Two common misconceptions about cybersecurity were ripped to shreds by a recent event – the breaching of Microsoft's SharePoint software.

The first misconception is that a software giant like Microsoft would surely have multiple layers of effective cybersecurity in place, such that no attacker could even come close to compromising its software. That turns out not to be true – not because Microsoft doesn't have cyberdefenses in place. Of course it does. But the attackers become more sophisticated and learn new maneuvers on a continual basis. Even mighty Microsoft isn't impervious to attack all the time.

The second misconception is the one often embraced by smaller companies: Cyber hackers might go after the big players, but they would have no interest in us.

They don't need to have any interest in you. SharePoint is used by millions of companies every day. If you use it, then they have a way to breach you. And yes, small companies, you are a target because getting your data is the easiest way for them to compromise the data of your biggest customers, or vendors, or anyone else you have digital contact with.

People in my business don't want to sound alarmist, but we recognize that most of the business world doesn't take these threats as seriously as they should. They're not implementing effective security measures. They're not keeping up on things like patching and multifactor authentication. And they're not training their people on how to spot phishing attacks and other tactics.

One of the simplest and most effective things any company can do to protect itself is to activate DMARC records. You can do it in minutes. But you probably don't even know what that is. And my guess would be that your IT team doesn't know either.

Many company executives think the odds of being cyberattacked are so long that they can get away with not spending time or money protecting themselves. That's like driving a car without insurance, except that a breach could do more than total your car. It could total your company, and leave you wondering why you didn't make the very modest investment of time and money that would have protected you.

I can identify your vulnerabilities, seal them up and show you how to keep them sealed up. And when I've finished the job, I'll leave you saying, "That really didn't cost that much and it wasn't hard." Right. Getting breached is what costs too much – and is way too hard, sometimes to ever come back from.

Give me a call at 616.217.3019 or e-mail dacarey@cybersynergies.io. And share this newsletter with others who need to understand: The risk is real, and it's serious, but you can get ahead of it.

Your Antivirus and Your Firewall Aren't Enough In This Environment

I remember a time – and I'm sure you do as well – when companies felt pretty secure if they installed an antivirus on their computers and they had a firewall for their system.

Actually, as much as I hate to say this, many companies probably still feel pretty secure just having those two things. The problem is that, while it made sense to feel that security 20-some years ago, it doesn't anymore. Cyberattackers have so many new ways to breach your system, which is because the digitization of everything has become so all-encompassing. If they're not finding ways around your defenses, they're tricking you into letting them in. Sometimes they even trick your employees into giving them their log-in credentials.

I don't think any company that operates on the web or functions in a digital environment can fend off all cyberthreats on its own – or by downloading and installing products that are supposed to keep them safe. Not in an age when even Microsoft gets breached. Not in an age when ransomware attackers halfway around the world can extort millions of dollars from companies who have no other way to resume operations.

It's that serious.

So watch the quick video I've embedded with this article. In less than a minute, I explain how I help you and your company to stay safe in the digital space. I know their tricks and I'm keeping up daily on the new tactics they're employing. Look, you trust your security team to spot a potential break-in or theft, because that's what they're trained to do. I'm trained to spot the people who will attack you with their keyboards from an unknown location. And that's the much more likely way for a bad guy to take your company down in the current age.

So let's work together to protect you, your employees and the company you've worked so hard to build.