Author Archives: Thrive

The U.S. Securities and Exchange Commission (SEC) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules officially went into effect in December 2023.^[1] Aimed at improving cybersecurity risk management at public companies, the rules intended to protect investors by enforcing operational and strategic transparency. Public companies must now disclose major cybersecurity incidents and provide annual updates on how they approach cybersecurity resilience and governance.

You’re working at the office on the company network and get prompted to change your password. You follow some basic steps and you’re all set. However, how does this process work if you’re working remotely or off the company network? Here are seven quick steps to successfully change your password remotely while keeping your company accounts secure.

1. Connect to a VPN

Before changing your password, connect to a secure VPN client. Your company may already have a VPN network set up for remote employees to safely access the company network. If not, consider using a trusted virtual private network service to securely connect to the internet.

If you forget this step, your password will change on your PC but may not change across the system or network. That will cause you to get an incorrect password error the next time you try to log in.  You’ll also be unable to log in to email and other apps that use your Windows password.

2. Change Your Password

Once you’re connected to a VPN, you’re ready to reset your password. We encourage you to choose one with some complexity. You must use several characters; the exact number depends on your company’s policy. The system will prompt you to choose a new password if the one you selected is not long or complex enough.

Here are some guidelines to help you create a secure password:

• Use a mix of uppercase and lowercase letters
• Include numbers and special characters
• Avoid using personal information like your name or birthdate
• Do not reuse passwords from one site or application to another—they should ALL be unique and difficult to guess

3. Update Password on All Devices

Don’t forget to update passwords on all of your devices! Many people make the mistake of only changing their password on their work computer and forgetting about tablets, phones, and other devices that also need access to the network. This step is crucial to avoid any login issues or potential security breaches.

Regularly updating your passwords across all devices not only enhances security but also helps keep your personal and professional information safe from unauthorized access. To remember this step, you could schedule password updates on your calendar or set a reminder on your phone.

5. Consider Using a Password Manager

If you’re having trouble keeping track of all your different passwords, consider using a password manager. These tools securely store and generate complex passwords for all your accounts, making it easier for you to maintain strong and unique passwords without the hassle of remembering them. Plus, they often include features like password sharing and security audits.

The most common password managers used in businesses are:

• LastPass
• NordPass
• 1Password
• Dashlane
• RoboForm

6. Set Up Multi-Factor Authentication

To further enhance your account security, consider setting up multi-factor authentication. This requires an additional form of verification, such as a code sent to your phone or touch ID, before accessing your account.

The extra layer of protection (especially if it’s bio-metric) makes it nearly impossible for hackers to access your account even if they have your password. More and more businesses are adopting multi-factor authentication as a standard security measure, so it’s worth investing in now.

7. Test for Functionality

Once you have changed the password on all devices, added any additional security features, and saved it somewhere safe, log out of your computer and back in using your newly created password to verify it’s working. If you still encounter any issues or have questions about the process, don’t hesitate to contact your IT support team immediately for assistance.

Gain Unmatched Network Security With Thrive

Changing your password remotely may seem less secure than in a typical office setting, but by following these steps and taking extra precautions, you can ensure your accounts remain secure. At Thrive, we specialize in providing the highest quality network security solutions for businesses of all sizes. Protect your valuable data and confidential information by partnering with us today.

*Disclaimer – These steps are general best practices but your organization may have different processes in place. Please be sure to adhere to your company’s policies.

Encountering a scam is like wandering into a dodgy back alley of the internet. You might receive an enticing email promising a windfall or a social media friend requesting urgent financial help. But how do you resist? And more importantly, how do you ensure your employees will resist, too? Let’s find out how to utilize IT security to protect your organization from these cyber scams.

Are IT Security Tools Really That Important?

