Skip to content

Security Office Hours: Breaches, Hacks, and Compliance Risk

 

Optimize your Company's Security

If you are concerned about breaches, outdated systems, or compliance exposure, we can help you understand what matters most for your organization.

 

Key Takeaways

Today’s breaches are not just technical incidents. They are business risk events that affect operations, compliance, insurance, and trust.

  • End of life software creates real compliance and insurance exposure, even before it stops working.

  • Traditional VPN design increases risk by exposing a direct entry point into your network.

  • Microsoft 365 security and licensing are closely connected, and misalignment can create audit and security gaps.

  • Your vendors and software providers are part of your attack surface, even if you do not work with them directly.

  • Personal information is already widely available online, which makes password reuse especially dangerous.

  • The strongest cybersecurity outcomes come from trained people and clear processes, supported by the right technology.

The goal is not perfection. The goal is visibility, prioritization, and informed decisions.

 

 

Recommendations

If you want to reduce breach risk in a practical, measurable way, start with these steps.

  1. Review all Windows 10 devices
    Identify which systems are still running Windows 10, confirm upgrade eligibility, and establish a clear transition plan before support ends.

  2. Reevaluate VPN usage
    If your organization relies on VPN access, consider moving to a Zero Trust access model that reduces inbound exposure and limits lateral movement.

  3. Validate Microsoft 365 security licensing
    Confirm that all users are properly licensed for the security features you have enabled, especially identity and access controls.

  4. Strengthen identity security
    Require multi factor authentication for all users, eliminate password reuse, and reduce unnecessary administrative privileges.

  5. Assess vendor and software risk
    Understand where your data is stored, who can access it, and how incidents are handled by critical vendors.

  6. Train users for modern attacks
    Focus training on realistic threats such as MFA bypass attempts, QR code phishing, and social engineering.

 

 

Overview

Running a business today means facing threats that change faster than ever. Security Office Hours exists to help you guide your team through those threats. This session offers strategic clarity—not technical overwhelm—so you can make informed decisions that protect your people and your mission.

This quarter, we’re focusing on technology you use every day. But what if that tech is no longer secure? From expired operating systems to hidden licensing risks, it’s time to take a closer look at what’s under the hood.

Agenda: 
- Windows 10 is ending support—are you ready for the fallout?
- VPN breaches: what happened, what’s next.
- Microsoft’s 365 audit crackdown: how security and licensing collide.
- Oracle’s breaches and what they reveal about your vendors.
- Personal info on the dark web: what’s exposed, and how to check.
- The holistic defense approach every leader should use.
- Q&A.


You care about your people, systems, and business. We’ll help you understand the risks, make wise choices, and lead with confidence.


Watch the Previous Session Here: https://www.endsight.net/sec/5-cybersecurity-trends-of-2024 

 

 

Speaker

thumbnail_StephenHicksHeadShotWDog

Stephen Hicks

Security Practice Manager @ Endsight

Stephen has spent his entire professional career in the technology industry. He holds an MBA from Saint Mary's College and just over a dozen technical certifications including advanced cybersecurity certifications CISSP and CISM. He has a second-degree black belt in Shito Ryu Karate and loves to scuba and ski.

FAQ

What should we do first if we are worried about breaches?

Start with identity security. Ensure multi factor authentication is enabled everywhere, review password practices, and confirm that systems are being patched regularly.

Is Windows 10 end of life really a serious issue?

Yes. Once support ends, security updates stop. This can affect compliance, insurance coverage, and your ability to respond to incidents.

Are VPNs still safe to use?

VPNs can still function, but the traditional design exposes a network entry point. Many organizations are shifting to Zero Trust access models to reduce that risk.

What is Zero Trust Network Access?

Zero Trust Network Access limits access based on user identity, device posture, and approved applications instead of granting broad network access.

Can Microsoft 365 licensing impact security?

Yes. Some security features are enabled at the tenant level but require licenses for each user. Misalignment can create both audit and security risks.

How do MFA bypass attacks work?

Most MFA bypass attacks rely on phishing techniques that trick users into logging into a fake site that relays credentials in real time.

Is my personal information already on the dark web?

In many cases, yes. Large data breaches have made personal information widely available. Unique passwords and multi factor authentication help reduce the impact.

Are QR codes safe?

QR codes are links. Treat them like any other unknown link and avoid scanning them unless you trust the source and can verify where they lead.

How can Endsight help?

Endsight helps organizations reduce risk through a balanced approach that includes people, process, and technology. The focus is on clarity, prioritization, and long term resilience.