Massive Layoffs In 2024 Create A Serious Threat To Your Cybersecurity

by | Jul 19, 2024 | Newsletter

The massive wave of layoffs in 2024 brings a cybersecurity threat that most business owners aren’t focusing on – offboarding employees. Even big-time brands that you would expect to have top-of-the-line cybersecurity systems, processes and procedures in place fail to adequately protect themselves from insider threats. This August marks a year since two disgruntled Tesla employees went rogue after being let go and exposed the personal information – including names, addresses, phone numbers and even the Social Security numbers – of over 75,000 people, including employees.
And, of course, the issue is expected to get worse. According to NerdWallet, as of May 24, 2024, 298 US-based tech companies have laid off 84,600 workers and counting. This includes major layoffs at big companies like Amazon, Google and Microsoft, as well as smaller tech start-ups. In total, around 257,254 jobs were eliminated in the first quarter of 2024 alone.
Whether or not you’ll need to downsize your team this year, having a proper offboarding process in place is essential to every business, big or small, because it’s more than a routine administrative task – it’s a critical security precaution. Failing to revoke access for former employees can lead to serious business and legal implications later.
Some of those issues include:
  • Theft Of Intellectual Property  Employees can sneak away with YOUR company’s files, client data and confidential information stored on personal devices, as well as retain access to cloud-based applications like social media sites and file-sharing sites (Dropbox or OneDrive, for example) that your IT department doesn’t know about or forgets to change the password to.
A study by Osterman Research revealed that 69% of businesses experience data loss due to employee turnover, and 87% of employees who leave take data with them. Most often, the information you worked hard to gather is sold to competitors, used by them when they’re hired by the competition or used by the former employee to BECOME a competitor. Any way you cut it, it screws YOU.
  • Compliance Violations – Failing to revoke access privileges and remove employees from authorized user lists can register you as noncompliant in heavily regulated industries. This simple mistake can result in large fines, hefty penalties and, in some cases, legal consequences.
  • They DELETE Everything – If an employee feels unfairly laid-off and retains access to their accounts, they could easily delete ALL of their e-mails and any critical files they can get their hands on. If that data isn’t backed up, you will lose it ALL. And for those thinking, “I’ll sue them!” Rightfully so, but even if you do sue them and win, the hard reality is that the legal costs, time wasted on the lawsuit and recovering the data, plus the aggravation and distraction of dealing with it all, are greater costs than what you might get awarded if you win the lawsuit and might collect in damages.
  • Data Breach – This could be the most terrifying of all. Unhappy employees who feel they have been wronged can make you the star of the next devastating data breach headline and incur a costly lawsuit to go with it. It could be as simple as making one click and downloading, exposing or modifying your clients’ or employees’ private information, financial records or even trade secrets.
Do you have an airtight offboarding process to curb these risks? Chances are you don’t. A 2024 study by Wing revealed that one out of five organizations has indications that some of their former users were not properly offboarded, and those are the people who were astute enough to detect it.
How DO you properly offboard an employee?
  • Implement The Principle Of Least Privilege – Successful offboarding starts with proper onboarding. New employees should ONLY be given access to the files and programs they need to do their jobs. This should be meticulously documented to make offboarding easier.
  • Leverage Automation – Your IT team can help use automation to streamline revoking access to multiple software applications simultaneously, saving time and resources while reducing the likelihood of manual errors.
  • Implement Continuous Monitoring – You can implement software that tracks who is doing what and where on the company network. This can help you identify suspicious behavior by an unauthorized user and help you determine if a former employee retains access to private accounts.
These are only a few ways your IT team can help improve your offboarding process to make it more efficient and secure.
Insider threats can be devastating, and if you think this can’t happen to you, think again. You have to be proactive in protecting your organization.
To find out if any gaps in your offboarding process expose you to theft or a data breach, our team will do a free, in-depth risk assessment to help you resolve it. Call us at 216-800-7800 or click here to book now.

