Cybersecurity Keeps Them Awake at Night

“What keeps you awake at night?” That’s a question that seems to come up at many a business networking group when someone begins to offer a solution to a problem they can solve. If you’re a CEO at a major corporation, the answer to that question is: cybersecurity.

Internet systems are more complex, and complexity leads to more risks. It’s become a boardroom issue, and the most concerning part of the problem should be the increased time it takes to find a system intrusion. It now takes 292 days – more than nine months – to discover a breach.

Part of the problem is the size and complexity of large corporate networks. They have thousands of endpoints, and it’s become harder to spot anomalies and deploy patches. While our clients typically don’t have large, sprawling networks, we all interact on the corporate or personal level with large global networks for just about everything we do.

Other parts of the problem are that companies may take too long to investigate the breach, and then they need time to develop a plan to patch it. That time is directly related to the network’s size and complexity. If a company doesn’t have a continuous monitoring plan (yes, it’s hard to believe a large company wouldn’t have one), it also extends the time to discover a breach.

Two other reasons are:

  1. Hackers have better stealth tools to invade a network. Once they’re in undetected, they can take their time to look at all of their victim’s data to see what’s best to monetize.
  2. Hackers can steal login credentials and hang around a system for a long time until they’re detected.

Companies that can detect intrusions in less than 100 days can save $1 million in containment costs. But they may not be as motivated as you are to protect your network and the people they serve.

Here are some things you can do right away:

  1. Make sure you have strong passwords for every account you and your employees and family members have.
  2. Insist on using passkeys or some other form of two-factor authentication (2FA) wherever possible. A good authenticator should be device-specific and tied to a device that’s always with the user.
  3. Make sure all your software (operating systems and apps) and firmware (hardware systems) is up to date.
  4. Have an easily accessible list of your key usernames and passwords for emergency use.

Microsoft is making strides in a couple of areas. The company introduced passkey support across most of its consumer apps a year ago, allowing you to sign into your account without the need for 2FA methods or remembering long passwords. Today, it’s encouraging all new signups to use passkeys as it removes passwords as the default.

Windows Hello allows users to securely sign in to their accounts with their face, fingerprint, or PIN. Today, more than 99 percent of users sign into their Windows devices using Hello. The company reports that 98 percent of passkey attempts to login are successful; passwords are only 32 percent successful.

To help keep all your software up to date, Microsoft is developing an update orchestration platform designed to unify the updating system for all apps, drivers, and system components on Windows systems. Right now, it’s aimed at developers and IT product teams. The goal is to run an update scan tool that will queue downloads and updates at optimal times. We’ll see if they can actually make it work.

That’s in the future. For the here and now, we recommend you contact us for a security audit. It’s something you should do annually to make sure you’ve taken the four steps we enumerated above. At the very least you can strengthen your own systems before the big guys know they were breached. Call us – 973-433-6676 – or email us for an appointment.

We Need Humanity

My father-in-law recently sent me an article by Frank Bruni from the New York Times. Neither is a tech expert, but they hit the nail squarely on the head when it comes to making technology usable. Our modern conveniences are exhaustingly inconvenient, as the headline read, and the “the paradoxes of progress” smack us in the face. A little humanity can be helpful – and sometimes necessary.

We have to say, first off, that technology has given us some highly useful gadgets. The Ring doorbell, just to cite one example, enabled us to monitor and interact with our front door visitors from anywhere. It’s a convenience and a security tool, and early on, it helped us manage deliveries for business. Today, as Frank Bruni writes, it’s so much more. He has relished how it lets him know if a package has arrived, a service provider has shown up or his dog is staying put and behaving in the front yard. But when he got a new phone, the app didn’t accept his password, even though his computer did. It took him two weeks to resolve his problem.

Bruni didn’t say if he tried to contact a human at Ring. You have to scroll all the way to the bottom of its website and go through a few clicks to get a phone number. If you can’t easily speak to a human, you may not get a solution, or you may be exhausted from going through a menu tree. If you have a security issue with your product, the difficulty in reaching a human is intolerable.

But let’s put this into a business situation. More businesses are using the internet to move large sums of money, and some of that is being done by an AI-powered chatbot. Why do they do this? AI is programmed by humans, based on reactions humans have to situations. If you raise an unanticipated question, the chatbot will stumble.

This came up with a client who thought they had been hacked. They were given wiring instructions in an email from someone they had not dealt with before. They were right to question the email. As we pointed out in our previous article, the more complex a network might be, the more risk there is of something going wrong. And cybersecurity is today’s big corporate concern.

Our client really needed a human solution more than a technical solution to verify the wire transfer instructions. When you get an electronic message from someone you don’t recognize, you must take steps to verify its authenticity. Independently from the message, call a person you know at the financial institution or the organization that invoiced you. A person can reassure you. An AI chatbot can’t.

On your side, we can help you set up email handling rules based on senders’ names and subject lines that pertain to invoices you need to pay and payment methods to use. At the very least, it will help you flag and re-examine emails on financial matters and see who you may need to talk to. Call us – 973-433-6676 – or email us to talk about it.

Keep Control of Your Technology

We recently made a sales call to a prospective client that was serviced by a larger IT provider and were shocked by what we saw and heard. They were still using Windows 10 but had switched to a new accounting system on the advice of their accountants. You need to demand better communications and coordination from all your providers to control your technology and your business.

Right up front, I saw Windows 10 as the current operating system as I glanced around their office. I was alarmed that at this late date, it seems that nobody told them that Microsoft is ending its support for Windows 10 in October. Yes, they will most likely be able to buy a one-year subscription to get security patches, but they won’t get any performance updates, and that will really hamper their accounting program.

That’s because their accounting firm suggested they upgrade their 20-year-old accounting software, which they can’t successfully install without upgrading to Windows 11. It seemed like nobody had put the issues together for them.

They are facing basic problems that we see all the time. Without an up-to-date operating system and application software, they won’t be able to move all their files from the old system to the new. They will need to deal with multiple versions of multiple files, and it will be a messy, time-consuming (and money-consuming) task to straighten them out. Finally, and increasingly more important in today’s technological environment, they won’t have the best security available to protect their data. They could risk becoming the weak link in their business chain.

The saddest parts of all this are that their IT provider didn’t seem to have upgraded them as Microsoft moves on from Windows 10 and that their accounting firm didn’t talk to them about having the right technology to handle a system that would make their business more efficient. It’s also sad that neither seemed to be aware of the relationship between technology and app performance. We pride ourselves on being keenly aware of that relationship.

The prospective client felt like they’d been taken advantage of. If you know of a company that seems to be struggling to match its technology to its apps, we’d like to talk to them. And if you think your systems aren’t doing all they can for you, we should talk. We can help you investigate possible solutions, select the one that should best meet your needs and configure it for your operations. Call us – 973-433-6676 – or email us to discuss it – or provide a referral.