News

fireworks celebrating new year

New Year, New Focus?

Nah. The tried and true is still the best for smaller businesses. 2025 wanted us to chase all the shiny new AI tools but small businesses are finding that those are 'all flash and no bang.'

While we do have some more proven AI technologies integrated into our tool set (e.g., Machine Learning, Computer Vision), the newer, Generative AI and Large Language Model driven tools either don't work or are geared for much larger enterprises. As for all the AI hype, the facade is already falling and we'll likely continue to see that the emperor is naked in 2026.

So what can you do with your resolve to better secure your business this year? First, start small. Don't try to build Rome in a day.

1. Start with what you have

Have you enabled multi-factor authentication (MFA) for all your internet facing services (e.g., email, VPN, and other cloud-based software)? If not, this should be your first stop. It's not a silver bullet but it's darn near close. Anything that is available over the open Internet is a daily target for cyber criminals.

Next, do you have auto updates enabled for all your workstations? If you rely on Microsoft, like most businesses, know that 2025 saw the highest number and most severe vulnerabilities in Windows and other Microsoft tools ever. Fortunately, most were patched within reasonable time-frames and all you had to do was apply those patches in a timely fashion. The easiest way to do this is to enable automatic updates and reboot when prompted.

And if you have things you don't need, get rid of them. Software, hardware, and services that aren't in use but still active just add risk and provide you no benefit. The risk equation is solely on the side of risk - not good. Shut it down if you aren't using it.

2. Gain some visibility into your environment

This isn't something that most small businesses can do themselves but it works wonders to prevent some breaches and limit the consequences of others. You need services such as Managed Detection and Response (MDR), a Security Information and Event Management (SIEM) system, and/or a Security Operations Center (SOC) to provide that visibility and the know-how to act on it.

Our clients are fortunate, we provide that for them. These services can literally mean the difference between a criminal running freely in your network and getting shut out within minutes of that initial entry. You can prevent every attack but you can reduce the impact with visibility.

3. Empower your users

Provide them with training on how to spot and avoid the social engineering and phishing attacks that target them. We can't prevent these completely using technology so training your users is an additional, but necessary, line of defense.

Just be careful that you don't fall into the bean counting mindset that most companies have. 2025 saw some pretty damning research against the traditional cartoon-like training and laughable phishing tests. Focus on the education and make it realistic. And don't try to implement overly-simplistic measurements of success.

Encourage your users to approach you with their technological needs and don't just give a reactionary "no" answer. This just leads to Shadow IT and a complete loss of control on where your sensitive information goes. When your users express a need for software or services that will help them do work for you, listen. Look for reasonable solutions to help them work better.

Don't just say "yes" to everything though. Make sure there is a valid business need before jumping on every SaaS platform's bandwagon. Also make sure that your workers know that they shouldn't be out there "procuring" IT resources on their own.

There are many other things you can do but these are easy starts. When you are ready to move on from these to more complex measures, call us. If you are struggling with these, call us.

Reference:
https://www.darkreading.com/cyber-risk/cybersecurity-tech-recommended-by-cyber-insurer-claims-data