What Does 2023 Hold?

welcome back to another episode of cappuccino chat this time we're talking about uh looking into the future a little bit here for 2023 and what it holds for us so when looking forward here to this year in 2023 what can we expect well more of the same unfortunately so 2022 didn't give us a lot of technological advances in things we didn't see a big increase in performance in our computers uh new gadgets and those things even Apple kind of slowed down inventing but we did see an increase of is cyber attacks they really went after people a lot more got a lot more vicious and have found new ways to attack us so we need to be more and more Vigilant in protecting ourselves so that's really what we see for 2023 is the predictions from all the industry experts are that we are going to continue to see an uptick in the number of breaches and then going after our data so we need to really concentrate on protecting that data two-factor authentication where you're getting the code email all your applications those types of things really got to get on that end user training we need to constantly remind our employees how to spot things what not to click on what be careful when you're opening things don't just arbitrarily go here and do this and do that you got to be constantly aware of things and constantly training them right we want to ensure that they understand the ramifications of what it can do to your business if they were to open something cyber insurance is another big one a lot of changes come into the insurance industry they're finding more and more ways to not pay out claims we all want our insurance but they are also starting to demand more and more of these things that we've been talking to our clients about as far as 2fa and end user training going so far as to denying you to even get a insurance policy if you don't have certain things enabled so we really want to make sure we do that some of the new things we're seeing on the horizon and we're going with and offering to our clients is zero trust this is just a rehash and a lockdown of the old least privileged kind of mentality this is where we can really start to lock down applications so let's say there are 10 major applications that you use in your business so we will allow those applications to work but if anything outside those 10 for instance were to try to be installed or run on your computer they would be denied so this is going to help protect against those drive-by attacks maybe going to an infected website you're going to a completely legitimate website maybe even one of your clients websites and they've been infected and they've had their website compromised and by going to their website maybe you get a pop-up maybe you download a free report or get something those items could be infected and then you then become infected right so where it's going to try to install something on your computer um and get access to your computer most of the new attacks aren't going to instantly flag your antivirus software your firewall because it's coming from a legitimate website it's coming from a legitimate application but these legitimate applications can be used against you to give you give the hacker access so for instance clicking on a resume Word document we've all get those we probably want some nice employees and we open that attachment pop-up comes up from Microsoft all official like you say yes at that point you just gave the hacker complete access to your computer that's how easy it is right so we want to make sure that we're protecting from those things even though we're training our end users don't open things hey it's a resume who's not going to open it we want to do that so this will help help stop those oopses if you will too so hey we all get busy we're doing more more and more people have more and more responsibilities as we find less and less employees things get busy employees May click on something that they normally wouldn't or should know better not to again if something tries to install on the computer this zero trust model will stop that from being installed it'll also stop applications from talking to each other so for instance Outlook email is still the number one way that hackers get into our systems Outlook is good so we can't block it Powershell which is a built-in um command line interface and all windows machines you can't turn it off it's there by default Powershell is good there's nothing wrong with it it can be used for really nice purposes from Administration standpoint but it can do some harm so Powershell is good that has to be allowed to run your antivirus isn't going to stop Powershell from running it's not going to stop Outlook from running but there's no reason Outlook should be trying to call Powershell and run some commands and there's no reason Powershell should be trying to launch Outlook and do anything right so again with the zero trust model we can block those two things from happening so Outlook good that's allowed Powershell good that's allowed but Powershell can't call Outlook Outlook can't call Powershell that's the zero trust model so we can stop those oops moments when somebody clicks something oh I shouldn't have done that now what happened those types of things we can actually lock down applications by user so in accounting yes QuickBooks is good but Quickbooks on this person's computer there's no reason that they need to install it or use it but QuickBooks for this person this is allowed so again we can really get granular with this and ensure that people are using the right applications and we are never trusting something until it is authenticated and made to be trusted that's where the zero trust comes from the default is zero trust until we research it you confirm it those types of things we don't trust anything that's really something that we're going to be talking to our clients about more and more also doing more managed Security operation Center type items where we're monitoring things 24 7 getting alerts will get alerted from our partner in the middle of the night if your system becomes under attack where we can start watching um the firewall level the individual server level the individual device levels for when they're not under your control at your location like a laptop or such and something may happen in an attack may be happening we can have certain things happen to those systems and alert us even after hours in the middle of the night wake us up we can get informed and we can go into action and help protect your business from that also a password manager start looking at different password managers to help people create better passwords password123 is not a good password the name of your cat in the year that it 2023 is not a good password even if you put a exclamation point or a dollar sign in there somewhere that is not a good password they are now talking 12 characters 15 characters and up in passwords who can remember those things and we tend to reuse passwords we don't want to reuse a password anywhere a lot of times we've found breaches before companies knew there was a breach because the password is only used in one location if you only use that password for let's say your Staples account when you're ordering paper and stuff that password gets breached on the dark web because we're monitoring it for you we know specifically it was Staples that caused the issue right because that's the only place you use that password so this is the year that cyber security has become more and more important getting cyber Insurance they're going to start forcing you to do certain things and if you don't they will not cover you so imagine if your health insurance your car insurance your home insurance said hey uh for home insurance I say hey if your house isn't painted you know bright green which would be silly um we're not going to cover your and you can't get insurance so that's kind of what cyber insurance is starting to come down hey if you don't have two-factor enabled for your email in any kind of remote access we're not going to provide you coverage at all until you get those certain protections end user training is showing up on more and more security applications for when you're applying for insurance do not fudge those numbers because if they find something that was fudged they will not pay out should something bad ever happen right just like our normal insurance we don't ever even want to use it we just want to know it's there in case of emergency so it's a completely black and white no gray area it's either all Yes or all no so just because maybe you have two Factor enabled for your email but everybody else doesn't you would have to answer no on that application do not answer yes because God forbid something happened and you have to file for that claim all right so I'm hoping everyone's business grows uh exponentially in 2023 that's what we're looking to do I hope all of our clients and all of you out there do the same if you have any questions if you want to make sure hey are we secure maybe you have somebody else helping you with your it right now maybe a family member a friend or another business you're just not sure they don't talk to you about these things reach out I would be glad to meet with you and take an audit of your system for you just to give you that peace of mind that hey your guys are taking good care of you or hey here's some different areas that you might want to look at adding protection and we'd be glad to work with you on that if if you so choose so please reach out to us 760-770-5200