Category Archives: 2025 December Newsletter

Contact NEVTEC today to get started with a passwordless readiness assessment.

Tech Trends: Trend 1: Passwordless Authentication Goes Mainstream in 2025

Passwords are finally losing their grip, and for good reason. They’re inconvenient, insecure, and incredibly costly for organizations. In 2025, passwordless authentication is no longer a future concept; it’s becoming the new security baseline for businesses of all sizes.

With major platforms like Microsoft expanding passwordless sign-in for cloud apps, Google rolling out passkeys by default, and Apple integrating passkey support across devices, organizations have more accessible options than ever before.

Why This Shift Matters

The biggest drivers behind passwordless adoption include:

1. A Drastic Drop in Credential-Theft Attacks

According to recent industry reports, over 80% of breaches still involve compromised passwords. Passkeys and biometrics eliminate this vulnerability by removing passwords entirely.

2. A Better User Experience

Password resets are a top IT support cost. Eliminating passwords reduces friction, speeds up login workflows, and improves employee satisfaction, especially for remote teams.

3. Stronger Multi-Factor Authentication (Without the Hassle)

Passkeys offer phishing-resistant authentication that is:

bound to the device
cryptographically secure
impossible to reuse or intercept

This makes them significantly safer than SMS codes or app-based MFA prompts.

What Businesses Should Do Next

Going passwordless isn’t a switch; it’s a phased journey. Nevtec recommends:

Identify high-risk user groups first (admin accounts, executives, finance teams).
Enable passkeys or FIDO2-based authentication on Microsoft 365, Google Workspace, and VPNs.
Eliminate legacy protocols that still require passwords (e.g., basic authentication).
Update internal policies to support passwordless-first procedures.

For many companies, 2025 will be the year passwords finally begin to disappear.

NEVTEC Can Help You Go Passwordless

If you’re ready to modernize authentication and reduce account takeover risk, our team can guide you through deployment, migration, and best practices.

Book a Vendor Risk Assessment with NEVTEC and protect your organization from third-party threats.

Tech Trends: Trend 2: Supply Chain Cyber Risk Tightens as Vendors Face New Scrutiny

2025 has reshaped how organizations think about supply chain cybersecurity. After a series of high-impact incidents, including attacks against key software providers, transportation networks, and service vendors, businesses are scrutinizing third-party risk more closely than ever.

Recent supply chain attacks like the Snowflake-related data breaches impacting multiple companies and vulnerabilities in widely used software (e.g., Cisco, Ivanti, ConnectWise) have shown how attackers increasingly exploit vendor ecosystems to gain indirect access.

Why Supply Chain Attacks Are Getting Worse

1. Attackers Target “Weakest Link” Vendors

Threat actors understand that even well-secured companies rely on partners who may not follow the same cybersecurity standards.

2. Increased Interconnectivity = Increased Exposure

Cloud integrations, API connections, remote monitoring tools, and outsourced IT services create broad, interconnected risk pathways.

3. Regulatory Pressure Is Rising

U.S. agencies such as CISA, FTC, and DoD are pushing for greater vendor security oversight. Initiatives like CISA’s Secure by Design Guidelines aim to make software inherently safer, but compliance expectations are also increasing for businesses.

4. Smaller Vendors Are Becoming Prime Targets

Cybercriminals know SMB vendors often lack the resources to secure their systems, making them an ideal entry point.

What Organizations Need to Do Now

To stay ahead of emerging risks, businesses should:

Re-evaluate vendor access permissions to ensure least-privilege controls.
Request security attestations such as SOC 2, ISO 27001, or compliance documentation.
Formalize third-party risk assessments at onboarding and annually.
Require MFA, patch management, and zero-trust controls for all integrated vendors.
Monitor vendor behavior through SIEM or identity analytics tools.

Companies that depend on vendors for IT, cloud, logistics, or data processing must treat supply chain cybersecurity as a core security function; not an optional one.

NEVTEC Helps You Reduce Vendor-Related Cyber Risk

We assist organizations in evaluating vendor security posture, validating controls, and implementing the right monitoring tools to prevent supply chain intrusions.

Contact NEVTEC today to schedule your MFA tune‑up review.

Nerve Center: Tech Tip 1: MFA Tune‑Up: Make Sure It’s Working Properly

Multi-factor authentication (MFA) is one of your organization’s strongest lines of defense against account compromise, but only if it’s working correctly. As we close out the year, now is the perfect time to run a “MFA health check” to ensure nobody is stuck, locked out, or exposed.

