Barry was annoyed. He had spent all his time and effort on his fledging CPA operation. He had two other accountants on the payroll and
Book your free 30-minute strategy session with us. You’ll learn what you’ve been doing right–and what you can improve to secure your business.
Your modern business, no matter how small or large, needs expert cybersecurity support to protect it.Â
8451 Miralani Drive Suite C
San Diego, California 92126
Phone: 858-777-0040
Your computers and devices require security against would-be attackers, as well as protection of your data in use, in transit and saved/stored (“at rest”). Cybersecurity is comprised of the technology, people, processes, and education that keep your company, systems and data safe.
A cyber attack happens every 39 seconds. While some attacks–through software purchased on the dark web–are automated and/or unsuccessful, you have to be prepared. Today an average 10,000 cyber-attacks take place each day against SMBs and organizations.
An unsuccessful attack, called a cybersecurity ‘incident,’ should be a warning. Hackers may come back and try again. And when an incident becomes a successful ‘attack’ (businesses firewall has been breached, data leaked or lost), the costs can be debilitating for the small to medium business or organization. The 2021 average cost of a data breach was over $4 million. Sixty percent of the entities attacked go out of business within 6 months.
A cyber threat is the possibility of an attack.
A cyber risk is an estimate of the possible losses associated with the threat. For instance, compromise of private health information (PHI) is a cyber threat for healthcare-related businesses. The associated cyber risk is the probability that a data compromise will occur and that there will be lost revenues due to downtime and damage to reputation.
A firewall sits between a local computer or network and the Internet. Its access lists filter inbound and outbound traffic according to rules an admin or user sets. Firewalls are not 100% effective however. They must be checked often and cybersecurity providers may do penetration testing to determine their effectiveness.
Business email compromise (BEC) that results in wire transfer fraud and ransomware are the two most prevalent (and critical) threats facing SMBs and organizations.
With BEC, attackers gain access to email servers at a business and monitor all traffic to gather personal information. After spending some time (perhaps months) to learn the ins and outs of the business’ finances, they compromise a payment using the personal information they found. This relies on deception regarding account numbers and transfers.
Ransomware is malware (malicious software) that involves compromise of a network, encryption of the organization’s operating systems and data, and subsequent demand of a ransom to decrypt the systems and data. The threat actors usually ask victims for payment (ranging from the hundreds to millions of dollars) using cryptocurrencies, like Bitcoin. Convincing phishing emails are one of the means of attack (vectors) that ransomware begins with. Ransomware criminals now rely on impressive services such as 24/7 tech support and trained negotiators. Unprotected backups are frequently targeted and recovery then becomes more difficult.
With over 90% of cyberattacks being due to user error, education for employees and partners can help to prevent attacks. Training should be regular and will create greater cyber awareness at your organization. It will also help minimize internal threats.
One such area for education is for dealing with phishing emails. With 85% of all email being spam (i.e. marketing or malware), user training to recognize and avoid clicking is of utmost importance. Part of “cyber hygiene” involves safe practices while web browsing, emailing, texting, or other online communication.
Cybersecurity providers should build your defenses using defense-in-depth–the layering of security technology and processes that overlap and work in concert. If one layer fails, another takes its place, making an attack more challenging. One layer is systems that are patched and hardened and therefore less likely a door into your network. Employee education also serves as a layer.
Cloud services are flexible, scalable and less expensive, but their data, user credentials, and login technologies can also be compromised.
Mobile device attacks are also increasing, mainly through infected apps, compromised WiFi hotspots and also SIM swap attacks.
Symptoms include:
Computer crashes and blue screens
Slow computer performance (could be adware or spyware)
Increased network traffic
Missing files/system files
Low or no storage available
Browser popups or extensions you do not recognize
Disabled malware protection
Unexpected behavior
Invest in Tech Kahunas’ cyber services and we will provide 24/7 monitoring for your SMB or organization in order to respond to security incidents in a timely manner.
We will also:
1. Install anti-malware software on all systems
2. Use hardware and software firewalls
3. Secure your routers
4. Apply updates and patches when they are released
5. Set strong passwords as a requirement for all employees and enable 2-Factor or Multi-Factor Authentication
6. Encrypt data and devices
7. Require airgapped backups
8. Run regular defrag and clean up on all systems
Download Tech Kahunas’ latest eBook The Road to Cyber Strength. Read about the state of cybersecurity in 2022, the companies that didn’t make it, and where the road can lead you in 2023 and beyond.
