How Miami Industry Can Easily Eliminate Tech Problems In Their Business.

Now more than ever, we rely on technology to run our businesses and our lives. When the “Internet goes down,” most businesses come to a standstill until they are back online, costing thousands in lost productivity and sales. A perfect example would be the AT&T outage that happened a few weeks ago, when an estimated 1.7 million customers, including small business owners, lost service. No phones, no Internet. Could you afford your business being down for minutes, hours or even days? The answer is likely no.

Downtime is one-way bad IT support can disrupt your business, but it’s not the ONLY issue. Big problems like recovering deleted files, removing malware, and constantly monitoring and patching your network, and small irritations like getting file access, resetting forgotten passwords and repairing broken printers, can stack up over time and affect productivity.

That is why you must have a way to get back up and running quickly should something happen – or even a way to ELIMINATE tech problems before they start.

Unfortunately, paying through the nose for IT that can’t troubleshoot its way out of a paper bag is more common than you’d hope. These so-called “IT Wizards” who promised you top-notch support for bargain-basement prices are sitting around using their magic wands as backscratchers, waiting for YOU to let THEM know something has gone wrong. It must stop. That’s why we’ve put together a list of fundamental and necessary requirements that ANYONE who’s working on your network should meet.

Check off all that apply:

• Does your IT company answer their phone LIVE and respond to emergencies promptly (within 10 minutes)?
   
• Is your IT company easy to reach and highly responsive (responding within an hour) when you need them for non-emergencies?
   
• Do you know if your IT company proactively monitors, patches, and updates your computer network’s critical security settings daily? Weekly? At all? How do you know for sure? Hint: Most don’t!
   
• Does your IT company offer proof that they are backing up ALL your data, laptops, and devices?
   
• Does your IT company meet with you regularly (at least once a quarter) to report on what they’ve been doing, review projects and offer new ways to improve your network’s performance instead of waiting until you have a problem to make recommendations?
   
• Does your IT company provide detailed invoices that clearly explain what you are paying for?
   
• Does your IT company explain what they are doing and answer your questions in terms you can understand, NOT in “geek-speak,” and routinely ask if there’s anything else they can help with, no matter how small?
   
• Does your IT company proactively discuss cybersecurity with you, make recommendations for protecting your network from ransomware and offer training videos so your employees don’t fall victim to a scam?
   
• Has your IT company provided you with complete network documentation or do they hold the “keys to the kingdom,” refusing to give you admin passwords, so you’re totally helpless if something goes wrong and you can’t get a hold of them?
   
• Do techs arrive on time and dress professionally, and do you look forward to working with them, or do you cringe every time you have to make that call?

If your current IT company, technician or “IT guy” does NOT check the boxes on every point, you could be – and most likely are – paying for substandard support.

This oversight could not only jeopardize your data and your network’s security but also cost you thousands in lost productivity because you and your employees are spending time dealing with problems that shouldn’t exist, but if something goes awry, you’re going to be the one everyone blames.

If that’s the case, then it’s time you see what else is out there and make sure you’re getting what you pay for. Anything less is a liability to your business.

To schedule a free 10-minute discovery call to see how we can get rid of your tech issues, go to  https://virtualitmanagers.com/or call us at 305-574-2169. 

Suspect Your Computer Has Been Hacked? Do These 5 Things Now!

The initial reaction when you suspect your computer or network has been compromised is to panic. However, if your network has been breached, what you do next can make the difference between the incident being a minor inconvenience and being a devastating disaster that brings legal trouble and huge fines and halts your ability to do business.

In today’s article, we’ve consulted our cybersecurity experts on the top signs of an affected computer and the five steps you need to take as soon as you notice your network has been compromised to prevent as much irreversible damage as possible.

Signs Of An Issue

According to IBM’s latest cybersecurity report, the average data breach goes 277 days before it’s noticed and reported. This time frame sounds crazy considering that attacks using malware, viruses, keylogging tools and more can cause a considerable amount of damage very quickly, but most users miss the warning signs and don’t realize they’re under attack until irreversible damage has occurred.

Several of the biggest indicators of an issue can be mistaken for a slow or outdated computer or operating system. If you experience any of these issues, it’s a good idea to contact your IT team. If it’s an attack, they’ll know the proper steps to take, and if it’s not, they’ll be able to update your system or replace your device to improve performance. Here are a few key signs your computer could be infected:

• Slow computer or network performance
• Frequent freezes or sudden crashes
• Rapid pop-ups
• Locked user accounts
• Sudden and unexpected file changes
• Abnormal system behavior, such as the device continuing to run after a shutdown.
• Unusual account activity

What To Do Next

If you’re experiencing any of these issues, the next steps you take are important. Here is what our team of experts recommends:

1. Take the network offline to isolate the incident, but DO NOT turn off the device or reboot it.

When a device isn’t working the way, it should, the go-to move is to hit Restart. In many scenarios, that maneuver can work; however, if malware is involved, this simple act can make the situation worse. In some circumstances, rebooting your device can set in motion a crashed file-encryption process that can cause unrecoverable data loss. Disconnect your device from the network but allow it to remain on as you move through the next steps.

2. Call your IT team IMMEDIATELY.

It’s important to contain the breach before it infects the rest of your network or causes any more damage. Your IT team will be able to investigate the issue to determine what went wrong and what the impact was and mitigate the breach quickly. Do not try to fix this on your own. Attempting to run a “system cleanup” or your antivirus software will waste time and could cause more damage. Call in the experts.

