3 Questions to Ask if You’re Transitioning Your Business to Fully Remote Work

Shifting to a permanent work-from-home business model requires change — a new mindset, new processes, and new technology. Here are three questions you should consider if you’re transitioning your business to fully remote work.

Can management ensure employees have all the information and tools they need to be productive each day without coming off as overbearing?

A FlexJobs survey found that 31 percent of workers only need to hear from their boss a few times a week, 27 percent believe once a week is sufficient, and 22 percent wish their boss would rarely check in on them.

Unified communications provide the ability to chat with staff through SMS messaging or start a quick video call at the touch of the button. This way, management can quickly and easily connect with employees without inundating them with lengthy meetings and cumbersome technology.

Can employees create a quiet home office where they can stay focused, or does working from home create more challenges?

The same FlexJobs survey revealed that only about one-quarter of workers have a dedicated home office. Another 34 percent have to get creative to create a home office space once their employer made the shift to remote work. Another issue is work-life balance and perceived stress. Research shows that employees who are given more autonomy experience reduced perceived stress.

Do you have the right tools to facilitate seamless collaboration and communication?

Meetings and training will be virtual if your company transitions to a fully remote environment. Employees will need tools that make it easy to connect with co-workers and managers in a seamless way, such as secure file sharing and high-quality voice and video. Businesses that haven’t already will need to consider moving all or most of their operations to the cloud to make work from home a success.

If you’re thinking of transitioning your business, start with ensuring you have the right technology to empower your remote teams to thrive. Find out how efficient, productive, and engaged work-from-home employees can be with YeoVoice powered by Elevate, a comprehensive yet flexible cloud-based solution for wherever, whenever communications.

Information used in this article was provided by our partners at Intermedia.

Maintaining training standards is certainly a key piece of a successful remote workforce, and as the pandemic continues to impact the number of employees working from home (with some working there permanently), many organizations have questioned their approach to training.

A new perspective provides a shift to more employee-centric training programs that help to maintain healthy organizational culture. Here are some tips to make your training more engaging and useful for remote workers.

Use a “Bite-Sized” Approach

Many organizations have delivered online training regularly for a decade (or more). However, the concept of loading up 45 minutes to 2 hours of training content for a remote employee is becoming less and less the norm. Many organizations have decided that breaking up the training into smaller chunks that don’t overwhelm employees and providing more frequent training is the way to go. This “bite-sized” approach makes running the training program easier and is better received by all business units.

Implement Video as Much as Possible

Consider rolling out training or communication to the masses as a “video module” rather than large meetings in Zoom or Teams to allow people to watch when it makes the most sense for their professional and personal schedules. This helps to avoid “Zoom fatigue” that many workers are experiencing by having more control of exactly when to consume.

In this world of using a smartphone to make videos, you can easily break up the email and virtual meeting doldrums by mixing in videos into training campaigns. This provides the advantage of being able to track who has watched the training in its entirety. Remember, though, keep it short and to the point.

Give Employees Freedom

Don’t “lock” your training modules. Sometimes people call these “non-skip” versions of courses. In these courses, all the controls are locked, preventing the employee from moving freely between screens. This is an attempt to force attention, even if they know the content and could move faster.

Making courses “non-skippable” is an ineffective way to promote culture and can make your training feel more like torture. Research on autonomy and adult learning shows that if you want your users to really learn, you need to treat them like adults. They will find a way around a locked module anyway if they are not motivated.

Survey, and Survey Again

Finally, if you don’t have surveys and comments enabled on your content or you’re not reviewing those to help with your plan, you should start right away.

When reading comments and reviews, don’t take them personally. Try to see them from a scientific perspective. Read all the comments, compare the ratings to other programs, and look for progress and trends.

We hope these tips will help you as you work to build a solid training program for your organization. If you’re interested in learning more about the structure and effectiveness of our Security Awareness Training solutions, contact Yeo & Yeo Technology today.

Information in this article was provided by our partners at KnowBe4.

QR codes have been around for many years. While they were adopted for specific niche uses, they never reached their full potential.

