You can’t afford to assume a simple cybersecurity defense will actually protect you from the many cybercrime threats out there. This is precisely why so many businesses are adopting a zero-trust cybersecurity model. 

Did you know that, on average, there’s a cyber attack every 39 seconds?

It could be a ransomware infection. It could be a phishing email. It could be one of the many other methods cybercriminals employ today. 

The point is that cybercriminals have an extensive arsenal of weapons to attack with—are you hoping your lone firewall will be enough to keep your business safe from all of them? That’s a dangerous gamble to make…

2023 03 02 TPM March Blog Post 2 Inside Banner

Stop Making Dangerous Assumptions

Sophisticated attackers have learned to play the long game, and sneak malware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. 

This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems. This is just one way in which cybercriminals are improving their tactics. 

Fortunately, both the solutions we use to protect ourselves, and their underlying theory and strategy are under constant development in order to stay ahead of emerging threats. 

Case in point: have you heard of “zero trust” security? According to Okta, adoption of this cybersecurity philosophy has doubled in recent years, and for good reason…

What Is Zero Trust?

The zero-trust approach to cybercrime assumes that every aspect is a potential vulnerability until it can be confirmed otherwise. That means instead of simply investing in a strong firewall and antivirus, and assuming you’re protected, every part of your IT environment and every user trying to access it is assessed for its security. 

According to NIST SP 800-207:

“Zero trust security models assume that an attacker is present in the environment and that an enterprise-owned environment is no different—or no more trustworthy—than any non enterprise-owned environment.”

This means that an organization following a zero trust security model cannot, even by default, offer any trust in any interaction in their protected systems. Risks must be continuously assessed and mitigated, and access must be continuously verified.  

It’s important for business owners to understand that every potential part of their network is a target. Given the overall connected nature of the systems, comprising one part can give the cybercriminals control over the entire environment. 

3 Basic Components Of Zero Trust Architecture

Verify And Validate

Network users are continuously validated and verified in real-time, even when they’re operating from within the network. This ensures that unattended machines, open ports, or misassigned administrator rights cannot be taken advantage of. 

Least-Privileged Access

The principle of “least privilege” is an important part of zero trust security. It ensures that every user is only given precisely the level of access they need to do their job. It’s like a cybersecurity equivalent of the intelligence concept, “need to know basis”.

Reduced Attack Surface

Organizations following a zero trust strategy must specify the most critical data and systems they use, and then defend them all together with a comprehensive approach to cybersecurity. This is far more effective than ad-hoc cybersecurity, composed of multiple separate defenses. 

The Core Principles Of Zero Trust 

As a way of thinking, zero trust is based on the following core principles and understandings:

Any source of data or computer source is a resource.

The bottom line is that any device or component that has access to data is a resource. These are assets that need to be secured, as any one of them can provide undue access to your data is breached. 

Communication must be secured no matter where the network is located.

Communication taking place within the network should not be assumed to be trustworthy. Ir must face the same authorization processes as external communication. 

Access to resources is authorized for each and every session

Just because a user was granted access for a previous session doesn't mean they should have automatic access the next time (e.g. “staying logged in”). Furthermore, as mentioned above, any given task should only be completed with the least privileges necessary to do so. 

Authorization to access resources should be determined based on a dynamic policy. 

There is a wide range of attributes at play that can help properly authenticate a user requesting access to a given resource. Beyond simple username and password protection, a security system can also consider software versions, network location, time/date, as well as behavioral attributes like subject and device analytics, and deviations from pre-established user patterns.  

Assets need to be monitored for integrity and adherence to security posture

As mentioned above, zero trust means never assuming trust, even for assets. Managing their integrity and security posture involves monitoring them for performance, and applying patches and updates as soon as they become available.

Access is granted only after a dynamic and consistent authorization process is completed.

An appropriate zero trust authorization process should include Identity, Credential, and Access Management (ICAM), asset management systems, multi-factor authentication (MFA), as well as continual monitoring with possible re-authentication and reauthorization as needed. 

Extensive data must be gathered to maintain an informed security posture.

Organizations need to gather and analyze data on user behavior, asset performance, and all other aspects of their networks to ensure that monitoring processes are adequately informed.  

Are You Interested In How Zero Trust Cybersecurity Can Protect Your Organization?

Our team will take care of each and every factor of your cybersecurity so that you don't have to worry about it. Our growing network of clients enjoys the confidence that comes with robust cybersecurity, as well as the freedom to focus on their work, instead of their technology

If you’re interested in discovering more about zero trust cybersecurity and what it has to offer your organization, get in touch with our team.

Are you falling behind the current standard of business cybersecurity? Discover what your colleagues in the business world are using to keep their organizations secure. 