3. Call your attorney.

There are several reasons to call your attorney. Depending on the size of the breach, your attorney may refer you to outside legal counsel with privacy and data security expertise who can advise you on the federal and state laws that may be implicated by the data breach.

4. Change passwords and secure all accounts.

As the IT team is working on containing the breach, you’ll want to change your passwords to protect any of your other accounts that may not have been affected yet. Hopefully you have multifactor authentication enabled and will be notified if someone tries to access your account, but if not, begin working through your accounts to secure them, starting with ones that contain financial information like credit card numbers, Social Security numbers and more.

5. Check your bank accounts.

Nearly all cyber-attacks are financially motivated, making bank accounts the primary target. As the breach is being mitigated, check your bank accounts and payment processing tools, including third-party merchant accounts and employee payroll systems, for any anomalies or sudden changes.

If you’re hit by a cyber-attack, there will be a list of other steps to take, like implementing a PR communications plan, notifying appropriate parties such as law enforcement and more. The most important thing you can do if a data breach occurs is to isolate the incident and hand it over to a qualified cybersecurity professional as soon as possible. Time matters in these situations.

If you need a reliable, trustworthy cybersecurity team monitoring your business, start with a FREE Cyber Security Risk Assessment. These assessments are designed to thoroughly examine your network to pinpoint any vulnerabilities and map out a plan to fix them. It is much more cost-effective to prevent a cyber-attack than to fix one, so book your assessment today by clicking here or go to https://virtualitmanagers.com/free-network-analysis-and-security-assessment/

Also calling our number (305)574-2169.

Financial Advisor Loses $50K To A Scammer

Horror stories of people getting scammed out of hundreds or even thousands of dollars aren’t in short supply. As we scroll through the news app from the comfort of our couch, reading these accounts of how a stupid so-and-so opened an obviously suspicious attachment and a hacker drained their bank account, it’s easy to say things like “I’d never fall for that!” But would you?

The sobering truth is that, under the right conditions and with the right threat, anyone can fall victim to a financially devastating scam. This reality was recently demonstrated when a finance guru, someone armed with enough financial acumen to publicly advise others, lost $50,000 to a scammer pretending to be a CIA agent.

Charlotte Cowles, a seasoned financial advice columnist for New York Magazine’s digital fashion news site, The Cut, wrote a first-person account of how she boxed up $50,000 in cash in a shoebox, walked it out to the sidewalk in front of her house and willingly handed it over to an unknown person in a white Mercedes SUV. Looking back, she was humiliated that she couldn’t see the red flags, but the way these criminals intricately plotted every step would have convinced most people.

I suggest giving her detailed story a read, but to give you the nutshell version, this elaborate scam started early in the day when a woman from “Amazon’s customer service” called to inquire about unusual activity on Charlotte’s account. The woman told her this has been a frequent issue for the company, provided a case number ID and recommended Charlotte check her credit cards immediately. She shared that the issue was so prevalent that the company was working with a liaison at the Federal Trade Commission and offered to refer her to him for additional assistance.

Once connected, the FTC agent provided his badge number for reassurance and a direct number to reach him and confirmed personal details like her full name and Social Security number. Convincing, right? That’s when things took a turn. The agent shared that he had been following her case for some time, and to date, there were 22 bank accounts, nine vehicles and four properties registered under her name. The bank accounts had wired more than $3 million overseas, mostly to Jamaica and Iraq, and he wondered if she could tell him anything about this.

This crazy scheme escalated from there. The agent texted her a photo of her ID, claiming it had been found in a car rented under her name that was abandoned on the southern border of Texas with blood and drugs in the trunk and was linked to an even bigger drug raid. He told her there were warrants out for her arrest in multiple states and that she was facing heavy charges of cybercrime, money laundering and drug trafficking.

She frantically googled her name, looking for any warrants. Nothing. Sensing her rising discomfort, he asked if she had recently used public Wi-Fi. She had at the airport. “Ahh…” he said, “that’s how most of these things start.”

As she texted her husband that she was in serious trouble, the agent offered her a solution, but she could tell no one. Everyone was a suspect, and they were watching her every move. The agent said her laptop was hacked, her home was being watched and they could even see her two-year-old son playing in the living room right now. At the mention of her son, she was all in to resolve the problem. Sadly, you know the heartbreaking ending of the story. She drained her savings and hand-delivered it in a floral-printed shoebox to the scammer.

Here’s the real kicker: if Cowles, armed with financial acumen and a journalist’s skepticism, can be led astray, what chance do the rest of us stand? It’s a digital Wild West out there, folks, and the outlaws are on the prowl, looking for their next big score. This tale isn’t just a wake-up call – it’s a blaring siren for small business owners everywhere. If you think you’re too smart to get scammed, think again, because it’s happening all the time.

When Charlotte began to share her story, everyone seemed to know someone who had gone up against a scammer and lost. One friend’s criminal-defense-attorney father had been scammed out of $1.2 million. Another was a real estate developer duped into wiring $450,000 to someone posing as one of his contractors. Even a Wall Street executive, who had been conned into draining her 401(k) by a guy she met at a bar. These stories are everywhere.

Cybersecurity cannot be ignored. With the AI tools available, scams are becoming more and more difficult to identify. If you want to protect yourself, your family, and your business, you absolutely MUST take your security seriously. Every day, hackers are buying and selling personal information, like Charlotte’s Social Security number, on the dark web to hackers who will use it to run scams just like this one. You or your loved ones could be next.

