If you actually believe this then read no further.

But if you are interested, then be aware that in the Accenture 2023 Cybercrime study 43% of data breaches involved small and mid-sized businesses. So if you have concerns about your business’ data, then pay attention to some basics and you can reduce your business risk:

Strengthen your passwords and authentication - its EASY: Credentials are critical - World Economic Forum 2021 research indicates that 4 out of 5 data breaches are a result of exploitation of weak and/or stolen passwords. The solution? Use strong/complex credentials (8 character minimum, upper and lower case letters, numbers, and special characters). Use a secure password manager (DVITS offers MyGlue), require multifactor authentication (MFA) on all cloud services, Active Directory, and other web services including HR and payroll and accounting services. Ensure employees do NOT use administrator privileged accounts for regular work…ever! (The Heart of Texas Behavioral Health Network suffered a breach noted in 2024 as a possible result of credential compromise) see for more information: https://www.dvits.net/resources-and-insights/2020feb/buildingpasswords-lkdc8?rq=password

Keep your operating systems and software updated and verify authenticity: your servers and workstations should all be monitored with policies to automatically update all workstations and to report of all device update status. Servers should typically be updated at least quarterly, and updated immediately with critical vulnerabilities. Ask your IT staff for the patch status reports which should be reviewed by them at least a couple times each month! The resource Risk-based Security 2023 estimates since 2017 over 22,000 new software and hardware vulnerabilities are disclosed annually. (The closure of Oklahoma Institute of Allergy, Asthma, and immunology in 2023 was caused in part by accidentally installing malicious software which ran ransomware)

Your IT group should be using monitoring to always provide surveillance on your information systems, automatically install antivirus and other required software, analyze and automatically correct performance issues on servers and workstations. In addition the monitoring system can report on any devices which do not comply with policies regarding software allowed to be used.

Ask your IT group how they are checking periodically for vulnerabilities - vulnerability scanners such as NIST SCAP, VulScan and others can be used to provide detailed information on both vulnerabilites detected and recommended remediation steps.

Are you running periodic third-party penetration testing? Vulnerability testing helps in that it identifies a variety of problems. But penetration testing by a third party actually simulates a successful attacker who has entered your network and actually attempts to (carefully) exploit discovered problems. This gives exceptional insight into possibly unexpected weaknesses in technical policies, passwords, open ports, unencrypted data, etc.

Carefully manage wireless - only allow access to your internal server production network with its own separate network, vetted and approved devices, and block all others. If you allow guest wireless, this should be on a network completely isolated from the production server network, allowing only access to the internet.

Have you identified all company data, where it resides, how is is backed up, and that backup repositories are secured via encryption, credential, and multi-factor authentication? Is recovery being regularly tested? Do you know your real downtime costs? Your organization should have an updated listing of where all company data resides whether on-premise or in the cloud, how it is currently backed up (don’t assume), and how quickly it can be recovered (as a result of actual testing and associated documentation). See for more information: https://www.dvits.net/business-continuity

If you are not comfortable, one call to us may allow you to sleep better at night! Lets talk! Call us at 405-348-1192 or email to support@dvits.net