Directive Blogs

Since it was first documented in 1989, ransomware has only become far more severe, ruthless, and, most of all, prevalent. Let’s review some important statistics to remember if you are to understand ransomware and, even more importantly, avoid its impact on your business.

Phishing is one of the most prevalent forms of cyberattacks out there today, taking many forms and affecting everyone from individuals to entire organizations. Any business operating today needs to be aware of the numerous shapes that phishing can take. 

The constant fear of falling victim to scams has become a harsh reality and is far from ideal. However, the good news is that there is always time to acquire the skills needed to avoid such scams. Let's explore ways to enhance awareness regarding the challenges posed by scams, not only in a business context but also in everyday life.

We often advise people to steer clear of clicking on suspicious links, but distinguishing between a legitimate URL and a dubious one has become increasingly challenging. Not only have malicious tactics evolved to the point where everyone has to stay on top of their game to not be fooled, these threats are almost pervasive so they are coming at people from all types of directions. We thought we would focus on a single punctuation mark that can make all the difference in whether a link is legitimately safe or potentially dangerous.

I was talking to some colleagues the other day about cybersecurity and its relationship with modern everyday scams, like phone scams and similar things. In my opinion, it’s worth bundling these two topics together, and we found some interesting statistics that we’d like to share.

Cybercriminals fight dirty, whether it’s attacking small businesses, large enterprises, or individuals who just want to watch Netflix. It doesn’t matter who you are or what you do for the community; you’ll always be a target for hacking attacks. To save time and effort, hackers will use low-tech attacks and social engineering attacks to target individuals. Hackers aren’t developing new threats all the time; if anything, they largely use existing exploits, purchasable software, and social engineering to take advantage of people.

It is so important to keep your business secure nowadays. Statistics show this to be the case. Don’t believe us? We can share a few of these stats and explore what they mean, just to prove it.

Phishing is a very real, very dangerous threat to modern businesses, which makes it extremely important that you and your whole team are prepared to spot and mitigate it. One simple framework to do so is known as the SLAM method, so let’s take a few moments to review some tips for using it.

Passwords are one of the most important parts of keeping any account secure, and if you were to gain access to these accounts, you’d have access to personal data, subscriptions, money, and even the victim’s identity. Today, we want to show you just how easy it is to steal a password and gain access to an account.

Back in November of last year, we shared the news that Sidney Federal Credit Union members were being targeted by a phishing attack, and we have evidence that such phishing attacks have continued. As such, let’s review how phishing like this works and (more importantly) how to prevent it from working.

We discuss phishing often on this blog, and one method that often flies under the radar is smishing, or phishing that is conducted through SMS messages. Although email phishing is perhaps the most common method of conducting these scams, you should also be prepared to take on smishing, as it comes with its own share of unique challenges and dangers.

Scams are everywhere in our highly digitized world, which makes it especially important that everyone is prepared to deal with them—both personally and professionally. The publication Consumer Reports’ cover feature for its August 2023 edition is dedicated to exactly this goal: helping its readers avoid the various scams and threats out there. Let’s look at some of the advice shared in the article, and compare it to the best practices we recommend.

Amazon Prime subscribers recently received an email from the online marketplace, warning them of the prevalence of scams that took advantage of their offerings and brand recognition. Let’s go through the advice that this email shared, and compare it to the best practices we recommend for avoiding scams.

Of all the cybersecurity threats out there for your business to contend with, there are going to be a few of them that are just more likely to impact you than others. That’s just a statistical reality. Fortunately, these threats can be addressed, so let’s discuss how you can do so.

There is no denying that Quick Response codes—better known as QR codes—are a handy little invention. Just a few years ago, many businesses heavily adopted these contactless communication tools, allowing customers with a smartphone to access menus, documents, and more with ease. Having said that, we unfortunately can’t deny that cybercriminals are taking advantage of how handy QR codes are, too.

AI—artificial intelligence—has been a hot topic as of late, with it seemingly being used for any purpose you can imagine nowadays. Unfortunately, this has also included cybercrime.

However, just as AI can be a weapon for cybercriminals to use, it can also be a shield to help protect your business from threats. For instance, in phishing prevention.