This ISN’T meant to scare you, although it should; it’s meant to educate you and give you the upper hand to go up against these criminals. To protect what’s yours. The best way we can help is to offer a FREE Cyber Security Risk Assessment. We’ll do an in-depth evaluation of your network’s security system, including scanning the dark web for leaked information, and provide you with a comprehensive report of what you need to do to be secure.

You can book your Assessment with one of our experts for FREE by going to: [link] https://virtualitmanagers.com/free-network-analysis-and-security-assessment/ or calling (305)574-2169.

Top Tax Scams Every Business Owner Needs to Watch Out for in 2024

Tax season is around the corner, which means so are tax scams. Without fail, every year, individuals and business owners alike fall victim to tax scams, resulting in the loss of substantial amounts of money and sensitive personal data. According to the Better Business Bureau, taxpayers lost $5.7 billion due to tax scams and fraud in 2022 alone. In today’s article, you’ll discover the top scams you need to be on the lookout for to reduce your chances of becoming these scammers’ next victim.

The IRS has specific methods of contacting you.

One way to lessen your chances of falling for Internal Revenue Service scams is to know how the IRS will contact you. Per the IRS website, the IRS will not initiate communication with taxpayers through e-mail, text messages or social media platforms for the purpose of soliciting personal or financial information. The IRS’s main method of communication is physical mail; however, if they’re unable to reach you via mail, they may initiate a phone call. If this is the case, they will still try not to solicit any personal or financial information over the phone, and they will never threaten you or demand payment. If you’re second-guessing anything you receive, you can check out this article to help you figure out if it’s really the IRS contacting you.

Here are the top scams to keep an eye on this tax season

The Refund Scam

The Internal Revenue Service has issued a warning to taxpayers regarding a scam designed to deceive individuals into believing they are entitled to a refund. This is often the most common scam that we see happen every year.

In this scheme, recipients receive a formal notification, usually a letter, stating that they have an “unclaimed refund” available. There are variations of this, including one scam that uses a cardboard envelope from what looks to be a certified delivery service and bears the IRS logo.

Similar to many scams, the deceptive letter provides contact information and a phone number that is in no way affiliated with the IRS. What sets this scheme apart is its request for various sensitive personal details from taxpayers, including detailed images of driver’s licenses. Identity thieves seeking to get ahold of tax refunds and other confidential financial data can exploit such information. Stay vigilant and be cautious of such misleading communications. If something seems off, it probably is.

Identity Theft

If cybercriminals are able to get access to your personal information, they can file a fake tax return on your behalf and potentially collect a refund payment. The IRS recently shared that more than 1 million tax returns were flagged last year for possible identity theft.

One tool to prevent tax ID theft is to apply for an Identity Protection PIN from the IRS before you file your return. It’s also good to file early before criminals have a chance, and if you get a notice about an alleged “duplicate tax return” or a notice saying that additional taxes are owed, contact the IRS directly as soon as possible.

The ERC Scam

The Employee Retention Credit (ERC), sometimes called the Employee Retention Tax Credit, or ERTC, is a refundable tax credit against certain employment taxes. The IRS and tax professionals continue to see aggressive broadcast advertising, direct mail solicitations and online promotions involving the ERC. While the credit is real, aggressive promoters are misrepresenting and exaggerating who can qualify for the credit.

This has led the IRS to issue many warnings about ERC schemes from third-party promoters that charge large up-front fees or a fee based on the amount of the refund. These promoters may fail to inform taxpayers that they must reduce wage deductions claimed on the business’s federal income tax return by the amount of the credit.

Businesses, tax-exempt organizations and others thinking about applying for the ERC need to carefully review the official requirements for this credit before they claim it.

The “Impact Payment” Scam

As you prepare to collect the required documents for filing your 2023 return, be aware of a new online scam circulating. This scheme involves an e-mail displaying the IRS logo and addressing the “third round of economic impact payments,” deeming it an “important matter concerning your recent tax return filing.”

The e-mail asserts that certain inconsistencies or missing information have been identified and assures recipients that a refund of $976 awaits them upon submission of the required document. Notably, there’s a button labeled “complete my information,” but IRS Media Relations Specialist Robert Marvin urges you not to click it.

The “Additional Information Needed” Scam

If you receive an e-mail from the IRS requesting that you submit a tax form, proceed with caution. While there are legitimate forms that taxpayers may be required to complete (such as the W-9 for freelancers and W-4 forms for employees), these are typically directed to companies and do not go directly to the taxpayer from the IRS.

To steer clear of potential scams, it is recommended to disregard such messages and promptly report the fraud to the IRS. It’s important to note that the IRS does not initiate contact via e-mail, and any solicitation for forms through this is indicative of fraudulent activity.

Another Tax Agency Scam

Scammers may adopt the appearance of legitimate or fictitious tax agencies when making phone calls. Instances include impersonating entities like the Taxpayer Advocate Service or the nonexistent Bureau of Tax Enforcement.

While the Taxpayer Advocate Service is a legitimate entity, it does not initiate unsolicited calls to taxpayers. On the other hand, the Bureau of Tax Enforcement is not a genuine organization.

Exercise caution and skepticism toward unsolicited calls alleging to be from government agencies. Obtain a reference number, if possible, terminate the call and initiate a return call using an officially verified phone number. This practice helps protect against potential scams.

