BACK 2 SCHOOL!!
OK, well that Summer sure flew by, didn’t it?? From sipping drinks on a beach, to breaking your back shoveling snow!! OK, OK we are not quite there yet, BUT trust us it comes just as fast as Summer left us!
Now that most people seem to be back in the office we can promise you hackers are gearing up for their favorite season...THE HOLIDAY SEASON!! When tons more emails flow in with offers and sales, and you’re more likely to carelessly click on something you shouldn’t.
KRS IT is offering free Cyber Security Assessments for any company with 10 or more employees that are starting to take their security more seriously Email us at info@krsit com and use the title: Hey, KRS Nerds Check us out!! A rep will get in touch with you!!
HACKERS ARE TARGETING SMALL CONSTRUCTION COMPANIES AND OTHER INVOICE-HEAVY BUSINESSES
This monthly publication is provided courtesy of Josiv Krstinovski, President and CEO of KRS IT Consulting.
OUR MISSION:
From2023to2024,attackson constructioncompaniesdoubled,making up6%ofKroll’stotalincidentresponse cases,accordingtothe2024CyberThreat Landscapereportfromrisk-advisoryfirm Kroll.ExpertsatKrollnotethattheuptick couldbedrivenbyhowworkiscarried outintheindustry:employeesworkwith numerousvendors,workremotelyvia mobiledevicesandoperateinhighpressureenvironmentswhereurgencycan sometimestrumpsecurityprotocols.Allof thesefactorsmaketheconstruction industryripeforacyber-attack.
Ripe For Hackers
Kroll.Thesee-mailslooklikedocumentsigningplatformsorinvoicestosocially engineerusersintogivingaway information.
These tactics are having a higher success rate in smaller construction companies for a few reasons: They deal with a lot of suppliers and vendors. Construction companiesworkwithmanysuppliers andvendors,andeachvendorcanbe aweakspotthathackerscanexploit. Forexample,ifahackergetscontrol ofavendor’se-mail,theycansend fakeinvoicesthatlookreal,tricking businessesintosendingmoneytothe hacker’saccountinstead.Multiplythat bythenumberofvendorsyouwork
“I don’t care if it costs me more money, I am going to make sure that every single client of ours has the absolute best security and solutions in place If I am not doing my job. Plain and simple.” continued on page 2...
Businesse-mailcompromise(BEC)–fake e-mailsdesignedtotrickemployeesinto givingawaymoneyorsensitive information–madeup76%ofattackson constructioncompanies,accordingto
with,andthat’salotofpotentialentry pointsforahacker.
They use frequent mobile sign-ins. trulyremoteworkers,construction employeesrelyonmobiledevicestosign intoaccountsandcommunicatefrom anywhere.Thismobileaccessibility,while convenient,alsoincreasestheriskbecause mobiledevicesaretypicallylesssecurethan desktopsorlaptops.
Theyworkinahigh-stakes,high-pressure environment.Inindustrieswheredelays canbecostly,suchasconstructionorhealth care,employeesmayrushtoprocess invoicesorapprovetransactionswithout thoroughlyverifyingtheirlegitimacy.This urgencyispreciselywhatattackerscount ontogetaroundstandardsecuritychecks.
Your Industry C
Constructioncompaniesarenottheonlyones experiencingmoreattacks.Small manufacturingcompanies,highereducation institutionsandhealthcareprovidersthatlack therobustsecurityinfrastructureoflarger industryplayersarealsoexamplesofindustries seeingariseincyber-attacks.Theseindustries, likeconstruction,dealwithnumerousvendors
andurgentinvoices,makingthemprime targetsforbusinesse-mailcompromiseand invoicefraud.
HowToProtectAgainstBECAnd InvoiceFraud
1.UseMultifactorAuthentication(MFA)
AccountsthatuseMFAare99%lesslikelytobe attacked,accordingtotheCybersecurityand InfrastructureSecurityAgencyMFArequires multipleformsofverificationbeforegranting accesstosensitiveinformation.Evenifhackers obtainlog-indetails,theycan’taccessaccounts withoutthesecondcredential,typicallya mobiledeviceorabiometricscan.