The absolute biggest mistake companies make about cybersecurity is to assume that they don’t need it and that they are not a target. Or even worse, they think they are already protected, without taking any steps to ensure they are.

Here’s the reality: no matter how big your business is, or what industry you operate in, you are a viable target for cybercriminals. 

You can’t afford to hope you’re protected. You have to make an effort to keep your defenses up to date and prepared to fend off the ever-evolving range of weapons in use by cybercriminals today. 

2023 03 02 TPM March Blog Post 1 Inside Banner

The Top 3 Cybersecurity Tools Businesses Are Rushing To Adopt

According to a recent study by Okta, tens of thousands of businesses worldwide demonstrate an ongoing commitment to enhancing their cybersecurity. They noted a few trends in the types of technologies being more commonly adopted, which include…

Endpoint Monitoring & Management

Basic cybersecurity technologies aren’t enough on their own any longer, which is why businesses are investing in more sophisticated solutions. Let’s consider consumer-level antivirus, to start. 

Antivirus is installed to protect at the user level, known as endpoint protection, and is designed to detect and block a virus or malware from taking root on a user's computer, or worse, accessing a network to which the user is connected.

Because of antivirus’ limited capabilities, it’s unprepared to deal with a range of modern cybercrime threats:

Advanced Threats

An antivirus’ ability to spot threats is dependent on prior knowledge of those threats. As cybercriminals evolve their attack methods, they can easily circumvent basic antivirus defenses. 

Polymorphic Malware

Again, the signature-based tools that antivirus software relies on can be negated by employing malware that avoids known signatures. 

Malicious Documents

Antivirus programs can’t spot a threat when it’s disguised as a harmless document. 

Fileless Malware

By executing its processes in-memory, malware can avoid being spotted by antivirus programs that only scan files. 

Encrypted Traffic

Cybercriminals can also hide their activity in encrypted traffic, preventing your antivirus from ever noticing them. 

The point is that, on its own, antivirus software is not enough to defend you. The best way to improve your cyber defenses is with a comprehensive and reliable Endpoint Detection And Response (EDR) solution. EDR is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.

This is a vital service that protects endpoints like laptops, desktops, smartphones, tablets, servers, and virtual environments. Endpoint protection may also include antivirus and antimalware, web filtering, and more.

Mobile Device Management

No matter what kind of cybersecurity you have in place at the office, it won’t extend to the mobile devices that have access to your data. 

This is a critical limitation of your cybersecurity software, and it’s obvious when you think about it—if your firewall is only installed on your work devices, but you let employees use personal devices and home workstations to access business data, then obviously you won’t be totally secure, and you’ll be left open to critical vulnerabilities that will only be more common in the coming years:

This is why more and more businesses are implementing Mobile Device Management (MDM) policies and solutions. They dictate how your employees can use their personal devices for work purposes, dictating which security apps should be installed, and what best practices need to be followed. 

An effective MDM policy should also instill safe and secure practices for employees that use personal devices for business purposes. Key points include:

Dictate Mobile Device Use

Integrated into your internal network, these devices can be used to access, store, transmit, and receive business data.

You'll need to have policies in place to regulate how employees use their devices to interact with sensitive data. Take the time to consider the risks associated with mobile device use, such as the potential for devices containing business data to be lost or stolen, infected with malware, or the potential for accidental disclosure of confidential information through sharing a device with a family member or connecting to an unsecured wireless network. 

Identify And Address Potential Threats

A risk analysis will help you identify vulnerabilities in your security infrastructure, and help you determine the safeguards, policies, and procedures you'll need to have in place.
Whether the devices in question are personal devices or provided by your IT consulting, you will still need to have a clear idea of how they're being used to communicate with your internal network and systems.

Assessments should be conducted periodically, especially after a new device is granted access, a device is lost or stolen, or a security breach is suspected.

Document Policies For Reference And Review

Policies that are designed for mobile devices will help you manage risks and vulnerabilities specific to these devices.

These policies should include processes for identifying all devices being used to access business data, routinely checking that all devices have the correct security and configuration settings in place, whether or not staff can use mobile devices to access internal systems, whether staff can take work devices home with them, and how you will go about deactivating or revoking the access of staff members who are no longer employed.

Set App-Based Restrictions

Maintaining mobile security isn’t just about having the right apps—it means following the right protocols, to eliminate unknown variables and maintain security redundancies:

  1. Review installed apps and remove any unused ones on a regular basis.

  2. Review app permissions when installing, and when updates are made.

  3. Enable Auto Update, so that identified security risks are eliminated as quickly as possible.

  4. Keep data backed up to the cloud or a secondary device (or both).

Make Your Staff A Part Of The Process

Everyone on your staff should be educated on how best to use mobile devices to avoid costly security errors. Your safeguards can't protect you or your clients if your staff doesn't understand your policies and procedures, and lacks a basic grasp of security best practices.