Phishing is a common issue that businesses of all kinds can experience, whether they are a small startup or a large corporation. Hackers are always trying to extol information from your employees, including account credentials, remote access to your systems, and in some cases, funds directly from a bank account. It’s up to you to teach them how to identify and respond to phishing attacks.

Phishing is a remarkably dangerous tactic used by hackers to take advantage of those who might not be quite as in-the-know about security practices. Phishing attacks can be carried out against both businesses and individuals alike, and due to the many different forms these attacks can take—including email, text message, and even fraudulent websites—they can be quite problematic.

Let’s go over how you can train your team to avoid phishing attacks and how to appropriately respond to them when they are inevitably encountered.

You know the old phrase, “A chain is no stronger than its weakest link?”

It’s a pretty good idiom, but when it comes to cybersecurity, I think the idea is worth revisiting. It’s not that you aren’t as strong as your weakest link, or in terms of cybersecurity, it’s not that you aren’t as secure as your most vulnerable endpoint…

You are less secure the more users you have.

Phishing attacks have consistently been prominent in cybercrime throughout the past few years, not only due to their efficacy but also because there are so many avenues wherein phishing can be attempted. The first that comes to mind is email, of course, but you and your team need to keep these others in mind.

Take, for instance, a phishing voicemail…dubbed, naturally, a “phoicemail.”

Phishing has become one of the great problems for technology users in the 21st century. The ironic part of the whole thing is that it has taken a good old-fashioned social engineering scam to make today’s robust information systems less secure. Phishing is the predominant way that hackers and scammers gain access to the systems they target. Today, we’re going to spell out what to train your employees on to help them identify phishing attacks. 

It doesn’t take much to get us to start ranting about the dangers of phishing, and it’s a topic that we won’t stop talking about for some time. Unfortunately, phishing comes in enough forms that it isn’t always so simple to spot. For this week’s tip, we just wanted to run through the different formats phishing can take, focusing on how to identify each type.

It’s the holiday season, and you know what that means: lots of gift-giving and online shopping. Regardless of what you and your family celebrate this holiday season, you should be prepared to handle the influx of phishing attacks which always surface around this time every year, including both the usual methods and the more sophisticated ones.

I’m talking about when the heir to the Nigerian throne would reach out to your Hotmail account to help him secure his inheritance, or when an attractive woman or man you’ve never met before would email you out of the blue asking if you were single; spam has always been annoying, but back then, it was clearly just junk that could be ignored.

Today, it’s not so simple.

It’s easy to get so caught up in what you are doing that you let your guard down. What if there were just one small change you could make in your life that would immediately reduce the chances of falling victim to a phishing attack?

If you are going to take away any information about cybersecurity, these four facts are the most important. More importantly, taking them seriously will likely help you and your business stay out of serious danger, avoid data loss, and prevent massive unexpected loss in revenue.

We often talk about scams and cyberthreats, and lately our advice for dealing with a potential phishing threat is to simply avoid it altogether.

How often do you get emails from individuals claiming to be working with a business who wants to do business with yours or sell you a product, completely unsolicited and even perhaps a bit suspicious? These types of messages can often land small businesses in hot water, as it only takes one phishing email landing in the wrong inbox at the wrong time to put your business in jeopardy.

Okay, let’s say you’ve been infected by a ransomware attack, and (against our advice) you’ve elected to pay the ransom. That’s the biggest cost that comes with it, right?

Unfortunately, wrong. A ransomware attack comes with a lot more financial impact than just the payment the attacker demands. Let’s go over some of these other costs that can actually outpace that of the ransom.

Let me ask you a few questions—first, how confident are you that you could spot an online ruse, and second, did you know there’s a stain on your shirt right now?

Did you look?

If so, you’ve just fallen for the school playground version of social engineering, a serious threat. Let’s discuss the kind that you’re more likely to see in terms of your business’ cybersecurity.

Ransomware is devastating as a cyberthreat, but some industries are hurt by it more than others. One such industry is education, and universities and schools are struggling to keep up with these cyberthreats. Most even do the unthinkable in response to attacks: they pay the ransom.

If you are a frequent reader of our blog, you know all about phishing scams. They are emails and messages sent that are designed to extort money and gain access to computers and networks for nefarious purposes. The popular IT support company Geek Squad, a subsidiary of Best Buy, is the latest company caught up in such a scam. Let’s take a look at how the scam works and how you can avoid becoming its next victim.

Phishing attacks can be scary to deal with, especially since it is not unheard of for staff members to not even know they are looking at one. To make sure your staff can identify and respond to phishing attacks in an appropriate way, we’ve put together this short guide to help you along the way.

We’ve all seen our friends and family sharing quizzes on their social media profiles, prompting people to find out what their celebrity stage name or what Hogwarts house you would be in, or to share what their first concert experience was. These fun, lighthearted quizzes are a great way to get to know a little more about the people we’re connected with… and that’s the biggest problem.

We’ve all heard the horror stories of phishing messages—those messages where someone is trying to steal information from you, be it sensitive information or financial credentials. There are various telltale signs of phishing attacks that can be identified, if you know where to look. Let’s take a look at what the FTC claims are the best ways to identify a phishing message.

Hackers have often used email to trick users into clicking on fraudulent links or to hand over important credentials through phishing scams, but these are usually blocked by an enterprise-level spam blocker. However, hackers have learned that there is indeed a way around these spam blockers, and it’s through popular social media websites.

The holiday season is a time for merriment and good cheer, but hackers have historically used it to take advantage of peoples’ online shopping tendencies. Phishing scams are always on the rise during the holiday season, so you need to take steps now to ensure that you don’t accidentally put yourself at risk—especially with voice spoofing emerging as a threat for Amazon orders.

Phishing is one of those threats that has been around for a long time, and as time passes by, these threats only become more difficult to identify. Some businesses can’t tell the difference between phishing scams and actual emails. Here’s how your company can take steps toward properly identifying and responding to phishing emails.

Even the most cautious employee could fall victim to a well-placed and well-timed phishing email. What are some factors that contribute to the success of these attacks, and what subject lines in particular should people be cautious about? A recent study takes a look at what goes into a successful phishing attack, and you might be surprised by the results.

There are always going to be those who want to use your hard-earned data and assets to turn a profit. One of the emergent methods for hackers to do so is through twisting the “as a service” business model into network security’s worst nightmare. This type of security issue is so serious that Microsoft has declared that Phishing-as-a-Service is a major problem.

We don’t like it any more than you do, but if we have learned anything at all over the past several years, it’s that security absolutely needs to be a priority for all small businesses. In the face of high-profile ransomware attacks that can snuff companies out of existence, what are you doing to keep your own business secure? To put things in perspective, we’ve put together a list of some of the more common threats that all companies should be able to address.

We’ve spoken in the past about security issues surrounding credit cards, but considering the many advancements and adaptations that have been made to the way businesses can accept payments, it seemed to be a good time to revisit this matter.

Let’s review some of the changes that have been made in the time since, as well as the ways that you can keep your payment cards more secure.

Phishing attacks are some of the most common threats out there. Hackers will craft messages or web pages designed to harvest information from your employees, be it through suspicious requests for credentials via email or through false websites that look so much like the real thing that it’s no wonder they were tricked. How can you make sure that your employees don’t fall for these dirty tricks? It all starts with comprehensive phishing training.

The first half of this year has seen its fair share of ups and downs, especially on a global scale. With a global pandemic still taking the world by storm, it’s despicable that hackers would take advantage of the opportunity to make a quick buck using phishing tactics. Yet, here we are. Let’s take a look at how hackers have turned the world’s great misfortune into a boon, as well as how you can keep a lookout for these threats.

As one of the biggest cybersecurity considerations the modern business has to make, how to combat phishing has to be at the top of any business’ cybersecurity strategy. Let’s take a look at phishing and why it’s such a big problem for today’s business. 

While it initially sounds promising to hear that the number of data breaches seen last year went down significantly, it is important to recognize that the number of data records leaked as a result more than doubled. One clear cause was the resurgence in the use of the underhanded malware variety known as ransomware. With this suggesting an increased threat of ransomware incoming, can you confidently say that your business’ team is ready to deal with it?

For 2020, the word in technology was ransomware, and while many businesses were caught off-guard, there are no longer any excuses to not take cybersecurity seriously. Here are three ransomware and cybersecurity lessons businesses should learn before it’s too late.

Despite the name being mildly amusing, phishing attacks are no laughing matter. These scams, in all their different forms, wreak havoc on businesses—ranking as the top breach threat in the 2020 edition of Verizon’s annual Data Breach Investigations Report, and successfully impacting 65 percent of United States organizations in 2019 as reported by Proofpoint’s 2020 State of the Phish Report. Avoiding them requires you to be able to spot them, so let’s go over the different varieties of phishing that can be encountered.

As serious as they are, cyberattacks aren’t always given the most serious-sounding names. We are, of course, referring to “phishing”: the manipulation of the user, rather than of a computer system, to gain access to data. Phishing can come in many forms, with some—like phishing someone via SMS message—doubling down on the silliness of the name. Let’s examine this variety, and why “smishing” is not something to trifle with.

Having success in business often relies on developing trustworthy relationships. You have to trust your vendors and suppliers to get you the resources you need, you need to trust your staff to complete their tasks without putting your business in harm's way, and you need to trust your customers to buy the products and services that you offer. Running counter to these necessary bonds of trust are people actively soliciting people’s time, energy, money, and attention for their own selfish purposes.

For the past several years, ransomware has been a major thorn in the sides of businesses. Hackers that were once known for “hacking” into networks, changed tactics when encryption just got too strong. Today, these “hackers” use confidence tactics to gain access to accounts. Once they’re in, their strongest tool is ransomware. Let’s look at what makes ransomware so dangerous and how your company can combat the constant attacks that come your way. 

If you’ve been reading this blog for any length of time, you’ve seen us reference a phishing attack. Whether you are being asked by some supposed Nigerian prince to fork over money or you are getting an email by what seems to be your bank that directs you to download an attachment, you are probably a potential victim of a phishing scam. The difference between being a potential victim and a victim is knowing how to identify it. Today, we’ll give you five ways to identify a phishing message so that you—or your company—won’t be scammed.

Data security is always a challenge that businesses must rise to meet, but the COVID-19 pandemic has complicated things significantly by creating situations that make ensuring this security even more difficult. Let’s go over the impacts that many organizations—especially those in the healthcare industry—have had to deal with due, in part, to the coronavirus.

This may be an uncomfortable truth when it comes to data security: the weakest link to keeping your data secure will be your employees. As social media giant Twitter recently discovered, despite the best technical security measures you have in place, all it takes is a break in protocol to place your client’s data and your business’ reputation at risk.

Since the onset of the coronavirus, many businesses have managed to sustain themselves through remote work—also commonly known as telework. While this strategy has allowed quite a few businesses to survive, it has also opened them up to security threats. Here, let’s focus on one such threat: vishing, or voice phishing.

Since the beginning of the COVID-19 situation in March, creating a vaccine has been a major priority. True to form, hackers have begun targeting the very organizations responsible for the vaccine trials. There’s a lesson to be learned, today we’ll discuss it.

Phishing emails are a real problem for today’s businesses, which makes it critically important that you and your team can identify them as they come in. Let’s touch on a few reliable indicators that a message isn’t a legitimate one.

With COVID-19 creating an unsure situation for so many businesses, and by extension their employees, these employees are suddenly finding themselves in a vulnerable position. Regardless of whether or not your employees are able to come into the office right now, it is important that you share the following information with them, as it may help to keep them out of a tough spot.

As if Oneonta residents didn’t have enough to worry about during the coronavirus crisis, there’s a new email cyberattack to keep on the lookout for. While it follows the similar pattern of using social engineering to trick its targets into providing funds, this time the attackers have reached a new low. Read on to learn how you can protect yourself.

Cybercriminals use nasty tricks to gain the confidence of their victims. They often use trust to fool users into providing their passwords or downloading malicious software. We’ve recently seen this happen with local Otsego county residents. First, let’s take a look at what social engineering is.

As prevalent as cybersecurity threats unfortunately are today, many users tend to overlook major threats that they just aren’t focused on nearly as much: social engineering attacks. Social engineering attacks are just another means for a cybercriminal to reach their desired ends, and therefore needed to be protected against.

With email being such a huge part of doing business, phishing has become a favorite tool of many scammers. To fight back, it is key that you know how to recognize a phishing email, so we’re dedicating this week’s tip to doing just that.

The modern cyberattack is more of a slight of hand than it is a direct attack. With encryption protecting a lot of business data, hackers need to find ways to circumvent that technology. They often do this though phishing. This week, we will take a look at some of the warning signs of phishing to help give you a little better awareness. 

Gmail and the applications associated with it seem to have some level of inherent trust among users. We just don’t anticipate threats to come in via something from Google. However, it does happen, as a recent spat of phishing has shown using Gmail and Google Calendar. What’s worse, this particular scam has been around for some time.

Phishing has quickly become the most predominant form of cyberattack due to the method’s simplicity. It solely relies on a user’s gullibility. The weakest link to any business is typically the employees. In order to protect your business, you and your team need to identify these social engineering cyberattack attempts. Let’s look at a few tips on how to recognize a phishing attempt.

Despite its whimsical name, phishing is a very serious threat to everyone, especially today’s businesses. This means that you need to be prepared to identify its warning signs and avoid risky situations. Here, we’re offering a few tips to help you do so - make sure you share them with your employees as well!

Any business in operation today needs to keep modern realities concerning cybersecurity at top-of-mind if they are going to successfully maintain the business going forward. One major issue to be cognizant of is the increasing prevalence of phishing attacks.

It can be a real head-scratcher when one of your otherwise well-performing employees routinely falls for the simulated phishing attacks that you roll out as a part of your cybersecurity awareness strategy. For all intents and purposes, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize your staff’s working knowledge of phishing attacks, do you replace this employee? We’ll take a look at it today.

One of the most masterful arts of deception that hackers use is the phishing attack, which attempts steal sensitive credentials from unwary victims. The anonymity afforded to criminals on the Internet is what makes this possible. Using phishing attacks, hackers attempt to steal credentials or personal records by forging their identities. What’s the best way to protect your business from these attacks?

In the late 1970s and early 1980s, Bell telephone companies were making a mint off of offering the ability to call your friends and family that lived outside your predefined region, charging up to $2 per minute (during peak hours) for long distance calls. The problem for many people was that these regions kept shrinking. Some people decided to combat this costly system by reverse engineering the system of tones used to route long-distance calls, thus routing their own calls without the massive per-minute charges demanded by long-distance providers. These people were called Phreakers, and they were, in effect, the first hackers.

Hopefully, you’ve heard of phishing at this point: the method cybercriminals use to scam their targets by impersonating someone that their targets would trust, requesting access credentials or other sensitive information. Did you know that there are specific kinds of phishing? Here, we’ll review one of the biggest risks to your business... spear phishing.

Mobile devices associated with the 607 area code are being targeted by text message-based phishing attempts, also known as SMiShing. It is important that you are able to identify these messages so that you aren’t added to the list of those fooled by them. The same also goes for your employees.

If you run a small business in Oneonta, you might assume that you don’t need to worry about the threat of a cyberattack. Unfortunately, that’s not the case.

Unfortunately, one of the most effective defenses against phishing attacks has suddenly become a lot less dependable. This means that you and your users must be ready to catch these attempts instead. Here, we’ll review a few new attacks that can be included in a phishing attempt, and how you and your users can better identify them for yourselves.

Phishing attacks have been in the social consciousness now for a while, and for good reason: it is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out.

Email is a core component to many businesses. With 124.5 billion business emails being sent and received each day, that doesn’t seem to be in danger of ending. Are the emails that are coming and going from your business secure? That may be another story, altogether. In order to keep your email security at a premium, we have outlined the following tips:

While modern security solutions have made great strides to protect businesses, there are still a lot of threats out there that can create problems for your organization. If you don’t take a proactive stance on security, you could potentially expose your network to incoming threats of all kinds. We’ll help your business understand what threats are out there, why they are dangerous, and what you can do to keep your organization secure.

