2025 March Newsletter Archives

Rising Tariffs and Soaring Prices

Why SMBs Must Act Now to Secure Tech Hardware & Software

In the ever-evolving landscape of technology, small and medium-sized businesses (SMBs) in the US are facing new hurdles due to recent tariff impositions. In the ever-evolving landscape of technology, small and medium-sized businesses (SMBs) in the US are facing new hurdles due to recent tariff impositions. With a 10% tariff on imports from China, the cost of essential IT infrastructure, including servers, networking gear, and electronics, is on the rise. This blog delves into the impact of these tariffs on tech hardware prices and why now is the opportune moment for SMBs to upgrade their equipment.

The Ripple Effect of Tariffs on Hardware Costs

The introduction of tariffs has led to increased costs and supply chain disruptions, resulting in higher prices and delays in acquiring necessary hardware. For SMBs, this translates to a potential spike in expenses for upgrading or replacing outdated equipment. By taking proactive steps now, businesses can circumvent future price hikes and secure the hardware they need to maintain smooth operations.

Software Subscription Prices on the Rise

It’s not just hardware that’s feeling the pinch. Software subscription costs are also climbing, with many SaaS providers adjusting their prices in response to post-COVID inflation and rising hardware expenses. By upgrading their hardware now, SMBs can lock in current software subscription rates and avoid impending increases.

Challenges in Cross-Border Shipping

Tariffs are making cross-border shipping more expensive, impacting e-commerce businesses that rely on importing small packages of IT hardware. This added cost and potential delays can hinder competitiveness. Upgrading hardware now can help businesses navigate these challenges and stay ahead in the market.

The Vulnerability of SMBs

SMBs are particularly susceptible to the effects of tariffs due to their tighter budgets and limited flexibility compared to larger enterprises. The increased costs and potential delays in obtaining necessary equipment can significantly impact their growth and operations. By upgrading their hardware now, SMBs can mitigate these risks and ensure they have the IT infrastructure needed to support their business needs.

Seizing the Moment

The current landscape presents significant challenges for businesses in the US, with higher prices, potential supply chain delays, and rising software subscription costs. However, by acting now and upgrading their workstations, servers, and other hardware, SMBs can avoid anticipated price hikes, secure the necessary IT infrastructure, and maintain their competitive edge in the market. If you have any questions, please reach out to us: Info@nevtec.com

Broadcom Warns VMware Users to Patch Critical Zero-Day Vulnerabilities

Attention everyone,

We want to bring to your attention some critical news from Broadcom regarding VMware vulnerabilities. According to a recent article in TechCrunch by Carly Page, Broadcom, a major player in the tech industry, is sounding the alarm about three VMware vulnerabilities that are currently being exploited by malicious hackers. These vulnerabilities are putting the networks of corporate customers at serious risk.

The three vulnerabilities, collectively known as “ESXicape” by a security researcher, affect VMware ESXi, Workstation, and Fusion. These popular software hypervisor products allow multiple virtual machines to be managed on a single server, helping to save physical server space.

Broadcom, which acquired VMware in 2023, has identified these vulnerabilities as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226. These flaws could enable an attacker with administrator or root privileges on a virtual machine to break out of its protected environment and gain unauthorized access to the underlying hypervisor product.

Once an attacker gains access to the hypervisor, they can potentially access any other virtual machine, including those owned by other companies within the same physical data center. Broadcom has indicated that there is evidence suggesting these vulnerabilities have been exploited in the wild.

Stephen Fewer, a principal security researcher at Rapid7, emphasized the severity of the situation, stating, “The impact here is huge, an attacker who has compromised a hypervisor can go on to compromise any of the other virtual machines that share the same hypervisor.”

Unfortunately, Broadcom has not provided specific details about the nature of the attacks, or the threat actors involved. They also did not disclose whether any customer data had been accessed. Microsoft, which discovered and reported the vulnerabilities to Broadcom, has also remained silent on the matter.

Security researcher Kevin Beaumont mentioned on Mastodon that these vulnerabilities are being actively exploited by an unnamed ransomware group. VMware vulnerabilities are often targeted by ransomware groups because they can be used to compromise multiple servers in a single attack, and sensitive corporate data is frequently stored in these virtualized environments.

In 2024, Microsoft discovered that multiple ransomware groups were exploiting a VMware hypervisor flaw in attacks deploying Black Basta and LockBit ransomware. The previous year, a large-scale hacking campaign known as “ESXiArgs” saw ransomware groups exploiting a two-year-old VMware vulnerability to target thousands of organizations worldwide.

