Today's Phishing Attacks: Creativity at Its Peak

7 Types of Phishing Attacks

And how to identify them, quickly!

There was a time when we all hoped Bill Gates was truly giving away his fortune. When we all were sure, if only for a moment, that a Nigerian prince had loads of cash he was dying to give us. That an email chain would bring us good luck and prevent ruin and untimely death.

Well, welcome to 2024’s more devious versions of those spam messages: phishing attacks in all their infamous creativity. These scammers may have upped the ante, but we’ll keep you in the know on their tactics, including how to spot seven common attacks almost immediately:

1. Email phishing: Emails (sometimes in bulk) created to impersonate a legitimate business’ logo and branding. Red flags include:
2. Spear phishing: These target a person or organization with access to sensitive info. The purpose is to trick users into thinking an email is internal communication or otherwise legitimate. Red flags include:
3. Business email compromise (BEC): A cybercriminal pretends to be a boss. “I need this wire transfer (or giant invoice paid) immediately!” Red flags include:
4. Smishing. Fake text messages, usually offering a “free” gift, with a link or attachment. The usual catch is that your credit card information is needed. Red flags include:
5. Vishing: Using voice calls that often spoof caller ID, so they seem legitimate. Red flags include:
6. Social media phishing: All those personal social posts can come back to haunt you. These scammers use offers, online discounts, fake videos, and friend/connection requests to reel you in. Red flags include:
7. Pop-up phishing: Even if you have a pop-up blocker, you’re still at risk. Any notification box or ad could be infected with malware. Red flags include:

In the words of the inimitable Billy Mays, “But wait, there’s more!” We’ll cover another seven or so common phishing attacks/tactics in an upcoming newsletter.

For more information, visit: ibm.com/topics/phishing; upguard.com/blog/types-of-phishing-attacks; fortinet.com/resources/cyberglossary/types-of-phishing-attacks

“Don’t Act Like You Know Me”

Intimate Problems Require Personalized Solutions

Have you ever had someone give you advice when they don’t know the first thing about what you’re dealing with? They don’t wait for details. They don’t ask questions. They don’t exercise even the teensiest bit of humility and respect and curiosity.

Just judgment. Flat, out-of-the-box judgment, baby.

The problem with that kind of advice isn’t that the advice is essentially useless (and it is). It’s that misplaced advice can cause actual harm. Not just the emotional type, which is still lamentable. The cold, hard years of your life and “rolls of your dollar bills” kind.

It’s not just people who do this to each other. Or strangers on the street. Whole businesses and industries do this to their client base. And sometimes it’s not their fault; it’s simply a limitation of their generalist business model.

Take I.T. vendors. If they serve a plethora of industries, there’s no way for them to sustainably resource the expertise that’s needed for each. So they apply templated advice and cookie-cutter strategies and assumption-based support plans that cover all your figurative bases.

Except for when your business is unique. …Oh, dang. It is.

If you want to pay for the equivalent of useless platitudes and knowledge that doesn’t know your business’ bits and pieces, then you have lots of I.T. vendors to choose from. And they’ll be happy to take (and waste) your money. I won’t pretty it up by saying otherwise.

But if you want the benefits of intimacy — customized advice, tailored solutions, deep industry knowledge, a keen awareness of your pain points, processes, personnel, performance metrics, and what keeps you up at night — you need someone who’s in the nitty-gritty, continuous reality you live and breathe.

Leadership Resource Spotlight: Ross Brouse

We could point you in the direction of bland, boring websites about I.T. support and cybersecurity. Or we could give you a VIP pass to free, digestible, interesting (and sometimes hilarious) content that’s chock full of actionable takeaways. You’ll find it on Continuous President Ross Brouse’s LinkedIn profile. His recent post topics include:

●??????? How to defend your company from phishing-as-a-service (Phaas)?

●??????? Why getting breached doesn’t mean you’re bad at cybersecurity (and what’s more important than getting breached)

●??????? How to spot Facebook ad scams

●??????? 6 ways to boost your post-compromise security

●??????? Tips to protect yourself while using public Wi-Fi

●??????? His go-to karaoke song (someone demanded to know)

●??????? Why stronger healthcare cybersecurity saves lives

Visit linkedin.com/in/rossbrouse to follow, connect, and elect to be notified of Ross’ posts so you don’t miss a single one.

