These days, most organizations provide their employees with company laptops and other devices to complete their work. This is especially true amid the Coronavirus pandemic and the new work-from-home culture.

We’re all guilty of occasionally having personal matters on our mind during work and possibly attempting to take care of those matters. We also might be guilty of opening a new tab and signing into social networks like Facebook or Twitter on our work devices to take a break from work-related matters.

However, intermixing your personal and professional lives via a work computer or other device is not only risky for you, but for your company as well and should be avoided. Here are four things you should stop doing on your work computer:

1. Don’t Access Free, Public Wi-Fi

When working remotely, it can be tempting to connect to free, public Wi-Fi to get your work done. With the urgency that some jobs possess, these access points can be a godsend. However, free, public Wi-Fi comes with risks that most truly don’t understand.

The fact that free, public Wi-Fi requires no authentication to gain a connection to a network is convenient for consumers but is also desirable and convenient for hackers. Hackers can easily gain access to unsecured devices on the same free network. With a hacker having access to your device, they now potentially have access to your card information, confidential emails or files, security credentials to personal accounts, or even to your business network.

When you need a connection in public, it’s safer to use mobile data, especially when working with sensitive data or material.

2. Don’t Store Personal Data

Sure, no one ever plans to get fired or for the company they work for to go out of business, but sometimes it happens. In those situations, people are let go without a chance to get any data off of their company computer. This is strictly business and done to protect sensitive business data that you may or may not have access to. With that being said, it’s a good rule of thumb to keep personal data off of your work computer or device in the unfortunate event that you may not get it back. Data you put on a work computer is the business’s data, plain and simple.

3. Don’t Make Indecent Jokes on Messaging Software

It’s safe to assume that the company you work for uses some type of messaging platform, like Microsoft Teams or Slack, to make for efficient day-to-day work communication and collaboration. This is especially prevalent throughout organizations during the Coronavirus pandemic where businesses are working from home and need to effectively communicate with their team. Even though you have the option to privately message one of your team members, remember that it is company data and not necessarily private.

It’s easy to use these platforms as if you were in the office break room shooting the bull and having a gossip session, but remember that these messages are just as retrievable as emails. It’s important to be very intentional about what you say and don’t say in these chats. Also, remember to keep sensitive information like credentials and any other data you wouldn’t want a cybercriminal to get ahold of out of these chat rooms.

4. Don’t Save Personal Passwords

We’ve touched on how many people will access their non-work-related accounts using their work computers from time to time. It’s easy to do when your work computer or device goes with you everywhere and becomes your primary computer over your personal computer. However, you are not only exposing yourself to the risk of sharing your personal data with the IT team but hackers as well. It might seem desirable and convenient to click ‘save password to keychain’ but trust us; it’s a bigger risk than you think.

In conclusion, it’s important to be smart and use common sense when working on your company devices. Avoid free, public Wi-Fi to ensure your sensitive information stays secure and out of cybercriminals’ hands. Keep personal data off of your work computer and make sure you aren’t saying anything inappropriate or sending sensitive information over business chat rooms. Lastly, avoid saving your personal account passwords to your work computer or device. Following these four tips could save you a lot of trouble down the road.


Cybersecurity threats are continuing to increase not just in prevalence but severity and sophistication. The evolution of cybersecurity, along with changing regulations, give rise to confusion, challenges and sometimes cybersecurity myths. The last thing any business needs is a swarm of myths and misunderstandings feeding common and frequent errors that businesses of all sizes make in safeguarding data and infrastructure. Take a look at some of the most common cybersecurity myths and their busts:

Myth: Cybersecurity is a huge financial investment.

Bust: Many efforts to protect your data require little or no financial investment.

Small efforts that cost $0 such as practicing good password security, keeping your systems up-to-date, and being overly suspicious of online material can play the biggest part in securing your systems and data. Since most data breaches are caused by human error, making these small, free changes are one of the first steps you should take to practicing better cybersecurity.

Myth: Cybersecurity is the IT guy’s problem.

Bust: Cybersecurity is everyone’s responsibility.