Your entire team should be taught how to secure their devices, how to protect business data, what the risks are, and how to avoid common security mistakes.

AI-Powered Cybersecurity

Security based on advanced algorithms that can adapt and learn creates a system that can become familiar with the normal patterns associated with each user and device, detecting anomalies in those patterns quickly.

Essentially, something known as a neural net can be used in cybersecurity efforts. Based on a robust algorithm, the neural net can “learn” to spot patterns of data associated with previously identified and classified spear phishing emails. 

By incorporating this technology into an email client’s spam filter, the filter will be able to spot fraudulent incoming emails and eliminate them before they reach the recipient. 

One of the best parts about neural nets is that they continue to learn and improve the more that they are used. With increasingly more data to draw from, this Artificial Intelligence will become more and more accurate in doing its job. Investing in Artificial Intelligence technology is critical, as machines can respond much more quickly to the way these attacks are adapting. 

Need Expert Cybersecurity Guidance?

Don’t let your cybersecurity suffer, and don’t assume you have to handle it all on your own. Our team can help you assess your cybersecurity and develop a plan to protect your data.

Blog Post Graphics 1 1

2022 was a landmark year for cybercrime, from major nation-state attacks to the ever-evolving wave of new threats facing businesses and private users. Are you prepared to stay secure in 2023? 

2022 Cybercrime Trends You Need To Know About

With each year that passes, cybercrime tactics and weaponry continue to advance, and cybersecurity defenses struggle to keep pace. 

Did you know that there were over 37,700 ransomware attacks occurring every hour around the world last year? That’s just one threat businesses faced, and continue to deal with day in and day out this year. 

For small businesses, the situation is especially dire. According to a study conducted jointly between Cisco and the National Center for the Middle Market, over 50% of small businesses have no cybersecurity strategy or plan in place and for those that do, most have not reviewed the plan in over a year.

A cybersecurity strategy and plan, once created and adopted, must be reviewed at least annually to ensure that current threats are considered. 

Cybersecurity is not a one-and-done solution; the threat landscape evolves at a rapid pace and frequent reviews ensure that the plan will help reduce an organization’s cyber risk profile. That’s why you need to be aware of the greatest threats to your business and plan against them.

Trend #1: The Threat Of Cybercrime Is Evolving

Every day, cybercriminals attempt to adapt their methods to overcome new standards and defenses in cybersecurity. Nowhere is this more evident than with ransomware. 

Just a few years ago, ransomware wasn’t as big of a concern. While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data in place, you could rely on that to replace your data in the event it was encrypted by ransomware. 

Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money. 

Characteristics of modern ransomware attacks include:

Expanded Timelines

Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems.

Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions. 

Improved Capabilities

Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well.

Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility. All of this is to say that you can’t assume you won’t be infected at some point.

Your Ultimate Ransomware Defense Checklist

Trend #2: Cyber Insurance Is More Expensive And More Complicated

The worldwide cyber insurance market USD $7.60 billion in 2021 and is expected to nearly triple by 2027. During the past 12 months as many of our client’s cyber insurance came up for renewal, a clear trend has emerged.

Cyber insurance carriers are requiring more sophisticated written cyber policies, tools, training, and disaster recovery systems before processing the renewal, and in many cases are also significantly increasing premiums for individual cybersecurity risk items that are not being addressed.  

This has nothing to do with whether there has been a claim or not in the past, and everything to do with what steps the applicant must now take to address cyber security risk.  All the carriers now have additional forms filled with cybersecurity questions that must be answered accurately before the carrier will renew the policy. 

Have you been researching cybersecurity insurance, but aren’t sure if you qualify? Before you can secure coverage from a carrier, you need to do your due diligence and enhance your cybersecurity. 

Cybersecurity insurance is protection designed specifically to help cover the potentially massive expenses associated with an unavoidable data breach. It can be a worthwhile investment, so long as you know how it works. 

The somewhat inevitable nature of modern cybercrime has led businesses to consider cybersecurity insurance as a final layer of reassuring protection. 

In fact, it’s becoming more and more necessary, as many insurance providers have begun drawing a clear line between normally covered losses, and those incurred by cybercrime-related events. 

That means that if your cybersecurity doesn’t meet the standards of your insurance provider, you may not be as well covered as you think. 

In order to determine what type of cybersecurity insurance you may need, it’s important to start by taking stock of your business and the potential threats posed to it:

Evaluate your system infrastructure

The best way for you and your team to determine the kind of coverage that is best for your business is to understand your IT infrastructure. By evaluating your systems from top-to-bottom, you’ll have a clear idea of all the different access points that could be leaving your network vulnerable to threats. 