Frustrated With BAD Tech Support? You Are Not Alone

Frustrated With BAD Tech Support? You Are Not Alone

by | Jul 10, 2024 | Newsletter

A recent stream of Reddit comments emerged detailing a series of poor customer service experiences with tech support. While I typically try to stay clear of Reddit and its gang of chronic whiny-pants commenters, I scrolled through a few, you know, for research purposes since I’m in the industry. A few of the complaints sounded so outlandish – like the lady who claimed the technician took a bathroom break in her attic – that it almost seemed impossible they could be true. However, other more common issues on the thread I’ve experienced myself, and to be candid with you, they sucked!
When you are experiencing a tech emergency – be it a broken printer, hardware malfunctions, Internet connectivity issues, login troubles or something similar – poor tech support only worsens the irritation. It leaves you with frustrated employees who can’t efficiently get their jobs done because they’re troubleshooting their tech and on hold with an IT company that is “looking into it” and irritated customers who just want a smooth process when dealing with your organization.
This can result in losing customers and A-player employees to your competitors that don’t have these same daily issues. At first, it might seem dramatic that a few unresolved “tech issues” could cause such a stir, but as these problems continue to repeat themselves, with no solution in sight, resentment grows and will eventually result in these people seeking organizations that don’t have to deal with such headaches.
What can you do to get ahead of the problem? Start by polling your employees. Ask them questions that will help you “grade” your current IT company to see if they’re dealing with your team as fast and efficiently as they should. Here are a few questions to ask:
  1. Do you experience any recurring technical problems that haven’t been fully resolved? If so, what are they?
  2. How would you rate the response time of the IT support team when you encounter a technical issue?
  3. Have you found the IT support team to be knowledgeable and helpful in resolving your issues?
  4. Do you feel that the IT company communicates effectively and keeps you informed about the status of your requests?
  5. How would you describe your overall satisfaction with the support provided by our IT company?
These questions take only a few minutes to answer and can help you gain valuable insight into whether or not your current IT team is properly handling issues or if there is trouble brewing within your organization that you weren’t aware of.
If you would like to see what good IT support actually looks like, we’ll do TWO FREE hours of support for your organization.
Here are SOME of the ways you could use your time with us:
  • Diagnose any computer network problem you are experiencing.
  • Check your network’s security against hacker attacks and viruses.
  • Scan and review for spyware.
  • Check your network backup system to make sure it is working properly.
  • Diagnose slow, unstable PCs.
  • Have us conduct our proprietary 57-point IT Systems Security And Performance Assessment.
  • Discuss a project or upgrade you are considering, or even get a second opinion on a quote you received.
To get started, give our team a call at 216-800-7800 or click here to book your call now.

