Small Business Lessons from the Casino Cyber Incidents

It came to light this past week that both Caesars and MGM suffered cybersecurity incidents ( While we don’t yet know the full details of either incident, there are still lessons we can take away from the information we do have. Let’s take a look.

Preliminary information in the MGM case leans towards social engineering as the initial method of access. Some claims state that the malicious actor made a phone call to the MGM IT help desk, and they were able to trick/convince the IT staff that they were an MGM employee and needed to reset their password. Upon having the password reset and gaining access to the account, they were able to gain further access to the network through more sophisticated methods of attack. They were then able to access a system used to authenticate users of MGM services, which essentially gave them “the keys to the kingdom”.

CISA (Cybersecurity & Infrastructure Security Agency) says that more than 90% of all cyber attacks begin with a phishing email, and an IBM report from 2022 found that spear phishing (targeted) attacks combined with phone calls (vishing, or voice phishing) were three times as effective as just emails. Peter Nicoletti, global chief information security officer at cybersecurity company Check Point Software, is quoted in Vox saying “There’s always a little back door, and all the best defenses and all the expensive tools can be fooled by one good social engineering attack[.] What we’re seeing, especially in the new age of artificial intelligence, is the attackers are leveraging not only hacked information that they find about you, but also all of your social profile information[.]” (

So what can we learn from all this?

  1. Cybersecurity is a team effort: Cybersecurity is not just the responsibility of the IT person/department/company. It is important for all employees to be aware of the risks and take steps to protect their devices and data. Businesses need to create a culture of cybersecurity awareness and provide training to their employees on how to spot cyber threats.
  2. Educate employees about cybersecurity: Employees are often the first point of contact in the cybersecurity chain. Businesses need to educate employees about cybersecurity best practices, such as how to identify and avoid phishing attacks and how to create strong passwords.
  3. Implement a layered security approach: This involves using a variety of security controls, such as firewalls, intrusion detection systems, and data encryption, to protect their systems and data. No one solution is 100% effective at stopping attacks.
  4. Have a plan in place to respond to cyberattacks: This plan should include steps to identify and contain the attack, mitigate the damage, and communicate with customers and employees.

Sign up for our monthly Timely Tech Tips: For weekly tips like these, follow us on Facebook: LinkedIn: Twitter:

Why Should You Protect Your Business with Cybersecurity Insurance?

The threat landscape for small businesses is rapidly evolving, with cyberattacks becoming more frequent and sophisticated. As a small business owner, it’s essential to take proactive steps to protect your company from these potential threats.

Cybersecurity insurance, also known as cyber liability insurance or cyber insurance, can be valuable for small businesses with 10-50 employees due to the growing risk of these cyber threats and attacks. Here are two reasons why businesses should consider having cybersecurity insurance:

  • Financial Protection Against Data Breaches: Small businesses often collect and store sensitive customer and employee information. In the event of a data breach, where this information is compromised or stolen, the costs associated with managing the breach can be substantial. This may include expenses such as notifying affected parties, providing credit monitoring services, legal fees, and potential regulatory fines. Cybersecurity insurance can help cover these costs, minimizing the financial impact on the business.
  • Mitigation of Business Interruption: Cyberattacks can lead to significant disruptions in business operations. For instance, a ransomware attack could render critical systems inaccessible, resulting in downtime and lost revenue. Cybersecurity insurance can provide coverage for business interruption and income loss resulting from such incidents. This coverage can help a small business get back on its feet more quickly by covering expenses like income loss, extra staffing, and temporary infrastructure.

Understanding the complexities of cybersecurity insurance is essential for small business owners seeking comprehensive protection. Speaking to an insurance agent about cybersecurity insurance is crucial for a small business owner for several reasons:

  • Understanding Coverage: Cybersecurity insurance policies can vary widely in terms of coverage, limits, and exclusions. An insurance agent can help the business owner understand the specifics of the policy, what types of incidents are covered, and what may not be covered. This ensures that the business owner has a clear understanding of the protection the policy offers.
  • Tailored Solutions: Every business has unique cybersecurity risks and needs. An insurance agent can work with the business owner to assess the specific risks their business faces and recommend a policy that aligns with those risks. They can help customize the coverage to address the business’s vulnerabilities, industry regulations, and data protection requirements.
  • Coverage Gaps: Small business owners might assume that their existing business insurance policies cover cyber incidents, but this is often not the case. Cybersecurity risks are distinct from traditional business risks, and specialized coverage is needed. An insurance agent can identify potential gaps in coverage and recommend appropriate cybersecurity insurance to fill those gaps.

