Getting Real about Cybersecurity with Mentis Group President, Jason Vaught

It’s time we all got real about cybersecurity. As a business owner, there are things you need to know to keep your company secure.

Ransomware attacks can happen to any company literally.

While many breaches are the result of open firewall ports or unsecured remote access to systems, the majority of breaches begin with a user clicking a link or being duped into entering their credentials via a phishing email.

Basically, they canvas the world with phishing emails with the objective of securing a user’s credentials. Once a user’s system is compromised or credentials obtained, they look at the companies where those people work.

Now it’s on like Donkey Kong, the bad guys taking the breach as far as they can possibly go and selling access to your company to the highest bidder on the dark web.


Because it’s their job. It’s how they make a living.

Listen, hackers, outside of a few high-profile, mafia type cybercrime organizations are lazy opportunists. They’re looking for low hanging fruit and staff who open phishing emails are low hanging fruit.

You need to know this for two reasons:

  1. Don’t be easy prey. You didn’t spend 20-30 years of your life to fuel a hacker’s criminal lifestyle.
  2. Don’t stick your head in the sand. There’s literally nowhere to hide on the internet.

On the other hand, well known cybercrime organizations look and act like legit organizations. From the fancy offices to the receptionist to the decked-out conference room and holiday parties and perks, you wouldn’t know the difference unless someone told you. They’re BIG business. The US Treasury’s best educated guess links around $5.2 billion in bitcoin transactions to ransomware payments, which doesn’t include hidden funds or cash payouts.

You need to know this for two reasons:

  1. Cybercrime is well-funded, which fuels innovation.
  2. Cybercrime is well-incentivized, which fuels the industry’s labor force.

This shouldn’t come as news to you. Huge ransomware attacks (Colonial Pipeline, D.C. Police Department, etc.) have been covered from every possible angle by the media. If you have a television in your house or a phone in your hand, it’s virtually impossible to avoid all the cybersecurity media coverage. It’s legit. It’s real. It’s scary.

But it doesn’t have to be. In the end, that decision is in your hands.

I want to walk you through what is being labeled in the managed IT Services industry as “enhanced” cybersecurity offerings.

This is the industry’s best response to the constantly evolving threat landscape (more on this later).

First, I want to make it clear as day what the stakes are should you choose to not act on the information, I’ll be sharing with you what you might expect with a security breach.

  1. Significant downtime to your operations
  2. Permanent damage to your client relationships
  3. Irreparable harm to your business reputation
  4. Hefty fines due to failure to comply with industry regulations
  5. Legal ramifications
  6. Bankruptcy

Let me be frank: is not securing your business to save $1,500, $2,500, or even $5,000 on security services (depending on the complexity of your business and size) a month worth risking losing everything?

How much is your business worth to you?

What’s the solution you might be asking?

Develop a “security first” mindset. Then, invest in security first strategies and tools to prevent this tragedy from ever happening to you.

As a security first managed IT Services provider, it’s our job to offer you the best in class cybersecurity options currently available.

In order to reduce your breach risk by 90%, you must have robust perimeter protection (firewalls and other existing filtering services) PLUS the following security components at a minimum:

  • EDR Endpoint Security
  • Multi-factor Authentication (MFA) on hosted email and ALL points of entry into the corporate environment (VPN, remote access, and administrative level access to servers)
  • Complex Password Policies and enterprise-class Password Management
  • Email Filtering and Encryption
  • Recurring Security Awareness Training and Phish Testing

Let me repeat: the above measures are the minimum elements you’ll need in place to protect your business. Learn more about our enhanced cybersecurity services here.

In today’s world, the conversation around cybersecurity has changed completely. It’s no longer a question of if you’ll be breached, but rather when.

For your business to survive in today’s cyber threat landscape, you’ll need the right, security first managed IT Services partner.

Want to stay current on the how to defend your company using the latest in cybersecurity technologies?

Sign up for our newsletter here.