Apple Might Never Have Released The Macintosh If This Happened

Apple Might Never Have Released The Macintosh If This Happened

by | Jun 12, 2024 | Newsletter

Steve Wozniak was asked in an interview what he would have done differently if he had been Apple’s CEO instead of Jobs. He said he would have been “a lot nicer to people,” but then quickly added that IF he had been CEO, they might never have released the Macintosh.
Jobs was known for being ruthless and controlling, rude and ill-tempered, driven by a desire for perfection and pushing people to bring products out before they were ready, creating enormous strain within the organization. The OG “mean girl.” Many people couldn’t tolerate working for him, and I’m sure he missed out on a lot of talent for this reason. But in spite of that – or more possibly because of that – he was able to build one of the world’s most iconic brands and successful companies.
I’m not sure that level of “disagreeableness” is necessary for us mere mortals running small businesses vs. the enterprise builders like Jobs, but I do know this: FAR too many business owners tolerate FAR too much from too many people: employees, vendors, clients or otherwise!
One of the reasons so many people loved the character Tony in The Sopranos was because, deep down, they secretly wished they had his backbone and confidence, not taking anything from anyone AND bold enough to do something more than simply holding a grudge against someone who wrongs them.
I’m not suggesting his level of corruption, anger or response is good or healthy. That’s not my point. What I’m saying is that many people would do far better in life if they were unafraid to stand up for themselves, not allowing themselves to be affected by critics and instead becoming a more imposing, respected alpha leader, unafraid of speaking their mind and standing their ground.
This translates directly to the security of your business. If you cower and fear taking a stand for yourself, failing to draw a HARD LINE to protect yourself and your organization, you WILL be taken advantage of. It’s really that simple. There are a lot of people out there with their own agendas who aren’t going to give a rip about you. Many want to take you out, harm you and damage you for their own personal gain, particularly cybercriminals, whose job it is to capitalize on YOUR hard work. To steal YOUR profits. To sneak into your network and steal YOUR data, putting on the line your livelihood and everything you’ve spent years of blood, sweat and tears building.
As a business leader, you must assume a Tony Soprano–level toughness about this. ZERO tolerance for it: be awake and alert, look for such enemies at the gate and get rid of them before the damage they do is irreversible. Further, you need to protect yourself by putting the necessary protections in place to prevent those who mean you harm from getting into your network in the first place. The cold, hard truth is that, at the end of the day, as a leader in your organization, if you’re the victim of a cybercrime, YOU will be the one they blame. Your tail is on the line, and reporters won’t be timid about blasting that headline all over the news.
Business isn’t all about being tough on others – it’s also about innovation and driving your company forward, using the best strategies and best practices of those who lead the way, including protecting what you’ve built. It can all be taken away with one wrong mouse click if you don’t have the foresight to get ahead of the problem.
To stay ahead of the cybercriminals and make sure you’re protected book a 10-Minute Discovery Call with our team of experts to get a free IT Risk Assessment. We’ll perform analysis of your network to identify any vulnerabilities and provide you with a plan of action to fix them. This assessment will give you the peace of mind to do what you do best and focus on growing your business.
Click here to book your call now or give us a call at 216-800-7800.

Understanding Multi-Factor Authentication: A Comprehensive Guide

by | Jun 5, 2024 | Newsletter

In today’s increasingly digital world, the security of our online accounts and sensitive information has never been more crucial. Cyber threats are evolving, and traditional single-layer defenses like passwords are no longer sufficient to keep our data safe. This is where Multi-Factor Authentication (MFA) comes into play. As a critical component of modern cybersecurity strategies, MFA provides an extra layer of protection that can make a significant difference in safeguarding against various cyber threats.
What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more verification factors to gain access to a resource such as an application, online account, or VPN. Rather than just asking for a password, MFA involves a combination of the following:
  1. Something You Know: A password or PIN.
  2. Something You Have: A smartphone, hardware token, or smart card.
  3. Something You Are: Biometrics like fingerprints, facial recognition, or voice recognition.
By combining these factors, MFA ensures that even if one element (like a password) is compromised, unauthorized users are unlikely to gain access without the additional required factors.
How to Use Multi-Factor Authentication
Implementing MFA is straightforward and highly effective. Here’s how you can set it up and use it:
Step 1: Enable MFA on Your Accounts
Most major online services, including email providers, social media platforms, and financial institutions, offer MFA as an option. To enable it:
  1. Go to Account Settings: Look for security settings within your account.
  2. Find Multi-Factor Authentication: This may be under “Security,” “Two-Step Verification,” or a similar section.
  3. Enable MFA: Follow the prompts to turn on MFA.
Step 2: Choose Your Second Factor
You’ll typically be given several options for your second factor:
  1. Authenticator Apps: Apps like Google Authenticator or Authy generate time-sensitive codes.
  2. SMS Codes: Receive a code via text message to your phone.
  3. Email Codes: Receive a code via email.
  4. Biometric Verification: Use fingerprint or facial recognition if your device supports it.
  5. Hardware Tokens: Use a physical device like a YubiKey.
Step 3: Verify and Secure
  1. Enter Your Phone Number or Email: If using SMS or email codes.
  2. Install an Authenticator App: If using an app, scan the provided QR code.
  3. Verify Your Choice: Enter the code sent to your phone or generated by the app.
  4. Backup Options: Set up backup methods in case you lose access to your primary method.
Step 4: Use MFA When Logging In
Each time you log in, after entering your password, you’ll be prompted to provide your second factor. This might involve entering a code from your phone, approving a notification, or scanning your fingerprint.
What Does Multi-Factor Authentication Protect Against?
MFA significantly enhances security by addressing several common vulnerabilities:
1. Phishing Attacks
Phishing involves tricking users into providing their credentials via fake websites or emails. Even if a user falls for a phishing scam and reveals their password, MFA can prevent attackers from accessing the account without the second factor.
2. Stolen Passwords
Passwords can be compromised through various means, including data breaches, social engineering, or brute force attacks. MFA adds an additional barrier, ensuring that a stolen password alone is not enough to access the account.
3. Man-in-the-Middle Attacks
In these attacks, an attacker intercepts communication between the user and the service. MFA mitigates this risk by requiring authentication methods that are difficult to intercept or replicate.
4. Account Takeovers
Even if an attacker gains access to one authentication method, such as a password, they would still need the second factor, making account takeovers significantly more challenging.
Where cyber threats are increasingly sophisticated, relying solely on passwords for security is no longer sufficient. Multi-Factor Authentication provides a robust, multi-layered defense that is essential for protecting personal and professional data. By implementing MFA, individuals and organizations can significantly reduce the risk of unauthorized access and ensure that their sensitive information remains secure.
By adopting MFA, you’re not just adding an extra step to your login process; you’re making a crucial investment in the security of your digital identity. Don’t wait until it’s too late—enable MFA on your accounts today and experience the peace of mind that comes with enhanced security.
Want to know more about Multi-Factor Authentication or how to implement it in your business? Contact us at 216-800-7800 or schedule a FREE Discovery Call with us.