As a business owner/operator, it is your duty to make sure your staff (not just IT staff) is properly educated and practicing good cybersecurity. In a functioning business, your company is only as strong as its weakest link. Implementing cybersecurity training for your employees will only strengthen your security and allow you to have confidence that your employees are practicing the best cybersecurity possible.

Myth: Cybercriminals aren’t interested in small to medium-sized businesses (SMBs.)

Bust: Cybercriminals frequently target SMBs because they assume their systems are less secure than large businesses.

This myth can be particularly dangerous because it makes SMBs believe that if there’s no risk of a cyber-attack, then there’s no reason to take measures to prevent it. In reality, 43% of cyber-attacks target small businesses, and 60% of those victims will go out of business within six months after an attack. It’s important for SMB owners to get rid of the “it’ll never happen to me” mindset. Increasing statistics show that these businesses are, in fact, a large target for cybercriminals.

Myth: Antivirus protection will protect my business from cybercriminals.

Bust: Anyone who is connected to the Internet is a target for cybercriminals.

It’s easy to assume that if you have antivirus, you’re safe from cybercriminals. At least that’s what antivirus advertisements have made people believe. In the 90s, solely relying on antivirus to combat cybercrime was an adequate method of security. However, in this day and age, cybercrime threats are much more evolved, so relying only on antivirus as a security solution won’t necessarily protect you from these attacks.

Don’t get me wrong, antivirus still plays an important role in endpoint protection strategy. It is completely necessary. Just make sure it isn’t the only cybersecurity measure you’re taking.

Myth: If it happens to us, we’ll recover.

Bust: The majority of SMBs that suffer a breach go out of business after six months.

Remember that statistic we mentioned earlier about 60% of SMBs go out of business six months after a cyber attack? Well, it’s a fact and something you shouldn’t take lightly. SMBs hear about data breaches in the news, and for the most part, they see those larger companies recover and move on with their business. However, those huge losses don’t compare to what a data breach could mean for a small business.

According to AppRiver, the average data breach for an SMB is $149,000, which in some cases can be the entire value of the company. The truth of the matter is, data breaches can destroy SMBs.

Myth: Cyber threats only come from the outside.

Bust: Insider threats are just as common and more difficult to detect.

While outsider threats are certainly a concern and should be monitored extensively, insider threats are just as dangerous and should be watched just as closely. In fact, studies show that insider threats can account for up to 75% of data breaches. These threats can come from anyone on the inside of the company, from an angry employee looking for revenge, to a perfectly fine employee who isn’t properly trained in cybersecurity. It’s essential to have a system in place to combat and monitor insider threats. Breaking down these misconceptions throughout your organization can help you combat cyber-attacks and become resilient against potential threats.


It’s safe to say we are all aware of the many security measures our businesses should have in place to defend against cyber-attacks. We also understand that this is something we must invest both time and money into if we want to remain secure. So, we know what we’re supposed to do before a potential breach, but what happens after the fact?

This is where cyber liability insurance comes into play. Today, cyber liability insurance is a necessity to protect businesses, their clientele and reputation.

What is Cyber Liability Insurance?

Cyber liability insurance is an essential tool businesses can use to prevent financial disaster. It is designed to cover your business’ liability in the event of a data breach or other cyber-attacks involving sensitive customer information such as social security numbers, financial information, driver’s license numbers and health records. This could happen in an event as simple as having a laptop stolen.

Who Should Have It?

In short, any business that stores sensitive data in the cloud or on any electronic device should have cyber liability insurance. Usually, a general liability insurance policy will include basic cyber liability coverage. However, businesses that store personally identifiable information (PII) for employees or customers should have stand-alone or optimized cyber liability insurance. PII includes any data that can be used to identify a particular individual, such as name, date of birth, email address, social security number, credit card number or bank account number.

What Does it Cover?

