Top 5 IT problems that put your business at risk

Written by Chad Gniffke

December 16, 2021

Small Business

Business vulnerabilities have changed significantly over the last three years. What we’re doing now to protect clients’ systems is quite different than what we did then. Today’s challenges require us to bring more tools to the table, implement more best practices, and put checks and balances in place.

Business vulnerabilities have changed significantly over the last three years. What we’re doing now to protect clients’ systems is quite different than what we did then. Today’s challenges require us to bring more tools to the table, implement more best practices, and put checks and balances in place.

Today, as an IT provider in Orange County, we’re focusing on five common IT issues:

  • Multi-factor authentication
  • Cloud backup and disaster recovery
  • User training and awareness
  • AI-based monitoring
  • Standard operating procedures

1. Multi-factor authentication

Many people are aware of ransomware, but they don’t know how hackers are getting into their business. The most common method is through online accounts, such as Google Workspace and Microsoft 365. Hackers only need someone’s username and password to get into their business through these online accounts.

Our services enable you to set up a secondary form of protection known as multi-factor authentication (e.g., 2FA, MFA). Online banking apps use this form of protection. When you set up an online bank account, you’re required to provide a username and password. The application will send a message to your smartphone to authorize its access.

The company providing IT managed services in Orange County should set up multi-factor authentication for email access. This will help to protect your system in case your credentials are leaked online. This happened a few years ago when LinkedIn was hacked. If you use the same username and password on LinkedIn and Microsoft 365, then hackers can use this information to breach your accounts. 

Setting up multi-factor authentication will protect your business against security breaches. BRITECITY can help with setting it up to provide another layer of protection across your network.

2. Cloud backup and disaster recovery

Many businesses rely on only one solution for their data backup. For example, they’ll store everything in Microsoft Sharepoint, Dropbox or Apple iCloud. We know of a local business that relied exclusively on a managed cloud service provider; they suffered corruption of their data backup and lost 15 years’ worth of data!

If you rely on a single service for data backup, note its limitations. For example, Microsoft Sharepoint only retains 30 days of backup. Determine what happens if there’s a malicious attack on the system or if something goes wrong. No system is 100% perfect, and the people behind the computers are not perfect. Any backup system with a single point of failure is a serious concern.

When it comes to data loss, it’s not a matter of if, but when it will happen. It’s vital to protect yourself with a safety net of third-party backup services. For example, BRITECITY recommends and uses Dropsuite, a cloud-based website, database backup, and monitoring service. It’s another layer of backup defense against permanently losing your data. 

3. User training and awareness

Many companies are vulnerable to cyberattacks due to lack of user training and awareness. According to research, 94% of malicious attacks happen through email. It’s one of the easiest ways for hackers to get into your network. Installing firewalls and antivirus software can protect against a wide range of threats, but it won’t safeguard against simple human error.

Anyone can set up a new Gmail account, research your company on LinkedIn, and send an email as a contact from a vendor company. They could request personal business information or ask for help with setting up a bank account. All it takes is one person to respond to that email and the damage is done. 

Staff education and knowledge are the best defense. BRITECITY conducts regular user training and awareness programs, which involve sending phishing emails and conducting other types of cyberattacks on clients’ staff. For example, we might try requesting business credentials or getting the staff to do something they shouldn’t. This special training prepares employees to ignore or defend against these types of attacks. 

4. AI-based monitoring

Artificial intelligence (AI) is a powerful tool that has benefited the cybersecurity space, as well as cybercriminals. No cybersecurity companies in Orange County can keep up with automated, AI-based cyberattacks. The solution is to set up AI-based defence systems to fight fire with fire. 

AI-based virus protection can protect against AI-based attacks that would defeat legacy antivirus applications. For example, this monitoring looks for behavior changes on your computer to protect against threats that most IT professionals would overlook. This protection takes the necessary steps to block suspicious behavior and notify the IT department of what happened.

5. Standard operating procedures

Many companies use wire transfers to send money via email as a regular course of doing business. They’ll share routing and accounting numbers with clients or vendors to facilitate the process. Cyberattackers can intercept these sales transaction conversations by spoofing email addresses or breaching a company’s email system. They’ll monitor the conversations and wait for the right time to intercept the emails, and send their own email with different banking information. Once the money is wired to the wrong person, it’s often discovered too late and that money is unrecoverable.

BRITECITY’s solution is to set up standard operating procedures to prevent these types of financial transactions from happening in an unsecure manner. For example, you could install multi-factor authentication as part of the email process. You could also require verification of banking information by phone with the person who will be receiving the money for each transaction. 

Setting up secure standard operating procedures gets everyone in the company to follow the steps laid out in a plan rather than merely reacting to a bad situation. It also enables you to put safeguards in place to protect against outside threats.