What is Ransomware and What To Do About it

What is Ransomware and What To Do About it

by | May 22, 2024 | Newsletter

Ransomware is an escalating threat that can disrupt businesses of all sizes, but small and medium-sized businesses (SMBs) in Northeast Ohio are particularly vulnerable. The potential for significant operational disruptions and financial losses makes understanding and preventing ransomware attacks crucial. In this blog post, we’ll explain what ransomware is, how it works, and what steps SMBs in Northeast Ohio can take to safeguard their operations.
What is Ransomware?
Ransomware is a type of malware that encrypts a victim’s files or locks them out of their systems, demanding a ransom for the decryption key or system access. This malicious software can bring businesses to a standstill, causing loss of data, revenue, and customer trust.
How Does Ransomware Work?
Ransomware often spreads through phishing emails, malicious attachments, or compromised websites. Once the malware infiltrates a device, it quickly encrypts critical files and displays a ransom note demanding payment, usually in cryptocurrency like Bitcoin, for the decryption key.
There are two main types of ransomware that SMBs should be aware of:
  1. Encrypting Ransomware: Encrypts files, making them inaccessible until the ransom is paid.
  2. Locker Ransomware: Locks users out of their systems, displaying a ransom demand to unlock the device.
Real-World Ransomware Attacks
Several high-profile ransomware attacks highlight the severe impact this malware can have:
  • WannaCry: This 2017 attack exploited a vulnerability in Microsoft Windows, affecting businesses worldwide and causing significant operational disruptions.
  • Petya/NotPetya: Also in 2017, this attack spread via a compromised software update, affecting many businesses globally. Unlike typical ransomware, NotPetya was designed to cause irreversible damage.
  • Colonial Pipeline: In 2021, an attack on this major U.S. fuel pipeline operator led to widespread fuel shortages, underscoring the critical nature of ransomware threats.
Protecting Your Business Against Ransomware
For SMBs in Northeast Ohio, protecting against ransomware requires a proactive and multifaceted approach:
  1. Regular Backups: Regularly back up important data and store it offline to ensure it’s safe from ransomware attacks.
  2. Security Software: Invest in reputable antivirus and anti-malware software, and keep it up-to-date to protect against the latest threats.
  3. Software Updates: Regularly update all operating systems and software to patch known vulnerabilities.
  4. Email Vigilance: Train employees to recognize phishing attempts and avoid clicking on suspicious links or attachments.
  5. Access Controls: Implement strict access controls and use multi-factor authentication (MFA) to minimize the risk of unauthorized access.
What to Do If Infected
If your business falls victim to a ransomware attack:
  1. Isolate the Infection: Disconnect the affected system from the network to prevent the malware from spreading.
  2. Report the Attack: Notify law enforcement and relevant authorities, such as the FBI’s Internet Crime Complaint Center (IC3).
  3. Do Not Pay the Ransom: Paying the ransom does not guarantee data recovery and encourages further criminal activity. Seek professional assistance to explore alternative data recovery options.
Ransomware poses a significant threat to SMBs in Northeast Ohio, but by understanding the risks and implementing strong security measures, you can protect your business. Regularly backing up data, maintaining updated security software, and educating employees on cybersecurity best practices are essential steps in safeguarding your operations.
For more detailed information on ransomware and cybersecurity best practices, consider visiting CISA’s Ransomware Guide and Norton’s Ransomware 101.
If implementing even some of these tips seems like an impossible task, or you don’t know where to start, we’re here for you.  We are offering a FREE Security Risk Assessment to see how your business needs protecting. Hackers will do whatever it takes to break into your network. We are here to help! Click here to book your FREE Security Risk Assessment with one of our cybersecurity experts, or call our office at 216-800-7888.
By staying informed and proactive, Northeast Ohio SMBs can defend against ransomware threats and ensure business continuity in an increasingly digital world. Stay safe and secure!