Cyber liability coverage can vary based on which insurer you’re purchasing the insurance from. The reason is that there’s no such thing as standard when it comes to cyber liability insurance. Insurers have started offering cyber coverage only within the last couple of decades. Most insurers offer two types of coverage within a cyber liability policy:

First-party Coverage

This coverage pays for immediate expenses that a company incurs after a data breach. This could include:

  • IT forensics
  • Crisis media relations
  • Notification costs
  • Credit monitoring costs
  • Breach redemption costs
  • Cyber business interruption
  • Digital asset damage
  • System failure
  • Fraud
  • Telephone hacking
  • Reputational harm
  • Dependent business interruption
  • Social engineering (Not all cyber liability policies cover social engineering. This may come with a smaller coverage limit, or could be an optional add-on)
  • Cybercrime
  • Client phishing fraud
  • Business interruption waiting period
  • Cyber extortion/ransomware

Third-party Coverage

This covers damages if a business’ customers or partners are affected by the cyber-attack and can help the company defend against lawsuits and legal claims. This could include:

  • Cyber/privacy liability
  • Media liability
  • Regulatory defense
  • Regulatory fines
  • PCI fines/penalties
  • PCI assessments
  • Management liability
  • Defense outside the limits
  • Contractual liability

On top of first and third-party coverage, some insurance companies can also provide risk mitigation services to help you identify and combat cyber threats before they happen.

Conclusion

Cyber liability coverage is still very much an evolving area of insurance. Since insurance companies are still relatively new to this area, there isn’t always a lot of clarity around what cyber liability insurance covers and doesn’t. That’s why it’s essential to read through your entire policy before committing, preferably with the guidance of an insurance professional or broker. With the right cyber liability policy, you can avoid the financial and reputational harm to your brand that could result from a data breach or other cyber attack.

Why Choose Us?

Cyber Security Insurance Group was founded to accomplish a single mission: to provide Texas businesses with the proper insurance coverage to protect them against cybercrime. Our founders have combined 20+ years in the Information Technology field and 20+ years in the Insurance industry to ensure our clients are quoted the correct policy based on their unique technical environments. We will help you understand your business’s technology white will allow for proper insurance coverage.

Cyber liability insurance is hard enough to understand. Don’t leave your business’s cyber protection to just any insurance agency. Cyber Security Insurance Group performs a thorough technical risk questionnaire with each client to ensure their policy will contain the proper coverage. We help our clients fully understand today’s cyber threats, their network’s resilience to those threats and how to obtain the necessary insurance coverage to protect their company in the event of a cyber-attack. Contact us today for more information on costs and coverage.


Phishing emails are sent out to unsuspecting individuals all across the world every day. While some of these emails can be easily identified as a scam, others can be quite believable. So, how exactly do you distinguish a legitimate email from a phishing attempt? Unfortunately, there’s not one single method. However, there are many things you can look for in a suspicious email to better guess if it is real or not. Being able to spot a phishing email will better keep you safe from a potential cyber attack. Here’s what to look for:

1. Check the Sender

Always check to see whom the email is from. This can be one of the most telling aspects of a phishing email because phishing emails come from illegitimate senders pretending to be someone else. Ask yourself these questions:

  • Is this someone you normally communicate with? If not, is what they’re asking for unrelated to your job responsibilities?
  • If it looks like the sender is someone from your organization or someone you normally communicate with, is their behavior unusual or different than how they normally present themselves?
  • Is the sender’s domain (person@gmail.com) suspicious? The domain shows where the email is coming from and is usually the company’s website (ex: amazon.com). Therefore, a legitimate sender will likely have a legitimate company domain (ex: janedoe@amazon.com). Here is an example of how a cybercriminal can try to spoof a domain: Legitimate sender – order-update@amazon.com vs. phishing sender – order-update-amazon@gmail.com. Since Gmail is a personal email service, amazon wouldn’t use Gmail to send emails to their customers. Cybercriminals will also try to trick you by misspelling a contacts email hoping you’ll miss it: Legitimate sender – Stephanierodriguez@yahoo.com vs. phishing sender – stephanierodrigeuz@yahoo.com

2. Check the Recipient

Most people don’t think to check ‘To:’ on an email when suspecting a scam. However, it can help detect a phishing attempt. Ask yourself this:

  • If the email was sent to multiple recipients, do I personally know these people?
  • Was this email sent to an unusual group of people? For instance, even if the recipients are part of your organization, is it a group of people from different departments or a group of people whose last name starts with the same letter?