Be Smart and Protect Yourself

The tax season often sees a surge in scams, but with some vigilance identifying an IRS imposter and protecting your finances and sensitive data becomes possible.

To enhance protection and mitigate the risk of identity theft, it is recommended to file your taxes early. Early filing reduces the window for scammers to impersonate you. When hiring a tax preparer, conduct thorough vetting and be wary of those promising substantial refunds without prior access to your information. For an added layer of security and peace of mind, explore a fraud protection service.

Cybercriminals never take a break. Tax scams are only one way they’re trying to steal your information and money. It’s important to have a full cyber security system in place to make sure your organization is protected at every possible entry point. We recommend getting a FREE third-party security assessment. Our team of experts will examine your entire network for vulnerabilities and help you map out a plan to fix them. In all the years we’ve been doing this, we’ve always found something.

To schedule your no-obligation assessment for your peace of mind, click here.

Or go to: https://virtualitmanagers.com/free-network-analysis-and-security-assessment/

6 Common Technology Problems Small Business Owners Face

Technology can provide a strategic advantage for companies in every industry when properly utilized. However, one of the biggest issues small business owner’s faces is overcoming some of the common tech obstacles that hinder productivity. These issues can range from minor inconveniences to serious threats that can permanently shut down a business.

In today’s blog, we’ve outlined 6 of the most common technology problems small business owners deal with on a regular basis and how you can either avoid or resolve them.

1. Failing to Meet Industry-Specific Compliance Requirements

Many industries have specific regulatory compliance requirements that define how companies must organize and protect data. Common examples you might be familiar with include HIPAA, which regulates electronic medical data in the health care industry; FFIEC, GLB and SEC in the financial services industry; and CMMC for companies that work directly or indirectly with the Department of Defense.

For a small business owner wearing many hats, it can be difficult to keep up with the latest compliance requirements, especially if you don’t have an IT or cyber security employee on staff. Missing a requirement cannot only lead to hefty fines and legal issues but it can also incidentally leave you vulnerable to a cyber-attack.

The best thing you can do is work with a managed services provider (MSP) that has experience in compliance for your specific industry. While compliance is not the same as cyber security, the two overlap, and an experienced provider will be able to help you bridge the gap, so you’re protected and meeting any mandatory requirements.

Click here to get a FREE Network Assessment so you’ll know if you’re currently missing any mandatory compliance requirements for your organization.

2. Lack of Strategic IT Planning

One of the biggest issues we see is a disjointed relationship between the business leaders in the organization and the IT team. In this digital age, technology is an integral part of how a business operates. When business leaders, who tend to see the larger picture, loop in IT professionals, they can make informed decisions about what technology to deploy to make long-term growth and scalability easier and more efficient.

Several areas in which your IT team should act as a strategic advisor are:

• Optimizing business operations to streamline processes and improve productivity.
• Selecting the best line of business software
• Upgrading old or outdated hardware and software
• Implementing cyber security best practices
• Deploying cost-effective and scalable cloud solutions
• Creating a predictable IT budget that doesn’t rely on break-fix solutions.

3. Inadequate Cyber Security Protection

Cyber security risks become more advanced every year. Decisions about cyber security should not be solely left to the IT department. These are business decisions that need to be made with the buy-in of the leadership team because failing to have a robust cyber security system and becoming the victim of a cyber-attack can be detrimental to a business. There are trade secrets, confidential communications, customer data and employee records that are stored on your company’s devices that you can’t afford to have fall into the wrong hands.

Work with your IT team to deploy a three-pronged approach that includes:

Prevention Strategies: Do you have the right software and solutions in place, such as antivirus, firewalls, MFA, etc., to protect your organization from an attack? Are you regularly training employees on the latest threats and how to identify them?

Detection Mechanisms: This is a key piece that most small businesses neglect, which leaves them vulnerable. Do you have a process in place for detecting a breach, or would it go unnoticed until it’s a bigger problem? You should be conducting regular scans and monitoring, as well as employing endpoint detection and response tools.

Response And Recovery Action Steps: Do you have a plan in place if something goes wrong? Would your employees know what to do? You need to have an IT team supporting you that can identify and mitigate any issues quickly before the damage can’t be undone. Leaders in the organization should take this seriously.

4. Poor User Support

If your employees are struggling with their technology all day, productivity will decrease. Using slow, outdated devices and software can be frustrating for employees, leaving them feeling less motivated and hindering their output. It’s even worse when you have unreliable technical support following the “get to it when we get to it” approach.

With the right IT team, whether that’s in-house staff, outsourced support or, more commonly, a combination of both, you can trust that an experienced technician with the tools and knowledge to quickly assist employees and solve problems will always be available to help.

5. Poor User Asset Management

Managing access to various levels of data for each employee can be tedious and overwhelming in larger organizations. IT professionals can take on the role of managing and monitoring user access so that no one has access to data they don’t need, security policies are enforced, and accounts are constantly monitored for anomalies.

They can also assign new users, make changes to existing accounts, delete accounts, add remote users, set permissions on how employees can access the network and more. This is particularly important when it comes to offboarding employees. Whether the employee is leaving on good terms or not, removing data access from someone who has access to sensitive information can be risky and needs to be handled with care.

6. Lack of Training

As mentioned, making sure your employees know how to use technology efficiently is paramount to productivity, but it’s also important for security reasons. All employees should regularly go through cyber security training to ensure they understand and are following best practices.

