Key Security Tips for Busy Professionals

Last week, I shared a cautionary tale about someone who noticed an unusual charge on her debit card, followed promptly by a phone call from someone claiming to be from her bank. They informed her of suspected fraudulent activities on her card and convincingly asked for her PIN and other security details to "stop" the fraud. It all seemed legitimate, and she provided her PIN, relieved to have the problem resolved. Unfortunately, this led to her losing hundreds of thousands of dollars—a story that has become all too common, as evidenced by reports in papers nationwide. This underscores a harsh reality: scams are on the rise, and we, as businesses and individuals, must remain vigilant. In the fast-paced world of business, where every second counts, the safety of our digital communications can sometimes take a backseat. However, recent global trends in phishing campaigns should be a wake-up call. An increasing number of employees are being caught clicking on, opening, and failing to report suspicious emails. While we collectively understand the pressures of a busy schedule, it is crucial to remember that it only takes one compromised account to endanger the entire organization. Training is only one line of defense. We must all take the time to protect ourselves and the enterprises we work for. Simple Steps to Safeguard Your Information It’s easy to fall into complacency and assume we're immune to online scams, but the reality is different. Scammers continuously refine their strategies to catch even the most cautious among us off-guard. Here’s a quick refresher on basic digital hygiene: -Avoid clicking on unfamiliar links in your emails. -Be skeptical of unsolicited phone calls from unknown numbers. -Think twice before sharing personal information online, even if the request appears legitimate. Common Themes in Business Email Compromise (BEC) Attacks Our research indicates that most BEC attacks try to lure victims using familiar business contexts. Here are some common themes to watch out for: 1. Payroll Diversion: Requests to change bank account or payroll details. 2. Request for Contact: Seeks personal contact details like mobile numbers or personal email addresses. 3. Urgent Tasks or Favors: Asks for help with supposedly urgent tasks. 4. Availability Checks: Sends brief queries about your presence in the office. 5. Invoice Transactions: Notifies about overdue invoices. 6. Gift Purchases: Proposes buying gifts for employees, often asking for gift cards. 7. Wire Transfers: Directs preparations for large money transfers. 8. Document Requests: Asks for sensitive documents like W-2 forms or vendor lists. 9. HR Communications: May claim to update office policies or personal records. By familiarizing ourselves with these tactics, we can better protect our personal information & the integrity of our business operations. Let's all commit to being more vigilant and proactive in our approach to cybersecurity.

When I joined Dandemutande Investments Private Limited , I went from frying pans to firewalls and let me tell you, the jargon was like trying to read a foreign language, yhoo guys, I remember asking a lot of questions during my induction to a point I think the trainers were already giving each other’s a heads up about me kkkkkk. One thing I promised myself was to break down these tech terms so that everyone, no matter their background, can understand and appreciate the amazing services we offer. At Utande Internet Services , we offer a wide range of services that cater to everyone. Today I’m going to close in on Cyber security which might sound complex but breaking it down into everyday terms might just help us. Why Cyber Security is Important? Imagine Your Digital Life as a House: Locks and Keys: Just like you lock your doors to keep out intruders, strong passwords and two-factor authentication (2FA) protect your online accounts. Alarms and Cameras: Firewalls and antivirus software are like security systems that alert you to threats and keep your digital house safe. Guard Dogs: Think of VPNs (Virtual Private Networks) as guard dogs that watch over your internet connection, keeping it secure and private. Let me Break It Down: 1. Strong, Unique Passwords = Solid Locks Fun Tip: Use a mix of letters, numbers, and symbols. Imagine creating a secret recipe that only you know. Instead of “password123,” go for something like “zondoeater!89”. Relatable Example: Just like you wouldn’t use the same key for your house, car, and office, don’t use the same password for all your accounts! 2. Beware of Phishing Scams = Those Window peeping Sneaky Robbers Fun Tip: Always check who’s sending you emails or messages. If it looks suspicious, it probably is! Relatable Example: If someone knocked on your door claiming to be your partner but you can already tell that the voice is not theirs and asked you to open the door, you’d be skeptical, right? Do the same with emails and texts. 3. Keep Software Updated = Regular Home Maintenance Fun Tip: Think of software updates as giving your devices a vitamin boost. They fix security holes and keep everything running smoothly. Relatable Example: Just like you’d fix a leaky roof, or plumbing leaks update your software to prevent any digital leaks. 4. Enable Two-Factor Authentication (2FA) = Extra Security Check Fun Tip: It’s like needing a key and a secret handshake to enter your house. Relatable Example: Even if someone steals your house key, they can’t get in without the secret handshake. 2FA adds that extra layer of security. 5. Be Smart with Public Wi-Fi = Stay Cautious in Public Spaces Fun Tip: Avoid doing sensitive stuff like online banking on public Wi-Fi. Use a VPN to keep your data secure, like having a private, invisible shield. Relatable Example: You wouldn’t share your bank details out loud in a busy café. Don’t do it online either. Happy weekend everybody