3. Check the Links

Checking the links is the most essential aspect of detecting a phishing email. Oftentimes the link in a phishing email will appear to be perfectly valid due to cybercriminals changing the text of the link to make it look less suspicious. However, if you hover your mouse over these links (on a desktop) or press and hold the link (on smartphones), you can view the actual hyperlinked address before clicking and landing. So, ask yourself these questions:

  • Is the displayed hyperlink different from the actual landing address? This is a big warning sign.
  • Is the hyperlink a misspelled, known website? (www.bankotamerica vs. www.bankofamerica). At first glance, the ‘t’ could be mistaken for the ‘f’ in the legit URL.
  • Did the email you received have a long hyperlink with no further information?

4. Check the Attachments

Like hyperlinks, attachments can contain malicious landings. Ask yourself these questions next time you receive a suspicious email that contains an attachment:

  • Did the sender send an email with an attachment that I wasn’t expecting or doesn’t relate to the message?
  • Does the attachment contain a dangerous file type? The only file type that is always safe to click on is a .txt file.

5. Check the Date and Time

Always check to see when the email was sent to you. Ask yourself this:

  • Was a business-related email sent to me long after business hours? Receiving an email at 3 am is a little suspicious, don’t you think?

6. Check the Content

There are many different things to look for in the content of the email to detect if it is a scam or not. Here is what you should ask yourself:

  • Is the email unexpected or out of the ordinary?
  • Does the email contain bad grammar and/or spelling errors? Whenever a company sends out an email, it is usually checked for spelling, grammar, punctuation and usage errors to remain professional and reputable. If there are many errors, or the entire message is oddly formatted, it is likely a scam.
  • Does the message ask for personal information? No matter how official an email looks, it is always a clear warning if someone asks for your personal information via email. Also, be skeptical of links asking you to confirm personal information within the emails. A legitimate company will take necessary, secure measures to ensure your data is safely transferred IF your personal information is needed.
  • Is the offer too good to be true? We all know the saying “If it’s too good to be true, it probably is.” Cybercriminals love to lure victims in with offers they can’t resist.
  • Does the message make unrealistic threats? Some cybercriminals try to trick you to give up personal or sensitive information, while others try to intimidate you. If you receive an email telling you to act on something urgently OR ELSE, this is likely a scam.
  • Do you have a bad gut feeling about the message? Is this email just plain weird or out of the ordinary? Trust your gut. Delete it and move on.

90% of cyber attacks start with a phishing email and phishing is the number one cause of data breaches. If you’re an employer, how confident are you in your employees? Do you trust they won’t fall for a phishing attempt? You’re only as strong as your weakest link. Make sure there are no broken links in your cybersecurity chain because it only takes one employee falling for a phishing attempt to send your business into a downward spiral.

Call us today to schedule a free, (yes, this is legit!) cybersecurity briefing that includes a vulnerability scan of your IT network, a dark web scan for compromised business passwords and a one-time phishing email test. We will provide our findings to you through a results report and review, which will guide you to the next step: action. Secure your Houston business by contacting us today.


In our advancing society, technology is inevitably moving to the cloud. Almost everything in the digital world is connected to the cloud in some way or another. Over the last two decades, traditional software models have been pushed to the side to make room for cloud solutions. Looking ahead, the sky is the limit for cloud computing and the businesses that take advantage of it.

What is Cloud Computing?

In simple terms, could computing is the storing and on-demand access to data and programs over the Internet instead of your computer’s hard drive. Cloud computing allows you to access your data and programs outside of your computing environment, freeing up the memory and computing power of individual computers. Rather than storing your data and software on your personal computer or server, it is stored in ‘the cloud’. This creates a flexible and global way of accessing your data at any time, in any place.