However, in recent years, with lockdown and the drive to keep things at arm’s length, QR codes have become an efficient way to facilitate contactless communications or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things.

QR Code Fraud

As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code and hand over their payment details, believing they were paying for parking. In reality, they were handing over their payment information to criminals.

The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes used to scam individuals. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply.

Moving Beyond Fake Websites

There are many paid and free services that will allow you to create your own QR code, which can open up many opportunities for more elaborate attacks or techniques. It is essential to know how QR codes can be used to understand potential vulnerabilities. A QR code can:

Create a pre-canned SMS message ready for you to send.
Compose a pre-canned tweet ready for you to send.
Share the public address of a crypto wallet.
Provide access to quickly and easily connect to Wi-Fi.

There are other types of QR codes, but you get the idea – and all of these are relatively trivial to repurpose for malicious activities.

Staying Safe

Fortunately, for these scams to be successful, criminals have to physically tamper with or place their own QR code, which comes at a risk to them. Also, none of these will automatically trigger an action on a phone. Rather, it will display a notification about the intended action.

So just like email phishing, timely and appropriate security awareness training can be put into practice. Teaching users to be mindful and vigilant whenever payments, credentials or personal details are involved online is critical.

Information in this article was provided by our partners at KnowBe4.

Teams is great, but how can I make it less distracting?

Click the colored dot next on your profile, and you’ll see some status options. Choose ‘busy’ or ‘do not disturb,’ for example, when you need fewer distractions. You can also write a message, so your colleagues know when you’ll be free.

Why can’t I print?

Is your printer connected to your Wi-Fi? Are all the cables plugged in firmly? Is there sufficient paper and ink? If you’ve checked these and it’s still not working, try restarting your router.

How can I make sure my staff sticks to cybersecurity measures?

The very best way is to make sure they’re fully aware of the risks and the extent of damage a cyberattack could cause. Regular cybersecurity training for everyone in the business is also recommended.

Information used in this article was provided by our partners at MSP Marketing Edge.

Zero-day attacks can be a developer’s worst nightmare. They are unknown flaws and exploits in software and systems discovered by attackers before the developers and security staff become aware of any threats. These exploits can go undiscovered for months or even years until they’re repaired.

Google’s bug hunters say they spotted 58 zero-day vulnerabilities being exploited in the wild last year, the most ever recorded since its Project Zero team started analyzing these in mid-2014.

This is more than double the earlier record of 28 zero-day exploits detected in 2015. And cybercriminals are still using the same old techniques to get away with their mischief.

Of these 58 security flaws abused last year, 56 are similar to previously known vulnerabilities. Thirty-nine, or 67 percent, were memory corruption vulnerabilities, and most of these fall into the following familiar bug classes:

17 use-after-free
6 out-of-bounds read & write
4 buffer overflow
4 integer overflow

Of the vulnerabilities examined, Chromium/Chrome had the most exploits, followed by Windows, Safari, Android, Microsoft Exchange Server, Internet Explorer and macOS/iOS.

How to secure your networks

Just as more companies continue to grow their businesses online, so, too, will the need for robust cybersecurity measures. Along with more surface-level tools like firewalls, companies should invest in three additional security measures.

The first is a data backup solution so that any information compromised or lost during a breach can easily be recovered from an alternate location.
The second is encryption software to protect sensitive data, such as employee records, client/customer information and financial statements.
The third solution is two-step authentication or password-security software for a business’s internal programs to reduce the likelihood of password cracking.

As you begin considering your options, it’s generally a good idea to run a risk assessment, either by yourself or with the help of an outside firm. Ready to get started? Contact Yeo & Yeo Technology today.

Source: https://www.theregister.com/2022/04/20/google_zero_days/

In 2021, there was a significant increase in the success of worldwide law enforcement activity, taking down various cybercrime groups and recovering money. As a result, some bad actors got spooked and dropped out. However, ransom activity continues to increase because it’s lucrative and attacks on mid-tier entities draw less attention from government agencies.