2.AlwaysVerifySupplierInformation
Oneofthesimplestyetmosteffectivemeasures istoverifytheauthenticityofinvoicesand supplierinformation.Establishaprotocolwhere employeesarerequiredtodouble-checkthe detailsofanyfinancialtransactionsdirectlywith thesupplierthroughaknownandtrusted communicationchannel,suchasaphonecall.
3.KeepEmployeesTrainedOn CommonAttacks
Employeetrainingisavitalcomponentofa comprehensivecybersecuritystrategy.Regular trainingsessionsonrecognizingsocial engineeringandphishingattemptsand understandingtheimportanceoffollowing
Need Some Extra Cash...??
Whether you’ve made some crazy choices and splurges over the summer. Or you have an upcoming event or holiday, we’re all in need of a little extra cash.
Hey, maybe you just need to Treat Yo’self! WELL, WE’RE HERE FOR IT!! And we mean it!!
Earn $300 for each friend who has a consult with us, and $1000 if they become a client!
INVITE YOUR BUSINESS PARTNERS OR FRIENDS TO HAVE A FREE CONSULTATION WITH US TO DISCUSS THEIR UNIQUE SITUATION AND HOW WE CAN HELP THEM YOU CAN ALSO REFER YOUR VENDORS TO A FREE CONSULT TO DISCUSS HOW WE CAN PARTNER TOGETHER TO OFFER SERVICES THAT WE DON’T OFFER AND REFER BUSINESS TO EACH OTHER ALL FREE!
verificationprotocolscanempoweremployees toactasthefirstlineofdefense.The InformationSystemsAuditandControl Associationrecommendscybersecurity awarenesstrainingeveryfourtosixmonths. Aftersixmonths,employeesstarttoforget whattheyhavelearned.
4. Maintain Strong Cyber Security Practices
Cybercriminalsregularlyexploitoutdated softwaretogainentryintosystems.Small businessescanclosethesesecuritygapsby keepingsoftwareup-to-date.Investingin robustantivirusandanti-malwaresolutions canhelpdetectandstopattacksbeforethey getintoyoursystems.
You’re A Target, But You Don’t Need To Be A Victim
Hackersareincreasinglytargetingsmall, invoice-heavyindustrieslikeconstruction, manufacturingandhealthcareduetotheir inherentvulnerabilities.Byunderstandingthe reasonsbehindtheseattacksand implementingrobustcybersecuritymeasures, smallbusinessleaderscanprotecttheir organizationsfrombecomingeasytargets. UtilizingMFA,maintainingstrongcyber securitypractices,verifyingsupplier informationandtrainingemployeesare essentialtostoppingattacks.
CARTOON OF THE MONTH
abpeople’sattention today.Customersarebusyandinundatedwith choices,makingithardforbusinessestostand outDonaldMillerempathizesHeknewpeople lovedhisbookBuildingAStoryBrand–afterall, hesoldmillionsofcopiesButwhenMiller decidedtotourandfill700theaterseatsfora speakingengagement,halfremainedempty“I learnedthatI’mgoodatwritingthe300pages butnotverygoodatwritingthesentencethat makesyouwanttoreadthe300pagesIt’stwo differentskillsets,”Millerexplainedtobusiness leadersatarecentindustryconference.
Doyouknowhowtocommunicatethevalueof yourproductsorservicessocustomersbuyagain andagain?Mostofusdon’tThat’sbecausewe prioritizecreativityandclevernessoverclarity Millerarguesthatnodollarspentonbranding, colorpalettes,logosorwebsiteredesignswill helpifyouaren’tclearaboutyourmessage. Why?Becausehumanbrainsarehardwiredfor twothings:
whodothesamethingforaliving.Youask personA,“Whatdoyoudo?”Theysay,“I’m anat-homechef.”So,youaskquestionsabout wheretheywenttoschool,theirfavorite recipes,etc.Then,youmeetpersonBandask thesamething.Theyrespond,“Youknowhow mostfamiliesdon’teattogetheranymore?And whentheydo,theydon’teathealthy?I’man at-homechef.”
