In recent times, the ominous specter of ransomware has been haunting the digital world, with high-profile incidents sending shockwaves through businesses and organizations. Just last week, two such alarming events have dominated headlines in the cybersecurity world, the ransomware attacks on MGM Resorts and Caesars Entertainment, two giants in the hospitality and entertainment industry. These cyberattacks demonstrated the dire consequences of ransomware for well-known enterprises, and this article aims to shed light on the importance of using a Managed Service Providers (MSP) like SnyderOne to fortify your defenses against these digital extortionists.

For businesses, data loss, downtime, and the cost of ransom payments can be catastrophic, potentially leading to severe financial losses and reputational damage - and you may be at risk now.

You may think that cyber attacks only happen to large corporations. But unfortunately, that's not the case.

According to a recent report, almost two-thirds of small and medium-sized businesses (SMBs) suffered at least one cyber attack over the past year. That's a staggering number, and it should serve as a wake-up call for businesses everywhere.

But it gets worse.

More and more businesses are also experiencing repeat attacks, with 87% reporting at least two successful attacks over the past year. And on average, a company suffers almost five successful cyber incidents.

Terrifying. The question is, why are these attacks happening, and what can you do to prevent them?

Have you heard the saying, "A picture is worth a thousand words"? It seems cyber criminals have too, and they're using it to their advantage.

In a new twist on phishing campaigns, cyber criminals are luring victims to click on images rather than downloading malicious files or clicking suspicious links.

Let's dive into the warning signs, so you can keep your business safe from these sneaky attacks.

Update: This controversial image enhancement feature now seems to have been removed by Microsoft, following privacy concerns.

Don't be mistaken, we love Microsoft Edge (and think you will too), but lately, something has come to our attention that we wanted to share.

It's always a good idea to be aware of what your browser is doing behind the scenes. And there’s an Edge setting that you might be interested to learn about. It’s one that sends the images you view online to Microsoft.

While this might not seem like a big deal on the surface - it’s done to enhance the images - some business owners might be concerned about the privacy implications. After all, you never know who might be looking at your browsing history.

When you replace old computers or external drives, do you delete data and then just… get rid of them? You could be putting your sensitive data at risk. A new study by a data recovery specialist shows that millions of deleted files can be recovered from improperly wiped hard drives that are sold online.

It isn’t just buyers who can access your old files. Cyber criminals often buy used hard drives and attempt to recover data from them. This could include anything from confidential business information to client details. It’s easy to forget about old data when you’re excited about shiny new technology. However, it’s important to consider what’s on that old drive before selling it or disposing of it.

Even if the drive is encrypted, it’s still possible for data to be recovered. And if the drive is damaged, there’s a chance that some of the data is still salvageable. It’s better to be safe than sorry when it comes to sensitive information.

Think about it this way: Would you leave important documents lying around for anyone to see? Of course not! Your digital information deserves the same level of protection.

So what can you do to protect yourself?

Tired of endless notifications from your multi-factor authentication (MFA) app? Cyber criminals are exploiting this "MFA fatigue" to target your valuable business data. MFA adds an extra layer of security by requiring multiple identity verifications. However, attackers flood employees with constant MFA notifications, increasing the likelihood of someone authenticating a login attempt out of frustration or exhaustion.

You know those charging points you find in airports, hotels, cafés, and even shopping malls? They're super handy for boosting your phone or laptop battery on the go. But lately, they've been making headlines for all the wrong reasons. The FBI recently tweeted some advice, warning people to stop using these charging points. Apparently, some clever criminals have figured out how to take advantage of the USB ports and sneak malware onto your devices while they charge.

Now, you might be thinking, "Wait, is this 'juice jacking' thing for real?" Well, it used to be more of a theoretical concern, but the technology needed to pull off such an attack has become smaller, cheaper, and easier to use. As a result, even less tech-savvy criminals are getting in on the action.

Have you ever tried to buy tickets for a huge event and found that the seller’s website has collapsed under the weight of thousands of people all trying to do the same thing at the same time?

The ticket site falls over – usually temporarily – because the server is overloaded with traffic it doesn’t have the capacity for.

Criminal Distributed Denial of Service attacks – DDoS, for short – exploit the same principle. When a DDoS attack targets a business, it floods it with internet traffic in an attempt to overwhelm the system and force it to fail. This results in the business and its customers being unable to access services. That may trigger a temporary failure, or it could be more serious.

AI chatbots have become a dominant force in recent times, but beware, their rise has given cyber criminals the tools to create even more frightening scams. These malicious actors have discovered how AI can make their phishing attacks more insidious and terrifyingly effective.

Ironically, the phishing emails generated by a chatbot feel more human than ever before – which puts you and your people at greater risk of falling for a scam. So we all need to be even more careful.

The typical red flags that people are used to looking out for in suspicious emails, such as spelling and grammar errors, are now being eliminated by AI-powered phishing emails. The technology can even construct entire email threads that appear legitimate and trustworthy, making it even more difficult to distinguish between what's genuine and what's not.

To protect your home from an intruder you make sure your doors and windows are all locked and secured. You might go further: build a fence around the perimeter, perhaps even get an angry-looking dog to stand guard.

But there’s no point going to all that effort if someone’s already broken in and set up camp in the basement. Yet that’s the security policy of thousands of big businesses trying to protect their data from cyber criminals. They do many of the right things. They invest in security software. They take a strong, multi-layered approach to security – including all the things we recommend, like multi-factor authentication, encryption, reliable backup systems and staff training.

But they don’t pay enough attention to detection and response. That involves constantly scanning systems for any sign that a crook may have gained entry somewhere, and having a process to stop an attack in its tracks. A new study shows that only a third of businesses place detection as their main priority, while two thirds say prevention is their primary focus.

If you employ anyone aged between 16 and 19, you need to pay special attention to the cyber security training you’re giving your team. A new study has revealed that a host of worrying online behavior has become almost normalized among many young people. And much of this activity is illegal.

We’re not talking serious cyber crime such as ransomware attacks or stealing data; but one in three 16 to 19-year-olds have admitted to digital piracy; and a quarter have tracked or trolled someone online. Most of these behaviors may not directly affect your business. But some are so commonplace that too many young people view them as a part of everyday life.

That’s not something you want them bringing to work.

Another day, another scam. And this is a sneaky one. Cyber criminals are getting smarter. This recent malware threat is unusually smart. It impersonates a highly trusted brand name to get a foot in the door.

Targets receive a convincing looking email that appears to come from a widely used e-signature platform. Attached to the email is a blank image that’s loaded with empty svg files, which are carefully encoded inside an HTML file attachment (stay with us here).

In short, it’s very clever and it’s tricking its way past a lot of security software.

That puts businesses like yours at risk. Because code within the image sends people to a malicious URL.

With its huge dominance in the workplace, Microsoft’s Windows has become the prime target for cyber criminals. They’re looking to access your information, disrupt your business, or hold your data to ransom.

Tens of millions of attempted malware attacks were discovered throughout this year, and a massive 95% of those threats were targeted at Windows. The vast majority of attacks are unsuccessful, but those that do succeed can create havoc for the affected businesses. So you need to be sure that you’re taking all possible precautions to protect your business and your data.

Almost half of people with social media accounts have admitted to falling for shopping scams. So if members of your team are doing a little last minute Christmas shopping from work, how can you be sure your business is protected? New research shows that a massive 47% of people have clicked on links hoping to get a great deal, and instead ended up giving financial and personal details to cyber criminals.

That could mean they’re not only putting their own data and money at risk, but your device – and even your network – could be exposed, too. It’s not just shopping scams that are fooling people online. Phishing links have tricked 36% of people into revealing personal data. Phishing is where you get an email that seems to be from a person or brand you trust, but it’s not.

The same number have fallen for gift card scams – that’s where criminals gain victims’ trust and persuade them to buy gift cards or online vouchers. If an employee clicks a malicious link or downloads an infected file using their work device, the results for a business can be devastating. The risks go beyond the loss of data and reputation. The cost of downtime while you get going again is enough to put many people out of business for good.

Passkeys are set to take over

Passkeys are set to take over from traditional passwords to give us a safer, more secure way of logging into our online accounts.

That will be a major step forward for online security, and it’s gathering pace quickly with more and more big names adopting the technology. So how long will it be before we finally wave goodbye to the password?

This new tech has long been supported by the FIDO alliance – an organization of big tech companies including Apple, Google, and Microsoft – in the hope that it could eventually kill off passwords completely. These megabrands are already rolling out passkeys on some of their applications. But now some of the big names in password management software are getting in on the act, too, which is likely to speed things up even further.

While Windows 11 is only just celebrating its first birthday, we’re already hearing our first rumors about what Windows 12 will have in store. There’s no rush for the time being – we won’t see this new operating system until the back end of 2024 – but we love to be ready for what’s coming next, so here’s what we know so far...

Details are sketchy and as usual; Microsoft is being coy about what it’s planning. But we’ve been digging into how it could look. And it’s… different! If our research is correct, we’ll see a floating taskbar dock and a search bar taking top-center position. The widgets panel and Action Centre will move to the top of the screen instead of the bottom.

Microsoft Teams has fast become one of THE most useful business tools for the way we work today. No matter where your people work from, they can communicate and collaborate quickly and reliably. But this remote way of working can also open the door to some major security issues.

New research shows that nearly half of employees frequently share confidential and sensitive files via Teams. That can be a big problem if employees are using personal equipment rather than company issued kit… it's simply not as secure as work devices.

More than half of people surveyed say they’ve shared ‘business critical’ information using personal devices. Worse still, 48% admitted they’ve accidentally sent files they shouldn’t have – possibly to the wrong person!

So how can you be sure that your people are using Teams in the safest, most secure way?

When you think about tools for remote working and chatting online, one of the first names in your mind is Zoom. But its popularity has opened the door for cyber criminals. They’re using its name to steal sensitive data.

Researchers have discovered at least six convincing-looking download sites. They’re not the real thing. They’re designed to tempt you into downloading FAKE Zoom software, containing ‘info stealers’ and other forms of malware (malicious software).

Accidentally use one of these sites thinking that you’re downloading a Zoom update… and you risk having sensitive data stolen. Possibly your banking info, passwords, or browser history. Some can even steal your multi-factor authentication details. That could give cyber criminals access to your most sensitive data.

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.

The password isn’t nearly as secure as it used to be. Hackers have begun to take advantage of extremely powerful solutions designed to brute force their way into accounts by using software to rapidly guessing thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them.

What’s the best way to guarantee that passwords aren’t going to be the downfall of your company? A great start is by taking a close look at password best practices and two-factor authentication.