Hello. Welcome to GLXY Software Solutions live event on cybersecurity. Today, we’re going to be talking about how to increase business data security and protection. This is going to be the agenda. We’re going to cover who we are, the threat landscape today, how data breach has happened, some of the best practices, and then the solutions.

My name is Jon Jaroska and I’m the owner and founder of GLXY Software Solutions. We help small and medium businesses manage their work processes, improve efficiency, and safeguard data with the following services and products. We do managed IT solutions, software integrations, customer development, discounted licenses from Microsoft, Google, Security and more. And we also have cloud PBX phone service. So in today’s landscape, businesses need to streamline their workload with remote technologies while also enhancing their security. And we’re here to help you.

So let’s get into it. So everyone is at risk. But small businesses with limited resources are generally less equipped to bounce back from damages caused by cyber crime. In fact, research conducted by the National Cyber Security Alliance found that number one, almost 50% of businesses have experienced a cyber attack. And two, as much as 60% of hacked small businesses go out of business after six months.

So cyber attacks on small to medium businesses are successful mostly because these businesses are unprepared to handle them. And a few employees are made aware of common cybersecurity pitfalls. For example, many businesses don’t have active and followed policies for how to create or update passwords or share sensitive data. Let’s look at two ways in which cybersecurity attacks are executed, both targeted and untargeted.

So targeted attacks actively pursue and compromise a target entity’s infrastructure while maintaining anonymity. These attackers have a certain level of expertise and have sufficient resources to conduct their schemes over a long period of time. Untargeted attacks exploit not only a weakness in software, but also a weakness in an organization’s defenses. They often take the form of malware, worms, viruses, and so forth. So when you click on an ad by accident, that then downloads something to your computer. There’s a good chance that there is some form of untargeted cyber threat happening.

So which attack method is more disruptive? Although untargeted attacks are more common, targeted attacks tend to cause far more destruction. That’s because a targeted attack has the intent to cause damage and the knowledge to do so. In targeted attacks, hackers will often target an entire vertical, such as the financial sector, healthcare, or construction industries.

Here are some common cyber attacks: ransomware, malware, phishing, and denial of service. Any one of these could bring your business to its knees and it would take weeks and even months for you to recover. Don’t become a victim. You must act now before it’s too late.

The biggest threats that organizations must deal with is overwhelming daily. This includes human error, carelessness in handling of data, poor user education, and persistent and sophisticated threats. So not only are organizations up against sophisticated hackers, but also threats that are looming inside their own company, i.e., their employees. Gartner recently predicted that by 2022, 95% of cloud security failures will be the user’s own fault.

The bottom line here is that hackers mostly steal data to make a profit. What they steal depends on the victim and the types of data that they could take. In general, they aim to steal employee information, business data like debtors, creditors, partners, et cetera, and digital assets, intellectual capital and trade secrets.

So hackers generally don’t know or frankly care which business or person they’re hacking. They attack a system because it’s vulnerable and because the proprietary gate is valuable to them. Once a hacker identifies a vulnerability, they will attempt to profit from that exposure. They can scan the web for easy targets, infiltrate, or sit in as many networks as possible undetected for a long time. They steal as much as they can from as many businesses as possible. Then they put it on a server and think of ways to monetize and sell it.

Just think of how digital transformation is changing our security needs. Let’s take a moment to just look at the modern workplace for a second. For remote work, right, businesses transitioning to a remote workforce or offering remote work options need to keep their networks and employees secure and productive as they access files and applications. File sharing, companies increasingly store this sensitive data in the cloud. An analysis by Skyhigh Networks found that 21% of those files uploaded to a cloud-based file sharing service contains sensitive data, including IP. Multiple logins. With many logins to different sites and apps, employees are reusing the same passwords over and over again. And that’s quite frankly the worst thing you can do. And this habit is convenient, but it’s a serious risk.

We need to make cybersecurity everyone’s responsibility. So let’s look at some effective ways to implement security best practices. First one, enable MFA. Use your mobile device to validate who you are and reset your passwords regularly. Use strong passwords. GLXY offers password management software to help keep your passwords strong without having to remember them. Educate your employees. We also offer several different training tracks for teaching your employees how to spot an attack and report it before it becomes a problem.

