Two common misconceptions about cybersecurity were ripped to shreds by a recent event – the breaching of Microsoft’s SharePoint software.
The first misconception is that a software giant like Microsoft would surely have multiple layers of effective cybersecurity in place, such that no attacker could even come close to compromising its software. That turns out not to be true – not because Microsoft doesn’t have cyberdefenses in place. Of course it does. But the attackers become more sophisticated and learn new maneuvers on a continual basis. Even mighty Microsoft isn’t impervious to attack all the time.
The second misconception is the one often embraced by smaller companies: Cyber hackers might go after the big players, but they would have no interest in us.
They don’t need to have any interest in you. SharePoint is used by millions of companies every day. If you use it, then they have a way to breach you. And yes, small companies, you are a target because getting your data is the easiest way for them to compromise the data of your biggest customers, or vendors, or anyone else you have digital contact with.
People in my business don’t want to sound alarmist, but we recognize that most of the business world doesn’t take these threats as seriously as they should. They’re not implementing effective security measures. They’re not keeping up on things like patching and multifactor authentication. And they’re not training their people on how to spot phishing attacks and other tactics.
One of the simplest and most effective things any company can do to protect itself is to activate DMARC records. You can do it in minutes. But you probably don’t even know what that is. And my guess would be that your IT team doesn’t know either.
Many company executives think the odds of being cyberattacked are so long that they can get away with not spending time or money protecting themselves. That’s like driving a car without insurance, except that a breach could do more than total your car. It could total your company, and leave you wondering why you didn’t make the very modest investment of time and money that would have protected you.
I can identify your vulnerabilities, seal them up and show you how to keep them sealed up. And when I’ve finished the job, I’ll leave you saying, “That really didn’t cost that much and it wasn’t hard.”
Right. Getting breached is what costs too much – and is way too hard, sometimes to ever come back from.
Give me a call at 616.217.3019 or e-mail dacarey@cybersynergies.io. And share this newsletter with others who need to understand: The risk is real, and it’s serious, but you can get ahead of it.