Improve your security to reduce rates

Don’t forget to look into how investing in your cybersecurity could save you money on premiums. Open up a dialogue about it with your potential Cybersecurity Insurance provider and see what they suggest. 

Identify your risks

Next, it’s best practice to conduct a risk assessment and an impact analysis. Carefully review all your business' assets—including financial data, customer information, and intellectual property. Categorize assets according to their risk and make considerations for the potential impacts that a data security event could have on all aspects of your business. 

Trend #3: Nation-State Attacks Are On The Rise

On April 17th, 2022, the infamous Russian cybercriminal group Conti launched a cyber attack on 30 institutions connected to the Costa Rican government. They extensively infected the government’s systems with ransomware, resulting in a near-total shutdown of the nation’s finance industry.

During the downtime, the government was unable to manage taxes, payroll, social security payments, and other citizen-based financial needs. At the same time, Costa Rican citizens began receiving WhatsApp spam messages to further threaten their security. 

In the course of the government’s shutdown, they lost an estimated $30M USD per day. 

Conti demanded a $10M USD ransom from the Costa Rican government and threatened to leak private citizen data if their demand was not met. Numerous countries including the US offered technical assistance during this bout of downtime. 

To make matters more complicated, the Costa Rican government was also going through an election at this time. When the new President, Rodrigo Chaves Robles, took office, he declared a national state of emergency, and classified cybercriminal action as a terrorist activity. 

Months later, Costa Rica is still reeling from the attack. They have suffered follow-up attacks by other cybercriminals on other institutions such as the Costa Rican Social Security Fund and healthcare system, and continue to go through the process of recovery and remediation. 

The government has refused to pay the ransom and has worked continually to provide critical services in light of systemic IT issues stemming from the attacks.

Often originating in Asian and Middle Eastern countries, nation-state cyber attacks are unique in their danger because they are often executed with greater resources and near total immunity from any sort of justice when compared to garden variety, US-based hacks. 

For example, in mid-2019, Microsoft warned more than 10,000 users that their personal data may have been affected by nation-state attacks originating in Iran, North Korea and Russia. 84% of these attacks targeted businesses, and the remainder went after individual accounts. 

Many respondents in a report by Radware noted anxiety in using newer networked devices and smart technologies that are not necessarily as secure as conventional onsite IT environments. 

Are You Sure Your IT Company Is Keeping You Secure?

You can’t assume that all IT companies deliver the same degree and quality of cybersecurity support. 

You would be shocked at what the Orbis Solutions team has uncovered during our assessments of new clients’ systems. Repeated passwords, unprotected endpoints, missing MFA, the list goes on. 

Selecting a company to maintain your technology is one of the most important decisions you can make for your business. You must find the most competent and reliable IT support provider in your area.

Need Expert Cybersecurity Guidance?

Don’t let basic cybersecurity put you at risk, and don’t assume you have to handle advanced cybersecurity all on your own—Orbis Solutions can help you assess your cybersecurity and develop a plan to enhance it. 

You can start improving your cybersecurity by getting in touch with our team.

Blog Post Graphics 2 1

Are your passwords up to par with the latest recommendations from industry giants and cybersecurity experts? A decade-old password may not be as strong as you think…

Passwords are the foundation of cybersecurity. 

Whether it’s the PIN for your credit card or the password for your email account, these strings of alphanumeric codes are a critical part of keeping your private data and your finances secure. 

Are you sure your passwords are strong enough? Do you have all of the associated best practices in place? 

There’s no better time than now to find out. If you haven’t thought about the strength and effectiveness of your passwords in a few years, then they’re almost certainly due for an update. 

After all, the way we think about passwords has changed a lot…

Is Your Password Strategy Outdated?

Not too long ago, the secret to a strong password wasn’t terribly complicated. That said, some of the best practices we suggested were less than ideal—and in some cases, outright wrong in hindsight:

Use A Passphrase

Do you have a particular catchphrase that you’re always repeating? Or a memorable quote or saying that really resonates with you? 

Choose a phrase that is easy for you to remember and take the first letter of each word. For example, the phrase “Strangers waiting up and down the boulevard” would translate into “swuadtb”.

Expand The Passphrase

A password becomes more effective as its character length increases. Having a password that is at least six characters long is a good baseline to go by. 

So using our example from above, we can lengthen it by adding the website name that we are using it for or a company name: “swuadtbGmail”.

Incorporate Alphanumeric Characters

Strengthen our sample password by adjusting the case of some of the letters within the password. 

By doing this, we make our password more unique and less predictable, even if a hacker is using dictionary database attacks. In this situation, our password could read as follows: “Swu@DtbGm@iL”.