This is typically not the role of the business leaders in the company. Most often, they need refresher courses too. When you work with a reliable IT team, they’ll be able to regularly inform team members of new threats and what to look out for, run phishing simulations to test employees on whether or not they know what to do and more. One training session is NOT enough! To build a cyber security–focused culture, you need to talk about it often.

Is it time to solve your IT problems once and for all?

We have your back. To get started, book a FREE, no-obligation Network Assessment. We’ll review your systems using our Point Optimization Checklist to let you know how and where your organization can better utilize technology to grow.

To Schedule Your FREE Assessment, Please Visit https://virtualitmanagers.com/free-network-analysis-and-security-assessment/ Or Call Our Office At 305-574-2169.

Pirates Aren’t Just Threats On The Open Seas

“Know Ye That We Have Granted and Given License to Adam Robernolt and William le Sauvage…to annoy our enemies by sea or by land, wheresoever they are able, so that they share with us the half of all their gain.”

These were the words of King Henry III of England as he issued one of the first letters of marque, effectively employing private sailors to bolster his naval power and fill the royal coffers, all under the guise of lawful privateering. This clever maneuver not only financed the kingdom’s ambitions but also paved the way for the discovery and plunder of new worlds, all at the expense of England’s adversaries.

Fast-forward several centuries, and we find the essence of privateering alive and well, albeit in a new battlefield: cyberspace. Today, businesses, particularly in the United States, find themselves at the mercy of digital privateers.

Recently, the FBI testified before Congress that the People’s Republic of China was preparing to “sow chaos” by taking down the US power grid, oil pipelines and water systems in the event of a conflict over Taiwan.

As small business owners, you are not mere spectators in this digital skirmish but frontline warriors. The misconception that cyber security is a concern reserved for larger entities couldn’t be further from the truth. In reality, the agility and often less fortified digital defenses of small businesses make you prime targets for these modern-day privateers.

The revelation of these threats isn’t meant to dishearten but to awaken a recognition of the critical need for robust cyber security measures. The landscape has shifted, and the onus is on you to protect your enterprise from digital marauders.

The good news? There’s a silver lining in the form of unprecedented opportunity for those ready to fortify their defenses.

Consider this: The investment in cyber security is not merely a safeguard but a strategic advantage. The narrative has evolved from viewing digital protection as an operational cost to recognizing it as a cornerstone of business resilience and growth. CEOs and business leaders are now acknowledging the indispensability of cyber security and integrating it into their core business strategies.

So, where do you stand in this evolving scenario?

This moment calls for reflection, for a candid assessment of your cyber security posture. Are you prepared for the digital equivalent of a storm at sea? Have you charted a course that not only navigates through these treacherous waters but also seizes the opportunities they present?

The urgency cannot be overstated. The threats are real, and the consequences of inaction grave.

We’ve made it easy for you to take the next step toward a proactive defense and invite you to join us for a complimentary 15-minute discovery call. On this call, we’ll get an idea of where your business stands to see if it makes sense to have further discussions. To do this, simply call us at 305-574-2169 or go to: [https://virtualitmanagers.com/free-network-analysis-and-security-assessment/]

The era of digital privateering is upon us, but so is the opportunity for unparalleled growth and security. Let’s embark on this journey together, safeguarding your enterprise and securing its future in the digital frontier.

How $43,000 Got Stolen From A Small Business In The Blink Of An Eye

What you are about to read is a real story showing you how a business can be devastated by cybercriminals in the blink of an eye. Most importantly, I’ll share several ways this could have been avoided. Make sure to forward this to anyone who might be making online payments and, better yet, your entire staff. The name of the company and principals have been withheld so they don’t become a further target.

$43,000 Gone In The Blink Of An Eye

Imagine, on a normal Friday night after a long week of work, you glance down at your phone and see an alert from your bank.

You open it to find that you’ve just paid a company you’ve never heard of $43,000!

This was an all-too-real situation for one small business owner a few weeks ago – and there’s NOTHING the owner, or police, or anyone else can do to get that money back. It’s gone forever.

Thankfully, for this company, $43,000 was a loss they could absorb, but it was still a huge hit and, frankly, they are lucky they weren’t taken for more.

Here’s what happened and how you can keep this from happening to you.

The E-mail That Started It All

Imagine receiving an e-mail so convincing, so utterly devoid of red flags, that you find yourself compelled to act. This isn’t a failure of judgment; it’s a testament to the sophistication of modern cyberthreats.

In this case, an employee in the accounting department received an e-mail from the company’s “CEO” saying they were starting to work with a new company and needed to get them set up in the system and make a payment to them right away.

This was NOT an abnormal type of e-mail, nor was the amount anything that aroused suspicion – they made and received large amounts of money often.

The only telltale clue might have been that it came in on a Friday afternoon and it was made clear that it was an urgent matter that had to be handled right away.

The employee, thinking they were doing exactly what their boss wanted, set the attacker’s company up in the system, including their bank routing number, and made a payment. And the minute they hit “Send,” the money was never to be seen again.

It wasn’t until the CEO called minutes later, after receiving notification of the transfer, that alarm bells started to ring! But by then it was all too late.

So What Happened?

While it’s impossible to know what exactly occurred to kick off this chain of events, the most likely culprit is that an employee, possibly even the owner, received an e-mail sent by a cybercriminal weeks or even months earlier that allowed this person to gain access to some of the company’s systems.