In order to better defend against cyber crime, we need to understand the workings of systematic security. Systematic security is formed of four layers, which are: protection, detection, response, and recovery. For a security system to work, we need to have these four layers working together in unison.

Okay, now that we have a clear picture of cybersecurity risks, how do you think about security in your daily business operations? So a good way to start improving your business security posture is by asking yourself some questions like this: What are the most important assets that I need to protect? Am I confident that my employees understand the importance of this data and the security risks? Could my business detect an intrusion before it’s too late? And what if a breach happens? Am I confident I can recover?

It’s critical to take on a more comprehensive and multilayered approach to your security. You must consider all the possible scenarios such as outages, disasters, breaches, and inefficiencies, and ensure that there’s no vulnerable gaps and oversights in the security coverage.

So here are several advanced security solutions that can be combined to implement the best possible solution. The first one, Microsoft 365 Business. It’s a bundle of Microsoft’s best features from Office 365 and Windows 10 to create an innovative, intelligent, and secure solution. It includes Enterprise mobility and security and Enterprise grade solution is also available in the Enterprise licensing. It should also be noted however, that in Microsoft 365, it’s not a complete security solution on its own. There’s other solutions like online backup, disaster recovery and endpoint protection that also need to be considered in order to have a well-rounded stack.

So the business security solution is simple because it’s based in the cloud. It eliminates the cost from multiple third-party vendor solutions, because everything you need is in one place. And this is a good thing, as roughly half of the security risks businesses face stem from multiple security vendors and products. It reduces maintenance and management costs because clients will only use one set of productivity tools from one vendor to manage their stack.

Security measures are built right into the productivity platform businesses use. So you don’t need to make trade-offs to justify your security investment. Again, security is built into the tools you already need and use. Investing in security solutions protects your business from risk-related costs that will undoubtedly appear if your cybersecurity strategy is lacking or ignored altogether.

So M 365 also includes robust security features like app protection for mobile devices, including encryption and device management for your PCs. It also has functionality for say selectively wiping company data in case it gets into the wrong hands and enabling multiple levels of authentication and protecting those devices from malicious software during the startup.

So let’s talk about the first additional layer of protection for your business. It’s called Office Protect. So what is it? It’s an advanced solution for 365 security. It’s designed specifically for small to medium businesses with little to no technical knowledge. You don’t have to be a rocket scientist to do this. It integrates into Microsoft 365 to prevent the advanced threats from attacking your system by automatically deploying best practices, settings, and alerts. It also has a unique alerting mechanism where you can choose what potential issues you want to be alerted on. For example, suspicious logins, deleted accounts from hackers and more. And whether you want to be notified via a text on your mobile phone or by email.

Office Protect provides alerts on the following issues: a change in security policies, suspicious mailbox activities. I’m not going to read all of these because you can see there’s quite a few. Which users are sharing company data publicly. That’s an important one. Accounts that have been breached in foreign countries. People have employees that travel to foreign countries very often. You may have. It’ll alert you of that. Unknown access to your account. These are all good alerts to have.

The only way to mitigate the risks of cyber threats is to be proactive in preventing them. The first place to start your 365 security settings. These settings can be tailored to meet your organization’s specific needs and secure your optimal work environment. Office Protect deploys industry best practice security offers. Some of the settings it configures and monitors are audit log searching, email auditing, multifactor authentication, and blocking of file extensions, and the list goes on and on from there.

What we’re going to be looking at from a GLXY’s perspective is that your audit logs are always on, your multi-factor authentication is enabled for all administrators and even all users so only the right people have access to the system. There’s some outbound spam notifications, blocking of email attachments that are known to be bad, and improving your user’s password habits. These are the most important things.

Skyhigh Networks found that the average company has over 200 files on OneDrive containing the word password in the file name. How awful. With Office Protect, you can monitor how your employees are using and sharing sensitive data stored in Microsoft 365. Built-in reporting gives insights and more visibility into how your employees are using Microsoft 365, including easy to read activity dashboards and automated reports. You can get these easy-to-read reports in a couple of different ways, uploaded and downloaded, restore files, file and folder activities, and administrator activities.