Update On A Regular Basis

A simple way to continually protect your network is to rotate through a string of passwords so that every week, you’re using a different password. This makes your network more resistant to brute-force hacker attacks.

Modern Password Best Practices You Need To Follow

While some of these best practices are right in spirit, some of them are actively harmful to cybersecurity. You should never use the name of the associated website in your password (i.e. “gmail” for your gmail account), and you shouldn’t keep a string of passwords that you rotate through on a weekly basis. 

Fortunately, best practices have been updated in the last few years…

Implement A Password Policy

Whether it’s for your family or your employees, make sure that everyone is following the standard password best practices. At their most basic, this includes:

Consider Password History

Make sure that you’re not using passwords you’ve used in the past. These could have been compromised without you knowing about it—make sure that everytime you create a password, it is entirely new to you. 

Always Log Out

Unless you’re using a personal device that is only accessible by you, you and your employees should always log out when leaving a device at the end of the day. Furthermore, you should be in the habit of locking your screen when stepping away from the device, even if only for a few minutes. 

Update Your Passwords

Say a site you've signed up for and made purchases from, or planned to make purchases from, gets hacked. Whatever password you had used for it is no longer secure.

The good news is that there’s a simple way to protect against this—change your passwords on a regular basis. That way, it doesn’t matter if a hacker has an old password from three years ago from that website you don’t use. 

Use A Password Manager

If you’re not repeating passwords, then you won’t be vulnerable to further breaches when a hacker gets your info.

But that’s easier said than done, right? As we explored above, you have a lot of different accounts—so how can you be expected not to repeat a memorable password here or there?

It may be nearly impossible to do on your own, which is why you should use a Password Manager. A password manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information. 

It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option. Plus, it provides answers to security questions for you. All of this is done with strong encryption that makes it difficult for hackers to decipher.

Implement Multi-Factor Authentication

MFA is a secondary layer of verification, beyond the simple username and password combination required for most logins. 

By requiring a second piece of information (such as a randomly-generated numerical code sent to a mobile device or a fingerprint scan), it’s that much more likely that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.

Don’t Underestimate The Importance Of Your Passwords

At the end of the day, managing a long list of complex passwords can be frustrating, but it's a key part of your personal and professional security. 

Take the time to develop a strong set of passwords before you get hacked, not after. If you need help assessing and improving your cybersecurity practices, get in touch with the Orbis Solutions team today.

To Catch A Spy

His story is so compelling that Ryan Phillippe starred as him in a movie.

Eric O’Neill is a former FBI counterterrorism and counterintelligence operative.  In 2001 he helped capture Robert Hanssen, an infamous spy passing United States intelligence to the Soviet Union and Russian Federation, the worst breach of that type in US history.  Since then, he has appeared on both CNN and Fox as a national cybersecurity expert and has worked one-on-one with businesses to help manage their online security.

This capture led to Eric’s story being developed into a movie, Breach, in 2007 and writing his memoir, Gray Day.  Now a highly trained attorney and investigator, he often keynotes on cyber threats.

We will both present live on Thursday, December 15 for Small Business Tech Day. We are hosting this free event for Small Business leaders and owners to discover the best technology and practices to increase their profitability and protect them from online threats.

Eric will outline ways for your practice to be proactive rather than reactive. There are technologies and people you can implement right now to ensure you stay protected.

We’ll be streaming live from Las Vegas and also be joined by Shark Tank celebrity Kevin O’Leary and bestselling business author Mike Michalowicz.

Reserve your spot at to get free access to the event and be reminded when we are LIVE!

A Serial Entrepreneur’s Success Secrets Shared  

Having been a small business columnist at The Wall Street Journal and business makeover consultant for MSNBC, Mike Michalowicz knows a thing or two about scaling a business.  He has since founded and sold two multimillion-dollar companies. 

Mike sold his first company to a private equity firm and his second to a Fortune 500 company.  At age 26, he was awarded the New Jersey Small Business Association’s Young Entrepreneur of the Year. 

Since then, he has created and written the book Profit First, which helps businesses attain early and sustained profitability to scale and grow faster.  He followed those books with Clockwork and Fix This Next.  His latest, Get Different, is all about can’t-ignore business marketing. 

He aims to eradicate entrepreneurial poverty and help business owners achieve their long-term personal and professional goals. 

Orbis Solutions is honored to be joined by Mike on Thursday, December 15, as we both present for Small Business Tech Day.  This is a free event for small business leaders and owners to discover the best technology and practices to increase their profitability and protect them from online threats. 

Mike’s going to share how, given the current economy, small businesses can have their best growth ever and make more money.  

