Blog Posts

Most breaches don’t start with hackers breaking down your firewall. They start with someone logging in using credentials they found on the dark web. This post breaks down the NIST 800-171 control family for Identification and Authentication. No fluff. Just the basics, the problems, and how to fix them. What […]

You need to share files with clients or vendors. Maybe links. Maybe request uploads. SharePoint can handle this. You just need to avoid the clutter. Start With the Right Use Case There are only three reasons to build one of these portals. Pick the one that fits: 1. Give Each […]

As a small or mid-sized business engaged with defense contracts, the potential to work with the Department of Defense opens doors to numerous business opportunities. However, with these opportunities comes the responsibility of protecting Controlled Unclassified Information against cybersecurity threats. This is where NIST 800-171 comes into play. This guide […]

One of the most common misconceptions is the belief that once a Microsoft 365 tenant is configured, the work is done. Many organizations assume they can set up a baseline configuration and leave it untouched indefinitely. Unfortunately, this mindset overlooks the reality of configuration drift and the evolving nature of […]

Storing credentials in plain text-whether in Excel spreadsheets, Word documents, or text files, is one of the riskiest practices a business can adopt. Yet, many organizations do this. I consistently find password files sitting in file shares or SharePoint sites, often labeled something as obvious as “passwords.xlsx.” While this might […]

One of the most overlooked security settings in Entra is user consent for enterprise applications. By default, users may be allowed to consent to third-party apps, granting them permissions to access organizational data—often without understanding the implications. This can lead to unauthorized access, data leakage, or even malicious activity within […]

Device Code Flow is a convenient authentication method designed for devices with limited input capabilities, like smart TVs and other IoT devices. However, attackers have found ways to exploit it for phishing attacks, making it a serious vulnerability in your Microsoft 365 tenant. Blocking DCF is a simple yet effective […]

Recently, we discovered a security vulnerability for one of our clients that could have escalated into a serious issue. The client had a VPN user portal exposed to the internet, even though it was not actively being used. This oversight created an attack vector that was being exploited by malicious […]

Managing macOS devices in a business environment can be challenging, especially for organizations with IT staff who are most familiar with Windows-based systems. However, with Microsoft Intune, you can effectively manage macOS devices while leveraging your existing Microsoft 365 ecosystem. Getting Started: Apple Business Manager The first step to managing […]

NIST 800-171 is a set of cybersecurity standards designed to protect sensitive information within non-federal systems and organizations. Whether you’re a contractor, small business, or educational institution, implementing these 110 controls across 14 families strengthens your cybersecurity posture and ensures compliance with federal requirements. Below is a simplified checklist to […]