In all likelihood, the e-mail looked normal and had a link that, when clicked, downloaded software onto the recipient’s computer, and that’s where things started to go wrong.

Over the following weeks, the cybercriminals accessed company communications, figuring out who the players were, and devised a plan to make it look like the CEO needed a vendor to be paid urgently.

And when the criminals determined the time was right, they “attacked” and walked away with $43,000 for their efforts.

Home Alone

While this scenario may sound far-fetched, it’s not new.

If you remember seeing the classic movie Home Alone, would-be thieves watched houses immediately preceding Christmas to determine which families would be away for the holidays so they could break into those homes.

Cybercriminals do the same thing, but from a distance, and you’d never know they were ever there.

The scary fact is, your system could be compromised right now, and you would have no way of knowing it, until an attack happens.

In the cybercrime world, the kind of attack this company suffered is referred to as spear phishing. Criminals identify a single point or person in an organization who they believe could fall victim to a scam like the one that happened here, and they engineer a scheme to specifically target them.

What You and Your Employees Need To Know To Help Thwart Attacks

The sad fact is that there is no 100% safeguard against cybercriminals. But, just like our robbers in Home Alone, cybercriminals go after the low-hanging fruit. If your house has a gated entry, security system, outside cameras and lights, and has three vicious-looking dogs roaming around, would-be thieves are much more likely just to move on to a house without all these layers of security.

Cybercriminals operate in the exact same fashion, looking for companies that aren’t protected and then targeting them specifically. So, the best thing you can do is have layers of protection for your company, along with education for your employees.

3 Things to Do Right Now To Protect Your Company

1. Multi-factor authentication (MFA), also called two-factor authentication (2FA), is not just a tool but also a shield against the relentless barrage of cyberthreats. An example of MFA is when you try to log into a program, and it sends a code to your cell phone via text that needs to be entered before granting access to the program. While often deemed a nuisance, MFA isn’t an inconvenience – it’s the digital equivalent of locking your doors at night. It’s a simple yet profoundly effective measure that can be the difference between a secure business and a cautionary tale.
2. Employees are your first line of defense. Just like you’d teach your kids not to open the door for someone they don’t know, you NEED to educate your employees on malicious threats. Teaching them about the common scams, how to avoid them and what to do if they think they’ve inadvertently clicked a link they shouldn’t have, is key. You need to ask your IT company to provide this training, and often they have programs that you can require your employees to go through a couple of times a year. The program then quizzes them to ensure they have the knowledge. While this process isn’t something you or they will look forward to, the reality is that it could take just 10 to 15 minutes a couple times a year to keep you out of the news and your money out of someone else’s account!
3. Get cyber security services in place. MFA is just the start of a comprehensive security plan. You need to talk to a qualified company (not your uncle Larry who helps you on the side) about getting more than a firewall and virus scan software. What worked a decade or two ago – and may still be helpful on a home network – would be like protecting a bank vault with a ring camera. It’s just not going to cut it. NOTE: We offer a variety of security services for companies of all sizes and can certainly talk to you about options that make sense for your situation.

Whatever You Do, Don’t Do This!!!

Maybe the worst thing the owner of the company that lost $43,000 did was they then posted a video and story on social media.

While their intentions were good because they wanted to warn other business owners not to fall victim to the same scam, they might as well have had T-shirts made with a big target on the back.

It’d be like having cash from your house taken, then going online and telling people exactly how it happened – you’re just inviting more people to come try to take your cash.

Not Sure If You’re as Protected And Prepared As You Should Be?

To make sure you’re properly protected, get a FREE, no-obligation Cyber Security Risk Assessment. During this assessment, we’ll review your entire system, so you know exactly if and where you’re vulnerable to an attack.

Schedule your assessment with one of our senior advisors by calling us at 305-574-2169 or going to

Best Practices To ‘Celebrate’ National Change Your Password Day: How Does Your Password Stack Up?

Each year on February 1st, we celebrate Change Your Password Day. While it’s not a holiday that gets you off work, it serves as a good opportunity each year to do a quick check-in and make sure you’re using strong passwords that will keep your accounts protected.

The suggested ‘rule’ used to be to change your password every three months. With advanced tools like password managers and data encryption, experts now say the type of password you use is more important than how often you create a new one. We’re sharing up-to-date advice on how to create a strong password that will keep your account secure and hackers guessing.

Make It Complex

Aim for complexity by combining uppercase and lowercase letters, numbers and special characters. Avoid easily guessable information like birthdays, names or common words. The more intricate and unique your password, the harder it is for hackers to crack it.

Longer Passwords Are Harder To Crack

Long passwords provide an added layer of security. According to Hive Systems, brute-force hacking can crack an eight-character password in less than one hour! When creating a new password, aim for a minimum of 12 characters, and consider using passphrases—sequences of random words or a sentence—which can be both strong and easier to remember.

A random passphrase would be something like: cogwheel-rosy-cathouse-jailbreak.

This passphrase was generated from the website useapassphrase.com, which will auto-create a four-word passphrase for you if you’re stumped.

Use Unique Passwords For Each Account

Resisting the temptation to reuse passwords across multiple accounts is crucial. If one account is compromised, having unique passwords for other accounts ensures that the damage is contained. Consider using a reputable password manager to help you generate and store complex passwords securely.

