PCSN

Call Now. We Deliver Inventive Solutions Tailored for SMBs 281-402-2620

pcsn logo
Menu
Follow Us.We Deliver Inventive Solutions Tailored for SMBs

The Cyber Security Crisis

Urgent And Critical Protections We Are Urging All Clients To Have In Place NOW To Protect Their Bank Accounts, Client Data, And Reputation From The Tsunami Of Ransomware

The growth and sophistication of cybercriminals, ransomware and hacker attacks has reached epic levels, and NEW protections are now required. We have created this report to inform our private clients about what’s going on and educate them on new protections we are urging all clients to put in place NOW.

Provided By: PC.Solutions.Net

Author: Nadeem Azhar
5315B Cypress Creek Pkwy #157, Houston, TX 77069
www.pcsn.net | 281-880-0738

Notice: This publication is intended to provide accurate and authoritative information in regard to the subject matter covered. However, no warranties are made. It is provided with the understanding that the author and the publisher are NOT engaged in rendering legal, accounting or related professional services or advice and that this publication contains opinions of its author. This publication is NOT intended as a substitute for specific legal or accounting advice for any particular institution or individual. The publisher accepts NO responsibility or liability for any individual’s decisions or actions made as a result of information or opinion contained herein.

When You Fall Victim To A Cyber Security Breach Due To No Fault Of Your Own, Will They Call You
Stupid Or Irresponsible?

Yes, this is harsh.

 And WE do not believe you are either of those things.

 But if you don’t put in place certain the protections we are recommending in this report and allow hackers gain access to any form of client, patient and employee data via your organization, you will get NO sympathy and will be found “at fault” for not taking the protection of client and employee data seriously.

 You will be labeled “stupid and irresponsible” by others who are impacted by the breach, such as clients, vendors, government officials, competitors and possibly even some of your employees.

 You might think this is crazy, or that it won’t happen to you. But it IS happening in record numbers to millions of organizations, large and small. The FCC reported that theft of digital information has become the most commonly reported fraud, surpassing physical theft. Costs and losses from cyber-attacks are rising due to extended downtime and the sophistication of attacks. And now the Russia-Ukraine war is creating great concern over Russian hackers taking aim at Americans in retaliation for tough sanctions put in place.

 According to Cyber Security Magazine, 61% of all SMBs have reported at least one cyber-attack during the previous year. So WHEN your organization gets hacked (not IF), this giant, expensive, reputation-destroying nightmare will land squarely on YOUR shoulders.

 But it doesn’t end there…

 According to the laws here in Texas, you will be required to report the breach to Texas Attorney General as soon as possible and no later than 30 days after the discovery of the breach.

 Depending on the data you host, you may even be investigated and questioned by authorities and clients alike about what you did to prevent this from happening. If you have not implemented the protections we are outlining in this report, you can be found negligent and may be facing fines and lawsuits. Claiming ignorance is not an acceptable defense.

 If it becomes public, your competition will have a heyday over this. Clients will be IRATE and will take their business elsewhere. Morale will tank and employees may even blame YOU. Your bank is NOT required to replace funds stolen due to cybercrime (go ask them), and unless you have a very specific type of insurance policy for these matters, any financial losses will be denied coverage by your general business liability insurance.

Please do NOT underestimate the importance and likelihood of these threats.

Why We Wrote This Report For Our Clients

Over the last two years, there has been a significant increase in the sophistication, frequency and severity of cybercrime attacks that is not slowing down. The cost per attack has been steadily on the rise and lawmakers and insurance companies have been implementing new and more comprehensive regulations requiring ALL businesses become more diligent about securing and protecting data they host on their network or face stiff fines.

To make matters worse, COVID-19 forced businesses to hastily send their employees to work from home without a plan, which has led to many working in unsecured environments. This has also energized the efforts of this attackers who are rapidly increasing their efforts to take advantage of the situation.

In fact, the FBI reported a fourfold increase in cybercrime during the COVID-19 outbreak and malicious e-mails are up 600%; a trend that has not and will not slow down. This is NOT just “big” companies, but small businesses like yours who are getting attacked.

Therefore, we are reaching out to all of our clients to have a serious discussion about what we need to do now to keep you safe.