From data breaches to business interruptions, the risks small businesses face are multifaceted and constantly evolving. Engaging with an insurance agent specializing in cybersecurity is a strategic step toward holistic protection. By understanding coverage nuances, addressing vulnerabilities, and harnessing tailored solutions, small business owners can proactively safeguard their enterprises against the evolving landscape of cyber threats.

Sign up for our monthly Timely Tech Tips:

For weekly tips like these, follow us on Facebook: LinkedIn: Twitter:

The Art of Unplugging from Technology

In today’s fast-paced world, it’s easy to find ourselves constantly tethered to our digital devices, with an endless stream of notifications vying for our attention. This hyperconnected lifestyle often takes a toll on our mental well-being and social connections. However, taking a break from technology can work wonders for our overall health and happiness.

Constant exposure to technology and the digital world can lead to information overload, constant distraction, and heightened stress levels. Taking a break from technology allows your mind to rest and recharge, reducing feelings of anxiety and overwhelm. This break can also foster better focus, concentration, and improved cognitive function, leading to enhanced creativity and problem-solving abilities. Find a quiet spot, away from technology, and spend some time meditating or doing deep breathing exercises.

Excessive use of technology can often lead to social isolation and reduced face-to-face interactions with friends, family, and loved ones. By unplugging from devices, you can create more meaningful connections with the people around you. Engaging in real-life conversations and activities without the constant presence of screens can deepen your relationships and strengthen your social bonds. An excellent way to achieve this is by engaging in outdoor activities together. Go for a nature walk, have a picnic in the park, or participate in an outdoor game. Spending quality time without the distraction of screens opens up opportunities for heartfelt conversations and shared experiences, enriching your relationships.

Taking time away from technology enables you to reconnect with yourself and the world around you, fostering a healthier, more balanced life. Remember that the key is to set aside specific periods for unplugging and to be intentional about sticking to them. It’s essential to establish boundaries and communicate your decision to unplug with those around you, so they understand and respect your time away from technology. By incorporating these activities into your short breaks, you can enjoy the benefits of disconnecting and return to your digital devices with a refreshed and rejuvenated perspective. Embrace the art of unplugging!

Sign up for our monthly Timely Tech Tips:

For weekly tips like these, follow us on Facebook: LinkedIn: Twitter:

Core Tips for Buying the Right Computer for School

The school year may have just ended, but the next one is less than 2 months away. Computer manufacturers will have deals running all summer, so now is a good time to start thinking about what your student might need.

The question you should ask when deciding to buy a new computer for school, or for any purpose really, is “what am I going to use it for?”. Some common answers are:

  1. browsing the internet
  2. email
  3. specific applications (like engineering programs or graphic design programs)
  4. attending class remotely
  5. video conferencing

For items 1 and 2, the specifications are not demanding. You can get by with a basic computer from almost any store. However, we would still recommend that the processor be an Intel Core i5 or i7. The RAM (or memory) used for browsing the internet will depend on how many browser tabs or windows you have open at one time. The more tabs or windows you anticipate opening the more RAM you should have in your computer. We would recommend at least 8GB.

Portability can be an important factor depending on your lifestyle and study habits. If you need to carry your computer to different locations or take it to classes, a lightweight laptop or a tablet with a detachable keyboard might be more suitable. On the other hand, if most of your work is done in one location, such as your dorm room or a home office, a desktop computer or a larger laptop with a bigger screen may be more comfortable to use.

A computer used for specific applications will need to meet the requirements of the vendor who made the application. All vendors will list minimum and recommended system requirements. You should review those requirements for each and any application you plan on using before buying the new computer. Just as with browser tabs and windows, the more applications you run at one time the more RAM you should have in the computer. Additionally, most schools will have recommended specifications for buying a computer to use at the school.