SHINY NEW GADGET OF THE MONTH
Pocket Projector
Whodoesmorebusiness?PersonB,becausethey toldastoryabouthowtheysolvedaproblem. Humanslovestories;it’swhywebinge-watch goodtelevision.Goodstorieshavethesamecore structure,andMillerexplainshowyoucanuseit totellthestoryofwhyyourbusinessistheone customersshouldchoose.
Identifyyourhero’s(customer’s)problemand talkaboutitalot.Whensomeoneasks,“What doyoudo?”don’ttellthem.Startbydescribing theproblem.Spend75%ofyourtimetalking aboutyourcustomer’sproblembecausethat triggersthepurchase.
Wedon’thavetimeorenergytoprocess unnecessaryinformation;weonlybuywhat helpsusgetahead“Ifyouconfusepeopleabout howyoucanhelpthemsurvive,you’lllose,” Millersays
Tell A Story
“Thefirstthingwehavetounderstandisthat peoplebuyproductsonlyafterreadingwordsor hearingwordsthatmakethemwanttobotherto buythoseproducts,”Millerexplains
Let’ssayyoumeettwopeopleatacocktailparty
Introducethemtotheguide(you).Thekeyto beingaguideistolisten:“I’msorryyou’regoing throughthat.Itsoundsverystressful.”Then,be competent:“Ifeelyourpain,andIknowhowto getyououtofthishole.”
Givethemaplan.Thisisanactivecalltoaction, like“Buynow”or“Scheduleacall.”Youmust challengetheherototaketheactionthatleads tosuccess.
Remember,thestoryyou’retellingisnotabout you.It’saboutyourcustomer,thehero.Once youhaveyourmessage,distillitintoshort, simpleandrepeatablesoundbites.“Itworks everysingletime,”Millersays,“becausethe humanbraincannotignoreastory.”
Takemovienighttoyourbackyard,park, campsiteorwhereveradventuretakes you.TheELEPHAS2024MiniProjector offersimpressivefeaturesinacompact, smartphone-sizeddeviceatan affordableprice.Theprojectorhas 1080pHDresolutionforclearand detailedimages,usesaheatdissipation systemtoreducefannoiseandhasa built-inhi-fispeakerthatoffersexcellent soundqualitywithoutexternalspeakers ItalsoincludesUSB,HDMIandAVports andiscompatiblewithlaptops,PCs,TV boxesandsmartphones.Youcaneven connectitdirectlytoyourAmazonFire StickorRokuStreamingStick Withacarrybagand minitripod,the ELEPHASMini Projectoris high-quality, portable viewingsoyou cantakefamilymovie nightanywhere.
Incredibly Sad Newse
It is with an incredibly heavy heart that we announce the unfortunate passing of our very good friend, Barry Bellin. Barry (owner of Telco Maven) passed from Cancer in August 10th, continuing to work in his business and help his customers right until the very end. Most had no idea he was even sick, meanwhile he was battling Stage 4 Cancer
Barry was a master of his craft and could fix ANY printer issue An honest and good friend that was always there for those he worked with We will miss him so much and we wanted to share what an incredible person he was, and what a huge loss for his company and industry -RIP Barry-
I
I N S I D E T H I S I S S U E
Hackers Are Targeting Small Construction Companies And Other Invoice-Heavy Businesses P. 1
The Business Owner’s Guide To IT Support Services And Fees P. 2
Donald Miller Explains How To Talk About Your Business So Customers Will Listen P 3
BROAD BAND
By Claire L Evans
In tech, there are stories we hear all too often: a major company got hacked, Meta dealing with yet another lawsuit or Google implementing some new security measure However, there’s one story we don’t hear enough: pioneering women in tech Much like Hidden Figures and Rise of the Rocket Girls, Broad Band by Claire L. Evans uncovers the pivotal yet overlooked contributions of female pioneers who shaped the Internet
Evans vividly narrates the achievements of visionaries like Grace Hopper and Elizabeth “Jake” Feinler, showcasing their revolutionary work in computing and online networks. Evans sheds light on these hidden figures, inspiring a new generation to recognize and celebrate the women behind technological advancements Broad Band is an essential, enlightening read that h redefine the true history of techno
VPNS ARE NOT AN INVISIBILITY CLOAK
(Don’t
Use Them Like One)
Avirtualprivatenetwork(VPN)isessentialfor modernofficeworktocreateasecure,encrypted connectionbetweenyourdeviceandaremote server,allowingyoutoworkfromanywherewhile protectingsensitivedata.VPNsarealsogaining popularityforpersonalbrowsingbyrouting Internettrafficthrougharemoteservertomask yourIPaddress.It’slikeagatedtunnelonlyyou canenter,whichishandyforaccessingregionrestrictedstreamingservicesorcontentand protectingdatawhenusingpublicWiFi.
