SouthBridge Consulting Blog

We believe that at the end of the day, employees want to do the right thing and accomplish their daily tasks without incident. However, technology can often break these plans with unexpected issues that prevent them from doing so. If you don’t take the time to provide the proper IT support when it is needed, you force your employees to either be unproductive or find unconventional (and often unsecure) solutions.

Data breaches have become all too common for small businesses over the past several years and when it seems like there is a solution to one problem, something even worse pops up. Part of a comprehensive risk management strategy is identifying problems and doing what you can to keep them from affecting your business. Let’s take a look at the major cybersecurity threats small businesses are facing in 2021 and what you can do to keep them from hurting your business.

A new ransomware attack has surfaced, this time mostly targeting IT companies and their clients. The attack is specifically targeting the Kaseya platform. Kaseya is management software that many IT companies use to remotely manage and support technology. The attack in question attacked Kaseya’s supply chain through a vulnerability in its VSA software; this attack is notable because of how it targeted the supply chain, not only striking at the vendor’s clients—notably IT companies—but also their customers. Basically, this attack had a trickle-down effect that is causing widespread chaos for a massive number of businesses.

With the onset of the COVID-19 pandemic, many organizations were forced to transition to remote work, even though they would have preferred to keep operations within the office. While the transition was rough at first, these organizations may have found that remote work offers certain flexibilities that were impossible in the traditional office environment. That said, one looming threat was (and still is) a major concern for the remote workplace: security.

Data privacy is a bit of a hot topic in today’s business environment, especially with high-profile hacks and ransomware attacks emerging and putting organizations at risk. In particular, the emerging concept of “privacy engineering” has a lot of businesses thinking about how they can secure their organization and future-proof their data privacy infrastructures.

The first half of this year has seen its fair share of ups and downs, especially on a global scale. With a global pandemic still taking the world by storm, it’s despicable that hackers would take advantage of the opportunity to make a quick buck using phishing tactics. Yet, here we are. Let’s take a look at how hackers have turned the world’s great misfortune into a boon, as well as how you can keep a lookout for these threats.

Two-factor authentication is commonplace in the office environment, but it’s not commonplace enough, if you ask us. Too many organizations pass on it, placing their security at risk for no good reason. While the methods might vary, the benefits of two-factor authentication are too good to ignore. We’ll walk you through how to set up two-factor authentication for three of the most common accounts in the business environment: Microsoft, Google, and Apple.

It’s no surprise that mobile technology has infiltrated the workplace in more ways than one. Many businesses issue company-owned devices to their employees to get work done while out of the office, while others allow employees to bring their own devices, or use their own laptops and smartphones for fulfilling their day-to-day duties. That being said, it’s important to remember that mobile devices need to be managed in a very specific way to maintain security.

Today, employees have to be a major part of every business’ cybersecurity attempts. The reasoning is simple: attacks are more likely to come in the form of end user correspondence than on a direct assault of the network. As a result, it is important that cybersecurity is more than just another line item on a task list, it has to be built into the culture. Let’s discuss a few ways to get your employees to care about cybersecurity.

Passwords are probably the most important part of keeping accounts secure. That’s why it is so important to follow industry best practices when creating them. Today, we’ll take a look at the standards outlined by the National Institute of Standards and Technology (NIST) in creating the best and most secure passwords.

You’ve probably heard by now, a Russia-based hacking collective by the name of DarkSide targeted Colonial Pipeline, a company that supplies nearly 45 percent of the fuel used along the Eastern Seaboard of the United States, with a ransomware attack. Not only does this hack have an effect on fuel prices and availability, it highlights just how vulnerable much of the nation’s energy infrastructure is. Let’s discuss the details of the hack and the raging discussion about cybersecurity that’s happening as a result. 

Data breaches have a tendency to destabilize relationships. With so many data-related problems befalling businesses nowadays, it is important that each side of every data-driven relationship understands their role in the protection of other organizations’ data. Today, we’ll take a look at the issue and how to determine if your partners are putting in the effort required to keep your data secure. 

Let’s face it, most people are glued to their phones when they have downtime. Many don’t look up to cross the street. With this much dedication to their individual mobile devices you’d think that people would be more careful about what they download.

As one of the biggest cybersecurity considerations the modern business has to make, how to combat phishing has to be at the top of any business’ cybersecurity strategy. Let’s take a look at phishing and why it’s such a big problem for today’s business. 

2020 was, obviously, a challenging year for healthcare providers. In addition to the obvious issue of the COVID-19 pandemic creating serious operational, financial, and supply chain difficulties, cybersecurity concerns didn’t go away during this time. Let’s consider some of the additional stresses that IT security needs can, will, and have placed on healthcare providers.

One of the most effective means for a business to shave a few dollars off its budget (and potentially boost employee engagement, for that matter) is to adopt something called a Bring Your Own Device policy—effectively, an agreement that allows their team members to access business-owned documents and files on devices they personally own to get their work done. While these policies have been shown to be very effective, they also need to be carefully considered so they can be adopted appropriately.

It’s been reported that a hacker virtually broke into a Floridian water treatment facility and briefly increased the levels of sodium hydroxide in the Pinellas County water supply. Fortunately, onsite operators noticed the spike and reduced it right away, keeping the public from risk of increased levels of poison in their water. This is just the latest story in a seemingly never-ending supply of them that have to do with public utilities being at risk from cyberattacks. Today, we will take a look at this issue. 

Your business’ security largely depends on how secure the passwords are that keep your resources from being accessed without authorization. Despite this, many users—perhaps even you—frequently sacrifice sufficient security measures in favor of the simple and convenient route, cutting corners when coming up with their passwords. Let’s try and remedy this by reviewing a few practices that can help make a password more effective.

While Google Search has become eponymous for “online search”, the company has not stopped innovating upon the capabilities of the service. Most recently (as of this writing, of course) one improvement that the company is making is to give more content a bit more context before a user clicks through to a potential threat.

If you are an avid reader of our blog, we are constantly saying how there are always a growing number of threats. This is true. Two-in-every-three business owners consider that their cybersecurity risks are increasing each year. The other third must not focus on them, and that is a problem. In fact, many business owners don’t give the proper respect to cyberthreats and many of those businesses pay the price. This is why every business should consider a security and compliance audit a mandatory part of their yearly IT assessment.