AT&T Attack Reveals 73 Million Customer Records Exposed On The Dark Web

AT&T Attack Reveals 73 Million Customer Records Exposed On The Dark Web

by | May 15, 2024 | Newsletter

In a statement released by the largest telecommunications company in the United States, AT&T, they shared that they recently discovered a dataset for sale on the “dark web” that contained information for about 7.6 million current AT&T account holders and 65.4 million former users, totaling approximately 73 million affected accounts.                                                                                        
AT&T shared that the data released contained passcodes (PIN numbers) and Social Security numbers from 2019 or earlier and did not contain any other personal financial information or call history but could possibly include e-mail and mailing addresses, phone numbers and birthdates.                                  
AT&T has reached out to all customers via e-mail or mail to let them know of the breach and to reset their passcodes. If you’re an AT&T customer, it’s important to be highly critical of any e-mail asking you to change your password. Please make sure it is from AT&T, as it’s suspected other cybercriminals will attempt to capitalize on this issue and send out fake e-mails with malicious links, hoping someone will click on them. If you’re concerned it’s a fake e-mail, call AT&T support and ask them to send another reset link while you’re on the phone.                                                                                 
As for the cause of the breach, it’s still unknown whether the data breach originated from AT&T or one of its vendors, but AT&T has launched an investigation and will likely hire computer forensics specialists to find the cause of the incident.                                                                                                              
The organization will also have to scrub any installed malware out of the software that runs its customer account system without disrupting unaffected customers’ service. Between the investigation, cleaning up the issues, lawsuits, legal fees and more, this will be an expensive issue to solve.                                                                                                                                                                                  
That’s why at Techspert, we talk about being proactive with cybersecurity so often. While no solution is 100% impenetrable, most are strong enough to keep the majority of hackers out. It is way more costly to deal with the effects of a cyber-attack than it is to prevent one in the first place.                 
If you’re concerned about the safety of your organization, request a FREE Security Assessment from our team of cybersecurity experts. We’ll analyze your network so you can see if there are exposed entry points in your network that hackers could use to break in. We’ll also advise on how to work with third-party vendors to ensure your and your customers’ data is as secure as possible.                           

Hackers will do whatever it takes to break into your network. Your job as the CEO is to do whatever it takes to keep them out. We are here to help! Click here to book your Security Risk Assessment with one of our cybersecurity experts, or call our office at 216-800-7888.