*Do NOT use Google or your browser’s password manager. If your Google account is compromised, all of your passwords will be too. Talk with your IT team about what password management tool they recommend for you and your organization.

Update Passwords Yearly

As long as your account hasn’t been compromised, you only need to change your passwords once a year to minimize the risk of unauthorized access. The only time a regular password change routine would be exceptionally helpful is if someone has access that you don’t know about. A frequent password change can make it more challenging for attackers to maintain access to your accounts over an extended period of time.

Engage Multi-Factor Authentication (MFA)

Implementing multi-factor authentication is another easy way to make your password bulletproof. MFA typically involves combining something you know (your password) with something you have (like a code sent to your phone). Even if your password is compromised, MFA significantly reduces the chances of unauthorized access.

Set Up Strong Password Recovery Alternatives

Leverage password recovery options like security questions or alternative e-mail addresses. It’s important to choose questions with answers that are not easily guessable or have publicly available information so “What’s your mother’s maiden name” is out!

Use Password Managers

You don’t have to try and remember every password, and you shouldn’t write them down on a sticky note on your desk. Instead, use a good password management tool that is secure and will handle keeping track of your passwords for you.

Bonus points for turning off the auto-fill feature. Hackers can infiltrate sites and install a little bit of code on a page that creates a second, invisible password box. When your password manager autofills the login box, it will also fill in the invisible box, giving hackers your password. This isn’t overly common, but it still poses a risk.

Regularly Review Account Activity

Monitor your account activity for any suspicious logins or activities. Many online platforms offer features that notify you of login attempts from unfamiliar devices, allowing you to take swift action in the event of unauthorized access.

It’s also always good to be aware of phishing attempts, never click suspicious links or attachments in e-mails, avoid public Wi-Fi and only use secure connections and educate and train your team on what to look for when it comes to cybercrime so they can protect themselves, you and the company.

As cyber threats continue to evolve, mastering the fundamentals of cybersecurity, like creating strong passwords, becomes paramount. By making informed choices and staying proactive, you can significantly enhance your online security.

However, as the leader of your organization, it’s important to remember that nothing is foolproof. Educating your team on cybersecurity best practices is essential, but mistakes can and will still happen. For most, it’s not a matter of if, but when. You must have a robust cybersecurity plan in place. The right IT team will make sure you have every protection in place to keep you safe and a crisis management plan ready if something goes wrong. To find out what gaps you have in your cybersecurity system, we’ll do a FREE Cybersecurity Risk Assessment. Click here to book yours now. Or visit our website : https://virtualitmanagers.com/free-network-analysis-and-security-assessment/

How “Cheaper” IT Providers Sneak In Expensive Hidden Costs

Is your company looking to hire an IT firm? Unfortunately, unless you’re tech-savvy or experienced with IT contracts, there can be hidden costs that you wouldn’t expect or know to look for. While it can sound appealing to go for the cheapest firm, that decision can end up costing you more in the long run due to carve-outs and hidden fees in the contract. Cheaper IT firms will omit certain services from the original agreement and later nickel-and-dime you to add them on or by quoting you inadequate solutions that you’ll later need to pay to upgrade.

To help you weed out these companies that are not the bargains they advertise themselves to be, there are a few key elements to consider determining if your quote is insufficient, overpriced or underquoted.

Insufficient Compliance And Cybersecurity Protections:

A ransomware attack is a significant and devastating event for any business; therefore, it’s imperative that the IT company you’re working with isn’t just putting basic (cheap) antivirus software on your network and calling it a day. This is by far the one critical area most “cheaper” MSPs leave out.

Antivirus is good to have but woefully insufficient to protect you from serious threats. In fact, insurance companies are now requiring advanced cyber protections such as employee cyber awareness training, 2FA (2-factor authentication), and what’s called “advanced endpoint protection” just to get insurance coverage for cyber liability and crime insurance. We provide those standards in our offering, so not only do you greatly reduce your chances of a cyber-attack, but you also avoid being denied an important insurance claim (or denied coverage, period).

Inadequate Recovery Solutions:

One thing you also want to make sure you look for in your IT firm proposal is that they do daily backups of your servers and workstations, as well as any cloud applications your company uses (Microsoft 365, Google Workspace, etc.), because online applications do NOT guarantee to back up your data. You also need to make sure your backups are immutable or unable to be corrupted by hackers. Again, most insurance companies now require immutable backups to be in place before they’ll insure against ransomware or similar cyber events.

Transparency About On-Site And After-Hours Fees:

This might take you by surprise, but most IT firms will charge EXTRA for any on-site or after-hours visits. We include ALL of this in our agreements, but ‘cheaper’ MSPs will intentionally leave this out and add it on later to make the sticker price appear lower. Make sure you understand what is and isn’t included in your service agreement before signing.

Nonexistent Vendor Liaison And Support:

Will they help you with all your tech, or just select pieces that they’ve installed? Some IT firms will charge you hourly to resolve tech support issues with your phone system, ISP, security cameras, printers, and other devices they didn’t sell you but that still reside on the network (and give you technical problems). These fees can stack up over time. As a client of ours, you get all of that INCLUDED, without extra charges.

Cheap, Inexperienced Techs And No Dedicated Account Managers:

One way some companies cut costs is by skimping on customer support and expertise. Many of the smaller MSPs will hire technicians under a 1099 agreement or find cheaper, less experienced engineers to work on your network and systems. The more experienced and knowledgeable a tech is on networking and, more specifically, cybersecurity, the more expensive they are.