We’ll be streaming live from Las Vegas and also be joined by former FBI counter-terrorism and counterintelligence operative Eric O’Neill and Shark Tank celebrity Kevin O’Leary. 

Please reserve your spot at to get free access to the event and be reminded when we are LIVE! 

Spend The Day With Kevin O'Leary

Tech Day NevadaKnown as Mr. Wonderful but filled with catchphrases like “Stop The Madness!” and “Know Your Numbers,” Kevin O’Leary is a staple on Shark Tank, where entrepreneurs can pitch him and fellow multimillionaire investors (“sharks”) to help expand their business in exchange for a stake in the company.

At age 29, Kevin co-founded a software company that grew to acquire more educational software and eventually purchased Learning Company.  Only four years after that acquisition and adopting that name, Mattel bought Learning Company for more than $3 billion.

Since then, Kevin has been an original cast member of Shark Tank, where he is known to be the resident truth-teller.  Over 14 seasons, he has worked with over 500 small business owners and invested his money in 40 companies.

On Thursday, December 15, Orbis Solutions will join Kevin live for the Nevada Business Tech Day. This free event is for Nevada business leaders to discover the best technology and practices to increase their profitability and protect them from online threats.

Kevin will speak on how technology can help dental practices beat their competitors by adapting to salary increases and labor shortages. Business leaders across Nevada have a massive opportunity to get more customers and capitalize on this changing economy.

We’ll be streaming live and joined by former FBI counterterrorism and counterintelligence operative Eric O’Neill and bestselling business author Mike Michalowicz.

Please reserve your spot at to get free access to the event and be reminded when we are LIVE! 

Orbis Solutions Named One Of 2022’s Top 250 MSSPs

Orbis Solutions is proud to announce that MSSP Alert, published by After Nines Inc., has named us to the Top 250 MSSPs list for 2022, ranking #237. We are delighted to be one of the world’s top Managed Security Services Providers (MSSPs).

The rankings are based on MSSP Alert’s 2022 readership survey combined with the digital media site’s global editorial coverage of managed security services providers. The seventh-annual list and research report tracks the managed security service market’s ongoing growth and evolution.

Do you know why cybersecurity expertise is so important?

Orbis Solutions Named One Of 2022’s Top 250 MSSPs

Do You Lack Cybersecurity Expertise?

The fact is that, even if you deployed all the necessary cybersecurity technologies, invested in all the necessary tools and solutions, and did everything you could to protect your business, you’d still be missing one thing—cybersecurity expertise.

Does your staff have the skills and experience needed to keep you protected?

Cybersecurity expertise is in high demand these days. As cybercrime continues to grow, and as businesses become more and more digital in their operations, cybersecurity becomes a much more critical priority. However, there’s only so much cybersecurity talent available to hire.

When you’re not sure if you have the skills or knowledge to get the job done, what can you do? Consult with cybersecurity professionals.

The Case For Managed Security Services

The question you need to ask yourself is whether you can confidently manage cybersecurity on your own.

The short answer is “maybe, but probably not”. Especially for members of highly regulated industries like healthcare and financial services.

In theory, it's entirely possible that, if you've invested in the right technologies, and have the right skill set, you could handle cybersecurity for your business all on your own. You would find your vulnerabilities, manage your policies, monitor your alerts, and everything else that comes with operating a secure business IT environment.

When it comes to protecting against the ongoing, evolving cybersecurity threats in play today, managing cybersecurity is, understandably, a tall order. For you to effectively fill the role of an IT security company, you would need…


The knowledge of how to select, configure, optimize and maintain increasingly complex IT security technologies. Do you have that kind of know-how?


You’d also need the time to both find vulnerabilities on an ongoing basis and respond to events as they occur. If you can't afford to make cybersecurity your full-time job, then do you really think you can stay on top of it?

For all these reasons, it’s recommended that business owners simply outsource their cybersecurity for complete management by an IT company they can rely on—these companies are also known as MSSPs, which means they offer cybersecurity expertise.

In fact, whereas nearly a quarter of businesses in the Enterprise Communications Survey have already moved to a managed security model, nearly 45% have plans to do so within the next year.

How To Find The Right Cybersecurity Support For You

You may be thinking you already know the right IT company for your organization. But before you sign on the dotted line, you need to be sure they’re going to deliver everything you need.

While it’s certainly frustrating to have to do some homework before you sign an agreement, it’s vital that you make sure all your needs will be addressed before you make it official.

Even though you may have a contract that states and governs the managed services, your contract may still lack significant details—it's better to check now and consider moving on, instead of finding out you're not covered after you've locked into an agreement.

That said, even if you've already entered into a contract with an IT company, that doesn't mean it's too late to ask them a few questions.