Small cybercrime groups still come and go, but the bigger groups are better organized and even more vicious, employing triple threat techniques: ransom, data leaks, and DDoS. In some cases, attackers even contact victims’ clients and partners.

Throughout 2021, the ConnectWise Cyber Research Unit (CRU) collected data regarding 500 cybersecurity incidents from its MSP partners and their clients. Of those 500 incidents:

40% were related to ransomware
25% were directly related to exchange vulnerabilities
10% were coin miners with some overlap

According to the CRU, phishing and valid accounts are the most-used techniques for initial access. While zero-days and exploiting public-facing applications are still major concerns, businesses can significantly reduce their attack surface by implementing common mitigation techniques such as email filters, user training, password hygiene, and MFA.

The CRU maintains that execution of cyberattacks is often performed using tools and applications built into the operating system, with PowerShell and Windows Command shell scripting being the most common vectors.

A SIEM can be a powerful tool for detecting these cyberattacks, especially if you enable PowerShell script block logging. Execution control, script blocking, and code signing are also suitable mitigations for dealing with these threats.

Ransomware attacks in Q3 2021 surpassed those of Q1 and Q2 combined. We expect that trend to continue in 2022. Make sure your organization is prepared with adequate cybersecurity measures to prevent cyberattacks.

Not sure where to start? Contact Yeo & Yeo Technology today.

Information used in this article was provided by our partners at ConnectWise.

Organizations in the U.S. lost $2.4 billion to business email compromise (BEC) scams (also known as CEO fraud) last year, according to Alan Suderman at Fortune.

“BEC scammers use various techniques to hack into legitimate business email accounts and trick employees to send wire payments or make purchases they shouldn’t,” Suderman writes. “Targeted phishing emails are a common type of attack, but professionals say the scammers have been quick to adopt new technologies, like ‘deep fake’ audio generated by artificial intelligence to pretend to be executives at a company and fool subordinates into sending money.”

Suderman cites a case from San Francisco, where a nonprofit lost more than half a million dollars to one of these scams.

“In the case of Williams, the San Francisco nonprofit director, thieves hacked the email account of the organization’s bookkeeper, then inserted themselves into a long email thread, sent messages asking to change the wire payment instructions for a grant recipient, and made off with $650,000,” Suderman says.

BEC actors also collaborate and share information with each other to improve their attacks.

“Unlike ransomware operators who try to keep their communications private, BEC scammers often openly exchange services, share tips or show off their wealth on social media platforms like Facebook, “ Suderman writes. “A Facebook group called Wire Wire.com, which was until recently available to anyone with a Facebook account, acted as a message board for people to offer BEC-related services and other cybercrimes.”

Suderman concludes that organizations of all sizes need to be wary of BEC scams.

“Almost every enterprise is vulnerable to BEC scams, from Fortune 500 companies to small businesses,” Suderman writes. “Even the State Department got duped into sending BEC scammers more than $200,000 in grant money meant to help Tunisian farmers, court records show.”

New-school security awareness training can enable your employees to thwart social engineering attacks. Contact Yeo & Yeo Technology to learn more.

Information used in this article was provided by our partners at KnowBe4.

The shift to a hybrid workforce is pushing business leaders to rethink their approach to communications technology. Pressed for better security, reliability, and flexibility, they are investing more resources into cloud-based communications.

According to GetVoIP, in 2020, 67 percent of organizations moved significant portions of their unified communications to the cloud. However, cloud migration itself comes with obstacles. Ultimately, to get the most out of your technology, you’ll want to avoid these three common cloud communication migration pitfalls.

1. Not using your business goals to drive migration decisions

You don’t want to make any substantial IT change without knowing exactly what you want out of the experience.

Every organization that migrates to the cloud wants to realize the top cloud technology benefits – greater resilience, more flexibility, and lower IT costs. But, you don’t want to fall into the trap of focusing on general benefits rather than your company’s unique end goals. What are the specific gains cloud communications offers your industry? How can migration help you reach your business goals?

Whether you want to scale quickly over the next five years or are laser-focused on simplifying compliance for your company, you should use your business goals when making migration decisions.