Further, many smaller MSPs can’t afford dedicated account managers, which means you’re depending on the owner of the company (who’s EXTREMELY busy) to pay attention to your account and to look for problems brewing, critical updates that need to happen, upgrades and budgeting you need.

Good account management includes creating and managing an IT budget, a custom road map for your business and reviewing regulatory compliance and security on a routine basis to make sure nothing is overlooked. You get what you pay for, and this is NOT an area you want overlooked.

BEFORE you sign on the dotted line, it’s important to make sure that you fully understand what IS and ISN’T included in the service you are signing up for. It’s VERY easy for one IT services provider to appear far less expensive than another UNTIL you look closely at what you are getting.

If you’d like to see what dependable, quality IT support looks like, book a call with our team, and we’ll be happy to give you a quote that covers everything you need. To Schedule Your FREE Assessment, please visit https://virtualitmanagers.com/free-network-analysis-and-security-assessment/ or call our office at 305-574-2169.

New Security Features To Protect Your Phone In 2024

Long gone are the days when phones were simple devices used to make calls. Today our phones are advanced, handheld supercomputers that can do everything from pay a bill to order lunch for delivery to edit videos and more.

But with more capabilities come more risks. Because our phones are computers and connected to the Internet, they are susceptible to the same security risks that any other computer would be. Worse yet, personal devices often contain private information like bank account numbers, which, if accessed by the wrong person, could result in dangerous and expensive problems like drained bank accounts, identity theft and so on. Still, despite the obvious risks, most people do not treat phones like the security threats they pose, making them easy, no-brainer targets for cybercriminals.

To give perspective on how severe the problem is, Apple recently shared a study from MIT revealing a shocking 2.6 billion personal records were breached in 2021 and 2022 and were expected to increase in 2023. According to Kaspersky Security Network, in Q3 of 2023 alone, a total of 8,346,169 mobile malware, adware and riskware attacks were blocked, with adware being the most common tactic at 52% of total detected threats.

The risks are even more serious for business owners. Does your organization have a mobile policy for employees? Are employees accessing sensitive work documents or accounts using unprotected devices? If you’re not sure, you need your IT department to look into this immediately. It only takes one entry point for a hacker to break into your network.

There are a few ways to protect your devices now. Both Apple and Android have developed powerful security systems with advanced protective features you can start utilizing today.

Apple:

End-to-end encryption has been the default for Apple iMessage, iCloud Keychain, and Health data, but with a recent update, Apple rolled out Advanced Data Protection (ADP). This feature is an optional setting that offers Apple’s highest level of cloud data security by encrypting messages in iCloud, iCloud Backup, Notes, Photos, Safari bookmarks, Siri Shortcuts and more.

Activating this setting protects your data in the event of a cloud-based data breach by only allowing trusted devices added by you to decrypt the information. Not even Apple can access your data.

Here’s how to enable Apple’s Advanced Data Protection Setting:

1. Make sure devices signed in with your Apple ID have been updated to at least iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2 or later.
2. Open the Settings app on your iPhone.
3. Tap your name at the top.
4. Select iCloud, scroll to the bottom, and tap Advanced Data Protection.
5. Tap Turn On Advanced Data Protection.

NOTE: If you don’t have a recovery contact or key set up, you’ll be prompted to do that first.

6. Once a recovery contact/key is set up, return to Settings > iCloud > Advanced Data Protection and tap Turn On Advanced Data Protection.
7. Follow the prompts.

NOTE: You may be asked to update other devices signed into your iCloud account before enabling end-to-end encryption (E2E).

You can also remove devices with old software to continue the process.

If your device is new, for security reasons, Apple might make you wait to enable the feature. If that’s the case, that timeframe will show on your screen during setup.

Android:

While Apple is known for having a robust security system that reduces vulnerabilities and protects users’ data, Android’s security features are not far behind. Google Play Protect analyzes every app before it’s available for download, and any new apps where a security risk is detected are unable to be accessed. The software also runs daily scans to help identify and disable malware and other harmful applications installed on your phone to protect your data.

Furthermore, Android backups are regularly uploaded to Google servers and encrypted with your Google Account password for security purposes.

How to keep data secure if you’re using an Android:

If you’re using Google One, you can set up automatic backups on your Android device to ensure that if disaster strikes, your data is securely stored in the cloud:

1. Open the Google One app on your Android.
2. At the bottom, tap Storage.
3. Scroll to “Backup” and tap View.
4. If this is your first phone backup, tap Set up data backup.
5. If this isn’t your first phone backup, tap View Details.

4. To review backup settings, tap Manage backup.
5. Choose your backup settings.

NOTE: If you get a message to install an app, update an app or change your settings, follow the onscreen steps. Then, go back to the Google One app to finish.

6. If asked, tap Allow Permissions.
7. At the top left, tap Back.

NOTE: Google One backups may take up to 24 hours to complete.

How To Protect All Of Your Devices:

These features are not the end-all, be-all for phone security, but they will add a layer of protection for your data. To ensure every device on your network is secure, we recommend getting a third-party Cybersecurity Risk Assessment. This is a free, no-obligation assessment where one of our experts will examine your network and let you know if and where you’re vulnerable to an attack, including your mobile device policy.

Schedule your assessment with one of our senior advisors by calling us at 305-574-2169 or going to https://virtualitmanagers.com/free-network-analysis-and-security-assessment.