You should also consider the hard drive type and size. You still have two choices for type: traditional spinning drives (often referred to as SATA) or Solid State Drives (often referred to as SSD). We recommend SSD drives because the performance is much better versus traditional spinning drives, and you will find most laptops with come with these type drives. The size of the hard drive really depends on how much data you plan to save on your computer. If you are using the computer to browse the internet and/or use email, then the size of your hard drive does not need to be large. However, if you are saving images or video (which are the largest file size types) then you should get a larger hard drive, or even consider getting an external drive.

Happy shopping!

Sign up for our monthly Timely Tech Tips:

For weekly tips like these, follow us on Facebook: LinkedIn: Twitter:

3 Essentials for Secure and Balanced Remote Work on Vacation

Working remotely while on vacation is common in today’s world, but requires some extra precautions. If you’re someone who works remotely while traveling or on vacation, it’s essential to take the necessary steps to protect your data and maintain a healthy work-life balance. Here are three tips to help you do just that.

Firstly, it’s important to set clear boundaries between your work and personal life. Establishing work hours and sticking to them can help you manage your time effectively and avoid burnout. It’s also important to avoid checking work emails or messages outside of those hours to give yourself time to recharge and enjoy your vacation.

Secondly, when accessing your work data remotely, it’s crucial to be cautious of public Wi-Fi networks. These networks can be insecure and prone to cyber-attacks. It’s best to avoid using them altogether when accessing sensitive work data. Instead, consider using your phone as a personal hotspot or find a secure and private network such as a hotel’s business center or dedicated coworking space.

Lastly, cloud-based file-sharing services are a great way to securely access your work data remotely while on vacation. These services, such as Google Drive, Dropbox, or OneDrive, offer advanced security features, such as encryption, access controls, and two-factor authentication, to ensure the protection of your data. You can store and access your work files and documents from anywhere with an internet connection.

By following these three tips, you can protect your data, maintain a healthy work-life balance, and enjoy your vacation without worrying about work-related issues. Enjoy your summer!

Sign up for our monthly Timely Tech Tips:

For weekly tips like these, follow us on Facebook: LinkedIn: Twitter:

Ransomware, Macs, and LockBit: A Common Misconception

There is a common misconception that Macs don’t get malware. While Macs are generally considered to be more secure than Windows PCs, they are not immune to malware. Like any operating system, Macs can be vulnerable to security flaws and can be compromised by malware if they are not properly protected. As the popularity of Macs has grown, so has the interest of cybercriminals in targeting them with malware. With more people using Macs, there is a larger pool of potential victims for malware attacks.

A recent example of Macs being targeted by malicious actors is in the discovery of the LockBit ransomware group’s Mac-based encryptors. LockBit is a notorious ransomware gang that operates by encrypting victims’ files and demanding payment in exchange for the decryption key. The group is known for its sophisticated tactics, including using advanced encryption methods and targeting large organizations. The LockBit gang has been linked to numerous high-profile attacks, including attacks against critical infrastructure, healthcare providers, and financial institutions. Security researchers discovered the Mac-specific encryptors in a location containing most of the currently available LockBit encryptors. “Historically, the LockBit operation uses encryptors designed for attacks on Windows, Linux, and VMware ESXi servers. However, this archive also contained previously unknown encryptors for macOS, ARM, FreeBSD, MIPS, and SPARC CPUs.” (Bleeping Computer, The consensus right now is that the Mac encryptors are still in the testing phase, but it seems to indicate that the group is expanding their target base to include Apple devices.

While Macs may be less vulnerable to malware attacks than Windows PCs, they are not immune to malware, and Mac users should take steps to protect their devices from cyber threats, just like Windows users do. This includes using antivirus software, keeping software up to date, being cautious when clicking on links or downloading files, and being aware of the latest cybersecurity threats.

Sign up for our monthly Timely Tech Tips: For weekly tips like these, follow us on Facebook: LinkedIn: Twitter:

April Fool’s Phishing (how to avoid getting pranked)

April Fool’s is fast approaching (where has this year gone?!?!?!), so it seems like a good time to review some phishing email tips so the joke isn’t on you.