2. Only looking at the short-term

When goal setting, it’s also important to think long-term. Once you migrate, you can’t just switch back to your legacy communications platforms. You’re making a foundational change to set up your company for a better future.

So, don’t just look at what’s going on now. Consider what your business’s needs might be five and ten years down the road. Will you have a hybrid workforce? Will all your employees be remote? What regulations and security challenges will your company need to overcome? Create a roadmap that factors in both short-term needs and long-term vision.

3. Not supporting your employees with a smooth transition

When migrating to the cloud, your employees must adjust to new software and a modified workflow. To ensure the best possible experience for your teams, create a plan that includes training and complete access to IT support, either in-house or made available by your cloud provider. Otherwise, you risk slowing down productivity when you migrate.

You also want to choose a cloud provider that will minimize business interruption and has experience migrating businesses to the cloud.

Experience Cloud Migration with Peace of Mind

At Yeo & Yeo Technology, we understand how overwhelming a migration can be. We will set up your email account, migrate existing data, and shift your users to your new system without data loss. Get in touch today, and let us make cloud communication migration simple for your business.

Information used in this article was provided by our partners at Intermedia.

With growth comes complexity. As distributors increase capacity, grow their workforce, and expand into new areas of opportunity, they can lose visibility into their management processes.

What’s more, data silos can restrict access to strategic information while eroding trust. This isn’t helped by the proliferation of unintegrated management tools and spreadsheets, creating serious bottlenecks.

An incomplete picture of inventory and demand makes accurate forecasting next to impossible. This results in missed opportunities, inefficiencies, and increased costs.

Sage Production Management not only gives you the tools you need to achieve visibility over your entire process, but by centralizing your warehouse management in a way that is tightly integrated with Sage 100cloud, it also enables you to understand exact costs, item status, and the material quantities required to meet demand.

Driving growth with Sage Production Management

To stay competitive, you need ways to increase production and reliability while reducing costs. But without a holistic, real-time view of your entire production process, achieving this kind of efficiency is almost impossible.

Built on the Sage 100cloud framework, Sage Production Management combines the power of dual grids and batch processes to increase data entry efficiency with easily customizable fields, tables, and scripts.

Automated data can be imported from almost any third-party system with its Visual Integrator function. With several specifically designed integrations available, you can access robust vwarehouse automation solutions that enable you to capture and analyze real-time production and material-usage data.

Sage Production Management brings new features to Sage 100cloud’s modern technology stack, introducing primary and secondary data entry grids, batch data entry, user-defined fields and tables, custom scripting, and a host of other useful features.

When you started your business, your accounting software did a fine job of handling basic bookkeeping needs. It probably still does. But now you’re growing. That means more business, more customers, more products or services to sell, more employees, more data, more regulations, more competition, more complexities.

Here are six questions you should ask to determine if you’re ready to upgrade to a modern business management solution. Do you need to:

Make smart decisions quickly and efficiently?

When data is spread through separate spreadsheets and siloed systems, it is difficult and time-consuming to create reports that support key decisions. Business management software that integrates all of your information and processes in one place is the first step toward improved decision-making.

Streamline your operations to improve productivity and profitability?

Automating business processes improves information accuracy and accelerates data flow, streamlining day-to-day tasks and freeing your staff to focus on more complex issues requiring more personalized attention. As a result, you can improve productivity while dramatically reducing operating and overhead costs.

Adapt and scale your processes and systems with your business?

Your business management solution should not only support your business today but also be flexible enough to accommodate future needs. Look for configurable workflows, multisite support, and the ability to easily configure your system.

Collaborate more closely with partners?

The likelihood of needing to team with multiple partners and rely on third-party providers will only increase as market conditions change and competition increases. This will require swift and efficient communication with your partners via a web-native platform, automated workflows, and reliable, secure systems.

Expand your business—even globally?

If you’re planning to grow your business regionally or globally, your system needs to support that growth by accommodating global currencies, multiple languages, and widely different regulatory requirements.

Comply with government regulations and requirements?