As long as you don’t open attachments from strangers, you should be safe from cyber scams, right? Wrong. Cybercriminals are getting more sophisticated every day, and even the most cautious internet users can fall prey to their schemes. Here are just a few stats that might surprise you:

• In 2023, ransomware drove more than 72% of cybersecurity incidents.
• Email is the delivery method for 96% of phishing attempts.
• According to IBM, phishing incidents resulted in an average cost of $4.9 million for businesses in 2023.
• Last year, 93% of organizations experienced two or more breaches related to identity.
• On average, ransomware victims permanently lose 43% of the data impacted by an attack.

This is where IT security tools come in—they act as a protective barrier between your organization and malicious actors. With these tools, you can secure your network, devices, and data against common cyber scams. But what are some of the most effective IT security tools for combating these threats? Let’s take a closer look at a few of them.

How to Properly Defend Against Common Cyber Scams

Each type of scam requires a unique approach to defend against it. We’ve created a list of the most prevalent cyber scams and the security tools you can use to combat them.

Phishing Scams

Phishing scams are one of the most common types of cyber scams, typically taking the form of an email, message, or even a fake website designed to trick you into giving away sensitive information. The best defense against phishing scams is a combination of employee security awareness training and security tools.

• Email Filters: These filters can block suspicious emails from reaching your inbox, reducing the chances of employees falling for a phishing attack.
• Regular Employee Training: Regular training sessions on how to identify and avoid phishing scams can help employees become more vigilant.
• Two-Factor Authentication: Implementing two-factor authentication adds an extra layer of security, making it harder for cybercriminals to access sensitive data.

Ransomware Attacks

Ransomware is a type of malicious software that encrypts your files and demands payment in exchange for the decryption key. To protect against ransomware attacks, use the following IT security tools:

• Anti-Virus and Anti-Malware Software: These tools can prevent ransomware from being downloaded onto your system.
• Multiple Data Backups: Regularly backing up your data ensures that you have a copy of important files in case they are encrypted by ransomware.
• Firewalls: Firewalls act as a barrier between your organization’s network and the internet, preventing unauthorized access and helping to block ransomware attacks.
• Multi-Factor Authentication: Implementing multi-factor authentication for systems and applications can help prevent unauthorized access and reduce the likelihood of ransomware attacks.

Cyber Hack

A cyber hack is a type of scam where an attacker gains unauthorized access to your system or network, usually through exploiting vulnerabilities in software or weak passwords. To defend against cyber hacks, consider implementing these IT security tools:

• Encryption: Encryption tools can protect your sensitive data, making it unreadable even if it falls into the wrong hands.
• Password Managers: Password managers help employees create and store strong, unique passwords for their different accounts, reducing the risk of weak password attacks.
• Managed Service Provider: A managed service provider can monitor and manage your IT infrastructure 24/7. Their consistent protection can safeguard all vulnerable areas and detect and respond to every threat.

Access Every IT Tool With Help From Thrive

Cyber scams are constantly evolving, so your security tools must be continually updated and monitored. Thrive is a leading managed service provider offering a full suite of security solutions to keep your organization safe. From employee training and email filters to 24/7 network monitoring and encryption services, we have everything you need to protect against common cyber scams. Contact us today to keep your business safe and securewith Thrive.

Thrive is not just a company; it’s a testament to what happens when a community of passionate individuals comes together to unleash the full potential of technology and human collaboration. Our story is one of continuous evolution, innovation, and a steadfast commitment to technology excellence on our customers’ behalf.

Audax Private Equity, a leading investment firm, recently acquired Aspen Surgical, a surgical products business previously under Hillrom’s umbrella. This case study highlights how Thrive, a trusted technology partner, facilitated a seamless transition for Aspen Surgical’s IT infrastructure, enabling a successful carve-out and setting the stage for future growth and innovation.

Separation Struggles

Aspen Surgical tackled the challenge of untangling its IT infrastructure from its former parent company, Hillrom, which involved adding new servers, migrating data, and enhancing security. Audax and Aspen Surgical sought a partner to establish their new IT infrastructure and ensure timely completion before the transitional services agreement expired.

