If your firm's idea of multi-factor authentication is "we get a text message with a code," you don't really have MFA. You have something that feels like MFA, and that feeling is worth less than you think. NIST deprecated SMS as a second factor back in 2016 in their...
Business Tech and Cyber Blog by CSM Systems
Our Latest Blog Post
Older Posts
The Outlook Rule That Steals Tax Season
The FBI's 2023 Internet Crime Report logged $2.9 billion in business email compromise losses. That's the line that gets quoted. What doesn't get quoted is the mechanism. Almost all of that loss runs through a tiny, boring piece of Microsoft Outlook called an inbox...
The Compliance Audit You Didn’t Know Was Coming
In December 2023, the FTC finalized updates to the Safeguards Rule under the Gramm-Leach-Bliley Act that apply to tax preparers, accountants, and any business that handles consumer financial information. The rule now requires specific technical controls: encryption,...
Your Backups Won’t Save You (The Way You Think They Will)
In early 2024, Change Healthcare, the company that processes roughly one-third of all U.S. healthcare claims, got hit with ransomware. The attack disrupted pharmacies, hospitals, and medical billing across the country for weeks. UnitedHealth Group, their parent...
The Laptop That Took Down a Whole Firm
In 2022, Uber's entire internal network was compromised by an 18-year-old. Not through some exotic zero-day exploit. The attacker bought stolen credentials on the dark web, MFA-bombed an employee with push notifications until they accepted one, and then moved...
Ransomware Doesn’t Start With Ransomware
In February 2023, the U.S. Marshals Service got hit with ransomware that took critical systems offline for months. A federal law enforcement agency with a real IT budget and actual security staff. It took them 30 days to stand up a replacement system. Not because they...
Your Microsoft 365 Is Not Secure by Default
Microsoft 365 is the most commonly used business platform in the country. It's also configured, out of the box, in a way that would make any security person uncomfortable. Microsoft gives you the tools. They don't turn them on for you. And they definitely don't tell...
The DocuSign Email That Cost a Law Firm Everything
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise caused $2.9 billion in losses. Not ransomware. Not crypto scams. Email. It's been the most expensive category of cybercrime for years running, and it hits professional services...
Is Your Internet Holding Your Business Back?
When a business slows down, it’s easy to point fingers. Maybe your software feels clunky. Maybe your employees seem distracted. Maybe you just think it’s “part of the grind.” But here’s the truth most companies overlook: your internet connection might be the real...








