Choosing the right IT support model for your business: in-house, outsourced, or co-managed

Image of a keyboard with a key labeled "Support"

In today’s technology-driven business landscape, having reliable and efficient IT support is crucial for smooth operations and growth. Choosing the optimal IT support model is critical for businesses facing increasingly diverse technology challenges. This blog explores the benefits of three primary IT support models – in-house, outsourced, and co-managed – to help businesses understand which option suits their unique needs.

In-House IT Support

In-house IT support involves hiring and managing a dedicated team of IT professionals within your organization. This model works best for large enterprises or businesses with complex IT needs and substantial resources. With in-house IT support, businesses have direct control over their IT operations and can align strategies with specific business objectives. It offers real-time support, immediate response to issues, and deeper knowledge of the company’s IT environment.

Benefits:

  • Direct Control and Alignment: With an in-house IT team, businesses have direct control over IT operations. The team can align IT strategies with specific business objectives, ensuring technology solutions are tailored to meet the organization’s unique needs.
  • Immediate Response: In-house IT support allows for real-time support and immediate response to IT issues. IT staff are on-site and readily available to address technical problems, minimizing downtime and disruption to business operations.
  • Deeper Knowledge of Company Environment: The in-house team gains extensive knowledge of the organization’s IT infrastructure, applications, and processes. This deep understanding enables more personalized support and tailored solutions.
  • Security and Confidentiality: In-house IT support with cybersecurity expertise allows businesses to maintain strict control over sensitive data and proprietary information, mitigating the risk of data breaches or leaks associated with external providers.
  • Customized IT Strategies: In-house teams can develop long-term IT strategies based on the company’s vision and goals, leading to better technology planning and implementation.

Cybersecurity:

  • Direct control over IT operations allows for better implementation of cybersecurity measures tailored to the organization’s specific needs. The in-house team can create and enforce strict security policies, ensuring the protection of sensitive data and proprietary information. However, limited expertise may hinder the ability to stay updated on the latest cybersecurity threats and best practices.

Ultimately, the decision to opt for in-house IT support depends on the specific needs, budget, and objectives of the organization. While it provides direct control, immediate response, and deep knowledge of the company environment, businesses must carefully consider the associated costs, scalability concerns, and potential limitations in expertise. For many small to medium-sized businesses, a combination of in-house IT support and outsourced or co-managed IT services may offer the most balanced and cost-effective solution to meet IT requirements.

Outsourced IT Support:

Outsourced IT support entails partnering with a third-party Managed Service Provider (MSP) like Back To Business I.T. This model is a popular choice for small to medium-sized businesses seeking cost-effective and expert IT solutions without the overhead of maintaining an internal IT team. Outsourced IT support provides access to a pool of specialized IT experts, 24/7 monitoring, proactive maintenance, and the latest technologies. It allows businesses to focus on core competencies while leaving IT responsibilities in the hands of experienced professionals.

Benefits:

  • Expertise and Specialization: Outsourced IT support provides access to a team of specialized IT professionals with diverse skill sets and expertise. MSPs stay up-to-date with the latest technologies and industry best practices, ensuring businesses receive top-notch support.
  • Cost-Effectiveness: Outsourcing IT support can be more cost-effective for small to medium-sized businesses compared to maintaining an in-house IT team. Businesses save on expenses related to recruitment, salaries, benefits, and ongoing training.
  • 24/7 Monitoring and Support: MSPs typically offer round-the-clock monitoring and support, providing continuous surveillance of IT systems and rapid response to any issues, even during non-business hours.
  • Proactive Maintenance: MSPs take a proactive approach to IT management, identifying potential problems before they become major issues. This helps prevent downtime and keeps the business running smoothly.
  • Scalability and Flexibility: Outsourced IT support can easily scale up or down to match business needs. It offers the flexibility to add or remove services as required, making it an adaptable solution for evolving businesses.
  • Focus on Core Competencies: By outsourcing, businesses can focus on their core competencies and strategic initiatives, freeing up time and resources to drive innovation and growth.
  • Access to Advanced Technologies: MSPs have access to cutting-edge technologies and tools, enabling businesses to leverage the latest solutions without investing in expensive infrastructure.