Cloud computing is a more efficient way of delivering computing resources. With cloud computing, software and service environments are subscription-based where users pay a monthly fee instead of buying licenses. Software and platforms are managed by the providers and are constantly updated for maximum performance and security. Computing power is remote instead of centralized, so users can scale up or down depending on the business fluctuation. Multiple people can access a shared program or file and collaborate in real-time from different locations.

Now that you know more about the cloud, let’s talk about what really matters: how the cloud can benefit your business.

1.) Increased Productivity

One of the biggest benefits of migrating to the cloud is that it will increase and improve employee productivity among your organization. With more reliability, scalability and consistency; and less downtime and IT workload, employee productivity is sure to improve.

2.) Reduced IT Costs

Switching to cloud computing could greatly reduce the cost over time of managing and maintaining your IT systems. Rather than purchasing expensive systems and equipment for your business, you can decrease your costs by utilizing the resources of a cloud computing service provider. Your operating costs could decrease because of:

  • Costs of system upgrades, new hardware and software may be included in your contract.
  • Cloud hosting software requires you to purchase minimal networking equipment in your office.
  • You no longer will need to pay for expert IT staff.
  • Your energy consumption costs may be reduced.
  • There is less IT downtime.

3.) Data Security and Protection

A major concern for every business, regardless of industry and size, is the security of its data. Breaches and other cyber-attacks can devastate a company’s revenue, customer loyalty and brand position. The cloud offers multiple security features that guarantee your data is securely stored and handled. Cloud computing providers implement baseline protections for their platforms and the data they process, such as authentication, access control and encryption. From there, most providers enhance these protections with added security measures of their own to boost data protection and tighten access to sensitive information in the cloud.

4.) Disaster Recovery

Going hand-in-hand with data security, data loss is a major concern for all organizations. However, one of the greatest benefits of cloud computing is the guarantee that your data is always available, even if your devices/computers are damaged. Cloud-based services provide speedy data recovery for all types of emergencies — from natural disasters to power outages.

5.) Scalability

Different companies have different IT requirements; a large enterprise of 1,000+ employees won’t have the same IT needs as a small company of 50-100 employees. Cloud computing is a great IT solution because you can quickly and efficiently scale up/down your operation and storage needs to suit your business’s situation, allowing flexibility as your business needs change.

6.) Flexibility

In light of the Coronavirus pandemic, we have seen many businesses shift to working from home. For many organizations, this was only possible because of the cloud. When you migrate to the cloud, your data becomes remote. With your data remote, it allows you to work virtually anywhere, as long as you have an Internet connection. This can also allow for a better work-life balance for your employees.

7.) Simple Switch

The switch to cloud computing is far simpler than most would think. While the cloud may seem complicated, installing a brand new local server is quick and easy, just ask us! If you’re considering migrating to the cloud, call Elevated Tech today and we’ll help you seamlessly make the switch. Save yourself the time, money and resources and put your business on the cloud.


Just like your home, your digital space can become cluttered and disorganized. For small to medium-sized business (SMB) owners and individuals, a digital detox can do wonders for you and your business. Not only can a good digital spring cleaning improve speed and performance, but it will also help keep your system secure and help combat cyber-attacks. Grab your digital broom and let’s get to work. Don’t forget those hard-to-reach places!

Sweep your Website

  • Declutter your plug-ins and software. Delete the ones you don’t need to mitigate your website’s security risks. Make sure the ones you keep are up-to-date and regularly monitored and updated.
  • Back-up your website files and database to ensure you don’t lose important data in the event of a cyber-attack or other security incident.
  • Automate your website security efforts. Your site should be regularly monitored for malware and other viruses.

Clean your Machines

  • Update software, programs and apps. Having the latest updates, security software, web browsers and operating system is the most fool-proof way to keep devices secure and protect your data.
  • Back-up your systems, devices and files (especially important data you can’t live without!) Even better: Enable automated back-ups to ensure your data is constantly secure.
  • Delete software, apps and services you no longer use. These programs are just risking your security, wasting space and likely wasting money if you never use them.
  • Clean out your contacts. When was the last time you did business with this person or talked with them? This can also be a great reminder of valuable contacts you should reach out to and could potentially bring you more business.

