PHISH & TELL 009

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

Here are the top cybersecurity stories from this week that are most relevant to small businesses—along with why they matter and what you can do about them.

1. Nation-State Cyber Threats Rising Amid Middle East Tensions
   Security firms and U.S. agencies are sounding alarms on increased activity from Iranian-backed hackers targeting U.S. infrastructure and commercial systems.

   ✅ Why it matters: Even if you're not in defense, geopolitical events can cause ripple effects that hit your systems—especially if you’re loosely connected to national infrastructure or supply chains.

   👉 What to do: Join an industry ISAC (such as the Retail Information Sharing and Analysis Center), make sure logging and monitoring are active (contact us if you want to know more about how to do this), and educate your team on phishing awareness and reporting unusual system behavior.

2. Botnets Target TP-Link Routers with Active Exploits
   TP-Link routers with a critical flaw are being actively exploited. These models are often still used in home offices.

   ✅ Why it matters: Many small businesses (especially home-based ones) use outdated routers—making them easy entry points for attackers.

   👉 What to do: Identify your router model, update firmware, or replace unsupported gear. Bonus: Set up log monitoring or email alerts so you can spot issues fast.

3. AI Phishing and Deepfakes Now SMB Norm
   From voice cloning to dynamic phishing emails, AI-enhanced attacks are getting harder to detect—and yes, they’re targeting small businesses.

   ✅ Why it matters: These scams don’t need to be high-tech to work. They often bypass filters and exploit trust, especially in “helpful” roles like admin support or customer service.

   👉 What to do: Update your phishing training to include AI threats. Add verbal verification steps for sensitive requests, especially those involving money or credentials.

4. Digital Expansion = New Cyber Exposures
   As small businesses adopt AI and automation tools, many are leaving their digital doors wide open due to lack of planning or budget for cyber hygiene.

   ✅ Why it matters: A little investment now can prevent a business‑stopping breach later. Automation’s great—but only if you lock the doors behind it.

   👉 What to do: Use NIST’s Small Business Cybersecurity Corner or FCC’s Cyber Planner 2.0 to audit your current state. Budget ~10% of IT spend toward security tools, training, and planning. (Need help to get started DIYing it or want someone to do it with you or for you? Contact us.)

5. Ransomware Hits Retailers, Luxury and Local Alike
   Recent ransomware attacks disrupted both big brands and smaller retailers, highlighting how attackers now target businesses at every level of the retail ecosystem.

   ✅ Why it matters: Whether you’re a boutique store or a regional chain, customer-facing retail operations are prime ransomware targets—especially during high-traffic shopping periods. Even a day of downtime can cost thousands in lost revenue and reputational damage.

   👉 What to do:

   • Back up systems and customer data frequently—ideally offline or in immutable storage.

   • Patch POS and inventory systems regularly, especially if using third-party platforms.

   • Create a ransomware response plan that includes isolating infected systems and pre‑written customer communications.

🔍 In Case You Missed It (ICYMI)

• 🫵 Last week’s Security Done Easy blog post: Secure Browsing for Women Small Business Owners: Practical Steps to Protect Your Business »  

• Follow us on Facebook or Instagram to get timely important news, such as this post yesterday: President Trump extends TikTok deadline by 90 days »

🤖 The LOL-gorithm

I asked my AI assistant how to avoid phishing. It said:
"Just don't take the bait."
Well played, bot. Well played.

🧷 THE SAFETY SNAP

🛡️ Personal Cyber Safety Tip: How to Spot a Tracker—And What To Do About It

AirTags, Tile trackers, and GPS devices can be used for legitimate purposes—but in the wrong hands, they become tools for stalking.

How-To:

• Check your phone alerts: Apple and Android phones now alert users when unknown tracking devices move with them. Don’t ignore these.

• Inspect your vehicle and bag: Look under seats, around the wheel wells, in backpack compartments—places where a small tracker could be stashed.

• Use scanner apps: Try Tracker Detect (Apple), AirGuard (Android), or Bluetooth scanner apps to sweep for unknown devices.

✅ Why it matters: If you’re a woman entrepreneur, community leader, or high-visibility founder, you may be targeted for intimidation—or in rare cases, for trade secrets. Detecting a tracker early keeps you safe, mobile, and in control.

Bonus Tip: If you find a tracker, do not remove or confront immediately—contact local law enforcement. They may be able to trace the device’s owner and assist you safely.

💬 A PERSONAL NOTE

Just got back from AWS re:Inforce in Philly—and wow, was it worth the trip. Think of AWS re:Inforce as one of the biggest cybersecurity gatherings in the tech world—hosted by Amazon Web Services (AWS), the cloud company behind much of the internet’s infrastructure.

But it’s not just for tech giants. This annual event brings together security experts, startups, and even small business advocates (like me!) to talk about how to keep data safe, what threats are emerging, and how tools like AI can be used both to protect and to attack.

✅ Why it matters to you:
Even if you’re not in IT, your business is likely using cloud tools—from email to payment systems to inventory software. Events like re:Inforce shape how those tools are secured and what steps small businesses should be taking to keep up.

Also… I took the train both ways for a change—and absolutely loved it. There’s something refreshingly analog about watching the world go by while catching up on notes, clearing your inbox, and yep, even writing this from the dining car. 🚆📝

I’ll be sharing a few favorite a-ha moments from the conference — keep an eye out.

👂 TELL ME

Are you finding this newsletter helpful? Do you have questions or topics you’d like addressed? Hit reply and let me know :-)

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