However,somepeopleconfuseVPNswithan invisibilitycloak,believingthatanythingtheydo onlinewhileusingaVPNishidden.Thatisnot thecase.SomeVPNserviceslogyourdata(which canbeleaked,hackedorsold),andthereareother wayscybercriminalscantrackyouonline. UnderstandwhatVPNsdoanddon’tdosoyou aren’tputtingyourselfatunnecessaryrisk.
What VPNs Do (And Don’t Do)
VPNsareexcellentforenhancingprivacyand security. They DO:
HideyourIPaddress,makingitharder forwebsitesandadvertiserstotrackyour onlineactivities.
Protectyoufrommalwareorphishing attacks.AVPNcannotfiltermalicious content,soyoustillneedrobustantivirus softwareandcybersecuritypractices.
Preventalldatalogging.SomeVPN providersmaylogyourdata,sochoose onewithastrictno-logspolicy.
Warning: Avoid Free VPNs!
EncryptyourInternettraffic, safeguardingsensitiveinformationlike passwordsandbusinesscommunications.
Allowaccesstogeo-restricted content,whichcanbebeneficialfor businessresearchoraccessing region-specificservices.
Despitetheseadvantages,VPNshavelimitations. They DON’T:
Makeyoucompletelyanonymous. WhileyourIPaddressishidden, websitescanstilltrackyouusingcookies andothertrackingmethods.
FreeVPNsaredangerous.Manyfreeserviceslog yourdataandsellit,underminingtheveryprivacy you’retryingtoprotect.FreeVPNsmayalsohave weakerencryptionstandards,exposingyoutomore risks.AlwaysoptforreputableVPNproviderswith clearprivacypoliciesandtransparencyabouthow theyuseyourinformation.
How To Use A VPN Responsibly
Choose A Reputable Provider: LookforVPN serviceswithstrongprivacypolicies,good reviewsandtransparencyabouttheirdatahandlingpractices.
Enable Kill Switch: Thisfeatureensuresyour InternetconnectionisseverediftheVPN connectiondrops,soyourdatawon’tbeleaked.
Update Regularly: KeepyourVPNsoftware updatedtobenefitfromthelatestsecurity improvements.
Combine With Other Security Steps: To maximizeprotection,useaVPNwithantivirus software,firewallsandgoodcybersecurity hygiene.
UnderstandingVPNcapabilitiesandlimitations ensuresyouusethemeffectivelyandresponsibly, protectingyourdatawithoutrelyingonafalsesense ofinvisibility.
DON’T FORGET TO CHANGE NEW-HIRE PASSWORDS
Tokeepthingssimple,employersoftencreate easy,temporarypasswordsfornewhirestologin toaccountsordevicesduringtheirfirstfewdays. However,aSpecopsanalysisofmillionsof passwordsfoundthat120,000usedcommonwords relatedtonewemployees,meaningthenew-hire passwordswereneverchanged.Hackersknowthis andusethesesimplepasswordstructuresinbrute forceattacks.Themostcommonlycompromised
passwordsonnewaccounts areuser,temp,welcome, change,guest,starter, logonandonboard.Look
familiar?Preventthismistake byforcingchangeatlog-in(ifpossible),using aservicelikeFirstDayPasswordoran authenticatorappormakinganew-hirepassword REALLYhard.