Why You Need to Audit Your MFA Now
Many companies enable MFA and then assume the job is done. But several common issues can weaken its effectiveness:

Lost or unstored backup codes. Without backup or recovery codes stored safely, users can get locked out if they lose their device.
Desynchronized authenticator apps. Devices may drift out of sync, especially if not used regularly, making recovery difficult.
Inactive or orphaned devices. Old phones, tablets, or computers may still be authorized for MFA, giving attackers a potential foothold.
Weaker factors still in use. Using SMS-based MFA or email codes remains more vulnerable to attacks like SIM swapping or phishing.

These gaps mean that simply “having” MFA doesn’t guarantee it’s protecting you effectively.

Recommended Year-End MFA Check: A Simple Checklist

Audit all registered MFA devices. Go through every user’s MFA settings and remove any unused or missing devices.
Verify backup or recovery codes. Make sure every user has valid backup codes stored in a secure place (e.g., a password manager, secure file, or printed copy in a safe).
Upgrade to phishing-resistant MFA. Wherever possible, migrate to stronger methods, FIDO2 security keys, passkeys, or biometric-based authenticators. These offer much greater protection than SMS or email.
Test your workflows. Run through typical login flows and recovery flows in a test environment to confirm that MFA works, even when things go wrong.
Review privileged accounts. Double check that MFA is enforced on high-risk accounts (admins, finance, remote access) and that recovery options are well defined for them.

Best Practices to Sustain MFA Strength

Plan for device loss: Make sure users know how to recover using backup codes, alternate devices, or helpdesk support.
Avoid MFA fatigue: Implement logic or policies to limit repeated prompts, especially for trusted devices.
Log and monitor: Track every MFA challenge, success, failure, and recovery event. Unusual patterns might signal an attack or misconfiguration.
Train your team: Educate your users on how to use recovery codes, change devices safely, and report MFA problems promptly.

How NEVTEC Can Help
NEVTEC can assist you with a comprehensive MFA health assessment; we’ll audit your current setup, recommend stronger MFA options, and help you streamline recovery workflows so that users don’t get locked out, and security remains strong.

Get in touch with NEVTEC today for a year-end backup verification review.

Nerve Center: Tech Tip 2: Backup & Recovery: What to Verify Before January

Backups are only valuable if you can restore them when it matters. As we approach the new year, a year-end check of your backup and recovery processes can make the difference between a minor outage and a major disaster. Let’s walk through a practical, no-nonsense validation plan.

Why Backup Verification Matters

Silent backup failures happen: Sometimes backup jobs appear to succeed, but files are corrupted or incomplete. Without verification, you might only discover this during an outage.
Regulatory and business continuity risk: Many environments now require documented proof that backups can be restored—and quickly.
Recovery time objectives (RTO) and point objectives (RPO): Knowing your restore speed (RTO) and how recent your backups are (RPO) is essential for risk planning.
Infrastructure changes: If you’ve recently migrated to the cloud, added new applications, or restructured your environment, your backup coverage may no longer map to your production systems.

Year-End Backup & Recovery Verification Checklist

Inventory your backups
Use an asset inventory or backup management tool to list all backups, where they’re stored, and when they were last completed.
Perform manual restore tests
Restore a sample of critical data to a sandbox or test environment. Open files, start apps, verify databases; make sure everything works as expected.
Run integrity checks
Use checksum or hash-based validation to compare backed-up data with the source. This helps confirm data hasn’t become corrupted.
Simulate a disaster
Test a full recovery scenario. Spin up systems from backup, failover workloads, and time how long it takes to restore your most important systems.
Validate permissions and configurations
After restoring, check that user accounts, file permissions, and application configurations are preserved correctly.
Verify redundancy
Follow a 3-2-1 backup strategy (or better): have at least three copies of data, on two different media, with one offsite.
Document and review
Record the results of every test; what worked, what didn’t, any gaps uncovered and refine your disaster recovery (DR) plan accordingly.
Schedule repeat testing
Implement a recurring schedule: partial restores quarterly, a full restore annually, plus ad-hoc tests after major infrastructure changes.
Automate validation where possible
Use backup and BCDR (business continuity / disaster recovery) tools that automate verification (e.g., booting VMs, running checksums) to reduce risk and manual effort.