Get Free Money in 3 Easy Steps

Score $500 for every qualified referral you make

We help SMBs located in New Jersey, NYC Metro, Connecticut, and Pennsylvania. Know someone who needs IT services?

Getting $500 for that connection is as easy as 1, 2, 3:

1 Introduce us. You can use the form at https://www.continuous.net/referral once they’ve agreed to meet with us.

2 We meet them, hear their needs, and offer solutions without being pushy or obnoxious.

3 You get $500. Make it rain. (And repeat.*)

*There's no limit to the number of referrals you can make and get paid for. If #1 and #2 happen, #3 keeps happening, whether each referral becomes a client or not. We're grateful for your support!

Questions? Need help planning how you’ll spend all those Benjamins? Email us at [email protected] or call (332) 217-0601.

HIPAA Email Compliance, Simplified

6 Pillars of a HIPAA-Compliant Email System

To err is human, to be HIPAA compliant is divine. Let’s get to work to make you the latter. A HIPAA compliant email system is founded on these six requirements being fulfilled:*

1. Create policies and procedures. Including getting patients’/residents’ formal consent to communicate by email. All emails sent internally and externally by all staff at your organization should be fully secure — delineating between staff who handle PHI and those who don’t is a recipe for human error.
2. Secure patient information. Your emails (and any attachments) should be secured at every point along the digital delivery journey.
3. Implement email retention. If legal action is ever taken against your organization, emails might be required as evidence. You need a secure, accessible email retention system to adhere to state laws relevant to their storage (usually for six years). Using encrypted cloud storage is a better option than an email backup, especially since you can index (and therefore find) specific emails.
4. Implement audit and access controls. Only the people who need access to email settings and storage should have it.
5. Provide employee training. Every employee should have absolute clarity on what their responsibilities are and best practices for handling/transmitting PHI by email. This especially includes the Minimum Necessary Rule.
6. Sign a Business Associate Agreement (BAA). Vendors that handle or process PHI on your behalf must sign a BAA that outlines their responsibilities and specifies the safeguards that protect PHI.

3 common failures regarding HIPAA email compliance:

1. Free email won’t cut it. Gmail, Yahoo, Hotmail, and other common free email services aren’t HIPAA compliant and can’t be manipulated to become so. Don’t use them.
2. Paid email sometime won’t cut it. Out-of-the-box solutions, including some versions of Microsoft Office, aren't HIPAA compliant or secure because of default settings. In other words, they don’t provide end-to-end security through the delivery of the email, which is a HIPAA violation.
3. Email retention/archive search functionality are critical. You could be HIPAA compliant in theory but not in reality. If you don’t have email retention and archive search functionality, you won’t be able to provide email documentation for audit or records requests, a big HIPAA no-no.

*These pillars are summarized from the HIPAA Journal’s article on HIPAA compliant email services.

Good I.T. Depends on a Top-Down Approach

(Why Half-Assed I.T. Doesn’t Cut It)

I.T., for so many organizations, is broken.

Not because there’s something inherently wrong with I.T. Not because it’s less-than-critical or a sunk cost. Simply because of widespread misconceptions and flawed norms that undermine its effectiveness (as in most industries).

One of the most-common self-defeating approaches we’ve observed: treating I.T. as a hierarchy-agnostic business system. For I.T. to be successful, it MUST stem from the top, down.