Freshen Up Your Cybersecurity

  • Review your company’s cybersecurity policies and practices, ensuring they are up-to-date and that every employee is educated.
  • Implement annual cybersecurity training for your employees if you don’t already. Since your employees are your first line of defense against cyber-attacks, it’s crucial to make sure they are following cybersecurity best practices.
  • Spruce up your passwords. Make sure you’re using a unique, complex password or passphrase across your accounts. Always use multi-factor authentication when available and implement a password manager that quickly generates strong passwords, manages your saved logins and more.
  • Tune-up web browsers by checking browser settings and clearing out old data like saved passwords.

Clean Up Your Online Presence

  • Remove social media accounts you no longer use. Also, delete any old and/or unnecessary posts or photos.
  • Review privacy and location settings on accounts you continue to use. You should do this for both personal and business accounts.
  • If you’re a business owner, review and limit who has administrative access to your company accounts. Grant access only to employees who need access to complete their job duties.

Purge Digital Files

  • Clean up your email inbox. Create some new folders and rigorously go through your inbox. If the email is urgent, handle it now and file. If it’s not urgent, schedule it and/or file. If it’s unimportant, delete it! Make sure you delete your trash folder.
  • Unsubscribe. How many newsletters are you subscribed to that you never read? My best guess is TOO many. It’s time to unsubscribe and lighten your inbox load.
  • Clean up documents. While this might take longer than other tasks, it’s well worth it. Create appropriate folders to keep your files organized. Finally taking care of your file-scattered desktop will make your digital life easier.

Move to the Cloud

Migrating to the cloud is one of the best ways to keep your company organized, efficient and productive. Not only does our cloud-based system enhance the flexibility of your Houston business, but it provides built-in data security and data protection as well. More than providing unrestricted business operations, our cloud hosting software requires you to purchase minimal networking equipment in your office.

Allow us to give you a simple solution to storing and accessing important company applications and information while keeping the technology up to date so your business increases its success! With so many benefits, switching to the cloud is a no-brainer. Contact us today to make the switch!


A few weeks ago in part one of our social engineering series, we went over what social engineering is and common attack techniques that the everyday worker could come across.

Here’s a little refresher: Social engineering is the act of manipulation or influence that lures a potential victim into revealing confidential information such as a social security number, account information, credit card details or building access codes. Social engineering is a type of cyber-attack that works to get the better of people through deception and trickery rather than technological methods. These specific attacks take advantage of human vulnerabilities such as emotion, trust or habit to persuade individuals to take action such as clicking a malicious link or visiting a fake website. Some common types of social engineering attacks are phishing, pretexting and tailgating.

 However, knowing what social engineering is is only half the battle of preventing these attacks: You must know how to defend yourself from these tricky cybercriminals. Lucky for you, we have come up with 10 tips to avoid becoming a victim to a social engineering attack:

1. Know how to spot fake emails. An email is likely malicious if it:

  • requests confirmation of personal or financial information with high urgency.
  • requests quick action by threatening the user with frightening information.
  • is sent by unknown senders or a suspicious domain.
  • is out of the ordinary or has bad grammar and/or spelling errors.
  • contains an attachment or link that you weren’t expecting and/or doesn’t make sense in relation to message.
  • has a link that has a different landing URL than displayed in the email

2. Never reveal personal or financial information via phone, email or on unsecure websites.

3. Be sure to make online transactions only on websites that use the https protocol. 

4. Beware of emails that ask the user to contact a specific phone number to update user information.

5. If it sounds too good to be true, it probably is.

6. Beware of links to websites that request personal information, even if the email appears to come from a legitimate source. Phishing websites are often exact replicas of legitimate websites.

7. Avoid pop-ups; never enter personal information in a pop-up screen or click on it.

8. Implement proper defense systems such as spam filters, anti-virus software and a firewall.

9. Keep all systems, programs and apps updated.

10. If you’re a social network user, it’s essential to trust no one and reveal only a limited amount of information. Never post personal information, such as a vacation schedule and home photos. Keep your profiles/accounts private and don’t accept friend requests from strangers. Cybercriminals can use your public information to manipulate you in their next cyber-attack.