How NEVTEC Can Help
NEVTEC offers a comprehensive backup & recovery audit. Our team can:

Validate your existing backup infrastructure
Run restore tests in test environments
Automate integrity checks
Help you design or refine a disaster recovery plan that meets your RTO and RPO requirements

Don’t wait until it’s too late.

Nerve-Wracking Truths: The Day the Smart Fridge Went Rogue

It started as a normal week in the office kitchen. The new “smart” fridge hummed quietly, keeping beverages perfectly chilled. But what no one realized was that this fridge wasn’t just chilling drinks; it was silently connected to the company network.

The fridge came with sensors and a touch screen app, which employees used to check inventory and place snack orders. What the IT team didn’t know: it also had default credentials and outdated firmware. A curious hacker discovered the device online and gained access to the internal network. Within hours, sensitive files, emails, and even payroll spreadsheets were at risk.

The nerve-wracking truth: Every IoT device, even something as innocent as a fridge, thermostat, or coffee maker, can be a doorway for cybercriminals. If it’s online, treat it like a computer. Change default passwords, update firmware, and segment it from your main network. Otherwise, your office appliances could be moonlighting as hackers’ favorite backdoor.

Cybersecurity Tip: Ask yourself before connecting any smart device: “Could someone hack this and reach my data?” If yes, isolate it on a separate network or harden its security before use.

Don’t let your fridge serve your lunch and your secrets to hackers. Contact Nevtec today for a network and IoT security review, because hackers love kitchen gadgets almost as much as they love your data.

Employee Spotlight: Amy Thomatis

Cruising Through Change Meet Amy Thomatis

From Hands-On Tech to Orchestrating the Engine

Before joining the firm, Amy Thomatis spent 20+ years building a career across IT operations and management, starting in technical roles, supervising helpdesk teams, and ultimately directing larger service departments. Along the way, she restructured teams, drove automation projects, mentored future leaders, and shepherded organizations through major changes. “These experiences prepared me to bring together technical knowledge, leadership, and process improvement to support our team and clients,” Amy says.

What She Does: Clarity, Alignment, and Forward Motion

As Operations Manager, Amy bridges strategy and execution; keeping systems, workflows, and teams running smoothly day-to-day while planning for the business’s long-term needs. “I see my role as creating clarity and alignment so both our team and our clients can move forward with confidence,” she explains.

Why It Matters (and Why She Loves It)

Amy lights up when efficient processes help the team focus on what they do best. “There’s real satisfaction in knowing the work I do behind the scenes helps our clients have a better experience,” she says. “Connecting strategy with people, turning ideas into outcomes that matter. is my favorite part.”

A Family Story (and 425 Bottles of Water)

Travel is her recharge button, especially cruises with family. On one trip, the Thomatis crew opened their cabin to find 425 bottles of water stacked inside. A quick check revealed Amy had accidentally ordered five cases instead of one. “It turned into a running joke for the week, and we still laugh about it today,” she says. When she’s not at sea, think Starbucks meetups, dinners out, and cheering at her youngest daughter’s band competitions.

Who Inspires Her Most

“My children,” Amy says. Watching them grow into kind, capable people has shaped her view of resilience, integrity, and authenticity. They remind her what really matters, showing up and staying true to yourself.

Perspective From Abroad

In her early twenties, a trip to India left a lasting mark. Seeing life through a different lens deepened her gratitude and curiosity about how people live and work, and informed her approach to change and adaptability.

On Heroes (No Cape Required)

“I don’t really follow superheroes,” Amy admits, “but I believe everyone has a hero inside themselves. Being a hero is about the courage to show up, the willingness to be authentic, and the strength to keep moving forward when things are uncertain.”

Favorites, From Page to Screen (and Plate)

Book: Daring Greatly by Brené Brown – a reminder to lead with courage, authenticity, and vulnerability.

Movie: Hidden Figures – a celebration of intelligence, perseverance, and teamwork.

Food: Tacos – simple, versatile, and always delicious.

Place to Visit: Alaska on a cruise – peaceful, far from the hustle, and perfect for disconnecting.

Show: Hamilton – now her “focus” soundtrack on repeat.

Why We’re Grateful for Amy

From engineering smooth operations to championing human-centered leadership, Amy embodies the calm, proactive energy that keeps our team, and our clients. moving forward. “Turning ideas into outcomes that matter” isn’t just how she describes her job; it’s exactly what she delivers. Join us in celebrating Amy’s journey and all the ways she quietly makes our work (and yours) better, every day.