A few days ago, while doing some work on my laptop, I got an email requesting that I make an urgent payment to a particular account. This was really unusual, so I paused. I checked the email address again and noticed a tiny misspelling in the domain name. It wasn’t from my client. It was a phishing attempt. If I had acted fast without thinking, I could have exposed sensitive data or even triggered a financial loss. That was really scary for me, the fact that one single mistake could lead to serious consequences. And that’s the thing, we accountants work with very sensitive data and that makes us prime targets for cyber attacks. Look, whether you’re a junior Accountant, senior Accountant. Intern, so far you work in the Finance Department, you must take cybersecurity seriously. Here are a few practical tips I live by: 👉 Verify before you trust – Always double-check sender details, especially for urgent money requests. 👉 Use 2FA (Two-Factor Authentication) – for email, accounting software, and cloud storage. 👉 Keep your system updated – that little “update now” button actually protects you. 👉 Avoid saving passwords on browsers – use a password manager instead. 👉 Back up regularly – and encrypt where possible. I’m “just” an Accountant won’t save you from Cyber attacks, and Cyber security isn’t just the job of the IT department we must also learn to protect ourselves. I hope this helps. Are there any other tips you use in protecting yourself? Please share with us. Found this insightful? Please comment and repost so others can learn.

When I first started working with a remote team, I realized that I needed to have a loss-prevention mindset. I couldn't afford to wait for something to go wrong. If confidential info were leaked or there was unauthorized access to your company's financial data, the consequences could be catastrophic. Trust would be eroded clients might leave, and  the financial loss could set you back months or years. I didn't wait for this to happen to me, and neither should you. I never want a situation where there's even a sliver of doubt because I don't want the added stress to distract me from my vision. So, it's important to plug in the holes before they become sinkholes. Here's what you can do: Secure Access ‣ Implement multi-factor authentication (MFA) for logins and regularly review and update access permissions. Regular Reviews ‣ Employees leaving the team or changing roles should have their access revoked or adjusted accordingly. Confidentiality Agreements ‣ Have all team members sign confidentiality agreements (NDAs). Open Communication ‣ Regularly discuss the importance of data security with your team. Data Encryption ‣ Encrypt sensitive data both in transit and at rest. Backup Systems ‣ Implement backup systems for your data. Education and Training ‣ Phishing scams and social engineering attacks constantly evolve, so keep your team informed. Create an access repository sheet ‣ This document should list all authorized users, their access levels, and the specific systems they can access. Take proactive steps now to protect your business before it's too late. Helpful?  ♻️Please share to help others. 🔎Follow Michael Shen for more.

Yesterday, I received a desperate call from a client around 7pm, for whom we host their website. The news was not only disturbing; I remain extremely frustrated and angry even after 12 hours. They had selected a provider for hosted desktop services and have now fallen victim to a ransomware attack. Even more concerning, the provider’s backups were also encrypted. Their systems have been offline for over two weeks. It is worth noting that this provider is ISO27001 certified. My initial review, based on a few straightforward questions, revealed the following: - There was virtually no effective security in place around the hosted desktop solution. - The access controls were basic and built on third-rate, consumer-grade equipment. - Backups were not air-gapped or adequately isolated. - My client has been advised to contact a ‘cyber expert’ to recover their data. There appears to be no sense of accountability or responsibility from the provider. This incident highlights a much broader issue. Cybersecurity is not simply a matter of ticking boxes or acquiring certifications. It requires robust implementation, consistent monitoring, and a genuine culture of diligence. Even if your own organisation takes security seriously, you remain vulnerable if your suppliers or partners do not. Many breaches occur not because of a failure within the main organisation, but through weaknesses in a smaller third party. Every business effectively inherits the security practices of those they work with. Three key points every business should consider: - Take security seriously: Ensure that your IT infrastructure has been properly designed and that security controls are tested regularly. Backups should be properly segregated and not accessible in the same environment as production data. - Choose your providers carefully: Your ISP and IT vendors are an extension of your internal systems. Assess their practices with care. Speed and cost mean nothing if the provider cannot offer secure and reliable services. - Address the weakest links: Small suppliers or partners must follow basic security protocols. One unsecured system or careless practice can compromise your entire operation. This situation was avoidable. Sadly, the consequences are now severe. If you think that ransomware only happen to big companies, you are making a big mistake. I would sincerely advise every business stakeholders to do a proper due-diligence on their IT security and all those they exchange sensitive information. Act now, before it is too late!