Broadcom has released patches for these three vulnerabilities, which are classified as “zero-day” bugs because they were exploited before a fix was available. Broadcom is urging customers to apply these patches immediately, describing the security advisory as an “emergency” change.

Additionally, the U.S. government cybersecurity agency CISA is warning federal agencies to patch against these bugs, adding them to its catalog of vulnerabilities known to be under attack.

Stay safe and make sure to update your systems as soon as possible!

If you have any questions please reach out to us at Info@nevtec.com

Windows 10 End of Life is Approaching Fast

Time to Upgrade Now

As the end of support for Windows 10 approaches on October 14, 2025, it’s crucial for businesses to upgrade to Windows 11. The end of life (EOL) for Windows 10 means no more security updates, patches, or technical support from Microsoft, leaving your systems vulnerable to cyber-attacks and compliance risks.

Why Upgrade Now:

Security Threats: Without updates, your systems become susceptible to cyber-attacks, putting sensitive data at risk. According to ESET, 32 million PCs are still running Windows 10. Upgrading to Windows 11 ensures that your systems receive the latest security patches and updates, protecting your business from potential threats.

Compliance Issues: Outdated systems may fall out of compliance with industry regulations, leading to potential fines and legal issues. By upgrading to Windows 11, you can ensure that your systems meet the latest compliance standards and avoid any legal complications.

Operational Inefficiencies: Without new updates, your systems will be slower, prone to crashes, and more likely to disrupt business operations. Windows 11 offers improved performance, enhanced features, and a more stable operating environment, helping your business run smoothly and efficiently.

Risk of Not Upgrading:

Increased Security Vulnerabilities: Without updates, your systems become vulnerable to cyber-attacks, putting sensitive data at risk. Microsoft will stop providing free security updates after October 14, 2025

Compliance Risks: Outdated systems may fall out of compliance with industry regulations, leading to potential fines and legal issues.

Reduced Efficiency: Without new updates, your systems will be slower, prone to crashes, and more likely to disrupt business operations.

Stay safe and make sure to update your systems as soon as possible!

Schedule your complimentary Windows 10 and workstation audit today to ensure a smooth transition and protect your business from potential risks.

Keep Your Software Updated

A Simple Yet Powerful Security Measure

In today’s digital age, keeping your software updated is one of the simplest yet most effective ways to protect your systems. Regular updates not only provide new features and improvements but also patch security vulnerabilities that could be exploited by cybercriminals. As Steve, the CEO of Nevtec emphasizes, “Make it a habit to check for updates regularly and enable automatic updates whenever possible.”

Why Software Updates Matter: Software updates are crucial for maintaining the security and functionality of your systems. Here are some key reasons why keeping your software updated is essential:

Security Enhancements: Cyber threats are constantly evolving, and software developers work tirelessly to identify and fix security vulnerabilities. Regular updates ensure that your software is equipped with the latest security patches, protecting your systems from potential attacks.
Bug Fixes: Software updates often include bug fixes that improve the stability and performance of your applications. By keeping your software updated, you can avoid crashes, glitches, and other issues that could disrupt your workflow.
New Features and Improvements: Updates frequently introduce new features and enhancements that can boost your productivity and user experience. Staying up-to-date ensures that you have access to the latest tools and functionalities.
Compliance: Many industries have regulatory requirements that mandate the use of up-to-date software. Regular updates help ensure that your systems remain compliant with industry standards and regulations.

How to Keep Your Software Updated: Here are some practical tips to help you stay on top of software updates:

Enable Automatic Updates: Whenever possible, enable automatic updates for your software. This ensures that your applications are updated as soon as new patches are released, without requiring manual intervention.
Regularly Check for Updates: For software that doesn’t support automatic updates, make it a habit to check for updates regularly. Set a reminder to review and install updates at least once a week.
Update All Software: Don’t just focus on your operating system and major applications. Ensure that all software, including plugins, extensions, and drivers, are kept up-to-date.
Use a Patch Management Tool: Consider using a patch management tool to automate the process of identifying, downloading, and installing updates across your network. This can save time and ensure that no critical updates are missed.