Thrive Chosen for Expertise in Mid-Market, PE-backed Ventures

Audax chose Thrive for its innovative approach and proven expertise in mid-market, PE-backed ventures, streamlining critical projects like mergers and acquisitions. “Thrive’s portfolio-wide reporting back to the fund is unique in the marketplace and ensures secure and scalable platforms. Additionally, its proactive cybersecurity approach mitigates post-acquisition risks and lays the groundwork for seamless add-on investments,” said Kevin Ellis, Vice President of Sales at Thrive. Audax also valued Thrive’s dedicated PE-focused teams and tailored support for fast-growth businesses.

Precision in Action: Planning and Execution

Collaborating closely with Aspen Surgical’s internal IT team, Thrive meticulously planned server and data migration, deployed new Office 365 tenants, and implemented robust security measures with an innovative ticketing system for quick response time, resolution and communication. This strategic approach ensured minimal downtime and disruption to operations, laying a secure foundation for future endeavors.

Seamless Deployment

Thrive prioritized security and scalability by implementing advanced endpoint security measures and robust backup and disaster recovery services. These efforts aimed to mitigate cybersecurity threats and minimize downtime risks. Solutions deployed include ThriveCloud, ServiceNow technology, Security Information and Event Management (SIEM), 24x7x365 Security Operations Center, NextGen Endpoint Security (EDR), Vulnerability Scanning, End User Security Training, Phishing Simulation.

Our PE-experienced team possesses the technical and strategic skills to navigate rapid growth scenarios, providing unparalleled support focused on value creation, protection, and PE-specific engineering and account management. Throughout the carve-out process, Thrive ensured project completion within the confines of the transitional services agreement, emphasizing the importance of effective communication and comprehensive project management.

Realizing the Vision: Achieving Success with Thrive

With Thrive’s aid, Aspen Surgical smoothly transitioned to its new IT infrastructure, bolstered by NextGen services for scalability and resilience, while proactive cybersecurity measures ensured value protection post-acquisition. Leveraging Thrive’s services, including ThriveCloud, Aspen Surgical guarantees scalable solutions for future growth, with ongoing support ensuring a robust IT setup. With Thrive’s help, Audax and Aspen completed the carve-out on time and budget, facilitating rapid expansion and investments for Aspen Surgical’s future prosperity.

Revolutionizing Private Equity Transactions

Thrive’s unparalleled expertise in supporting PE transactions transcends individual carve-outs. By providing portfolio-wide reporting and innovative solutions tailored to PE firms’ unique needs, Thrive is poised to revolutionize how investment firms manage and optimize their technology investments, driving value and enabling strategic growth initiatives.

Thrive’s Value Creation and Protection Designed for PE

Acquisitions draw attention, making companies vulnerable to impersonation and phishing. Smaller to mid-market PE firms with technical debt are especially at risk due to outdated security. Immediate security analysis post-acquisition is crucial to mitigate threats promptly. Neglecting this can lead to significant financial losses, emphasizing the need for proactive cybersecurity measures to safeguard against attacks targeting newly acquired businesses.

Agile and Adaptive for PE Transactions

Thrive consistently conducts thorough IT operations reviews and security evaluations. In many cases involving PE firms, transactions come with technical debt and scalability challenges. Nonetheless, Thrive’s agility allows for swift adjustments to the current operational landscape, ensuring seamless support and adaptability to evolving needs.

“Our team was faced with a significant migration project and we sought out an experienced partner to help us make the process seamless and be available as an extension of our internal team for support when needed. Thrive ended up being the partner we were looking for – and more.” ~ Christopher Dukes, VP of Information Technology, Aspen Surgical

How can Thrive help your business?

Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.

To learn more about our services and discuss how we can help you optimize the operations of your portfolio companies, please fill out the form below.

