The hallmark of the Visory experience, our dedicated team of professionals provides a high degree of support for all your IT needs
Leading edge solutions that are always working to maintain the integrity of your firm’s IT backbone
Best in class security to protect your firm’s data and technology
Tips, advice, and industry insight from our team of accountants and business owners to yours.
Bypass the wait time and access Visory’s Obsessive Client Support®
Take your business to new heights with Visory’s flexible QuickBooks hosting solutions
The same Sage you work in every day, only better
An affordable CRM for small- and medium-sized businesses, built to support your sales, marketing and customer service needs
Revolutionize your next tax season with added efficiency and mobility
Access critical applications that are integrated seamlessly into your workflow, conveniently hosted on the same server
Access affordable enterprise-grade hosting solutions with none of the IT burden
We’ll help you develop and implement the right cybersecurity policies and protocols to keep your firm secure and in compliance with regulatory guidance
We’re here to manage your firm’s IT activity, safeguarding the integrity of your infrastructure and devices, so you don’t have to
We’ll manage your cybersecurity policies and protocols to keep your firm secure and in compliance
Security that ensures everyone granted access is who they claim to be
Educate and train your most important last line of defense – your people
Protection where people and their machines intersect
Secure access to your data. Reduce the risk of compromise, prevent cyberthreats.
A different approach to protecting emails
Secure single sign-on access for a connected world
Backup your data for business continuity and compliance
Keep everyone on the same page. Any user, every device.
Secure connections for all your users, devices and networks
Get started on a robust security plan with a WISP for your business
Protect your organization with the expertise of our Chief Information Security Officers (CISO) without having to hire a full-time resource
IRS 4557
Complying with state and federal privacy regulations and more
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy
When you are asked, “How do you feel about cybersecurity?” Do any of the following knee jerk responses occur?
“Ugh.”
“Ah, I’m not a target.”
“What does that even mean? Really.”
“I’ve got nothing they want.”
“I’ve not thought about it much.”
We hear these responses often. And we get it. There are very few high-profile resources catering to small and medium-sized businesses (SMBs) when it comes to cybersecurity. What you see coming through the media and being reported on mainly pertains to large, enterprise-level organizations: MGM, Target, 23 and Me. Those are obvious targets. We’re not seeing reports on B&C Construction in Philadelphia, family owned for three generations, employing 50 people; they’ve been dealing with litigation over a breach for the last 3 years and it has almost cost them their business.
No. That isn’t a catchy headline. That’s not the kind of clickbait news outlets are going for, but it is infinitely more relevant to a much larger number of business owners.
Now, yes, I made up the company mentioned above, but the overall scenario is based on real events. The cost of even a small breach, in terms of resources, is too great to ignore. And it isn’t just about money. There is a labor cost – someone, or more likely several people, in your office will have to manage the problem on top of what they are already doing. There is reputational damage – while this may not make apple news, word will travel to the people that matter. There is the client trust factor – divulging to a client that you’ve been hacked opens you up to a lot of questions. All these factors leave you very vulnerable, the very thing a small business cannot afford to be.
Now, every time I watch a movie that says, based on real events, the skeptic in me immediately wonders how much creative liberty the writers and directors have taken. Furthermore, Visory has committed to sticking to the facts when it comes to relaying information about cybersecurity, so, I’m not going to leave you with the made-up scenario above. We’ve compiled a few real-world stories from organizations we’ve worked with directly. (Note: names and identifying information has been withheld)
SCENARIO ONE:
The bank contacted a construction company to report suspicious activity on their account.
Here’s what happened:
The business manager, a power user with an all-access pass to their data, gave away their credentials via email, because of a phishing scam. Now, let’s not chastise this business manager. These phishing emails are good…very, very good; this can (and does) happen to the best of us.
The good news: MFA adds a strong second layer of security
They caught it right away and put Multi-Factor Authentication (MFA) in place. Great idea. Multi-Factor-Authentication is an added layer of protection. Typically, a code is sent to your phone via text/SMS before logging in.
What they didn’t know: Hackers already obtained a way in
The hacker used the ill-gotten credentials to forward the IT Manager’s emails to themselves, thus gaining access to the company phone provider. Now they are able to access email and SMS / text messages, rendering MFA useless.
Why this business was targeted: Construction companies are lucrative targets
The purpose of the attack was to intercept a large wire transfer. Large wire transfers are a primary reason construction companies are so attractive to cyber criminals. With email and SMS hijacked, they had the means to all the access they needed. Had the bank not caught the suspicious activity, had this attack been carried out, it would have been a very complex problem, requiring numerous resources and costs.
How to prevent this problem: Good – Better – Best Planning
Good: Multi-Factor Authentication
MFA, would have made it much more difficult for the cyber-criminal to access the business manager’s email.
Better: MFA + Employee Security Awareness Training
By participating in security awareness training, the business manager would have been more likely to spot the fraudulent email.
Best: MFA + Security Awareness Training + Next Gen Filtering
With the addition of next gen mail filtering, the email wouldn’t have ever made it to the business manager’s inbox.
SCENARIO TWO:
Construction company praises cyber-aware team but leaves too much room for human error.
Here’s what happened:
During our conversation with this client, the subject of cybersecurity came up and the controller confidently explains her team is incredibly cyber-aware, very security conscious, very adept at thwarting phishing attempts. We were very impressed and wondered how they know this, how they track it. Well, they forwarded the controller every. single. piece. of suspicious looking email.
Why this is a problem: Lacking efficiency and effectiveness
The sheer loyalty and dedication behind this move should be rewarded 10 times out of 10. However, the lack of efficiency and effectiveness spans a few layers. And with an SMB, we are always working toward efficient and effective, no? Always attempting to do more with less.
First, it is highly unlikely the employees are going to catch every suspicious email, especially if they’ve not had training in how to do so (see employee security awareness training above). Second, it is unlikely the controller is going to be able to dissect and research every one of the emails they do send to the depth that is necessary and with accuracy. Third, the amount of time this takes could be a full-time job in and of itself.
How you prevent this problem: Email filtering
A next gen, robust email filtering program, one that gets smarter over time, was made for this very situation. Efficiency is one of the main reasons to invest in this type of technology; it removes emails and removes garbage, so you don’t ever have to pay attention to it or waste your time.
SCENARIO THREE:
Everyone’s worst nightmare when dismissing an employee.
Here’s What Happened:
We had a client who had scaled back their business and therefore decided to cancel their hosting service and bring everything on premises. In fact, they only had one employee – the controller – accessing their accounting data at this point and the cost didn’t seem justifiable. Completely understandable.
About 18 months later, the controller was dismissed…um…abruptly. Now whether said controller was disgruntled or misinformed, I’m not sure, but the controller proceeded to wipe their company computer clean. Clean. As in all the accounting data, clean.
How this became a bigger problem: Corrupt backup data
The business manager came in and said, “That is okay. We have a backup.” While they did put a backup solution in place, there was either a gap in understanding how that set up worked or how to manage it. All backup data was corrupt. In fact, the most recent back up information they could access was 18 months old. Is your heart in your throat? Well, it gets worse. They had an audit coming up in one month.
How to prevent this: Robust backup & regular testing
The turnover of a critical employee doesn’t have to upend your business. You need a proper back up system and you need to test the recoverability of that backup system on a regular, scheduled cadence.
It is increasingly difficult to write about or discuss cyber protection in a way that doesn’t create fear because the resulting effects of a cyber-attack are difficult. While we mainly hear of a ransom attack where the company may or may not have paid the ransom, we do not hear about the resulting fall out; the resulting layers of time, stress and financial burden. However, that is not our goal. Fear is not a place from which to make good decisions. We simply want you to see a bit of yourself, your business in these stories. We want you to start asking yourself, how would we handle that situation? Are we covered if something like that occurred? We want this to be your sign to start getting educated if you aren’t already; that is the place you want to start.
We’ve got a few pieces that cover the very most fundamental aspects of a cyber-attack. If this information is brand new to you or if you want to see where you stand in terms of knowledge, start here.
If you’d like to see where you currently stand as it relates to cybersecurity, take our short quiz here.
If you’d like to have a conversation and ask a few questions, we’d be happy to help. Whether or not you start with us, it is imperative you start looking at what you need to protect yourself, your organization and your employees.
Active monitoring and implementation of cybersecurity protocols and procedures using leading edge technology keeps your business and your data safe and secure.
Rely on our industry expertise to reduce your IT burden and access the best technology solution to help your business grow.