and thoughtful approach with some key considerations:

  • Do you have workflows and processes that can be successfully and cost-effectively automated?

RPA is optimal for processes that are high volume, repeatable, and rule-based. For example, if you run a report once a month and your staff member spends five minutes creating the report, this is most likely not a candidate for automation. However, if you generate dozens of reports daily and a staff member spends hours, not minutes, pushing buttons, selecting folders, and running and emailing these reports, automation might make sense.

  • Is your organization excited about digital transformation?

RPA adoption requires education, communication, cultural acceptance, and enthusiasm. It is important to build consensus and identify key leaders and stakeholders that will champion its usage as a part of your corporate culture. Your RPA team will need to include various roles including C-Suite supporters, I.T. staff and daily users that are excited and positive about change.

  • How will you scale up your RPA program in the future?

RPA is most successful when it is continually monitored, maintained, and scaled up. As you begin the journey, it is important to create a roadmap for future automations to maximize the full capabilities of your initial investment. Adding automations after implementation can be achieved at a much lower cost than the initial implementation and will magnify your return by achieving increasing levels of productivity and efficiency across your company.

  • Will you implement RPA using in-house I.T. resources or collaborate with a consultant?

Depending on your company’s in-house I.T. capabilities, you may choose to create an RPA Center of Excellence (CoE) within your own company using in-house resources. This decision may be affected by availability of RPA expertise, existing workload of current staff, and desire to create long-term autonomy. An internal CoE can still benefit from expert, outside consultation from a Managed Service Provider in the initial building phase. If you choose to work with an outside provider for RPA, it is important to select a consultant that has solid experience, certified experts on-staff, and an established history of providing ongoing services to meet your needs for support as you move forward.

Back To Business I.T. and The Greentree Group have established expertise in providing RPA for a variety of clients. Our RPA Center of Excellence creates unique automation solutions for all levels of government, as well as private corporate applications in a wide range of sectors including finance, manufacturing, healthcare, and many others. Our philosophy begins with helping each client thoroughly understand the opportunities, risks, and potential benefits of any technology, and partnering with you to make informed decisions to grow your business. Interested in learning more about what RPA can do for your business?  Schedule a no-cost consultation here.

Common Sense and Cybersecurity

Common sense and cybersecurity

Earlier this month, Colonial Pipeline’s operations came to a halt after a ransomware attack orchestrated by DarkSide, an Eastern European cybercriminal organization. It took several days after the May 7 attack for the company to begin restarting parts of their systems as well as the mainlines. The effects were widespread and felt by most of us – gas prices at the pump fluctuated almost immediately.

As a society, we are becoming increasingly desensitized to news like this. Cyberattacks happen so often, it seems, that it’s hardly news. So why is it that so many businesses still don’t take cybersecurity seriously? There’s a shroud of mystery surrounding cyber – the media portrays hackers as hooded criminals lurking in a dark room. And while cybercrime methods change constantly, there are measures companies and individuals can take to protect their data. Those steps aren’t mysterious; they’re not hidden. Maybe they’re so simple – so rooted in common sense – that it’s easy to overlook them, and dismiss their importance.

 “The problem with common sense is that it is not so common.”

Maybe it’s easy to dismiss simple ways to implement cybersecurity because “well, everyone knows to do that.” The truth is maybe not everyone knows. Maybe “common sense” isn’t as common as we would like to think. For example – do you lock your doors when you’re not home? Chances are you do. It’s one of the most basic things to prevent entry and protect what’s inside. One of the easiest ways to protect your business data is to password protect your computer systems. This most rudimentary of security measures, which costs nothing to implement is still not being used by many businesses.

Along the lines of common sense, let’s revisit the events following the Colonial breach. Gas prices increased, media coverage heightened awareness of a potential (temporary) shortage. Some people took to the pumps to fill up before it got worse. Others took more drastic measures, filling up plastic bags with gasoline. Common sense would tell (most of) us it’s a bad idea to fill a plastic bag with gasoline, but the truth is not everyone has the same thought process and the same information. So much so that the US Consumer Product Safety Commission announced on social media that it was, in fact, a bad idea to fill plastic bags with gasoline.