Cybersecurity:

  • External MSPs, like Back To Business I.T., specialize in cybersecurity and stay informed about emerging threats. They implement robust security protocols, conduct regular monitoring, and offer proactive maintenance to protect businesses from cyber threats. However, businesses must carefully vet MSPs to ensure they have robust security practices in place.

Businesses looking to outsource IT support should carefully select a reliable MSP, consider data security, and establish effective communication to ensure a seamless and productive partnership.

Co-Managed IT Support:

Co-Managed IT support, like the services provided by Back To Business I.T., is an ideal option for businesses that already have an in-house IT team but require additional expertise and support. With this model, the internal IT team collaborates with an external MSP, benefiting from their industry knowledge, advanced tools, and resources. Co-Managed IT support offers enhanced IT capabilities, faster issue resolution, and the flexibility to scale IT resources based on business demands.

Benefits:

  • Augmented Expertise: Co-Managed IT support offers businesses the advantage of combining the knowledge and skills of their internal IT team with the specialized expertise and resources of an external MSP. This partnership ensures a more robust and comprehensive strategy.
  • Flexibility and Scalability: The co-managed model allows businesses to scale based on their fluctuating needs. During peak periods or specific projects, the MSP can provide additional resources and support, enabling the internal IT team to focus on core tasks.
  • Enhanced Efficiency: By sharing responsibilities with an external MSP, the internal IT team can offload routine tasks and focus on strategic initiatives and innovation. This leads to improved efficiency and productivity within the IT department.
  • Proactive Problem-Solving: Co-managed IT support brings together the collective insights of both internal and external teams, leading to a more proactive approach to IT problem-solving and risk management.
  • Cost-Effectiveness: Businesses can gain access to specialized IT resources without bearing the full cost of maintaining a larger in-house team. Co-managed support allows businesses to optimize their IT budget effectively.
  • Increased Coverage: With the MSP’s 24/7 monitoring and support capabilities, businesses can ensure continuous coverage and quick response times to IT issues, even outside regular working hours.
  • Industry Best Practices: The collaboration with an external MSP introduces the organization to industry best practices, emerging technologies, and innovative solutions that can drive business growth.

Cybersecurity:

Co-managed IT support combines the expertise of the internal IT team and the external MSP, leading to a comprehensive cybersecurity approach. The MSP’s industry best practices and insights enhance the organization’s security posture, while the internal team maintains an in-depth understanding of the company’s specific security requirements.

Co-Managed IT support offers businesses the best of both worlds, leveraging the expertise of their internal IT team alongside the specialized knowledge and resources of an external MSP. While communication and coordination are crucial to the success of this model, the benefits of flexibility, scalability, and cost-effectiveness make co-managed IT support an attractive option for businesses.

Which IT Support Model is Right for Your Business?

In-House:

  • Best suited for large enterprises with extensive IT needs and resources.
  • Provides direct control over IT operations.
  • Offers on site response and deeper knowledge of the company’s IT environment.

Outsourced:

  • Ideal for small to medium-sized businesses seeking cost-effective expert IT solutions.
  • Provides access to specialized IT experts, 24/7 monitoring, and the latest technologies.
  • Allows businesses to focus on core competencies while leveraging external IT expertise.

Co-Managed:

  • Perfect for any size business with an in-house IT team in need of additional expertise and support.
  • Enables collaboration with an external MSP for enhanced capabilities and issue resolution.
  • Offers flexibility to scale IT resources based on business demands.

Choosing the right IT support model is a crucial decision that directly impacts your business’s efficiency, security, and overall success. Back To Business I.T. provides tailored solutions to keep your business thriving in the digital age. Our goal is simple: to help you get back to business. Contact Back To Business I.T. at 937.490.5600 or schedule an IT Assessment today to explore how we can empower your business with the right IT support model.

The Impact of NIST SP 800-171 Revisions on CMMC Compliance

Impact of NIST SP 800-171 Revisions on CMMC Compliance

Maintaining compliance with the evolving Cybersecurity Maturity Model Certification (CMMC) requirements is crucial for defense contractors and organizations. In this article, we’ll explore the recent revisions of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 and their direct impact on CMMC compliance. As a leading provider of cybersecurity solutions, Back To Business I.T. aims to empower defense contractors with the necessary insights to navigate these changes effectively.