Social engineering is everywhere, online and offline. Your best defense against these kinds of attacks is to educate yourself so that you’re aware of the risks. When it comes to your business, you’re only as strong as your weakest link. It only takes one employee clicking on a malicious link to send your business into a downward spiral. This is why it’s so important to make sure you and your employees are properly educated in and practicing basic cybersecurity. At Elevated Tech, we provide extensive cybersecurity awareness training that will educate your staff on the best cybersecurity practices to keep your chain stronger than ever. Contact us today to learn more!


You’re probably already aware that the government will be sending out stimulus checks as a part of the federal response to Coronavirus relief efforts. Cybercriminals have also heard the news and haven’t missed a beat in attempting to do what they do best: steal sensitive information from vulnerable individuals.

Scammers are opportunists when there is a highly publicized event such as the Coronavirus pandemic. They use fear, concern and uncertainty during this crisis to lure their victims into revealing sensitive information. These malicious actors have already found ways to take advantage of innocent individuals during this pandemic but now have a new twist: leveraging the high demand and confusion surrounding who qualifies for the check and how much money will be received.

These relief checks haven’t gone out yet, but the Federal Trade Commission has already received an abundance of complaints about fraud and other sketchy attempts relating to the check.

Consumers should be on the lookout for requests for personal or financial information, any offer to apply for the program or any grant offers related to the stimulus program. Organizations like the IRS don’t call you, text you or send you emails, so if you receive a message from someone claiming to be from the government with your relief check, don’t fall for it. Don’t give any of your personal information away via text, phone or email.

On April 6th, the IRS stated, “The distribution of economic impact payments will begin in the next three weeks and will be distributed automatically, with no action required for most people.” As long as you filed taxes for 2018 and/or 2019, the government likely has the information it needs to send you your check. The same goes for Social Security recipients. “Social Security beneficiaries who are not typically required to file tax returns will not need to file to receive a payment. Instead, payments will be automatically deposited into their bank accounts.” For official updates and more information regarding stimulus checks, click here.

These scammers will continue using these phishing attempts during this pandemic to gain your information and use it to their advantage. It’s important to know what to look out for, especially at a dire time like this.


With the continual spread of COVID-19, global health, society and many institutions are largely affected and disrupted. Another hidden threat that most aren’t aware of is right under your fingertips: the risk of cyber-attacks that prey on our increased dependence on the Internet and other digital tools during this crisis.

During this widespread of a pandemic, reliance on digital communication multiplies. The Internet has instantly become the passage for effective human interaction and the way we work, contact and support one another. With most businesses and public-sector organizations enforcing “work from home” procedures and public officials urging individuals to stay at home, society is forced to be almost completely reliant on digital means for work, communication, shopping, etc.

Hackers have wasted no time figuring out how to exploit this pandemic. These cybercriminals are extremely creative in devising new methods to manipulate users and technology to access passwords, networks and data. They use fear, concern and uncertainty during this pandemic to lure their victims into revealing information.

 In today’s unprecedented circumstance, a cyber-attack that deprives organizations or families of access to their devices, data or the Internet could be devastating and irreparable.

Just as the COVID-19 pandemic requires us to change our social habits and routines to reduce infection rates, a change in our online behavior can help maintain high levels of cybersecurity. Here are our biggest tips for practicing good digital hygiene to combat cyber-attacks during this crisis:

Good Digital Hygiene

In addition to washing your hands after every physical contact and keeping frequently touched items disinfected to prevent the spread of COVID-19, take the time to review your digital hygiene habits. Both physical hygiene and cyber hygiene will help fight against viruses.

  • Make sure you’re using strong, unique passwords not only for your computer, devices and online accounts, but your home Wi-Fi. When working from home, you likely don’t have the same security defenses that your office has. It’s important to make sure your home network is secure.
  • With that being said, make sure system firewalls are active on your router. Your firewall establishes a barrier between a trusted internal network and an untrusted external network and will determine what can pass through. It’s important to make sure that it is correctly configured and turned on at all times.
  • Use a reliable VPN at all times
  • Always be on the lookout for phishing emails. Many cybercriminals are leveraging this pandemic by sending links to fake coronavirus websites or charities advertising relevant information to distribute malware. Don’t be fooled and know what to look out for:
    • Look for poor grammar, punctuation mistakes or typos.
    • Be extra cautious if the email tone is urgent.
    • Be extra cautious if you weren’t expecting an email or attachment.
    • Hover your mouse over a sent link to check if it directs to the right website.
    • Make sure you know the sender of the email. Verify the sender’s domain with another email you’ve received from them in the past.
  • Be sure to update your system, software and applications regularly to patch any weaknesses that may be exploited.
  • Review privacy and security settings on your apps, accounts and social media.
  • Back up your data frequently. If you’re doing regular back-ups, the repercussions of a cyber-attack aren’t likely to be irreparable; you may lose some data, but you won’t have lost everything!

Digital viruses spread much like physical ones; your potential mistakes online could very well contaminate others in your organization, your contact list or the broader community. Everyone’s individual behavior is instrumental in preventing the spread of dangerous infections both online and in the physical world.


Defining Social Engineering

Social engineering is the act of manipulation or influence that lures a potential victim into revealing confidential information such as a social security number, account information, credit card details or building access codes. Social engineering is a type of cyber-attack that works to get the better of people through deception and trickery rather than technological methods. These specific attacks take advantage of human vulnerabilities such as emotion, trust or habit to persuade individuals to take action such as clicking a malicious link or visiting a fake website. Social engineering can have extreme consequences and can potentially be the cybercriminal’s foot in the door for an attack.

How Social Engineering Works

In contrast to viruses that rely on hacking techniques or malicious code to gain access, social engineering depends on human psychology. If an attacker is successful in manipulating their victim, they can gain access to data, systems and even buildings. For example, instead of spending months working on a new malware strain, cybercriminals will focus their efforts on deceiving employees to reveal their password over the phone by posing as an IT support specialist. If they say the right things to the right person, they could be on the network in an instant.

Your network security and staff are only as strong as their weakest link. Cybercriminals use many different psychological techniques to help them find this weakest link.

Common Attack Techniques

Phishing Attacks – Phishing is a technique in which a target is contacted by a form of communication (email, phone, text message, etc.) posing as a legit organization or company to lure the victim into revealing sensitive data. The most common form of phishing is done by email. A cybercriminal will send emails to a broad audience that either spoof a legitimate email address or contain what looks like authentic company information to manipulate individuals to reveal passwords and other personal data.

Spear Phishing – While phishing techniques target a large number of recipients, spear phishing focuses on a specific organization or individual. For example, attackers may spoof the CEO’s email address and send an email to a member of the finance team authorizing a payment to be made. Just take Barbara Corcoran for example. She recently lost $388,700 after her bookkeeper revealed account information in response to an email she received with an invoice and charge approval that appeared to be from Barbara’s assistant.

Pretexting – Pretexting is possibly one of the most common forms of social engineering right now. This technique attempts to extract sensitive information by building trust over time. The attacker will create a believable, but a completely fabricated, pretext to lay some groundwork and break down a victim’s defenses over time. 

For example, they call a target and pretend to require certain information to activate a new system account or verify their identity. The more sophisticated versions will build up a relationship over days or weeks, and they may take on the identity of an actual employee in their victim’s IT department.

This kind of tactic is used to gain the victim’s trust and increase the likelihood that they will disclose requested information without hesitation. 

Tailgating – Exactly as the name suggests, tailgating involves the passage of an unauthorized user, either accidental or forced, behind an authorized user into a building or secure area. This is one of the most widespread security threats affecting organizations today.

We’re human and we make mistakes (they don’t call it human error for nothing.) That’s why cybersecurity awareness in your organization is crucial. It’s important and necessary to know how to spot social engineering attempts so that your organization remains safe and secure. Stayed tuned for part two of this social engineering series where we will go over how to protect yourself from social engineering attempts.