The Orbis Solutions Approach To Cybersecurity

The Orbis Solutions team believes the only way to effectively develop cybersecurity is through a fully managed approach that builds a culture of best practices, in combination with a range of carefully chosen technologies.

We can provide managed security solutions that address your company’s specific needs, and we can do so in a cost-effective manner. Book a meeting with our globally ranked cybersecurity team today.

Fake Invoice Scams Rock Las Vegas

Key Takeaways

YouTube video


No one is immune to invoice fraud. Criminals are becoming sophisticated, so some scams may not be obvious, even for seasoned professionals. Many businesses in Las Vegas today are concerned about invoice fraud's prevalence and the surprisingly convincing manner in which it is carried out. It is becoming a danger that cannot be ignored, even when you think that the security of your accounts payable process is watertight.

Although the advancement of information technology and computer science provides businesses with more secure and efficient solutions to manage fraud, some companies are yet to switch from the traditional manual payment processes entirely, and fraudsters are taking advantage of this. Additionally, even with businesses aware of fraud and scams that may affect them, many are yet to take any preventive action, which explains why invoice fraud still has ground.

What is Invoice Fraud?

Invoice fraud happens when a scammer or hacker poses as a vendor by sending you a fake invoice or any other payment request, such as changing payment details, hoping your business will comply and pay. Unlike email scams and other attacks, invoice frauds are highly targeted. Typically, the fake invoice is generated with knowledge about your business relationship with suppliers.

The fraudsters don't mind the work and precision that goes into planning the fraud because, ultimately, criminals can make a lot of money if successful. For example, we recently learned that tech giants Google and Facebook were scammed out of $123million. This shows how complex this type of fraud is and how it challenges all organizations regardless of the size and security measures.

There are varying levels of sophistication applied in perpetrating invoice fraud. However, the ultimate goal is to get a phony invoice past the accounts payable team.

How Does Invoice Fraud Work?

Invoice frauds are often well-executed and hard to detect. A third party will submit a fake invoice to your company, and you may think you are genuinely paying for goods or services received while sending funds to a scammer or hacker. Although most scammers usually play a game of chance with their luck, they typically invest significant time learning about your business before making you a victim. A study by the Association of Certified Fraud Examiners revealed that fraud plots could take an average of 16 months from the initial research to the time it is carried out. Their research mainly focuses on identifying your regular suppliers and their typical invoicing patterns so that the fake invoice looks as genuine as possible.

Common Types of Invoice Fraud

Knowing some common types of invoice fraud will give you a better idea of how to prevent them.

Inflated Voices

Prices of the invoices are inflated to get you to pay more than you are supposed to. Usually, the amount is not significantly increased to avoid raising suspicion. The invoice could be from a genuine vendor wanting to rip you off or a scammer who has not supplied your business with any goods or services.

False Vendor Invoices

This is the most common type of invoice fraud. They appear to be charging for legitimate goods or services, but they delivered nothing. The scammers hope that no one will question the invoice and ultimately get away with reaping where they did not sow.

Duplicate Invoices

This involves both internal and external parties to the business. You get more than one invoice for a service or goods.

Ways to Prevent Invoice Fraud

You are at an increased risk of falling prey to an accounting scam when there are some weaknesses in your accounts payable processes. Some of the issues that make your business more vulnerable include:

To protect your business from invoice fraud, here are a few things you can do:


Invoice fraud can be costly for your business, so it makes sense to invest in prevention and protection measures instead. Automating the accounts payable process can cover some loopholes that fraudsters take advantage of to commit invoice fraud. Accounts payable automation takes over verifying invoice information and ensuring that the services or goods being paid for are received. In addition, it allows the accounting team operates more efficiently by saving time and reducing errors.

Use Multi-Stage Authorization

This sounds like the bare minimum every account payable team should be doing. However, many businesses still rely on just one person to authorize and verify everything, increasing the chances of an error. Having more eyes check an invoice and payment will increase the chances of spotting any suspicious activity before it is too late.

Track Invoice Activity

The only way to determine if something is odd with your accounts is by tracking and monitoring all invoice activity. Tracking lets you know the number of invoices you receive, how much you pay, and whom. Therefore, if something is not adding up, you can always spot it in good time and make the necessary changes.

Do Due Vendor Diligence 

You can prevent invoice fraud by selecting the vendors you bring into your business. Make sure to do several steps of due diligence checks to ensure that the vendor is legitimate. First, they provide essential documents like proof of incorporation, TAX/VAT number, and contact and payment information. Then, confirm with the vendor before authorizing payment in case of any changes, such as new payment details. Alternatively, you can use automated tools to flag any payments or invoices that seem off or new in your system.