Your business can reduce costs, inaccuracies, and delays by using a modern business management solution that automates compliance processes. These solutions centralize data management—providing a convenient and efficient way to gather and monitor relevant information and eliminate manual procedures.

Transition to a solution that meets your business needs

Unlike traditional Enterprise Resource Planning (ERP) systems that are costly, complex, and difficult to use, modern business management solutions address the needs of today’s competitive small- and medium-sized businesses. These solutions:

Connect your purchasing, manufacturing, inventory, sales, customer service, and financial management data to deliver a complete view of your business.
Integrate with cloud-based services to enable greater team collaboration and create a true platform for growth.
Deliver accurate, real-time information and insights—anytime, anywhere—to provide the type of visibility that enables faster, smarter decision-making.
Are affordable, easy to use, and highly adaptable—helping you work better.

Ready to learn more? Contact Yeo & Yeo Technology.

Information in this article was provided by our partners at Sage.

One of the most critical services that companies benefit from is the protection and monitoring of networks and servers by cybersecurity companies. When a company opts to outsource any work, they are receiving the best quality of work from other industry professionals. When it comes to outsourcing cybersecurity, there should be no hesitation. Here are five reasons that explain why.

Cost Efficiency

You might think that outsourcing work will cost more than finding a way to do it in-house. However, outsourcing to a cybersecurity company is the way to go when it comes to protecting important information within your network of devices. If you are considering building your own SOC in-house, you should know that the cost can reach as high as three million a year. Instead of hiring a team of security analysts, implementing training, going through turnover, and installing a variety of security solutions, you can turn to a reliable cybersecurity company for a few thousand dollars each month.

The Work of Professionals

Not only is relying on the service of a cybersecurity company cost-efficient, but it is also more effective when it comes to reading and creating security solutions. Some companies rely only on software to protect their information, but that is not enough; you need a team of human analysts working alongside the software. Cyber threats are constantly evolving, and security analysts have the deep knowledge needed to combat attacks. They are continually reading complicated reports, searching for problems and finding solutions. If that doesn’t sound all that hard, just think about the fact that individuals can now earn college degrees in cybersecurity.

Real-Time Monitoring and Instant Analysis

With the quality software and work of real security analysts that you get from cybersecurity companies, you will be able to detect potential breaches in your network as soon as they happen instead of days, weeks and months later.

Advanced Monitoring

Diving further into what outsourced services can do for your company, you need to know what different software can do for you when managed correctly. With things like SIEM solutions, you can customize your security defense to watch out for specific threats that are common in your line of work. With constant updates in servers, computers and other electronics, you can have a team of professionals managing your SOC and preparing your network for new threats. They will pinpoint potential problems and threats as soon as they become dangerous.

Time Efficiency

As with just about any service you outsource, when you eliminate one line of work or task, you free up time to focus on more important matters. The company you work with is most likely not a cybersecurity company and therefore has other things to worry about. Outsourcing your cybersecurity needs will give your company one less thing to worry about.

Outsourcing your cybersecurity will ensure that you follow the compliance guidelines and get the protection you need. These five benefits will truly make a difference for your company. If you are looking for a reliable cybersecurity company, look to us at Yeo & Yeo Technology — we can provide you with all the benefits we hit on in this blog. For questions or inquiries, contact us today.

You can never be too sure when it comes to online safety, and if you don’t take the necessary steps to protect your company from malicious online threats, you can find yourself, as well as your customers, in a world of trouble.

Businesses can lose up to $1.33 billion annually because of cybercrimes, which can easily disrupt your company’s spending plans. You need to be ready to take on these attacks, but to do that, you have to take a step back and see if you’re currently at risk.

So, how do you determine if your company is vulnerable to cyberattacks? Here are some risky behaviors that could be putting your company at risk.

Out of Date Malware Protection

Outdated anti-virus software is a sure way to invite unwanted malware and viruses into your network. Cybercriminals are constantly creating new viruses and ways to infiltrate your firewalls, so it’s crucial for cybersecurity companies to update software so that it can effectively fight off online threats.