Understanding NIST SP 800-171 serves as the baseline for protecting Controlled Unclassified Information (CUI) on nonfederal systems and organizations. These guidelines establish essential security requirements that federal agencies and government contractors must follow when handling sensitive information. CUI encompasses data such as intellectual property, health information, and critical energy infrastructure information. Compliance with NIST SP 800-171 is a prerequisite for defense contractors seeking to secure Department of Defense (DoD) contracts.

The Impact of NIST SP 800-171 Revisions on CMMC Compliance

The revisions in NIST SP 800-171, particularly the upcoming Revision 3, significantly influence the compliance landscape for defense contractors pursuing CMMC certification. Let’s explore how these revisions affect CMMC compliance:

  1. Enhancing Alignment: NIST has aligned the language of SP 800-171 Revision 3 with the closely related SP 800-53 Rev. 5, enabling defense contractors to apply the technical tools and controls outlined in SP 800-53 to achieve CMMC compliance. This alignment streamlines the implementation process and ensures a consistent approach to cybersecurity.
  2. Strengthening Security Requirements: The revised NIST SP 800-171 places increased emphasis on cybersecurity, reflecting the evolving threat landscape and state-level espionage targeting CUI. The new requirements address specific threats to CUI and incorporate state-of-the-practice cybersecurity controls. By adhering to these enhanced security requirements, defense contractors can bolster their cybersecurity posture and better protect sensitive information.
  3. Simplifying Implementation: NIST SP 800-171 Revision 3 introduces clearer instructions and specific criteria, reducing ambiguity and facilitating easier implementation. This streamlining of requirements simplifies the compliance process and enables defense contractors to align their cybersecurity practices with the latest industry standards.
  4. Aligning with Future CMMC Levels: The revisions in NIST SP 800-171 provide a foundation for future CMMC levels beyond Level 3. By incorporating the enhanced security requirements and alignment with SP 800-53 Rev. 5, defense contractors get a head start in preparing for future CMMC levels, ensuring a smooth transition as the certification evolves.

To achieve CMMC compliance, defense contractors must remain up-to-date with the revisions in NIST SP 800-171.

The upcoming Revision 3 brings enhanced alignment, strengthened security requirements, simplified implementation, and a forward-looking approach to future CMMC levels. By effectively understanding and implementing these revisions, defense contractors can ensure their cybersecurity practices meet the rigorous standards required for DoD contracts.

Back To Business I.T. is committed to supporting defense contractors on their journey towards CMMC compliance, and we’re ready to provide tailored cybersecurity solutions. Take the first step today by scheduling a gap analysis with our expert cybersecurity consultants.

Department of Defense prepares rollout of national cybersecurity standards

DoD cybersecurity standards

By Tyler Greenwood, Vice President of Back To Business I.T. (originally published in the Dayton Business Journal)


Cyber incidents like the SolarWinds attack in 2019 and the Colonial Pipeline ransomware attack in 2021 have the U.S. Department of Defense (DoD) taking urgent action to strengthen national cybersecurity regulations.

report released last November found most prime contractors (and their subcontractors) hired by the DoD in the last five years failed to meet minimum cybersecurity standards, putting U.S. national security at risk. Security gaps in the federal supply chain have been well known for years, but attempts to fix them have failed.

Enter: CMMC

In response to heightened security risks, the DoD introduced Cybersecurity Maturity Model Certification (CMMC) program. Its goal is to ensure any company involved in the federal supply chain is protecting controlled unclassified information.

Under CMMC guidelines, more than 300,000 contractors must meet 110 NIST SP 800-171 controls, which the government sees as a reasonable cyber risk management approach. In addition, 80,000 of these organizations must complete a third-party assessment and certification to continue bidding on defense contracts.

When will CMMC certification be required?

The DoD is expected to release a final rule on CMMC framework by March 2023, which means contractors could start seeing requirements in RFPs/RFIs as early as May.

If your business is one of the 80,000 contractors that requires an outside assessment and certification, you may have less than a few months to do so. Failure to achieve compliance before the published rule could mean leaving money on the table and losing the ability to do business with the Department of Defense.