So let’s talk about your backups. Do you have them? How does online backup fit with the other solutions? 365 at Office Protect have capabilities to monitor who is using your data, ensure only trusted parties are viewing and sharing it. Alas, if your data is compromised, lost, or corrupted, regardless of the steps you’ve taken to protect it, the hackers are always one step ahead. It would be nice to know that you can recover at least a version of your IT environment prior to disaster. And that’s where online backup comes in. It makes sure your data and infrastructure is copied, stored, and recoverable from a secure cloud location.

There are several reasons why backing your data up to the cloud is more effective than backing up to an online premise server alone. Number one, it’s cost effective. It’s simple because we take care of the back-end for you. Recovery is quick because you won’t have to wait days and days to restore your data. It’s a best practice because using hybrid combination of both cloud and on-prem backup is the best way to ensure your data stays safe and accessible. Online backup, it can be customized to work the way you want it to work from any device at any time from anywhere.

Now comes the really good stuff, Bitdefender. Workplaces are becoming increasingly dynamic, and it’s common to have people working from different locations, on different devices, and collaboration has become easier. But more devices means more opportunities for attacks and data breaches. Research on endpoint security shows that most businesses still haven’t adopted policies to effectively protect their devices. Attacks frequently originate from devices inside the organization so it’s really important to take steps to secure them, and Bitdefender addresses this problem.

It blocks the most sophisticated ransomware and zero day threats without any headaches. No solution on the planet is more reliable or accurate, or has a lower resource footprint than Bitdefender. It protects all your end-points in a physical, virtual, and cloud environments, and its core security layer features keep your devices safe via a threat protection, detection, and protection.

Bitdefender is a complete cybersecurity suite that mitigates breaches, simplifies deployments, and cuts the cost down. It blocks the new threats while reducing the rate of false positives. Schedules or configure content control to block URLs by category within a custom exclusions table so you don’t have to worry about the viruses that might come in from Netflix or other sites like that, Facebook. Bitdefender quickly responds to zero day attacks and catches known and unknown exploits by focusing on attack techniques. Bitdefender process inspector monitors running processes on your PCs and devices for malicious behavior. You’ll have around the clock protection against these attacks and malware. Various powerful security addons are also available to meet your specific user needs.

Last but not least, we have Proofpoint. Proofpoint email protection acts as an additional line of defense in your cybersecurity arsenal. Use it to help safeguard your email from spam, phishing, malware, while simultaneously ensuring compliance and business continuity. With the ability to control, secure, and monitor inbound and outbound messages, Proofpoint makes it easy for businesses to take a proactive approach towards cybersecurity.

As business owners, we will never be able to completely defeat cybersecurity threats. They are always going to be ahead. We can win the battles, but we’ll have to keep fighting the war because cybersecurity is no longer an occasional technology problem. It’s an ongoing business management problem.

Now, we need to remember that cyber crime is a trillion dollar tax-free business. So why would cybercriminals ever stop? They have no motivation to do this. Plus, they could reinvest their profits into R&D to defeat improvements in technology and always stay a couple steps ahead.

Here are a few key takeaways to summarize this presentation. Hackers not only install viruses, but they steal your information. They’re not just one guy, either. They’re organized. They implement high volume attacks, which alone can cripple a business. It’s important to get protection now because the problem is ongoing and won’t stop anytime soon.

Here’s some signs that you might benefit from managed IT support. You don’t have an in-house IT guy or you’re understaffed. Either way, this can result in a lack of expertise, meaning not every area of IT is covered. You have complex or continuous tech issues. Technology is constantly changing, so businesses like yours could face IT problems such as slower processes, downtime, and weaken security due to irregular tech upgrades or lack of a data backup strategy.

Maybe you have an unpredictable IT budget. Some months you may have to replace a computer while others require a new server, 10 PCs, or a security issue that needs immediate attention. Maybe you deal with sensitive information like healthcare data. Maybe your business stores, accesses, or transmits critical data, and you’re unsure whether you’ll be able to prevent sensitive data leaks or be even alerted to a potential hacker activity.

GLXY wants your business to stay safe and thrive. Take down the link on the screen, http://meetings.glxyone.com and book a discovery call today to see how we can tailor a solution for you and your specific needs. Thank you and have a nice day.

Share This Story, Choose Your Platform!

Let’s have a 15-minute video call

We are now taking on new clients.