Blog

Blog

Could your vendors’ cybersecurity put you in danger?

You probably remember the massive Target breach a few years ago. Millions of credit card numbers were stolen from Target’s customers and their reputation took a huge hit around the busiest shopping season of the year.

What you probably don’t remember is the name of the company that was actually hacked—it was an HVAC company who sometimes did work for Target stores. The air conditioning company was hacked, and the cybercriminals used their access to Target’s system to cause massive amounts of damage.

When implementing a cybersecurity plan, most business owners only consider their own company. But you also need to consider the cybersecurity policy of your vendors—especially if they have access to your network or your sensitive data.

Read More »

6 Things Every Financial Services Firm Needs to Know About Cybersecurity

Financial service firms stand to lose big if they fall victim to an attack. It’s not just your data that’s on the line—it’s your money and your reputation, too. When it comes to putting together a cybersecurity plan to keep your business safe, there are a few things every financial services firm needs to know:

Read More »

How Cybercriminals Use Current Events to Target You

No doubt over the past few weeks you’ve been inundated with emails about privacy policies and email subscription updates as companies worked to meet new EU regulations (GDPR) that went into effect on May 25. Cybercriminals used this flood of emails to their advantage, sending out similar emails to try to trick you out of your password and credit card details or trick you into downloading ransomware.

This is part of a much larger trend of cybercriminals using current events to try to trick you. When you’re expecting to see an email about a particular event or subject, you probably won’t notice something suspicious.

Read More »

What You Need to Do to Secure Your Company's Office 365 Environment

Office 365 operates under a shared security responsibility model—meaning you are responsible for some of the security of your company’s Office 365 environment.

Most notably, you are responsible for access. You are responsible for who you let into your environment, whether intentionally or unintentionally.

 

Read More »

Microsoft 365 Announcements You May Have Missed

In recent weeks, including at last week’s Build conference, Microsoft announced some pretty significant new features for Microsoft 365, making the platform more secure and giving users a more seamless experience across all devices.

Read More »

Why CEO Impersonation Attacks are So Hard for Spam Filters to Catch

 

CEO Impersonation attacks, including wire fraud attacks, have become a favorite for cybercriminals because of the potential of a huge payday. A successful attack usually means tricking the victims out of thousands of dollars—we’ve seen up to $100,000 taken. And they’re almost impossible for even the best email filters to catch.

Read More »

How Two-Factor Authentication Can Stop a Cyberattack in Its Tracks

These days, most cyberattacks are at the account level. If a cybercriminal gets into your account (whether it’s your work account or personal account), they can use it to steal your assets, sell your information on the black market, get access to other accounts, and launch more cyberattacks.

So, what can you do? Two-factor authentication (also called multi-factor authentication) can stop a cyberattack in tracks. In some cases, it can save you even after falling victim to an attack.

Read More »

Why You Should Pay the Extra Fee for Domain Privacy

We got a letter recently, alerting us that our domain name is expiring soon. The letter, which looks a lot like an invoice, goes on to state we can renew our domain and add-on similar available domains for an additional fee. It includes our correct domain URL and our actual expiration date.

Except this letter isn’t from our domain provider. It’s from a company trying to get us to move our domain to them for several times what we pay our current provider. They aren’t really cybercriminals. It’s not even technically a scam if they do provide domain hosting services (though we do note, this only mentions how to give them money, and nothing about how to actually move your domain—which is a pretty complicated process). But it is deceptive marketing (at best).

Read More »

Why the Real Estate Industry is a Prime Target for Cybercriminals

In 2017, nearly $1 billion was “diverted or attempted to be diverted” from real estate transactions by cybercriminals. Real Estate is one of the top industries targeted by cybercriminals for both phishing attacks and malware attacks, according to the Symantec 2018 Internet Threat Report.

So why is the Real Estate industry such a big target for cybercriminals? Because it’s an easy target with a potentially big payday. So many things that would be a red flag for other industries are day-to-day operations in real estate.

Read More »

Watch Out for These Fake Social Media Security Emails

One of the most common tactics cybercriminals use when targeting small and midsize businesses in phishing attacks in the form of fake notifications. These are usually meant to try to scare you into some action with messages like “Your account will be suspended in 24 hours.”

These attacks rely on fake messages that the app or service doesn’t actually send. This Office 365 phishing email is an excellent example of that—Microsoft doesn’t actually send you any emails saying your account has been suspended (you WILL get notifications that your credit card has expired).

But cybercriminals are getting better. They’re paying attention to what notifications popular companies do send and duplicating those in phishing attacks. And they’re pretty tricky to spot. Let’s look at this example we were sent recently.

Read More »
   
Ultimate Guide to Small Business Cyber Security