Keeping your software updated is a simple yet powerful security measure that can protect your systems from cyber threats and improve overall performance. By following Steve’s advice and making software updates a priority, you can ensure that your business remains secure and efficient. If you need help please let us know: Info@nevtec.com

A Message from Our CEO, Steve Neverve

I’m excited to announce my new monthly column in our newsletter The Navigator, called “The Nerve Center.” I will provide monthly tech tips to help you, and your business navigate the constant changes in technology. This month, I discuss the critical importance of keeping your software updated. Regular updates are a simple yet powerful security measure that can protect your systems from cyber threats and improve overall performance. Learn more about why software updates matter and how to stay secure in the March 2025 edition of The Navigator Newsletter. Stay safe and stay updated!

Limit Administrative Privileges

Enhancing Security Through the Principle of Least Privilege

In the realm of cybersecurity, one of the most effective strategies to protect your systems is to limit administrative privileges. By implementing the principle of least privilege, you can significantly reduce the risk of accidental or malicious changes to your systems. As Steve, the CEO of Nevtec, advises, “Limit administrative privileges to only those who need them. This reduces the risk of accidental or malicious changes to your systems. Implement the principle of least privilege to ensure that users have the minimum level of access necessary to perform their tasks.”

Understanding the Principle of Least Privilege: The principle of least privilege (PoLP) is a security concept that involves granting users the minimum level of access necessary to perform their job functions. This means that users are only given the permissions they need to complete their tasks and nothing more. By limiting access in this way, you can minimize the potential for security breaches and other issues.

Benefits of Limiting Administrative Privileges:

Reduced Risk of Accidental Changes: When users have administrative privileges, they have the ability to make significant changes to the system. This can lead to accidental modifications that may disrupt operations or compromise security. By limiting administrative privileges, you reduce the likelihood of such incidents.
Protection Against Malicious Activity: Cybercriminals often target accounts with administrative privileges because they provide greater access to sensitive data and critical systems. By restricting administrative privileges, you make it more difficult for attackers to gain control over your systems.
Enhanced Compliance: Many regulatory frameworks and industry standards require organizations to implement access controls and limit administrative privileges. Adhering to these requirements helps ensure compliance and reduces the risk of fines and penalties.
Improved Accountability: When administrative privileges are limited, it becomes easier to track and monitor user activity. This enhances accountability and allows you to quickly identify and address any unauthorized actions.

Implementing the Principle of Least Privilege:

Assess User Roles and Responsibilities: Begin by assessing the roles and responsibilities of each user within your organization. Determine the specific tasks they need to perform, and the level of access required to complete those tasks.
Define Access Levels: Create a clear hierarchy of access levels based on the principle of least privilege. Define which permissions are necessary for each role and ensure that users are only granted the access they need.
Regularly Review and Update Access: Conduct regular reviews of user access levels to ensure that they remain appropriate. Update access permissions as roles and responsibilities change and promptly revoke access for users who no longer require it.
Implement Multi-Factor Authentication (MFA): Enhance security by implementing multi-factor authentication (MFA) for accounts with administrative privileges. MFA adds an extra layer of protection by requiring users to verify their identity through multiple methods.
Monitor and Audit User Activity: Use monitoring and auditing tools to track user activity and detect any unauthorized actions. Regularly review logs and reports to identify potential security threats and take corrective action as needed.

Limiting administrative privileges is a fundamental aspect of cybersecurity that can significantly enhance the security of your systems. By implementing the principle of least privilege, you can reduce the risk of accidental or malicious changes, improve compliance, and enhance accountability. Follow Steve’s advice and take proactive steps to limit administrative privileges within your organization. If you have any questions or concerns, please do not hesitate to reach out to us: Info@nevtec.com

Nerve-Wracking Facts

Scary Cybersecurity Crime Facts!

In today’s digital landscape, the importance of robust cybersecurity measures cannot be overstated. As cyber threats continue to evolve and become more sophisticated, businesses must remain vigilant and proactive in protecting their digital assets. The following nerve-wracking facts highlight the growing threat of cyber-attacks and underscore the critical need for comprehensive cybersecurity strategies.

Cybercrime Costs:
Cybercrime damages are expected to reach $10.5 trillion annually by 2025. This staggering figure highlights the growing threat of cyber-attacks and the importance of robust cybersecurity measures.
Data Breaches:
In 2021, there were over 1,800 data breaches reported, exposing more than 22 billion records. Data breaches can lead to significant financial losses, reputational damage, and legal consequences for businesses.
Phishing Attacks:
Phishing attacks account for over 80% of reported security incidents. These attacks often involve deceptive emails or messages designed to trick individuals into revealing sensitive information.
Ransomware Attacks:
Ransomware attacks have increased by 150% since 2020. These attacks involve malicious software that encrypts a victim’s data, with the attacker demanding a ransom for its release.
Insider Threats:
Insider threats, whether malicious or accidental, account for 34% of all data breaches. Employees with access to sensitive information can pose a significant risk if proper security measures are not in place.
IoT Vulnerabilities:
By 2025, it is estimated that there will be over 75 billion connected IoT devices. Many of these devices have weak security measures, making them attractive targets for cybercriminals.
Password Security:
Despite the risks, 23 million account holders still use “123456” as their password. Weak passwords are easily guessable and can lead to unauthorized access to accounts and sensitive information.
Business Email Compromise (BEC):
BEC attacks have caused over $26 billion in losses since 2016. These attacks involve cybercriminals impersonating executives or trusted contacts to trick employees into transferring funds or revealing confidential information.
Cybersecurity Skills Gap:
There is a global shortage of cybersecurity professionals, with an estimated 3.5 million unfilled cybersecurity jobs by 2021. This skills gap makes it challenging for organizations to adequately protect their systems and data.
Average Time to Identify a Breach:
On average, it takes 287 days to identify and contain a data breach. The longer a breach goes undetected, the more damage it can cause, underscoring the need for proactive monitoring and response.

These nerve-wracking facts can help emphasize the critical importance of cybersecurity and the need for businesses to stay vigilant and proactive in protecting their digital assets. If you need help securing your business, please let us know: Info@nevtec.com

Spotlight on Cortney Cook:

Nevtec’s Virtual CIO Extraordinaire

From Helpdesk to vCIO: A Journey of Dedication and Growth

Eighteen years ago, Cortney Cook embarked on his professional journey with Nevtec, starting out in the trenches of helpdesk support. Fast forward to today, and Cortney has ascended to the role of Nevtec’s virtual Chief Information Officer (vCIO). His story is one of dedication, growth, and an unwavering commitment to technology.

The Multifaceted Role of a vCIO

Cortney’s role at Nevtec is as dynamic as it is critical. As the vCIO, he collaborates with partner stakeholders to understand their business needs and crafts strategic plans to achieve their goals. He meticulously reviews partner infrastructure, offering sage advice on technology needs, areas ripe for improvement, and opportunities for efficiency. Within Nevtec, Cortney is the go-to technology advisor for the sales team, a key player in solutions and automation, and the ultimate technical escalation point.

Passion for Technology and Helping Others

What drives Cortney in his role is the profound impact he has on businesses of all sizes. Whether he’s supporting a user, providing training, or advising stakeholders on cutting-edge technology solutions, Cortney takes immense pride in helping businesses leverage technology to succeed. It’s this passion that fuels his daily work and keeps him motivated.

A Tech Enthusiast from the Start

Even as a child, Cortney had a clear vision of his future in technology. While his childhood aspirations varied, the common thread was always his desire to work with technology in some capacity.

Hobbies and Personal Interests

When he’s not immersed in the world of technology, Cortney enjoys a variety of hobbies. He’s an avid reader, a passionate gamer, and a keen birdwatcher. These activities provide a perfect balance to his professional life.

Admiration and Inspiration

Cortney’s admiration for his wife is evident. She has been a true partner, offering valuable insight and perspective whenever he needs it. Cortney is also incredibly proud of her career achievements and contributions to the business world.

A Unique Love Story

Cortney and his wife share a unique love story that’s straight out of a modern fairy tale. They met online 20 years ago, navigated the challenges of a long-distance relationship, and have been inseparable ever since. Their bond is a testament to their shared interests and mutual support.

Favorite Superhero and Inspirations

Cortney’s favorite superhero is Daredevil, a character he finds relatable due to his mortality and the mistakes he makes. This human aspect of Daredevil resonates deeply with Cortney.

Literary and Cinematic Favorites

When it comes to books, Cortney’s top pick is “A Brief History of Time” by Stephen Hawking. This insightful book delves into the scale and possibilities of the universe, a topic that fascinates Cortney. On the cinematic front, Cortney’s favorite movie is the director’s cut of “Aliens.” He loves the action, drama, tension, and the iconic badass heroine.

Culinary Preferences and Travel

Cortney has a soft spot for mac & cheese, a comfort food that brings out his inner child. Recently, he visited his home state of Hawaii, a place that holds a special place in his heart. Despite the changes over the years, the history, culture, people, and vibe of Hawaii remain unparalleled.

Binge-Worthy TV Series

For those who love sci-fi, Cortney highly recommends “The Expanse.” This binge-worthy series is a must-watch for any sci-fi enthusiast.

Category Archives: 2025 March Newsletter