An Important Notice To Our Clients About How We Are Changing Our Services To Respond To This Crisis

To prepare you for our discussion, we’ve compiled this report to educate you about what is going on and provide details on why we are making changes to the services we offer.

For clients who are not on a managed services plan, we are highly recommending one. This is the only way we can know for sure you have a fighting chance against a devastating cyber-attack.

For clients who are already on a managed services plan, we’ve recently upgraded our security “stack” and have newer, more effective protections we’re rolling out to those clients. We are taking these on a case-by-case basis and will be making recommendations based on your specific situation and risk tolerance.

Do You REALLY Need Ongoing Monitoring,
Maintenance And Cyber Security Protections?

The biggest challenge we face in protecting our clients is that many stubbornly believe “that won’t happen to me” because they’re “too small” or “don’t have anything a cybercriminal would want.” Or they simply think that if it happens, the damages won’t be that significant. That may have held true 10 to 20 years ago, BUT NOT TODAY.

  • You are correct that most cybercriminals who use ransomware to lock your files do NOT want your files – but they know that YOU DO. Just like a kidnapper, they don’t want the hostage; they know the family does and will pay to get them back safe.
  • SMALL businesses are the #1 target for hackers because they often lack sophisticated cyber security protections.
  • According to a report by CNBC, the average cyber incident costs a small business $200,000. Maybe that’s not a lot of money to you. Maybe you can afford a $200,000 hit. But that’s only the cost of getting the data back and restoring the network and doesn’t take into considering the reputational damages or lost business due to systems being down.

“Not My Company…Not My People…We’re Too Small” You Say?

Don’t think you’re in danger because you’re “small” and not a big company like Experian, J.P. Morgan or Target? That you have “good” people and protections in place? That it won’t happen to you?

That’s EXACTLY what cybercriminals are counting on you to believe. It makes you easy prey because you put ZERO protections in place, or grossly inadequate ones.

Right now, there are over 980 million malware programs out there and growing (source: AV-Test Institute), and 70% of the cyber-attacks occurring are aimed at small businesses (source: National Cyber Security Alliance); you just don’t hear about it because the news wants to report on BIG breaches OR it’s kept quiet by the company for fear of attracting bad PR, lawsuits and data-breach fines, and out of sheer embarrassment.

But make no mistake – small, “average” businesses are being compromised daily, and clinging to the smug ignorance of “That won’t happen to me” is an absolute surefire way to leave yourself wide open to these attacks.

In fact, the National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year – and that number includes only the ones that were reported. Most small businesses are too embarrassed or afraid to report breaches, so it’s safe to assume that number is much, much higher.

Are you “too small” to be significantly damaged by a ransomware attack that locks all of your files for several days or more?

Are you “too small” to deal with a hacker using your company’s server as ground zero to infect all of your clients, vendors, employees and contacts with malware? Are you “too small” to worry about someone taking your payroll out of your bank account? According to Osterman Research, the AVERAGE ransomware demand is now $84,000 (source: MSSP Alert).

It’s also estimated that small business lost over $100,000 per ransomware incident and over 25 hours of downtime. Of course, $100,000 isn’t the end of the world, is it? But are you okay to shrug this off? To take the chance?

It’s NOT Just Cybercriminals Who Are The Problem

Most business owners erroneously think cybercrime is limited to hackers based in China or Russia; but the evidence is overwhelming that disgruntled employees, both of your company and your vendors, can cause significant losses due to their knowledge of your organization and access to your data and systems.

What damage can they do?

  • They leave with YOUR company’s files, client data and confidential information stored on personal devices, as well as retaining access to cloud applications, such as social media sites and file-sharing sites (Dropbox or OneDrive, for example) that you aren’t even aware they were using.

    In fact, according to an in-depth study conducted by Osterman Research, 69% of businesses experience data loss due to employee turnover and 87% of employees who leave take data with them. What do they do with that information? Sell it to competitors, BECOME a competitor or retain it to use at their next job.
  • Funds, inventory, trade secrets, client lists and HOURS stolen. There are dozens of sneaky ways employees steal, and it’s happening a LOT more than businesses care to admit. According to the website StatisticBrain, 75% of all employees have stolen from their employers at some point. From stealing inventory to check and credit card fraud, your hard-earned money can easily be stolen over time in small amounts that you never catch.