Email is still the number one communication method, which makes it the perfect avenue for scammers and other malicious actors looking to get the highest return on their activities. One of the simplest methods for checking an email is called “SLAM”:

  • Sender – look at the sender of the email address by hovering over the From: name. If the email address does not match the name, that is a red flag; also, are you expecting an email from this sender?
  • Links – look at any links in the email by hovering over them. Are they pointing to something different than what the text in the email says? That is another red flag.
  • Attachments – Are there any attachments, and if so, are you expecting this sender to send you a document or file?
  • Message – look at the wording of the message in the email. Does the wording make it seem like a consequence is imminent if you do not act? Is it asking you to do something and not tell anyone else? These are both red flags.

Keep in mind that world events (like the recent bank collapses) and holidays (like April Fool’s and Easter) are often good disguises for malicious actors to send out emails. That link to a funny April Fool’s prank may not be from your friend or coworker and the joke might be on you, so keep an eye out!

Sign up for our monthly Timely Tech Tips: For weekly tips like these, follow us on Facebook: LinkedIn: Twitter:

Tax Time Scams and How To Avoid Them

As we head into tax season, we’ll see an influx of tax-related scams. Here is some information on what to keep an eye out for as well as some resources from the IRS regarding tax-related scams.

Phishing email is still the biggest attack avenue, as it is cheap and easy. Use the SLAM (Sender, Links, Attachments, Message) method to assess any suspicious emails:

  1. Check the Sender address
  2. Hover over any Links to see if they match the text
  3. Be wary of Attachments
  4. Check the Message. Red flags are a sense of urgency, consequences if something isn’t immediately done, or requests for payment in odd forms

The IRS compiles a list of its “Dirty Dozen” scams each year. It can be accessed here: They also have a webpage dedicated to specific tax scams and consumer alerts: It is a good place to learn about common scams and how to identify them. And for the low tech scams, here is a page dedicated to helping you determine if the IRS is really on the phone or knocking at your door:

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
  • Demand that taxes be paid without giving taxpayers the opportunity to question or appeal the amount owed.
  • Ask for credit or debit card numbers over the phone.
  • Call you about an unexpected refund.

(taken from their website:

Sign up for our monthly Timely Tech Tips: For weekly tips like these, follow us on Facebook: LinkedIn: Twitter:

You Should Implement Security Awareness Training Now

Security awareness training, when provided on a weekly or monthly recurring basis, helps users understand different threats they might be exposed to during their personal and work lives. The training typically focuses on the digital realm, though it might include scams that operate via face-to-face or postal service methods. The goal of the training is to elevate users’ awareness of these threats so they can recognize them before falling victim to them, or at least help them mitigate any damage if they do fall victim.

So why should your company implement this training, and why more often than just once a year or quarter? In short, human nature. Without delving in to the psychological, here are a few key points:

  • humans are creatures of habit
  • we all have a natural tendency to want to help
  • as humans we have a natural fear of the unknown or unexpected
  • we all have short memories and shorter attention spans

A great example of why regular training is necessary: a user was selling something on Facebook Marketplace and started a texting conversation with a potential buyer. The potential buyer asked the user to provide a Google authentication code to verify the user was a “trusted account”. The user received a text message from Google with a 6-digit code and provided this code to the potential buyer. The buyer came back and said the code didn’t work and asked the user to provide the code again. At that point the user became suspicious and ended the conversation. Unfortunately, the user had unknowingly bypassed the multi-factor authentication on their Google account by providing that code to the potential buyer.

Implementing a training program that regularly educates users about threats, tests their knowledge, offers additional training when necessary, and is engaging, will help your company avoid many common threats that technology alone cannot mitigate while not impacting users’ productivity. This article points out why security awareness training is more important than ever as phishing attacks are the top avenue for ransomware delivery:

If you have questions about implementing security awareness training in your company, contact us here:

Sign up for our monthly Timely Tech Tips:

For weekly tips like these, follow us on Facebook: LinkedIn: Twitter: