Russian Invasion Requires Increased Cybersecurity Alertness 

You have probably heard the news by now that Russia has invaded Ukraine, and this will likely have a major impact on the cybersecurity world moving forward. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is recommending that all American organizations be on high alert, especially small and mid-sized businesses as they are seen as softer targets for cybercriminals.

Top 3 Takeaways from the 2021 Verizon Data Breach Investigations Report 

Every year, Verizon releases their Data Breach Investigations Report (DBIR) and it usually contains some useful takeaways about how SMBs can protect themselves from cybercriminals. In case you haven’t read this 119-page report, here’s TechMD’s breakdown of the Top 3 most relevant takeaways for your business. 

Zero-Day Exploit Affects Microsoft Exchange Servers

Microsoft has announced that Hafnium, a Chinese-backed cybercriminal organization, has been taking advantage of four zero-day exploits to attack on-premises Microsoft Exchange servers. We strongly recommend that any organizations with on-premises Exchange servers, including hybrid Office 365 setups, should apply Microsoft’s patch immediately.

Webinar: Building A Framework-Based Managed Security Program in Your Business

Cybersecurity has become an even hotter topic over the last 12 months as businesses have accelerated their plans to operate in virtual and remote environments. Despite the growth of sophisticated techniques used by cyber criminals, we know that 98% of data breaches can be prevented by implementing the Center for Internet Security’s Top 20 Critical Security Controls correctly.

Executive Extortion: The Evolution of Ransomware

Ransomware has long been a real threat with real risks to businesses of all sizes, but hacking techniques are evolving and ransom payments are going up. In a new trend, cybercriminals are directly targeting the computers of top executives at small and mid-sized companies. Here are a few simple steps that every executive can take right now to protect themselves from cybercriminals.

Cybersecurity Alert: Microsoft 365 Vulnerability Leads to US Treasury Breach

Reuters reported over the weekend that foreign state-backed hackers have breached Microsoft 365 accounts at the US Treasury Department, using their access to secretly monitor email accounts at the US Treasury. Aside from implementing Microsoft’s recommendations for securing Microsoft 365 accounts, here are 3 additional tips to help protect personal and business accounts from cybercriminals.

Combining Security and Convenience in Your Business with Single Sign-On

In the modern workforce, managing passwords is tough. Most employees manage 85 different passwords, and this presents a significant cybersecurity risk for businesses while also harming productivity and user experience. One of the best solutions to this security/productivity dilemma is called Single Sign-On (SSO).

The One Cybersecurity Assessment Every SMB Needs

TechMD’s Security Maturity Level Assessment (SMLA) follows the nationally-recognized NIST Cybersecurity Framework and helps your business understand where your cybersecurity is today, where it needs to be, and how to get to there.

Does the new CCPA law apply to your business?

Many California businesses will need to address new compliance and privacy requirements this year due to the California Consumer Privacy Act (CCPA), which went into effect on January 1st, 2020. Does CCPA apply to you, and if so, what do you need to do about it?

Tech Talk: 3 Practical Steps To Avoid Getting Hacked

A good cybersecurity foundation is made up of the right knowledge, daily practices, and tools. In this Tech Talk, we’ll review three best practices you can implement to protect yourself from cyberattacks, whether at work or home.

Cybersecurity Alert: SharePoint Phishing Attack Targets Office 365 Users

Recently we have been seeing a new phishing attack called PhishPoint that is targeting Office 365 customers. In this scam, cybercriminals are inserting malicious links into SharePoint files and then sharing them with potential victims, ultimately allowing them to steal Office 365 user credentials.

What You Need to Know About the WannaCry Breach

WannaCry Ransomware Causes Global Security Breach You may have seen the news this weekend: cybercriminals released a new strain of ransomware that can automatically spread itself across all computers in a network. It’s been dubbed “WannaCry” and it’s causing a global epidemic. More than 40 hospitals in the UK were shut down over the weekend. […]

Cloudflare Announces Possible Breach of User Credentials

Make sure you change duplicate passwords immediately! On Thursday of last week, website security provider Cloudflare announced a major security vulnerability affecting their service. This vulnerability has caused sensitive user data to be exposed across a number of popular websites, like Yelp, Uber, and others. To protect yourself, make sure you are not reusing any […]

Cybersecurity Alert: Latest Scam Combines CEO Fraud With W-2 Phishing

Tax season kicks off with W-2 phishing and wire transfer scams These days, most of us are probably aware of CEO fraud, where cybercriminals impersonate high-level executives and trick employees into wiring company funds to an external account. And you may remember hearing about W-2 phishing during last year’s tax season, where scammers impersonated CEOs […]

Five Tips for Shopping Securely Online

Shop Smart and Secure This Holiday Season! Christmas is just around the corner, and while you might have all your shopping done already, most of us are still looking around for the perfect gift! And like many people, you’ll do a good portion (or even all) of your shopping online. However, is your financial data […]

Yahoo Announces Largest Security Breach of All Time

On Thursday, Yahoo announced a massive security breach involving user account credentials for its services. According to Yahoo’s investor relations page, “a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor”. The account information in question includes names, email addresses, passwords, […]