    But here’s the most COMMON way they steal: They waste HOURS of time on your dime to do personal errands, shop, play games, check social media feeds, gamble, read the news and a LONG list of non-work-related activities. Of course, YOU are paying them for a 40-hour week, but you might only be getting some of that. Then they complain about being “overwhelmed” and “overworked.” They tell you, “You need to hire more people!” so you do. All of this is a giant suck on profits if you allow it. Further, if we don’t put in place web security filtering to limit what sites they can visit (and we certainly do have this for many clients), they could do things that put you in legal jeopardy, like downloading illegal music and video files, visiting adult-content websites, gaming and gambling – all of these sites fall under HIGH RISK for viruses and phishing scams. (IMPORTANT: We now have solutions to prevent this that we are rolling out to clients who want to stop this from happening to them.)

  • They DELETE everything. A common scenario: An employee is fired or quits because they are unhappy with how they are being treated – but before they leave, they permanently delete ALL their e-mails and any critical files they can get their hands on. If you don’t have that data backed up, you lose it ALL. Even if you sue them and win, the legal costs, time wasted on the lawsuit and on recovering the data, not to mention the aggravation and distraction of dealing with it all, is a far greater cost than what you might get awarded, might collect in damages. (IMPORTANT: For all Tech~Res we are confident we could get the data back; but for clients who are not under that plan, or who do not have our backup solution, you are vulnerable to this.)

Do you really think you are immune to any or all of this happening to you?

Then there’s the threat of vendor theft. Your payroll, HR and accounting firm have direct access to highly confidential information and a unique ability to commit fraud. THEIR employees, not just the leadership team, can steal money, data and confidential information. All it takes is a part-time employee – perhaps hired to assist in data entry during tax season, and who is not being closely supervised or is working from home on routine tasks with your account – to decide to make a little money on the side by selling data or siphoning funds from your account.

What Do Other CEOs In Houston Say?

“Before switching to PCSN we were having issues with breaches and spending countless hours on machine cleanups. Now we save over $260,000 every year not having to do all that!” TS – President – Retail Business

“Not only did PCSN safeguard our property and our clients’ data but also helped position us for an acquisition as part of the partners exit strategy.” GK – Partner – Professional Service Business

“I’m a very security conscious person, I even hide typing my password when other people are around. I wouldn’t trust anyone but PC.Solutions.Net when it comes to our network and business operations.” DM – President – Wholesale Business

Exactly How Can Your Company Be Damaged By Cybercrime?
Let Us Count The Ways:

IMPORTANT: Clients who are on our Tech~Res plan DO have protections in place to greatly reduce the chances of these things happening, and the severity and impact if they get compromised. You should also know there is absolutely no way we, or anyone else, can 100% guarantee you won’t get compromised – you can only put smart protections in place to greatly reduce the chances of this happening, to protect data so it IS recoverable and to demonstrate to your employees, clients and the lawyers that you WERE responsible and not careless.

You should also know we are actively reviewing ALL clients’ networks and specific situations to recommend NEW protections we feel you should have in place.

  1. Loss Of Clients And Revenue: There are a growing number of cyber security compliance regulations that ALL businesses, regardless of size, must comply with. Because of this, many of your clients, patients and customers may start asking about your “security posture” and what cyber protections you have in place before doing business with you.

    For example, Department of Defense contractors must be CMMC (Cybersecurity Maturity Model) certified in order to keep government contracts. If they fail to meet the requirements, they lose that government agency as a client (their contract).

    All health care providers, and/or any businesses that handle sensitive medical data such as health insurance companies, or medical data clearing houses, must be HIPAA compliant. However, they also must ensure any vendors they transact with (called “business associates”) are also HIPAA compliant. If vendors refuse to follow HIPAA security protocols, they will lose clients who cannot risk overlooking their lax security.

    While YOU might not be worried about your data and YOU might be willing to take the risk, your clients ARE worried about their data and the information you host. A breach on you could result in them being impacted directly or by association – and many will find another vendor rather than take the risk.