This is an extreme case, most of us probably understand why it’s not a good idea to fill a bag with gasoline. But many businesses are doing the cybersecurity-equivalent of this, likely without realizing it. For example, if your company has data on computers that aren’t password-protected, or even protected by passwords such as “password1234” – that’s a potentially disastrous situation.

Cybersecurity: Start with common sense

Cybersecurity for your business doesn’t have to be complicated, unattainable, and cost-prohibitive. It would be irresponsible for us to reduce cybersecurity to just password-protecting your computers – but the truth is that you can start with simple steps like that. The password illustration is easy to understand but is by no means the gold standard as far as security measures go. Using common sense – perhaps the best of the senses – can help jumpstart your cyber approach. Your business technology is unique; your cybersecurity strategy should be unique, too. We can start where you are – whether that is as simple as password-protecting your systems or as complicated as monitoring network traffic for anomalies. Every business that uses technology in some way is vulnerable to cyberattacks, from pipelines to pop-up boutiques. Don’t wait until something disruptive brings your operations to a halt. Let’s start today.

Contact our team to talk about cybersecurity solutions for your business, from the tried-and-true to the cutting edge.

Protect Your Identity and Learn About BEC Scams

BEC scams

Today is the first annual Identity Management Day! We join the National Cybersecurity Alliance and the Identity Defined Security Alliance to raise awareness and share resources for identity protection.

Protecting our data and promoting privacy is becoming more important to the wellness and security of our lives both professionally and personally – and not just on Identity Management Day. Cybercriminals are continually evolving their strategy and tactics to compromise their targets; it is paramount that end users stay aware of the dangers that lurk beyond the firewall.

One of the most common threats seen today are “Business Email Compromise” scams – or BECs. These involve criminals impersonating key organizational staff or vendors – perhaps an executive, HR, or other members of leadership – with the end goal being the fraudulent transfer of money.

The most common type of BEC scam is invoice or payment fraud. 

  • 65% of organizations faced BEC attacks in 2020.
  •  In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
  • In 2020, 80% of firms experienced an increase in cyberattacks.
  • 62% of BEC scams involve the cybercriminal asking for gift or money cards.
  • Payment/invoice/billing scams skyrocketed by 155% in 2020.

Don’t become a cyber statistic! Read on for tips on how to recognize (and avoid) these increasingly popular email scams.

Be Skeptical

If it seems strange, investigate. Last minute changes in instructions or recipient account information is a red flag that something could be wrong. Trust your gut.

Don’t Click it

Verify information related to any contacts associated with the request. If it is a vendor requesting something, do not contact them through information provided in email – use trusted information on file. If you get a strange request from someone you work with, call them on their known phone number. A quick call can save a big headache!

Double Check that URL

If there is a URL in the email, make sure it’s associated with the business it claims to be from. Discrepancies are a likely indicator that hostile actors may be involved.

Spelling Counts

Make sure to check for misspellings in domain names. Cybercriminals will often exploit similar names, hoping that the recipient will only glance at it and not realize it is different. Writing style will also be very simple and brief with little information added.

Look for Other Clues

Does it seem strange that the CEO is contacting you personally, via email, with an urgent request? Is a manager, with whom you just had a meeting, asking you to send money? Are you receiving invoices from clients that you aren’t responsible for? All of these are common tactics that are used that can be caught by paying attention to oddities.

See Something? Say Something!

If something looks suspicious, report it to your I.T. department or your MSP! If you’ve been of victim of a BEC scam, file a detailed complaint with www.ic3.gov.

Want to learn more about how to protect yourself and your business from cybercriminals?

Back To Business I.T. specializes in creating and managing secure I.T. environments and has the tools and experience to provide proactive, customized cybersecurity training for businesses of all sizes. Don’t become a cyber-statistic! Get in touch today and let us help you take steps to ensuring your cyber safety.

Skip to content