Trying to stay one step ahead of the hackers

Technology and cybersecurity is a hot topic of conversation across all businesses and industries these days, and at least one Central Pennsylvania managed technology services provider (MTSP) is helping to lead those important conversations at the national level.  

Mechanicsburg-based BlackCSI, founded in 2002 as a women-owned business, recently participated in an industry conference hosted by Technology Assurance Group (TAG), which is an association of independently owned MTSPs who collectively represents over $800M in products and services. 

The theme of the gathering, held in Scottsdale, Arizona, was “Scaling Up,” a concept critical to every small- and mid-sized business owner that wants to expand its market reach, according to event organizers. 

During the conference, representatives of BlackCSI provided their insight into technologies like Microsoft Azure, AI, cybersecurity, and cloud. “We make it a priority to contribute to our peers in the industry so we can all service small- and mid-size businesses at a greater level,” said Ruthann Black, President of BlackCSI, in a prepared statement. “At the TAG Convention, we always leave flooded with new ideas, mindsets and approaches, which keep our clients ahead of their competitors, so that they can benefit from our research and guidance.” 

BlackCSI Director of Operations Mason Hayes, who also attended the TAG conference, said BlackCSI’s corporate focus in 2022 is cybersecurity. “Cybersecurity is our main push,” he said. “There are hacks happening all over the United States and it’s a lot easier to target smaller businesses who do not have full-on protection and constant monitoring.” 

A lot of the current technology threats to smaller businesses have come from the COVID-19 pandemic and what the media has been calling “the Great Resignation,” according to Hayes.  

“Everyone went remote and where before you had everyone working in the office on a network that was secure, now there are openings,” Hayes explained. “There is no longer as much control over what they are using at home, meaning there are a lot of loopholes and open access points, and procedures are not being followed in the home as it would be in the workplace.” 

Hayes said that over the past year BlackCSI has found that the majority of smaller businesses do not have any type of cybersecurity in place.  

“They do not have an endpoint detection system that follows every user,” he said. “That is really the biggest thing [companies need], endpoint detection and response to make sure they are following every user.” 

In fact, he said BlackCSI recently helped a client to avoid a $500,000 loss when its end-point detection system was able to alert the business of a scam-in-progress.  

Hayes said that, believe it or not, the biggest technology threat to businesses are their employees. Most people, he explained, don’t realize that doing something as seemingly insignificant as making a purchase online while on the company network, is all it takes to open the door for the bad guys.  

“It’s those small little gaps that happen that allow hackers to weasel into the network,” he said. 

Some of what BlackCSI can do to mitigate the “employee threat” is to provide training into areas like password security and phishing attacks.  

“We focus on things like identifying a phishing email that may look like it is coming from a manager,” Hayes said. “You miss a little something at the end, and click because it seems legit, and you’ve opened the door for the bug or the hacker. We help businesses to make sure that their employees are aware of what they should be looking for.” 

Hayes said that in his opinion the biggest misconception that companies have about protecting their technology assets is that having one network assessment per year is enough and encourages all businesses to get a second opinion even if they are told that everything looks good. BlackCSI uses TAG to get that second opinion for its clients.  

“The misconception is that it only just takes one person, just one set of eyes to protect the business,” he said. “It needs to be an organization-wide set as far as acknowledging cybersecurity. That is where it comes back to the training. The biggest and easiest access to your network is your employees.” 

When it comes to technology, Hayes said the next big thing that should be on the minds of business owners when it comes to technology is “the cloud. The days of an on-premise server are no longer needed. There is going to be a big push for everything to be out on the cloud.” 

Products like Microsoft Azure are going to help small businesses to make this huge step in a way that advances their operation and is safe and secure, according to Hayes. 

Jennifer Marangos is a freelance writer