Has your company decided to transition a portion or all your employees to work-from-home long-term? What may have started as a temporary means to an end is working well, and you have decided to embrace this new way of doing business. What you need now is to ensure your remote employees can continue to get their work done as productively and securely as possible.

As we begin the third quarter of 2020, cybercriminals are continuing to adapt and increase their COVID-19 related attacks. Small to medium-sized businesses (SMB) are being targeted through a variety of malicious tactics. According to FBI Deputy Assistant Director, Tonya Ugoretz, the number of cybercrime reports has quadrupled in the months since the pandemic began. The FBI’s Internet Crime Complaint Center (IC3) was previously fielding 1,000 complaints a day. They are now receiving between 3,000-4,000, with the majority of complaints related to COVID-19 (Source: The Hill.)

Last week we kicked-off our two-part series “The Why & How of Cybersecurity Risk Management.” This series is intended to review how small to medium-sized businesses (SMBs) can reduce exposure to cyberattacks through Cybersecurity Risk Management. Part one looked at practical ways to address and measure acceptable risk. In part two, Erik Thomas, Leader of Advisory Services at Systems Engineering, walks through a framework for addressing and reducing cybersecurity risks and vulnerabilities in your organization.

Did you know that 66% of Small to Medium Businesses (SMBs) have experienced a cyberattack in the past 12 months? With SMBs facing increased, targeted, and harmful cyberattacks, we wanted to provide some useful guidance on this topic. We are presenting a two-part series reviewing how SMBs can reduce exposure to cyberattacks through Cybersecurity Risk Management. In part one, Brad Sprague, Leader of Account Management at Systems Engineering, reviews practical ways to address and measure risk.

Every morning we log on to our corporate email and begin the day sifting through a myriad of messages, most of which are equally important and needing action. Likely, you haven't even finished your first cup of coffee and not focused on the cybercriminal who is hoping you will react to their highly sophisticated phishing email waiting in your Inbox. So how do you recognize and react to the myriad of fake emails coming at you multiple times a day? 

Many companies have made the unprecedented decision to close their doors or keep essential staff in-house temporarily. Others have instructed the entire organization to work from home (WFH) due to the COVID-19 pandemic. Now, an entirely new set of pressures is pulling for your attention: 

The cybercriminals have small businesses in their crosshairs. Verizon's Data Breach Investigative Reports states phishing is the number one cause of data breaches and 43% of cyberattacks are targeted at small to medium-sized businesses (SMB.) The frequency of attacks is on the rise and in today's COVID-19 environment, cybercriminals see this as an advantage and are taking the opportunity to attack.

UPDATED OCTOBER 2020

In light of the uptick in breaches at small and medium-sized businesses (SMB), I wanted to briefly review the cyberthreat landscape and offer some cybersecurity best practices organizations can implement to better position their businesses against the bad guys.

Every year, Cyber Monday brings us incredible deals and discounts; however, it's also the time of year when cybercriminals increase their efforts to steal our money and confidential information. To stay safe while shopping online, keep the following cybersafety tips in mind.

Updated May 2020

As cloud service consumers, we have become accustomed to downloading apps to help us in our day-to-day activities. Employees may also use these apps and tools to help them be productive and fill a need in their workday. The good intentions of the employee are honorable, however no thought is given to the potential risk this can create for an organization. The practice of employees procuring tools and services without proper vetting from IT management is known as Shadow IT.