As portfolio companies harness digital technologies to drive growth and innovation, they become increasingly reliant on cloud computing and interconnected systems to streamline operations and enhance productivity. However, with these opportunities come inherent risks, including cyber threats such as data breaches, ransomware attacks, and insider threats, which can have profound implications for the financial performance and reputation of portfolio companies – and their private equity backers.

The convergence of cybersecurity and cloud security is particularly relevant for portfolio companies, as they operate within the broader ecosystem of their parent investment firms. Any cybersecurity breach or data compromise within a portfolio company can not only impact its own operations but also reverberate throughout the investment portfolio, affecting investor confidence, valuation, and long-term strategic objectives.

Not every cybersecurity attack is aimed at large corporations. Small and medium-sized businesses (SMBs) are actually becoming the main target for cybercriminals due to lower security efforts. So how can your SMB stay secure? This blog offers ten straightforward yet effective cybersecurity tips on everything your business should do to protect itself from threats.

Your SMB Is Constantly At Risk for Cyber Attacks

You’re a small business—isn’t antivirus software enough to protect you? Unfortunately, no. Every business is at risk of cyber attacks, but the risks are even greater for smaller businesses. More than 25% of SMBs are less likely to re-open following a cyber attack, and 17% of SMBs experience multiple attacks.

Without advanced, comprehensive protection and cybersecurity best practices, your SMB is at a higher risk of experiencing data breaches, ransomware attacks, and more.

The best defense against cyber attacks is a comprehensive and multi-layered approach to cybersecurity. Here are ten essential cybersecurity tips to keep your data safe and secure:

1. Perform a Detailed Risk Assessment

Start by conducting a thorough risk assessment to find which business aspects are most vulnerable. If you don’t have the resources to perform your assessment, hire a specialized IT company to help.

A risk assessment will help you identify where your sensitive data lives, how it can be breached, and which areas need immediate attention. Cybersecurity isn’t a one-size-fits-all approach, so you need a detailed assessment to develop a suitable cybersecurity strategy.

2. Prioritize Backups for Your Backups

41% of SMBs don’t have any data backup systems in place, and only a fraction of those with backups get them regularly tested. Not having proper backups leaves your business vulnerable, especially if they don’t work when they need to. Imagine losing all your critical data, and not having a backup to fall back on.

Ensure that you have multiple backups, including off-site and cloud backups. Regularly test your backups to ensure they are working correctly and can be easily restored in case of a cyber attack.

3. Implement Strong Passwords and Multi-Factor Authentication

Weak passwords are one of the most common cybersecurity vulnerabilities. Use a password manager to generate and store complex, unique passwords for all your accounts. Enable multi-factor authentication (MFA) on every account possible to add an extra layer of security.

4. Provide Proper Security Training for Employees

Your employees are often the first line of defense against cyber attacks. Educate them on cybersecurity tips and best practices, such as recognizing phishing emails and avoiding suspicious links or attachments. Regularly remind them to update their passwords and report any suspicious activity—there’s no such thing as “too much” when it comes to these reminders.

5. Always, Always, Always Update Your Tech

As soon as that notification pops up for a software update, update it. Outdated software is a top vulnerability for cyber attacks. Ensure all devices, applications, and systems are up to date with the latest security patches and versions, and be strict with your employees about updating their devices!

6. Secure Your Network, Systems, and Devices

Don’t leave your security up to chance—implement firewalls, anti-virus software, end-point monitoring and detection, DNS filtering, and other security tools to protect your network and devices. Cyber attacks can come from anywhere (even within your network) so secure every endpoint, including employee devices and remote access. And if these words sound overwhelming or like gibberish to you, reach out to an expert to get these security and encryption tools implemented for peace of mind.

7. Prioritize Data Encryption

Our biggest cybersecurity tip? Cyber attacks will happen if you’re not prepared. Encryption can help prevent any data from actually being stolen. Encrypt all your sensitive data, from financial information to communications to customer records. This way, even if a hacker gets in, they won’t have access to any usable data.