Weak Passwords

Take a look at the passwords that your team is using; are they strong enough to keep out strangers and other online cybercriminals? Having a weak password is essentially like leaving your front door unlocked. All it takes is one person who really wants to get in, and you’re compromised. It may be hard to believe, but even some of the largest companies in the world stick to the traditional “12345” password. If it’s not safe for a home computer, why would it be safe when it comes to professional systems that safeguard customer, employee and client’s personal information?

Strong passwords go a long way when it comes to cybersecurity, and lazy password creation is detrimental to a business’s online safety.

Believing You are “Too Small” to Target

Cybersecurity companies see attacks happening to every type of business, no matter how small. Thinking that you’re invulnerable to cyberattacks simply because you are not a nationwide franchise is dangerous. Apathy is one of the most dangerous things facing companies today, and cybersecurity companies know this. Your business should always be prepared to avoid a catastrophe.

These are just some ways to tell if your company is at risk of a destructive cyberattack, but the list goes on. If you’re unsure about your company’s safety, consider looking into cybersecurity companies like Yeo & Yeo Technology to help protect your network. From our customizable SIEM and SOC solutions to XDR and EDR security, we’re prepared to safeguard your company’s most important assets.

The FBI’s Internet Crime Complaint Center (IC3) has released its annual report.

The 2021 Internet Crime Report includes information from 847,376 complaints of suspected internet crime and reported losses exceeding $6.9 billion. State-specific statistics have also been released and can be found within the 2021 Internet Crime Report and in the accompanying 2021 State Reports.

The top three cybercrimes reported by victims in 2021 were phishing scams, non-payment/non-delivery scams and personal data breaches. Victims lost the most money to business email compromise scams, investment fraud, and romance and confidence schemes.

According to the report:

Victims lost more than $6.9 billion to cybercrime in 2021
More than 2,300 complaints of cybercrime were received each day
Those 60 years or older reported the most losses from cyberattacks
The top three industries targeted by ransomware were healthcare, financial services and IT

Cybersecurity must be an ever-evolving aspect of any successful and sustainable company. The best way to defend against a cyberattack is to take preventive steps – incidents are less likely to happen and can be less damaging if they do happen.

To get started now, download our 13 Ways to Protect Your Business Against Cyberattacks checklist.

If you need help – from an initial security assessment or implementing additional cybersecurity measures to examining a cybersecurity incident – please contact us. Yeo & Yeo Technology provides full cybersecurity solutions.

If a cyber incident has impacted you, it is encouraged to report the incident. Reporting the incident can help render assistance and prevent other organizations from falling victim to a similar attack. File a complaint with the FBI at www.ic3.gov and contact CISA via email at report@cisa.gov or call the 24/7 CISA Central Operations Center at (888) 282-0870.

Source: https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-the-internet-crime-complaint-center-2021-internet-crime-report

It’s convenient to hop on a video chat with a colleague to discuss a problem or clear up details on a project. You don’t think twice about it anymore, do you?

But are you using your video conferencing software effectively? Here are our suggested rules for video calls:

1. Create and share a meeting agenda

If you schedule a meeting with several others, let everyone know what the meeting is about and give them a chance to prepare. If you use Teams, there’s a text box at the bottom of the new meeting invitation where you can add details.

2. Make sure your background is suitable

Seeing people is a significant benefit of video calls. While people may be intrigued about where you are, blurring your background or working in front of a plain wall will ensure the focus is on you and not your house.

3. Don’t overshare

Ever been caught out when screen sharing? Maybe you’ve received a notification for a personal message or even forgotten to close down a website before joining your meeting?

You can share only the application you want to show by clicking ‘Share’ and choosing the thumbnail shown in the ‘Window’ category.

4. Stand up

Want to keep your video calls focused and productive? Then get everyone to stand up for them. This might seem strange, but it works really well in real life as well.

Information used in this article was provided by our partners at MSP Marketing Edge.

Do I need a second monitor?

That’s a personal preference. A second monitor has the potential to save each person more than 2 hours a day. When set up correctly, it allows you to seamlessly use multiple applications and keep several documents open at once.

How can I use my calendar more effectively?

Start by sharing it with your team, so they know when you’re free and when you shouldn’t be disturbed. It also makes it much easier to schedule meetings if everyone can see your availability. Save time by using a voice assistant to add tasks to your calendar and to invite people to meetings.

Is a password manager really a good idea?

The average person wastes 12 days of their lives searching for passwords. That’s not to mention the huge extra levels of security you get from a password manager.

Information used in this article was provided by our partners at MSP Marketing Edge.

New data from the Anti-Phishing Working Group shows cybercriminals are stepping on the gas, focusing phishing attacks on credential theft and response-based scams.

Last quarter was a busy time for cybercriminals, according to APWG’s Q4 2021 Phishing Activity Trends Report. In total, nearly 900,000 phishing attacks occurred – a 23% increase over Q3 2021 and over three times that of Q1 2020. Last December saw the highest number of recorded attacks at just under 317,000.

According to the report, cybercriminals are shifting to more social engineering-based attacks over malware-based:

8% of attacks were focused on stealing credentials
6% of attacks were BEC attacks, gift card scams, and other response-based scams
Only 9.6% of attacks involved the delivery of malware

The most targeted industries continue to be SaaS, Financial, eCommerce/Retail, Social Media, and Payments.

New data from Barracuda’s recently-released Spear Phishing Top Threats and Trends Report shows that small businesses are also a target of attacks using social engineering tactics that reach the mailbox 3.5x more than their enterprise counterpart.

According to the data, the average number of attacks per mailbox in organizations greater than 2,000 employees is 5 per year. But in organizations with less than 100, that number more than triples to 17 per year.

Further analysis of attacks shows that the SMB is targeted with largely the same breakout of attack types:

49% are phishing attacks
40% are scams
9% are business email compromise attacks
2% are extortion attacks
<1% are vendor email compromise (also called conversation hijacking) attacks

It also appears that ransomware attacks are getting more effective across all industries, as the number of companies falling victim to these attacks rose 36% in Q4 alone and was the highest number of successful attacks in the last two years.

Phishing is not just remaining a problem for organizations today. It’s an ever-growing concern that should have every business’ focus as a primary source of risk. Security solutions provide solid coverage for most phishing attacks. Still, for that small percentage of attacks that make it to the Inbox, it’s only Security Awareness Training that will be the difference between a protected organization and an enabled attack.

Information used in this article was provided by our partners at KnowBe4 and Barracuda.

A new analysis of attacks in 2021 shows massive increases across the board, painting a very concerning picture for 2022 cyberattacks of all types.

New data from security vendor PhishLabs provides a sense of what last year’s state of cyberattacks looked like and unveils the increases in efforts by cybercriminals that we saw throughout 2021 looks like they’re here to stay for the time being.

According to the report:

Phishing attacks grew by 28%
Social Media-based threats grew by 103%
Attacks with malware nearly tripled
Vishing that begins with a phishing email jumped 554%
52% of phishing attacks focused on credential theft
38% of phishing attacks are response-based (e.g., job scams, tech support, BEC)
Only 10% focused on malware delivery

The overarching theme here is that email is the delivery mechanism of choice – because it works. Organizations must put layered security measures in place to stop email-based attacks – keeping in mind that some percentage of malicious phishing emails will make their way to your user’s Inbox.

This means that users must also participate in your organization’s security strategy, interacting with emails with a sense of vigilance and skepticism should an email seem unexpected, suspicious, out of the norm, etc.

This can be taught with Security Awareness Training, where users see themselves as a part of the organization’s layered security, helping stop attacks before they do damage.

Information used in this article was provided by our partners at KnowBe4.

Cyberattacks on businesses surged 40% in 2021, and 2022 is predicted to be an even more dangerous and expensive year when it comes to defending against cyberattacks. Most recently, cybercriminals globally are looking to profit from the Russia-Ukraine conflict, with small to mid-size businesses and organizations among the most vulnerable.

Cyberattacks on all businesses and organizations are becoming more complex and costly and are happening every day. According to a recent Cost of Cybercrime Study (Accenture), 43% of cyberattacks are aimed at small businesses, especially those in the legal, insurance, retail, financial, healthcare, government and education sectors, but only 14% are prepared to defend themselves. Cybercriminals are targeting the human layer – the weakest link in cyber defense – through increased ransomware, phishing and social engineering attacks as a path to entry.

Unfortunately, 88% of small business owners felt their business was vulnerable to a cyberattack, according to a recent Small Business Association survey. Many companies can’t afford professional IT solutions, have limited time to devote to cybersecurity, or don’t know where to begin.

Be proactive in this battle – don’t wait to be the victim of a cyberattack. We recommend you start by:

1. Learning about common cyberthreats. While there are many, among the most common are phishing, malware, spear-phishing, ransomware and Zero-day exploit.

2. Understanding where your business is vulnerable. A cybersecurity risk assessment performed by an experienced cybersecurity service provider is the most effective way to identify areas of concern and security gaps.

3. Taking steps to improve your cybersecurity. Developing a comprehensive cybersecurity program that includes a plan for educating your workforce is the best defense.

To get started now, download our 13 Ways to Protect Your Business Against Cyberattacks checklist.

If a cyber incident has impacted you, it is encouraged to report the incident. Reporting the incident can help render assistance and prevent other organizations from falling victim to a similar attack. File a complaint with the FBI at www.ic3.gov and contact CISA via email at report@cisa.gov or call the 24/7 CISA Central Operations Center at (888) 282-0870.

Review the Checklist: 13 Ways to Protect Your Business Against Cyberattacks

UCaaS (Unified Communication as a Service) powers communications and collaboration for many industries. Its features drive significant benefits for teams, and healthcare can reap them, too.

If your healthcare organization is considering new technology, UCaaS should be a top priority. Let’s look at why it delivers so many advantages.

Connecting Multiple Teams

You can bring everyone together through UCaaS. Consider how much easier it would be for billing to easily communicate with the lab department and others to streamline activities by patient. Your employees likely spend too much time chasing information or trying to connect. With the right technology, you can alleviate many of these pain points.

UCaaS Delivers Financial Advantages

If you’re currently using multiple systems for telephone, chat, online faxing, file backup and sharing, and video conferencing, then you’re likely overpaying. With UCaaS, you bundle all these things into one system and get one bill.

Systems Are Always Up to Date

Healthcare has many requirements around data security and sharing. Cybercriminals are constantly attempting to breach systems, and a leading way they exploit is via software that’s not updated. When you deploy UCaaS, your provider automates these updates.

Remote Workers Have the Same Access and Experience

UCaaS ensures remote employees have the same tools. They simply need an internet connection and login. UCaaS sits in the cloud, and as long as you have end-point security in place, this shouldn’t increase risk. Remote employees can take calls from their desktop, send IMs to co-workers, and start a video call with a click.

Unified Communication Systems are the Future

YeoVoice, powered by Elevate, delivers on all these benefits and more. It’s secure, reliable, and easy to deploy. Our strict adherence to healthcare compliance means you can trust it. You’ll enjoy award-winning support and industry-leading uptime.

Want to learn more? Contact Yeo & Yeo Technology.

Information used in this article was provided by our partners at Intermedia.

This is a question we often hear. And the answer is always a big YES!

Software can only protect you to a certain level. Humans are the first line of defense against cybersecurity attacks.

If you can teach someone to spot a bad link in an email and not click it, then you don’t need to worry about mitigating the effects of a cyber-attack.

Regular training doesn’t just help your staff help you. It can also build a culture of security awareness within the business.

Staff find it hard to act against a culture. They’ll think, “if no one else bothers to check links before clicking them, why should I?”. That way of thinking also works the other way.

Regular training will help you identify areas where your security isn’t as robust as it could be and make appropriate changes.

If you don’t already invest in cybersecurity training, please think about it this year. The benefits are massive.

Learn more about Yeo & Yeo Technology’s Security Awareness Training services.

Information used in this article was provided by our partners at MSP Marketing Edge.