Heads up to my network: I just received a call from someone claiming to be at a company I haven’t worked at in years. They said they “saw my name on something” and started asking questions—about files, systems, and former bosses. I kept it vague and just confirmed that while I did create files and security profiles back then, everything was reassigned years ago. I debated posting this, but with the rise in social engineering tactics and AI-generated scams, it’s more important than ever that we all stay alert. Even something as simple as confirming someone’s name or role can inadvertently help a bad actor build a believable story. A few reminders: • At every company I’ve worked for, it’s been against policy to discuss company info on personal devices. • All those companies have internal directories and organizational charts that are accessible to employees and reflect real-time status—who’s active, their role, and their reporting structure. • Multi-factor authentication, VPN tokens, and access monitoring are standard. Even if someone gets a password, they won’t get in without the right device, approval, and authentication. • Any files or security protocols I’ve built are under layered access control. They can’t be accessed without explicit permission from team leaders—real humans who know who’s on their team and verify access requests. • Org charts and dashboards update automatically, flagging any unauthorized access attempts. I built them that way for a reason. So, if someone contacts you claiming to be part of a team, or asking for info about an old project— Don’t answer. Look in the org chart. Ask your security team. I know how people are, I know how computers can be used, and that is why I build things in a way that stays secure, even if people fall for crap like the stuff in this photo, or hack their way past security systems. Some may call it overkill, but my name is NOT going to be tied to a big data leak. I’d rather be called paranoid than become a security liability. Stay paranoid folks!

🚨 What would you do if a cybercriminal had your name, address, and pictures of your home? 🚨 Just got off the phone with a friend who was completely freaked out after receiving a sextortion email. The bad guys didn’t just use scare tactics—they had her name, address, and even pictures of her house. How did they get this info? Likely through data breaches on the dark web and images pulled from Google Maps. The email claimed spyware was installed on her devices, and they demanded a ransom in Bitcoin to keep compromising "footage" from being sent to her contacts. Now, I’ve seen this happen too many times. This type of scam is common, but here’s the truth: don’t panic. The key to staying safe is developing a CyberSecure Mindset. If you or your employees ever face something like this, take a breath and follow these tips: 👉 Do NOT Engage: Don’t reply to extortion emails. Engaging confirms they’ve reached a valid email address, and you’ll likely face more threats. 👉 Use Two-Factor Authentication (2FA): Protect your accounts with 2FA. Even if your password is compromised, 2FA adds an extra layer that hackers can’t easily bypass. 👉 Keep Everything Updated: Outdated software is a hacker’s best friend. Keep your operating system, apps, and antivirus software up to date to close those vulnerabilities. 👉 Use Strong Antivirus Software: Make sure your devices are protected. I recommend PC Matic to help guard against spyware, malware, and ransomware. 👉 Watch Out for Phishing: Phishing emails are a primary way cybercriminals get access to your information. Train yourself and your team to spot them before clicking on any links. Here’s the hard truth: If you’re getting emails like this, they’ve already got some of your personal information from a data breach. But don’t let fear drive your decisions. Know the facts, take preventive measures, and build a mindset that keeps you safe from these scams. ⚠️ Stay proactive and develop a CyberSecure Mindset. Follow me for more ways to keep yourself and your family safe from cybercrime. #CyberSecureMindset #CyberSecurity #RansomwareProtection #PhishingPrevention #StaySafe Darren Mott, FBI Special Agent (Ret.), "The CyBUr Guy" Corey Munson Ricoh Danielson Marc Evans, CFE