Getting started

If your company is still in the beginning stages of CMMC compliance, the time to act is now. Preparation and implementation of the following requirements can take upwards of 18 months. To get started on compliance, contractors should immediately:

  • Work toward meeting the 110 controls in NIST SP 800-171.
  • Identify their Supplier Performance Risk System (SPRS) score.
  • Create a system security plan (SSP).
  • Document plans of action and milestones (POA&M) to demonstrate how you intend to close any gaps for controls not yet met.

Next steps

If your organization has already started on CMMC compliance, consider conducting a preliminary self-assessment to see if you satisfy requirements. This can provide a range of helpful information to ensure you have everything functioning as expected once you’re ready to formally self-attest or go for your official certification.

If your business wants consultative guidance, including assistance walking you through standards you didn’t meet, explaining why, and offering suggestions on closing those gaps, you might find it beneficial to work with a CMMC Registered Provider Organization (RPO), such as Back To Business I.T.

As a full-service I.T. firm and the region’s leading CMMC-AB RPO, Back To Business I.T. can help you achieve NIST SP 800-171 compliance as well as help you prepare your plan of action and milestones (POA&M) and system security plan (SSP) required for CMMC certification. Learn more at www.backtobusinessit.com/cmmc-readiness.

8 Spooky Cybersecurity Statistics To Help You Prepare For The Worst

cybersecurity statistics

A cyberattack is a scary event. It can shut down a business, cripple a government, and even incapacitate an entire country if the right measures aren’t taken to prevent it from happening.

THIS HALLOWEEN, WE BRING YOU EIGHT SPOOKY CYBERSECURITY STATISTICS THAT EMPHASIZE THE DANGERS OF CYBER THREATS AND URGE YOU TO PREPARE FOR THE WORST.
  1. 54% of small and medium-sized businesses (SMBs) say their I.T. departments are not sophisticated enough to handle advanced cyberattacks. (Sophos)
  2. As of February 2022, there were 8.77 million new pieces of malware circulating the Internet of Things (IoT) and mobile app stores. (AV-TEST)
  3. A ransomware attack takes place against a business every 14 seconds. (Cybersecurity Ventures)
  4. 91% of SMBs haven’t purchased cyber liability insurance, despite awareness of risk and the likelihood that they would be unable to recover from an attack. (Cybersecurity Magazine)
  5. Almost 89.7% of US businesses saw at least one successful cyberattack within a 12-month period. (CyberEdge Group)
  6. 53% of business leaders agree that remote work has made it much easier for hackers and cybercriminals to take advantage of them. (Norton)
  7. 50% of data breach incidents involve phishing and social engineering. (Trustwave)
  8. On average, only 5% of companies’ folders are properly safeguarded. (Varonis)

A large number of organizations still remain unprepared for a cyberattack – please be proactive and prepare now by contacting us – we can implement multi-factor authentication, roll out company-wide security training campaigns, and implement policies and procedures to help you keep your business and sensitive data protected. Don’t become a cybersecurity statistic!

What to Expect When Applying for Cyber Insurance

cyber insurance
Several years ago, cyber insurance was just an add-on to larger policy discussions, but with the rise of malicious online attacks, it’s jumped to the forefront and has become one of the most expensive policies under a company’s insurance coverage. Here’s how to ace your application and get the best rates.

Cybercrime is a multibillion-dollar industry. Even with careful security measures in place, it remains a constant struggle for businesses to stay one step ahead of hackers looking to extort them. Phishing emails, malware, security breaches, network security issues, and computer system breakdowns are just a few examples of the kinds of cyber risk that can cause serious liability or revenue loss. That’s why proper cyber liability insurance remains a vital risk-transfer tool for organizations of all sizes.

For businesses attempting to acquire cyber insurance, the application process itself can be daunting. Application forms aren’t standard and can be very complex — what used to be a seven-question application has evolved over the last few years into a multi-page document broken out into various categories. Truth be told, it can read less like an application and more like an audit questionnaire. (Check out a sample cyber insurance application here.)

Insurers want to be as thorough as possible when evaluating an organization’s cybersecurity infrastructure and deciding their level of risk. They depend on the detail contained in the application to determine how well the people, processes, and technology can protect and respond to cyber threats. Any vagueness or incorrect information can create major issues later on if (or when) a claim is filed.

If you’re planning on applying for cyber insurance, it’s important to identify your company’s cyber risks prior to submitting the application. Specifically, insurers will ask for:

  • The basics — What industry you operate in, as well as how much and what type of information your organization stores, processes, and transmits. In addition, underwriters want to see how you manage data security and who oversees cyber-related matters.
  • Information security — Do you have a formal program in place to test and audit security controls? Underwriters also typically look to see if you have basic controls in place, including firewall technology, anti-virus, and intrusion detection software.
  • Breach history — Have you been breached before? Is the data you house vulnerable? How effective are your data security techniques moving forward?
  • Data backup — Underwriters want to know if you back-up all your valuable data on a regular basis, if you utilize a redundant network, and if you have a disaster recovery plan in place.
  • Company policies and procedures — What type of cybersecurity and incident response policies do you have in place? For example, how do you handle password updates, the use of personal devices, and revoking network access to former employees?
  • Compliance with legal and industry standards — Failing to comply with cyber-related legislation can be incredibly costly, and insurers want to know how you handle compliance. Specifically, whether you are compliant with applicable regulatory frameworks, are a member of any outside security or privacy groups, or utilize out-of-date software and hardware.

Although the cyber insurance application is more rigorous than most insurance applications, you can secure the best rate by doing your due diligence and prepping ahead of time. Being honest about the risks and vulnerabilities your company may face from cyber threats will also help you get the right policy coverage.

Need help applying for cyber insurance or meeting specific criteria? Talk to an expert at Back To Business I.T. today!

CMMC 2.0 Updates

cmmc 2.0 updates

WHAT IS CMMC 2.0?

The Cybersecurity Maturity Model Certification (CMMC) was introduced by the U.S. Department of Defense (DoD) on January 31, 2020 to ensure the protection of sensitive unclassified information or controlled unclassified information (CUI).

Originally, the CMMC framework had five levels of cybersecurity maturity (basic to advanced/progressive) and affected more than 300,000 defense contractors. However, on November 4, 2021, the DoD formally announced the CMMC 2.0 framework. This updated version seeks to simplify the model and reduce compliance costs by streamlining the program and scaling back the requirement that all defense contractors obtain third-party certification of their cybersecurity capabilities. Under CMMC 2.0, about 80,000 contractors will have to undergo third-party assessments while contractors at non-critical CUI levels are able to self-certify. Additionally, contractors who are not yet in full compliance with applicable cybersecurity requirements will be permitted to perform less sensitive contracts if they make a Plan of Action & Milestones (POA&M) and commit to completing the remaining requirements within specified dates. These changes are reflected in the diagram below (published by the DoD):

WHAT ARE THE NEW LEVELS?

1️⃣ Level 1 (Foundational) only applies to companies that focus on the protection of federal contact information (FCI). It is comparable to the old CMMC Level 1. Level 1 will be based on the 17 controls found in FAR 52.204-21, Basic Safeguarding of Covered Contractor Information, and focus on the protection of FCI. These controls look to protect covered contractor information systems and limit access to authorized users.

2️⃣ Level 2 (Advanced) is for companies working with controlled unclassified information (CUI). It is comparable to the old CMMC Level 3. CMMC 2.0 Level 2 (Advanced) requirements will mirror NIST SP 800-171 and eliminate all practices and maturity processes that were unique to CMMC. Instead, Level 2 aligns with the 14 families of security requirements and 110 security controls developed by the National Institute of Technology and Standards (NIST) to protect CUI. Accordingly, the 20 requirements in the old CMMC Level 3 that the DoD had imposed were dropped, meaning that the new Level 2 (Advanced) is in complete alignment with NIST SP 800-171.  Identified within DoD contracts under DFARS 252.204-7012 clause.  DoD is still working to define the “critical” CUI information.

3️⃣ Level 3 (Expert) is focused on reducing the risk from Advanced Persistent Threats (APTs). It is designed for companies working with CUI on the DoD’s highest priority programs, estimated to be about 600 companies. It is comparable to the old CMMC Level 5. The DoD is still determining the specific security requirements for the Level 3 (Expert), but has indicated that its requirements will be based on NIST SP 800-171’s 110 controls plus a subset of NIST SP 800-172 controls.

WHEN WILL CERTIFICATION BE REQUIRED?

The DoD is in the rulemaking process and negotiations with the CMMC Accreditation Body, which is expected to take an additional 9-24 months. While these rulemaking efforts are ongoing, the DoD is suspending mandatory CMMC certification, however, it is strongly recommending defense contractors act now and get CMMC assessed/certified to minimize the risk of DIB companies exposing sensitive unclassified information.

HOW TO GET STARTED

Defense contractors looking to start their CMMC compliance journey should look into meeting the 110 controls in NIST 800-171 as soon as possible, as preparation and implementation can take up to 18 months or more.

Not only can we help you achieve NIST-SP 800-171 compliance, but we can also perform a comprehensive gap analysis and determine your current SPRS score.  Then work with you on a plan to resolve areas of non-compliance. As a full-service I.T. firm, we can also implement solutions to address gaps so you are ready for CMMC certification and future audits.

CONCLUSION

CMMC 2.0’s cybersecurity standards will better arm the DoD in its efforts to defend against cyberattacks that threaten U.S. critical sectors. But it’s clear that the DoD cannot wait for CMMC 2.0 formalized assessments to improve cybersecurity in the Defense Industrial Base. While the CMMC 2.0 requirements work their way through the federal rulemaking process, enforcement of federal cybersecurity regulations governing defense contractors has stepped up. If you’re seeking future business with the Department of Defense, it’s important you get started on the compliance path right away.

Ransomware 3.0 | Cyber Risks in IoT Devices

news from microsoft

Ransomware 3.0

Ransomware attacks continue to get worse. They have now expanded to extort not just the companies, but also contractors and customers, in a “Triple Threat”. In addition to encrypting a victim company’s data, they will also exfiltrate, or download, copies of company data and emails. They will ask for one ransom to decrypt the computers, a second ransom to not make the stolen data public, and then the newest ransom attack. They reach out and present the data to customers, contractors, and business partners and demand a ransom from them in order to not have the data published. With phishing emails still being the number one attack vector for ransomware, be sure you have sufficient protection for your company. A combination of quality user education, phishing exercises and awareness campaigns, and system endpoint protections provides an in depth defense to this constantly evolving threat.

What does this mean for your business?

Back To Business I.T. has you covered. Our cybersecurity training programs are customized to meet the needs of your workforce and are designed to create a “human firewall” inside of your business. Building upon that, we offer state-of-the-art intrusion detection systems to stay one step ahead of cybercriminals. Don’t become a cyber statistic. Contact our team today and get Back To Business.

LinkedIn breach could mean your information was exposed

Just when you thought you had seen it all, think again! LinkedIn is the latest victim of phishing attacks. According to USA Today, firms are stating that cyber attackers are now posing as “boring, authentic, cubicle-office dwellers.” On top of these reported phishing attempts, CyberNews reports that the cyber attackers have also scraped data from 500 million LinkedIn accounts. The information leaked includes LinkedIn IDs, full names, email addresses, phone numbers, and various other sensitive information. Due to the leak of information, customers may be susceptible to increased email and text spamming or phishing.

What does this mean for your business?

Tighten up your security measures, and encourage your employees to do the same. Be conscious of strangers requesting to follow your LinkedIn profile. Consider changing your password periodically. Enable two-factor authentication for your account if possible. This additional layer of security serves as another barrier between your information and bad actors on the internet.

Manufacturing systems and IoT devices present high risk

IOT and other embedded manufacturing systems can present a high risk to your data and operations if not properly secured. Basic security steps can greatly improve your overall risk posture. From doorbells and cameras to CNCs and additive manufacturing systems, there are simple steps you can take to reduce the risk and exposure of the business side of your operations.

What does this mean for your business?

Your network is unique, and your security measures should be too. Your manufacturing systems and devices should be protected using industry best practices. Preventative steps such as changing default passwords, keeping your systems properly patched, and separating crucial systems from the rest of your network can make the difference between a few minutes of down time, and your entire operations coming to a halt. Our team is experienced in manufacturing environments, and passionate about our clients’ security. Contact us today to learn what we can do for your operations.

Microsoft announces 24 new issues posing cybersecurity threats

Microsoft announced the discovery of 24 issues in a wide range of IoT and OT devices. These issues allow malicious individuals to execute code on or crash your devices. This affects a wide range if industrial, medical, and enterprise devices. It is vital to your security to have an active inventory of the assets on your network, monitor them for vulnerabilities, and patch them regularly.

What does this mean for your business?

Our team of experts stands ready to help your organization take care of risks inside your network that you might not know are there. Cyberattacks are at an all-time high…and getting worse every day. We are here to help!

Cybersecurity risks continue to evolve, and so do our tools to fight them. We are passionate about protecting small businesses, and stay up to date on technology and cybersecurity best practices. Contact us today and let us show you how our cybersecurity services can help your business stay safe in an uncertain world.

Call us at 937-490-5600 or Contact Us to learn more or get started.

Common Sense and Cybersecurity

Common sense and cybersecurity

Earlier this month, Colonial Pipeline’s operations came to a halt after a ransomware attack orchestrated by DarkSide, an Eastern European cybercriminal organization. It took several days after the May 7 attack for the company to begin restarting parts of their systems as well as the mainlines. The effects were widespread and felt by most of us – gas prices at the pump fluctuated almost immediately.

As a society, we are becoming increasingly desensitized to news like this. Cyberattacks happen so often, it seems, that it’s hardly news. So why is it that so many businesses still don’t take cybersecurity seriously? There’s a shroud of mystery surrounding cyber – the media portrays hackers as hooded criminals lurking in a dark room. And while cybercrime methods change constantly, there are measures companies and individuals can take to protect their data. Those steps aren’t mysterious; they’re not hidden. Maybe they’re so simple – so rooted in common sense – that it’s easy to overlook them, and dismiss their importance.

 “The problem with common sense is that it is not so common.”

Maybe it’s easy to dismiss simple ways to implement cybersecurity because “well, everyone knows to do that.” The truth is maybe not everyone knows. Maybe “common sense” isn’t as common as we would like to think. For example – do you lock your doors when you’re not home? Chances are you do. It’s one of the most basic things to prevent entry and protect what’s inside. One of the easiest ways to protect your business data is to password protect your computer systems. This most rudimentary of security measures, which costs nothing to implement is still not being used by many businesses.

Along the lines of common sense, let’s revisit the events following the Colonial breach. Gas prices increased, media coverage heightened awareness of a potential (temporary) shortage. Some people took to the pumps to fill up before it got worse. Others took more drastic measures, filling up plastic bags with gasoline. Common sense would tell (most of) us it’s a bad idea to fill a plastic bag with gasoline, but the truth is not everyone has the same thought process and the same information. So much so that the US Consumer Product Safety Commission announced on social media that it was, in fact, a bad idea to fill plastic bags with gasoline.

This is an extreme case, most of us probably understand why it’s not a good idea to fill a bag with gasoline. But many businesses are doing the cybersecurity-equivalent of this, likely without realizing it. For example, if your company has data on computers that aren’t password-protected, or even protected by passwords such as “password1234” – that’s a potentially disastrous situation.

Cybersecurity: Start with common sense

Cybersecurity for your business doesn’t have to be complicated, unattainable, and cost-prohibitive. It would be irresponsible for us to reduce cybersecurity to just password-protecting your computers – but the truth is that you can start with simple steps like that. The password illustration is easy to understand but is by no means the gold standard as far as security measures go. Using common sense – perhaps the best of the senses – can help jumpstart your cyber approach. Your business technology is unique; your cybersecurity strategy should be unique, too. We can start where you are – whether that is as simple as password-protecting your systems or as complicated as monitoring network traffic for anomalies. Every business that uses technology in some way is vulnerable to cyberattacks, from pipelines to pop-up boutiques. Don’t wait until something disruptive brings your operations to a halt. Let’s start today.

Contact our team to talk about cybersecurity solutions for your business, from the tried-and-true to the cutting edge.