Orbis Solutions Inc. can help secure your business against invoice fraud by improving your email security measures. Emails, the most common mode of communication for business, can be an avenue for phishing and other cybercrimes supporting invoice fraud. Contact us today to find out more about how we can cushion your systems so that all your business communication and information stay secure.

Cloud Based Backup Solutions

Data protection is vital to the survival of any business. It may be challenging and expensive, but it is a necessary measure you must take. There is no telling when data loss will happen, so it is crucial to think ahead and implement a backup solution. This ensures peace of mind and helps you quickly return to normal operations after a disaster.

YouTube video

What is Cloud Backup?

As the name implies, this is a backup solution delivered over the internet that relies on cloud technology to store and secure a copy of your data. Cloud backup relies on a structured system to copy and store data to a third-party cloud-based server. Its most significant advantage over traditional backup solutions is that it keeps data on a virtual file system and is not geographically limited. It is also a cost-efficient method of backing up data.

How Does it Work?

Cloud backup involves transferring copies of data to a remote storage platform, usually hosted by a third-party service provider. The provider charges you to use the platform based on capacity, bandwidth, and the number of people using it. You can use as much or as little of the service per your needs. With a cloud-based solution in place, when your hardware fails or falls victim to a virus attack and your data is lost, you can still access copies of the files preserved on the cloud.

Usually, when you engage cloud backup services, the first step will be to do a full backup where all the data you want to be protected is copied to the cloud. The duration to back up your files will depend on the amount of data involved. Alternatively, you can use the cloud seeding technique to do away with the need for sending the initial data over the internet. After the initial backup, you can select the backup schedule, and the backup software will collect, compress, encrypt and transfer the data to the cloud service provider for backup.

When the data is needed, you need to access your cloud account and retrieve the files you need all the entire amount of data.

3 Reasons to Consider Adding Cloud Storage to Your Backup Plan

1. Access from Anywhere

Unlike traditional backup methods, cloud backup provides access to your data anytime and from any location. You only need a device connected to the internet to authenticate yourself, and you will have your data. Even if you have lost your computer or storage device, you can still access your data using a different device. There are also no interruptions and delays in getting the information you need. It takes a few steps to restore the data you need, ensuring no downtime in your operations, especially in times of disaster.

Market competition forces cloud backup solutions to innovate and introduce more value to their customers. As a result, they are constantly introducing improvements that your IT team would otherwise have had no time to research and implement. Besides backing up your data, cloud backup includes information syncing and sharing, and mirroring.

Syncing services allow you to create a folder online to store and access files stored on personal computers or servers. The files are updated automatically, promoting collaborative working and making sharing data easy. The file sync and share feature can also serve as a backup. However, it will only be efficient for a small amount of data. It cannot be relied upon for large or sensitive data since its user-oriented approach makes it vulnerable.

2. Scalability

The good thing about investing in cloud backup is its flexibility to adapt to the changing needs of your business. When your needs grow, you can quickly scale up; similarly, if needs reduce, you can scale down. However, with in-house backup solutions, you must do complex calculations about purchasing new equipment to increase storage or what to do with extra equipment, not in use.

The pricing options for cloud backup are very flexible. Usually, providers have different plans to accommodate different user needs. Therefore, you can easily downgrade or upgrade the plans to get what suits your business. This is very helpful if you are starting your business or experiencing accelerated growth and your on-premise storage cannot keep up.

Another advantage of cloud backup is that the software provider handles all the backing support and maintenance. Therefore, you do not have to worry about needing additional staff to resize, encrypt and deduplicate files before backing them up to the cloud. Whether you have a large or small amount of data needing backing, there is little to no management on your part. It is the responsibility of the service provider to facilitate the backup process.

3. Security and Compliance

Besides the need to recover lost or compromised data, backups are essential to security audits and compliance. Compliance is meant to protect consumers and ensure continuity of service even if a disaster happens by ensuring their information stays secure. The standard security and compliance measure is to have one primary copy and then have two backups where one is stored offsite. Cloud backup mainly acts as the secondary backup, saving copies of your data in different regions.

Most of the backup solutions in the market include data policy and regulations management. You can therefore offload the regulatory compliance requirements to the provider. However, the rules and regulations followed by a particular software provider may be limited to specific industries and countries of origin. Therefore, you need to take the initiative to verify if a backup solution matches the compliance-related qualifications you need.

In addition, most cloud backups use highly secure encryption protocols. This adds a layer of protection such that even if hackers get access to the files, they cannot decipher them. The fact that the backup is located offsite also ensures that the data has extra protection from viruses and ransomware attacks.

To find out more about how you can build solid backup and recovery solutions for your business, contact Orbis Solutions Inc today.

orbissolutionsinc linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram