Your clients rely on you to be there when they need you and to keep their information safe. The vendors you choose and policies you implement could hurt them. When you can’t work because your network is down, your server was destroyed by a fire or your computers are tied up because an employee clicked on ransomware, your clients see you as unreliable. If you suffer a cybersecurity breach, the attack can spread to your clients, making it highly likely they’ll stop working with you. You’ve become a risk to them.
It doesn’t have to be this way. Here’s how you can avoid the most critical vulnerabilities we see.
Every Time We Do Phishing Tests, We Find People Clicking
Clicks on spam emails are up because of the pandemic. Crafty cybercriminals are manipulating distracted employees, using appeals to emotion in phishing campaigns and taking advantage of overworked IT departments to successfully target people working from home.
This is a serious concern for every organization. Even before everyone started working from home, Business Email Compromise (BEC) was the costliest, most reported cybercrime to the FBI. In these attacks, hackers send emails containing fraudulent requests or malware and dupe people into giving up information, clicking links or sending money.
Fight back: regularly educate employees
Businesses that are aware of these threats ask us for the most inexpensive and effective way to reduce their risk. It’s simple: Train your team on what to look for. Part of our cybersecurity awareness training includes sending phishing tests to see who falls for the scam. Every time we send them, people click. We provide remedial training and testing to ensure everyone on staff is learning and reducing the company’s vulnerability.
Don’t fall into the trap of thinking you’re immune.
3 Ways to Protect Your Business, Inside and Out
Training everyone in your organization about phishing threats is one way to stay safe, but it’s not the only tool in your arsenal. You want to follow today’s IT security best practices and work with trusted experts.
1. Build layers of protection
A firewall can’t comprehensively secure your business. You need to combine tactics like:
- Continually monitor your network to detect threats before they turn into breaches
- Fortify your hardware against external threats
- Use email encryption to secure your communications
- Back up your data
- Scan the Dark Web to see if credentials are compromised
You likely have access to many of these solutions. For instance, email encryption is built into Microsoft 365. Here’s an overview of tools you probably already have.
2. Thoroughly vet your vendors
In 2019, the cities of Bakersfield and Thousand Oaks experienced breaches because of third-party vendors. Infamously, a HVAC contractor was the cause of Target’s breach in 2013. When your partners don’t take security seriously, they put you and your clients at risk.
Even providers who value security can create issues in other ways. Unresponsive vendors prolong problems and prevent you from working. Mundane issues, like a down printer, create a distraction and stymie work. We recently stepped in to fix a local business’ printer when their regular IT provider couldn’t resolve the issue. In the words of the client, our engineer delivered “… valuable solutions to the issues that needed to be resolved, which will save our company time and productivity in the long run.”
Before working with anyone, ask for client testimonials and read reviews. If you have doubts your current provider is taking adequate steps to protect their business and yours, get a third-party assessment. The practical recommendations can improve your security posture immediately and will help you decide if you need find a stronger IT partner so you can sleep at night.
3. Eliminate single points of failure
Single points of failure can occur in your IT infrastructure and your providers. Without an adequate backup system, you won’t have a way to restore data that’s accidentally deleted or compromised in an attack. But this isn’t your only potential single point of failure. Your business partners can be a liability too.
One client recently had to pause their Azure migration because they need to rebuild their website. They had one person managing their site and, unfortunately, he passed away. There was no documentation or policies in place to provide continuity in the management of their website. As a result, the client has to purchase a new domain and completely rebuild their website, incurring unexpected costs.
Fight Back, Protect Your Clients and Stay in Business
If you create a vulnerability for your clients, how will they react? What would you do if one of your partners leaves you in the lurch and stops you from working for days or weeks at a time? Don’t let these questions keep you up at night.
Get an assessment to see if you’re putting your clients at risk or if your vendor is putting you at risk. Contact us to get started today.