Here are four facts every leader should take to heart when it comes to their I.T. involvement:

1. You lead by example (whether you mean to or not). If you show flippancy, that’s what others will mirror. If you undervalue the impact of poor I.T. health, cavalier cybersecurity, or careless compliance, so will your team. If you don’t invest in making it better, there’s far less of a chance they’ll go against the grain and attempt to do so themselves.
2. Leaders are the backstop to a healthy work culture (and I.T. health is an integral part of a healthy culture). Your team members may know exactly what needs to be improved, whether it be obsolete equipment, legacy software integrations, more robust and frequent HIPAA-compliance email training, or an SOP for PHI handling, but they’re limited in driving change. In fact, I’d go so far as to say that culture change without leadership team buy-in (including leveraged authority, motivation, accountability, and financial backing) can’t happen.
3. A partial process is still a broken process. Don’t kid yourself; if a partial process improvement is made or a process improvement is only partially enforced, it’s still a janky impediment in the way of your organization’s success. You can’t half-ass I.T., cybersecurity, or compliance. You’ve got to whole-ass them.
4. A lack of investment blinds you to true ROI (and actual risk). If you’re not plugged into the problem and the process, you’re unlikely to notice evidence that a solution is working or to stay invested in its sustainability. You’ll make uniformed decisions that have a direct, negative impact on workload, stress levels, number of manual workarounds, quality of service, revenue margins, inefficiency rates, job satisfaction, onboarding/training success, risk of data breaches, and job retention, to name a few. That’s a lot of important stuff to be flippant about.

To come full circle: You have great influence and power as a leader. So if the main thing standing in the way of your organization’s I.T. success is your perspective, it’s time to moonwalk that mindset outta here.

In next month’s newsletter, I’ll explain why the importance of a top-down I.T. approach often escapes even caring, smart leaders (it has to do with indirect costs).

?

Trivia!

Win a $25 Chipotle Gift Card

What does CAPTCHA, (aka: “Prove You’re Not a Robot” test) stand for?

A. Compliance Automated Personal Test

B. Cats Are People Too

C. Complete Actualization Public Task

D. Completely Automated Public Turing

The first person to email [email protected] with the correct answer wins!?

?

Client Spotlight

ChildSmiles

From “hoping things would be working each morning” to an optimized business flow

From the start, Continuous Networks took the time to understand how our business works. This understanding allowed them to make and implement recommendations that optimized the flow of our business. Continuous Networks has the team to resolve everyday issues, the resources to quickly resolve big, unexpected problems, and the experience to evolve our IT environment as technology advancements are made. Continuous Networks changed our IT landscape for the better!”

Jeff Ayes Chief Development Officer, ChildSmiles

Letter from the CEO & President

Welcome to this edition of “What’s Tasty,” our monthly newsletter keeping you in the know on I.T. support news, cybersecurity trends, high-EQ leadership, company updates, and simple tips to keep you and your business cyber-safe.

So what’s the deal with “tasty tacos”??

First: We love tacos. (Who doesn’t?)

Second: I.T. support shouldn’t be needlessly expensive, slow, unresponsive, rigidly packaged or uniform, inexperienced, passive, reactive, stingy, or a giant resource drain. It should be like a tasty taco:

●??????? Customized – Tasty tacos are crafted for your perfect taco experience, just like our tech strategy that’s completely aligned with your business goals and needs.?

●??????? Fast – Tacos are quick, and speed and efficiency are our mantras.?

●??????? Flexible – Tacos are an “anytime” food: breakfast, lunch, or dinner. We offer 24/7 support, with no call unanswered.?

●??????? Supportive – Like a sturdy taco shell cradling all its delicious insides, every solution we create for clients is interwoven with robust cybersecurity.

●??????? Seasoned – Our tailored IT solutions are like the perfect blend of taco seasoning, sprinkled with deep industry knowledge to fit your unique taste.

●??????? Proactive – Tacos are meant to be eaten fresh, not left to fall apart. Our vigilant monitoring keeps potential issues at bay.

●??????? Loaded – Nobody wants a taco that’s half-full. We’re loaded with the solutions you want, and we don’t skimp on services.?

●??????? Healthy – Nobody wants to pay for tacos twice (the second time in pain and discomfort). Our ROI is easy to digest.

At Continuous, we’re dedicated to providing IT services that are as enjoyable as your favorite taco. We don’t just want to be an indispensable part of your business operations but a critical reason for your success.

If you have any questions about the “What’s Tasty” newsletter, I.T. news, or our services, contact us directly at [email protected].

?

Thank you for trusting us,

Jason and Ross

P.S. We also accept taco recipe recommendations.?