8. Avoid Public Networks

When you work for a smaller business, there’s a good chance you don’t have an “office.” Many SMB employees work remotely or use public networks to connect to the internet. However, public networks are prime targets for hackers. Whenever possible, use a secure and private network for work purposes or a VPN to encrypt your data.

9. Ask an MSP for Expert & Well-Rounded Advice

Managed service providers (MSPs) specialize in providing comprehensive IT services, including cybersecurity. They’re experts in the field and can help you develop a customized security plan that fits your SMB’s needs and budget.

10. Regularly Test Your System’s Security

The only way to keep your SMB constantly secure is consistent testing. Regularly scan for vulnerabilities, add penetration testing to your schedule, and always look for ways to improve your security posture.

Enlist Experienced Security Professionals From Thrive

Keeping your SMB secure with these cybersecurity tips is a never-ending task, but you don’t have to do it alone. Thrive’s team of experienced professionals stays up-to-date on the latest cyber threats and trends to keep our clients safe and sound. Learn more about cybersecurity risk assessments to see what your business needs to stay protected.

We use tools to defend against all sorts of disasters — seismic dampers for earthquakes, storm cellars for tornadoes, and reinforced concrete for hurricanes. So what tools can you invest in to defend against business disasters? We’ve narrowed down the top seven cybersecurity tools that every business should have in their arsenal for a proactive approach to cybersecurity.

Proactive vs. Reactive Cybersecurity

“Proactive cybersecurity” is more than just a buzzword. In contrast to reactive cybersecurity, which focuses on responding to threats after they’ve occurred, proactive cybersecurity is all about preventing those threats from happening in the first place. With the right proactive measures and cybersecurity tools, you’ll stay one step ahead of potential threats at all times.

A Reactive Approach Adds Unnecessary Risks

Cyberattacks and data breaches already cost the world $9.6 trillion in 2024. A reactive approach to cybersecurity only adds unnecessary risks that contribute to that cost:

• Severe Costs: A business’s average cost of cybercrime was $1.3 million in 2023.
• Brand & Reputation Damage: Cyberattacks and data breaches can significantly damage a company’s brand and reputation, leading to loss of customers and revenue.
• Legal Consequences: Companies may also face legal penalties and lawsuits for failing to adequately protect sensitive data.
• Data Held Ransom: Ransomware attacks have been on the rise, and a reactive approach leaves businesses vulnerable to having their data held hostage for large sums of money.
• Being Unprepared: A lack of proactive measures means businesses are caught off guard and may not have the necessary protocols, resources, or tools to mitigate and respond to an attack.

What Cybersecurity Tools Can You Enlist to Be More Proactive?

Here are seven proactive tools to take your business to the next level and protect your data, network, and systems.

1. The Cloud

The cloud is an essential cybersecurity tool for secure storage, data backup and recovery, and easy access to resources from anywhere. Additionally, a cloud-based approach also means regular updates and patches to keep your systems up-to-date and secure.

2. 24 Hour Monitoring

Proactive cybersecurity requires monitoring business systems and networks to identify potential threats and vulnerabilities. 24 hour security monitoring tools provide real-time threat intelligence and alerts, helping you stay ahead of potential attacks.

3. Regulatory Compliance

Complying with regulations such as HIPAA, GDPR, or CCPA also plays a critical role in proactive cybersecurity. There’s a reason these guidelines exist—to protect sensitive data and prevent cyberattacks. Complying with them means implementing necessary security measures and regularly assessing your business’s cybersecurity.

4. Managed IT Services

Managed IT services provide constant monitoring, maintenance, and support for your business’s systems and networks. This proactive approach means IT experts identify and address any potential issues before they become a full-blown cyberattack.

5. Endpoint Protection

Endpoint protection tools protect devices like laptops, tablets, and mobile phones from cyber threats. They can detect malicious activity and block it from accessing your network, making them an essential cybersecurity tool for a proactive approach.

6. Multi-Factor Authentication

Multi-factor authentication (MFA) adds an extra layer of security to account logins by requiring multiple forms of authentication. This proactive measure helps prevent unauthorized access to critical systems and data.

7. Employee Education

Employees are often the weakest link in cybersecurity. You can change that by providing thorough education on online safety and security. Regular training and education programs will help employees understand the importance of their role in proactive cybersecurity and how to identify and avoid potential threats.

The First Step: A Cybersecurity Risk Assessment

Cybersecurity tools are crucial for a proactive approach, but before you start investing in them left and right, you need to understand your business’s specific risks and vulnerabilities.

A cybersecurity risk assessment is the perfect first step — it pinpoints gaps in your current security measures, prepares you for future advancements, and recommends customized cybersecurity solutions tailored to your specific needs.

Upgrade Your Cybersecurity Management With Thrive

Thrive offers comprehensive and proactive cybersecurity solutions to protect your business from potential threats. From the initial risk assessments to the implementation of IT services, our professional team will equip your business with the necessary tools and strategies to stay ahead of the game. Learn more about our cybersecurity risk assessments — you won’t regret it.

Mortgage lenders, medical assistants, engineers, legal secretaries, benefits administrators, and HR generalists. What do these professions have in common? They all regularly handle sensitive information — and all require some form of email security

Whether it’s Personally Identifiable Information (PII) like a client or patient’s Social Security number, intellectual property like drawings of a proprietary product, or your company’s bank account details, failing to secure data transfers can have devastating consequences.

Email is like the Pony Express of today’s business world. It’s fast, convenient, and readily available. Create a new message, add the recipient’s address, attach that document or paste in that SSN, type a quick note, and click send, right?

The Truth About Email: Recent Security Statistics

It might surprise you to learn that email isn’t as secure as you might think. Just take a look at these stats from 2023:

• The average time for users to click on a malicious email link is under 60 seconds.
• Almost one-third of all incidents involved phishing.
• The average cost of a business email compromise (BEC) is $50,000.

Don’t Trust Inherent Email Security

You may log in to your email account with a password, but that does not cover proper email security. When an email is sent, it travels across a series of networks and servers to reach the recipient, often in human-readable text. During that time, hackers can intercept the data without detection. Ask yourself: would I send this sensitive information via U.S. Mail in a see-through envelope?

Besides the transmission, a copy of email messages is typically stored on your computer, your server, your server’s backup server (physical or in the cloud), the recipient’s computer, their server, their server’s backup… you get the idea. And unfortunately, one positive trait hackers boast is their patience. They enter networks through a hidden vulnerability and remain in the shadows for weeks, months, or years.

Even if you believe your network is sufficiently protected, you cannot control the quality and effectiveness of the recipient’s security measures. You’re only as strong as your weakest link.

Do Secure Your Email With Encryption Technology

Encryption is the process of converting a message into random characters that can only be decrypted and understood by an authorized party. Of course, this is nothing new — from ancient Rome to the armed forces in World War II, coded messages have been used as a secret form of communication throughout history.

When encryption is enabled for email, the sender’s message is diverted to a secured portal. The intended recipient is emailed a link to the portal where they create a login (username and password) from which they can then retrieve the message.

This does leave an obvious gap; if somebody else obtains the message about the secure portal before the recipient, they can quickly create the login and retrieve the message. However, this is still a big improvement over regular email security.

Don’t Rely On Basic Encryption

“Password protecting” a document à la Office 2003 doesn’t cut it anymore — nor does basic encryption. If they could figure it out in the 1940s, it wouldn’t take a sophisticated criminal to do it today. (Side note: if you haven’t seen the movie “The Imitation Game” about how the Brits broke the Nazi codes using Alan Turing’s machine, you’re missing out!)

Many email platforms, including Microsoft’s Office 365 or Google’s G Suite, offer an encryption option, usually at an added cost. The complex and ever-changing nature of internet security means it’s important to consult your IT people to verify the quality of a solution and its configuration.

Do Use File Transfer Tools Instead Of Email

The securest way to electronically transfer sensitive information is through a file-sharing program. Applications like ShareFile by Citrix offer a few different options for the private sharing of documents or data. This includes the Outlook add-on software that encrypts email messages with the click of a button. Here are a few other options:\

Dropbox

Dropbox is a commonly used file-sharing tool, especially among small businesses. You can set up a Dropbox account, upload files to it, and then tell Dropbox you authorize sharing files or folders with specific people.

Dropbox will notify those people via email, have them create their own account (if they don’t have one already), and allow them to view and download those files.

Dropbox, and tools like it, use Secure Sockets Layer (SSL) technology and Transport Layer Security (TLS) to create a secure “tunnel.” Consider this beefed-up encryption. SSL and TLS are considered best practices for most businesses.

Web Portals

Web portals are growing in popularity, and are especially useful in healthcare, financial services, and other industries with strict requirements like HIPAA.  An individual is given a username and password to access an organization’s portal. People can send messages and upload documents within the portal while logged in via a secure (https) connection.

Many businesses already have this capability with systems they already own, yet we find staff are still emailing sensitive stuff. As with so many things, it comes down to education and compliance. We’ve seen companies start including security practices as part of staff coaching, rewards, and performance evaluations.

Fax

If you can’t put one of the above options or proper email security in place, fax it. Faxing essentially encodes a picture of a document and transmits it on plain old telephone lines. For this and other reasons, it’s not as susceptible to snooping. It’s also not a focus for cybercriminals.

It has obvious downfalls that we don’t need to detail here (there’s a reason we all abandoned it), but it’s better than putting that “open envelope” out there.

Pro Business Security Tips to Step Up Your Game

Sometimes, it’s not enough to adopt just one method of security. Businesses need to implement multiple layers of protection to ensure the safety of sensitive information. Here are some extra precautions you can take to up your security game:

• Get Serious About Internet Security: For a solid start, you must first understand the problem. Keep reading and learning about the big challenges in cybersecurity. Make sure you can evaluate your internet security products and understand the vulnerabilities in each.
• Train Your Employees: The best technology in the world won’t help if your employees don’t understand the risks and how to avoid them. Ensure they receive regular training on internet security and handling sensitive information.
• Develop a Security Policy and Enforce It: Your policy should be specific, outline expectations for behavior, reference state and federal regulations, include disciplinary action measures, and be upheld.
• Limit Access: Review email server logs for signs of unauthorized access. Establish protocols to revoke access if an employee leaves or is terminated.
• Install Antivirus Software: It’s not a fail-safe, but it’s always a good idea.
• Check Email Security Protocols: It’s important to regularly check your security protocols and make sure they’re up to date. This includes encryption, spam filters, and firewalls.

Upgrade Your Email Security With Thrive

As technology advances, so do the methods of cybercriminals. At Thrive, we offer secure, advanced IT services to help businesses secure their data transfer and protect against cyber attacks. From email encryption to network security, our team of experts will handle it all! Protect your business properly by reaching out to our team today.

The odds are you regularly receive legitimate emails from utility companies, subscription services like Hulu or Netflix, delivery services like DoorDash or FedEx, and even your bank or auto insurance provider. Cyber attackers recognize these companies as a great way to sneak into your device or capture your personal information using phishing scams.

Or maybe the dreaded scenario came true for you and you clicked on a link or opened an attachment because it seemed innocent and interesting. As soon as you realize you made a mistake and failed to avoid a phishing attack, don’t panic! There are ways to recover.

What Is a Phishing Scam?

Phishing scams are cyber attacks designed to trick users into giving away sensitive information, such as login credentials or credit card numbers. These attacks often come in the form of emails or messages that appear to be from legitimate sources but are actually from cyber attackers. Phishing scams can also be carried out through phone calls, texts, or social media messages.

Cybercriminals have gotten smarter. They’re no longer emailing you from an obviously made-up business address to trick you into sharing private details. They’re using big-name, sophisticated brands to send out phishing messages. You likely open emails from trusted companies without thinking twice. Here are just a couple of examples:

• A text message from “USPS” with a link stating they need additional information or payment to deliver a package you’re expecting.
• An email from “Netflix” stating your account has been locked for suspicious activity and you need to click a link to verify your information.
• A phone call from someone claiming to be from your bank and asking for personal information to “verify” your account.
• A social media message from a friend’s account (which has actually been hacked) with a link to click for a free gift card.

I’m Caught. How Do I Recover From Being Phished?

If you’ve been caught in a phishing scam, it’s true—you’re on the “hook.”  But the good news is you can take immediate steps to remediate the damage. Whether you’re on your personal computer or one that’s work-issued, we recommend taking the following steps.

1. Disconnect Your Device From the Network

If you’re using a wired connection, unplug the cable from your computer immediately. If you’re on a wireless connection, open your network settings and disconnect from Wi-Fi. The sooner you disconnect from the internet, the better.

Without an internet connection, the cyber attacker will have a much shorter window of opportunity to access your device or personal information. Quickly disconnecting will also prevent malware from spreading to any other device on the same network.

2. Change Your Passwords

If you’ve clicked a compromised link and entered a username and password, your account is compromised. Go to the real site you know to be affiliated with that account and follow the steps to change your password.

If you’ve used the same password on any other site or for any other service—change it. Use best practices to set up your new password(s).

3. Run a Virus Scan

On your personal computer, make sure you have anti-virus software installed and updated.  Run a full scan of your system.  If your work-issued computer was involved in the phishing scam, contact your IT team as soon as possible (after you’ve disconnected from the network) so they can scan your device and the network for viruses.

4. Inform the Company

After you’ve done what you can to mitigate damage, reach out to the company that the phishing email appeared to come from.  Let them know what happened so they can investigate.  They’ll look into the breach, warn others of the potential for phishing attacks, and put protective measures in place to prevent future scams associated with their organization.

5. Beware of Identity Theft

If your personal information was accessed, you’ll want to monitor things like account activity and credit reporting. Do an internet search to determine what steps you should take based on the type of information that was stolen. For example, if your credit card number was compromised, contact your bank and request a new card with a different number.

6. Enlist an MSP for the Future

Now that you’ve recovered from being phished, it’s important to take preventative measures so you don’t fall victim again. Consider enlisting the help of a managed service provider (MSP) for your workplace network. MSPs can provide ongoing security monitoring and management, as well as educate you about the newest cyber threats and how to minimize risk.

7. Invest in Cybersecurity

In addition to having a trusted MSP, invest in cybersecurity services and training for yourself and your employees. Cybersecurity software can provide an extra layer of protection against phishing attacks, while employee security awareness training can help prevent these types of attacks from being successful.

How to Avoid the Hook in the First Place

No matter what technology you have in place to protect your computer and network, you are the last (and best) line of defense. It’s critical to exercise caution online.

• Don’t open attachments you aren’t expecting to receive.
• Don’t click on links unless you know, without a doubt, they’re legitimate.
• Hover over links to ensure the website matches with the official site of the business sending the message.
• Never give out personal information in response to an email or message.
• Regularly change your passwords and use strong, unique ones for every account.
• Stay up-to-date on the latest phishing scams and how to recognize them.
• Anytime you aren’t certain an email is legitimate or a link is secure, pick up the phone, call the sender, and verify it!

Interested in email awareness training for your organization? Thrive can help—contact us today!