  2. Denial Of Insurance Claims: With ransomware attacks on the rise, insurance premiums have skyrocketed by 50% to 100% (doubling) according to TechTarget’s article on cyber insurance premiums. Worse yet, many insurance companies have “failure to follow” exclusions in their policies which allow them to deny benefits due to claims arising from inadequate security standards. Simply put, if you state you use 2FA in your insurance application and it’s later found you do NOT have that active on all machines, your claim could be denied, leaving you to pay for all the damages and losses.

  3. Reputational Damages: What’s worse than a data breach? Trying to cover up the fact that you were negligent or lax about security. With Dark Web monitoring and forensics tools, where and how data gets breached is easily traced back to the company and website, so you cannot hide it.

    When you get hacked, do you think your [clients/patients] will rally around you? Have sympathy? News like this travels fast on social media. They will demand answers: HAVE YOU BEEN RESPONSIBLE in putting in place the protections outlined in this report, or will you have to tell your clients, “Sorry, we got hacked because we didn’t think it would happen to us,” or “We didn’t want to spend the money.” That will not be sufficient to pacify them and the trust you’ve worked so hard to build will be destroyed.

  4. Government Fines, Legal Fees, Lawsuits: Breach notification statutes remain one of the most active areas of the law. Right now, several senators are lobbying for “massive and mandatory” fines and more aggressive legislation pertaining to data breaches and data privacy. The courts are NOT in your favor if you expose client data to cybercriminals.

    Don’t think for a minute that this applies only to big corporations: ANY small business that collects customer information also has important obligations to its customers to tell them if they experience a breach. In fact, 47 states and the District of Columbia each have their own data breach laws – and they are getting tougher by the minute.

    If you’re in health care or financial services, you have additional notification requirements under the Health Insurance Portability and Accountability Act (HIPAA), the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA). Among other things, HIPAA stipulates that if a health care business experiences a breach involving more than 500 customers, it must notify a prominent media outlet about the incident. The SEC and FINRA also require financial services businesses to contact them about breaches, as well as any state regulating bodies.

    One of the things we want to discuss with you is how to ensure you are and stay compliant.

  5. Cost, After Cost, After Cost: ONE breach, one ransomware attack, one rogue employee you are not protected against, can create HOURS of extra work for staff who are already maxed out when things are going well. Then there’s business interruption and downtime, backlogged work delivery for your current clients. Loss of sales. Forensics costs to determine what kind of hack attack occurred, what part of the network is/was affected and what data was compromised. Emergency IT restoration costs for getting you back up, if that’s even possible. In some cases, you’ll be forced to pay the ransom and maybe – just maybe – they’ll give you your data back. Then there are legal fees and the cost of legal counsel to help you respond to your clients and the media. Cash flow will be significantly disrupted, budgets blown up. Some states require companies to provide one year of credit-monitoring services to consumers affected by a data breach and more are following suit.

    It’s estimated that the cost per lost or stolen record is between $150 to $225 per record compromised, after factoring in IT recovery costs, lost revenue, downtime, fines, legal fees, etc. How many client records do you have? Employees? Multiply that by $150 on the conservative side and you’ll start to get a sense of the costs to your organization. [NOTE: Health care data breach costs are the highest among all sectors.]

  6. Bank Fraud: If your bank account is accessed and funds stolen, the bank is NOT responsible for replacing those funds. Take the true story of Verne Harnish, CEO of Gazelles, Inc., a very successful and well-known consulting firm, and author of the best-selling book The Rockefeller Habits.

    Harnish had $400,000 taken from his bank account when hackers were able to access his PC and intercept e-mails between him and his assistant. The hackers, who are believed to be based in China, sent an e-mail to his assistant asking her to wire funds to 3 different locations. It didn’t seem strange to the assistant because Harnish was then involved with funding several real estate and investment ventures. The assistant responded in the affirmative, and thehackers, posingas Harnish, assured her that it was to be done. The hackers also deleted his daily bank alerts, which he didn’t notice because he was busy running the company, traveling and meeting with clients. That money was never recovered and the bank is not responsible.

    Everyone wants to believe “Not MY assistant, not MY employees, not MY company” – but do you honestly believe that your staff is incapable of making a single mistake? A poor judgment? Nobody believes they will be in a car wreck when they leave the house every day, but you still put the seat belt on. You don’t expect a life-threatening crash, but that’s not a reason to not buckle up. What if?

  7. Using YOU As The Means To Infect Your Clients: Some hackers don’t lock your data for ransom or steal money. Often they use your server, website or profile to spread viruses and/or compromise other PCs. If they hack your website, they can use it to relay spam, run malware, build SEO pages or promote their religious or political ideals. (Side note: This is why you also need advanced endpoint security, spam filtering, web gateway security, SIEM and the other items detailed in this report, but more on those in a minute.)

    To be clear, clients under our Tech~Res plan would be protected against THIS from happening.

Here Is Our Current List Of Recommended Solutions
We Feel ALL Clients Should Have In Place

Below is a list of things we recommend all clients have in place ASAP. We are also working to implement better tools, protocols and documentation, and will be sharing these updates with you as they come available, and in our Quarterly Technology Reviews for clients on our Tech~Res plan.

  • QBRs Or Quarterly Business Reviews And Security Risk Assessments: We will be more persistent in scheduling and holding these meetings with [all clients]. During these consultations, we will conduct a security risk assessment and provide you with a score. We will also brief you on current projects, review your IT plan and budgets, discuss NEW tools and solutions we feel you may need and make recommendations. We will also answer any questions you have and make sure you are satisfied with our services. This is part of our vCIO role that every Tech~Res customer gets.

  • Proactive Monitoring, Patching, Security Updates: This is what we deliver in our Tech~Res Managed IT Services Plan. Specifically, we not only use automated methods to patch and scan machines but when automated methods fail (they often do) our NOC (network operations center) and SOC (security operations center) teams jump in to perform manual remediation.

  • Insurance Review: At least once a year, we will provide you with a copy of our policies and protections for YOU. We can also work with your insurance agent to review your cyber liability, crime and other relevant policies to ensure we, as your IT company, and you as a company are fulfilling their requirements for coverage.

  • [NEW!] Data Breach And Cyber-Attack Response Plan: This is a time- and-cost-saving tool as well as a stress-reduction plan. We will be working with our clients to create and maintain a cyber-response plan so that IF a breach happens, we could minimize the damages, downtime and losses, and properly respond to avoid missteps.

  • Ransomware-Proof Backup And Disaster Recovery Plan: Hackers know you have backups in place, so they construct their attacks to corrupt and lock BACKUP files as well. That’s why we are insisting clients upgrade to our backup solution.

  • A Mobile And Remote Device Security Policy: All remote devices – from laptops to cell phones – need to be backed up, encrypted and have a remote “kill” switch that would wipe the data from a lost or stolen device. You also need to have a policy in place for what employees can and cannot do with company-owned devices, how they are to responsibly use them and what to do if the device is lost or stolen.

  • More Aggressive Password Protocols: Employees choosing weak passwords are STILL one of the biggest threats to organizations. To protect against this, we will require a monthly password update for all employees and put in place controls to ensure weak, easy-to-crack passwords are never used. We will also have checklists for employees who are fired or quit to shut down their access to critical company data and operations. This is part of the process for our Tech~Res clients.

  • [NEW!] Advanced Endpoint Security: There has been considerable talk in the IT industry that traditional antivirus is dead, unable to prevent the sophisticated attacks we’re seeing today. That’s why we are recommending all clients UPGRADE to Cyb3r-x security service.

  • Multi-Factor Authentication: Depending on your situation, we will be recommending multi-factor authentication for access to critical data and applications.

  • Web-Filtering Protection: Porn and adult content is still the #1 thing searched for online, and online gaming, gambling and file-sharing sites for movies and music are sites you do NOT want your employees visiting during work hours on company-owned devices. If your employees are going to infected websites, or websites you DON’T want them accessing at work, they can not only expose you to viruses and hackers, but they can also get you nailed for sexual harassment and child pornography lawsuits – not to mention the distraction and time wasted on YOUR payroll, with YOUR company-owned equipment.

  • [NEW!] Cyber Security Awareness Training: Employees accidentally clicking on a phishing e-mail, downloading an infected file or malicious application is still the #1 way cybercriminals hack into systems. Training your employees FREQUENTLY is one of the most important protections you can put in place. Seriously. We have several new solutions we can discuss with you to inform and remind your employees to be on high alert and reduce their likelihood of clicking on the wrong e-mail or succumbing to other scams.

  • Protections For Sending/Receiving Confidential Information Via E-mail: Employees have access to a wide variety of electronic information that is both confidential and important. That’s why we’ll be ensuring all clients’ e-mail systems are properly configured to prevent the sending and receiving of protected data.

  • Secure Remote Access Protocols: You and your employees should never connect remotely to your server or work PC using GoToMyPC, LogMeIn or TeamViewer. Remote access should strictly be via a secure VPN (Virtual Private Network). For our clients who need this type of access, we will be implementing proper technologies that are secure.

  • [NEW!] Dark Web/Deep Web ID Monitoring: There are new tools available that monitor cybercrime websites and data for YOUR specific credentials being sold or traded. Once such breaches are detected, it notifies you immediately so you can change your password and be on high alert.

Our Preemptive Cyber Security Risk Assessment Will Give You The Answers You Want, The Certainty You Need

Over the next couple of months, we will be conducting FREE Cyber Security Risk Assessments for all of our clients.

Here’s How It Works: We will conduct a thorough, CONFIDENTIAL investigation of your computer network, backups and security protocols as outlined in this report. Your time investment is minimal: One hour for the initial meeting and one hour to go over our Report Of Findings.

When this Risk Assessment is complete, we will give you a Risk Assessment Health Score and provide you a recommended IT maintenance plan to put protections in place and then maintain them to avoid you being a “sitting duck” for cybercriminals.

If you have not booked this appointment yet, please go online here to do it now:

https://pcsn.net/riskassessment

Please…Do NOT Just Shrug This Off
(What To Do Now)

If you have scheduled an appointment scheduled, you don’t have to do anything but be sure to show up, ready with any questions you might have.

If you have NOT scheduled a Risk Assessment, call us at 281-402-2620 or send me an e-mail to nadeem@pcsn.net. You can also go online to pcsn.net/riskassessment and book online.

I know you are extremely busy and there is enormous temptation to discard this, shrug it off, worry about it “later” or dismiss it altogether. That is, undoubtedly, the easy choice…but the easy choice is rarely the RIGHT choice.

This I can guarantee: At some point, you will have to deal with a cyber security “event,” be it an employee issue, serious virus or ransomware attack.

We want to make sure you are brilliantly prepared for it and experience only a minor inconvenience at most. But if you wait and do nothing and ignore our advice, I can practically guarantee this will be a far more costly, disruptive and devastating disaster.

You’ve spent a lifetime working hard to get where you are today. Let us help you protect and preserve it. Give you complete peace of mind.

Dedicated to serving you,

Nadeem Azhar
Web: www.pcsn.net
E-mail: nadeem@pcsn.net
Direct: 832-800-4083

Here’s What Our Managed Clients Are Saying:

“We Saved Over $250,000 On Our IT Costs… Amazing!”

Liz Kirby“When PC.Solutions.Net recommended we move to cloud computing instead of spending a lot of money to upgrade our network, I was a bit concerned – but when I saw how much money we were going to save, I decided to go for it. I’m very happy we did. Not only did I not have to purchase new workstations, laptops and a server, but our licensing costs are down and employees are able to work remotely much easier. I wish I had done this sooner. Plus, PCSN’s tech support has been great. We really haven’t had any major issues, but if we do, they’re right on it, getting it resolved. I’d highly recommend them to anyone looking to save money on IT… and who doesn’t want to do that?” – Liz Kirby, Partner, Select Insurance Markets.

“I trust PCSN and Nadeem, they’ve steered me right even when they didn’t make money!”

“Bubbles has been using Nadeem’s Bill Lawrencecompany for over 5 years, actually I found him via a Microsoft referral and later found out his wife used to work for us a while back! PCSN recommended to us that we move to cloud based email and get rid of the in-house Exchange server and I’m glad we did. The overhead of maintaining an Exchange server is gone but we still have full access to the back-end systems to run our operations. I would recommend PCSN, these guys know what they are doing! Most IT techs leave a mess behind but PCSN keeps a clean environment inside and outside the network.” – Bill Lawrence, CEO, Bubbles Enterprises