Phishing attacks have been around for decades, first being recorded in 1995 where scammers would pose as AOL employees and request a user’s billing information through instant messages. Nowadays, email phishing attempts have tricked users into handing over personal information of all kinds. There are many methods of identifying a phishing attempt, but today we’ll focus on one.

An unfortunate fact about the modern business world is that any organization that utilizes technology is playing with fire. Cyber attacks can circumvent even the most well-protected networks through the company’s users. This is, unfortunately, something that business owners often don’t learn until they’re on the receiving end of an attack; just like the two companies that fell victim to phishing attempts that were supposedly operated by Evaldas Rimasauskas, a Lithuanian hacker who has been accused of stealing $100 million from them.

One thing that both fishing and phishing have in common is the use of lures. With the right lure, the chance of successfully catching the target improves. When it comes to the digital lures seen in phishing scams, research shows that social media is the most effective.

On Wednesday, several users found themselves the victim of a convincing phishing attack. The attack was designed to look like an invitation to view and edit a Google Doc, and is designed to steal your Google credentials and spread through your contacts.

Phishing scams have had a supporting role in many of the latest cyber threats, often as the means the attacker has used to start off their attack. This attack vector is relatively easy to avoid in most cases, but requires education for the end user.

Chances are, you’ve heard of phishing before--emails that promise some benefit or prize if you only click on the included link, that actually only results in trouble for you and your data. Unfortunately, as technology has embraced mobility, so have phishing attempts. This is why you must also be aware of SMiShing scams.

Few security problems are more dangerous than a network breach. Considering how much you could lose from an unexpected bout with a hacker, it’s no surprise that businesses are concerned. Yet, even some of the most troublesome threats like phishing attacks are often ignored. A new study introduces the groundbreaking thought that phishing attacks should be at the forefront of a business owner’s mind regarding network security.

Hackers are always trying to find creative and new ways to steal data and information from businesses. While spam (unwanted messages in your email inbox) has been around for a very long time, phishing emails have risen in popularity because they are more effective at achieving the desired endgame. How can you make sure that phishing scams don’t harm your business in the future?

Email is often touted as a favorite medium for launching cyberattacks against businesses and individuals. This is because it’s easy to hide the true intent behind an email attack within its contents, whether they are embedded images in the message itself, or links to external sources. How can you know for sure whether the links in your email inbox are legitimate?

Spam is a major hindrance when running a business that relies on email, but it’s easy to protect your employee’s time from the average spam messages with the right technological support. Unfortunately, hackers have adapted to this change and made it more difficult to identify scam emails. More specifically, they have turned to customizing their spam messages to hit specific individuals within organizations.

Would you be surprised if we told you that cybercrime is one of the biggest threats to the success of your organization? Unfortunately, there’s no escaping the fact that your business will be under fire from all sides by security threats. One of the most notorious methods includes phishing--email scams that are designed to harvest credentials and other information from unsuspecting users.

The average business owner may already be aware of what are called phishing attacks - scams that attempt to deceive and trick users into handing over sensitive credentials. However, not all phishing attacks are of the same severity, and some are only interested in hauling in the big catch. These types of attacks are called “whaling,” and are often executed in the business environment under the guise of executive authority.

Your business is literally assaulted by thousands of threats a day, and they could ruin your organization's goals in an instant if not for your defenses. With such powerful security measures at your disposal, we don’t blame you for lowering your defenses; however, it should be mentioned that your network security doesn’t protect you from all manners of threats. Attacks like phishing scams have a tendency to bypass your security measures, which makes them dangerous.

We all know that hacking is one of the biggest risks we must deal with in today’s technology-based society. Most hackers out there try to take advantage of the latest vulnerabilities in software, but there are some that use a more sophisticated method. These hackers try take advantage of the weaknesses found in the human psyche, rather than the technological flaws that consistently get patched.

Most hacking attacks are the result of a flaw or vulnerability found within the code of a program or operating system, but we rarely take into account the ones that don’t. Hackers often take advantage of the human side of hacking as well, a process known as “social engineering.” This is usually the act of conning users into handing over personal information of their own free will, and it’s surprisingly effective.