PHISH & TELL 012

The Cybersecurity Brief for Women Who Mean Business

Author

Alexia Idoura
July 12, 2025

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

You’re not just building a business.
You’re building something worth protecting.

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

Here are the top stories of the week. Tough to choose just five.

  1. Grants Help Small Firms Strengthen Cyber Defenses

    📖 Source: The Times (via The Times) – “Government to help small companies beef up cybersecurity defences” 
    UK government will award £2,500 grants (with £500 match) to 500 small firms in sensitive sectors—covering vetting, reviews, and security training via certified experts.

    ✅ Why it matters: Public funding (not just in the UK) can offset cost barriers preventing SMBs from implementing strong defenses.

    👉 What to do: Apply for available grants or advocate similar programs locally. Use funds for security reviews and staff vetting. (Look for Monday’s blog, focused on this.)

  2. Vulnerable Vendors and Unpatched Software Still a Top Entry Point

    📖 Source: The Australian – Recent Reports on Software Exploits and Supply Chain Risk

    Attackers continue to exploit outdated systems and weak links in the vendor supply chain to gain access to SMB networks.

    ✅ Why it matters: Nearly 1 in 3 successful breaches involve unpatched software or third-party access. Many SMBs depend on vendors that lack robust cybersecurity themselves.

    👉 What to do: Automate patching where possible, keep inventories of approved apps, and require vendors to meet minimum security standards (like SOC 2 or ISO 27001) before integration.

  3. Ransomware Bankruptcies Among SMBs Rising

    📖 Source: RedHotCyber – “Businesses are going bankrupt due to ransomware...” 
    Numerous small businesses are permanently closing post-ransomware attacks—often unable to recover financially.

    ✅ Why it matters: Cyber threats now carry existential weight for cash-strapped SMBs.

    👉 What to do: Invest in not just prevention, but also cyber insurance and financial resiliency planning.

  4. Employees Are Hiding Cyber Incidents

    📖 Source: ITPro – "Workers Are Covering Up Cyber Attacks for Fear of Reprisal"

    A recent study reveals 39% of employees wouldn’t report a cyber incident, fearing they’ll get in trouble.

    ✅ Why it matters: Unreported incidents give attackers time to deepen access or steal data. Delayed responses increase damage and recovery costs.

    👉 What to do: Build a non-punitive reporting culture. Offer anonymous channels, clear escalation paths, and reinforce that early reporting = protection, not punishment.

  5. Manufacturing SMBs Face Supply Chain Cyber Hazards

    📖 Source: TekRisk – “Cyber Risks in Small Business Manufacturing Supply Chain” 
    Recent breaches highlight vulnerabilities in manufacturing supply chains—risks include data theft, operational disruption, regulatory fines (CMMC/NIST).

    ✅ Why it matters: Manufacturing SMBs often process sensitive client or operational data.

    👉 What to do: Map supply chain dependencies, enforce vendor cybersecurity baselines, and use secure network segmentation.

Have a team or contractors? Forward this email to them for awareness.

Would a blog post that goes into more detail on any of these topics (for example, monitoring for sites pretending to be your business) be helpful? Let me know: [email protected] .

🔍 In Case You Missed It (ICYMI)

  • July Patch Tuesday Reminder: Don’t wait—Microsoft released critical updates on July 8, 2025, covering 137–140 vulnerabilities. Adobe, Oracle, SAP, Veeam, and others also released patches.

    ✅ What to do:

    • Turn on automatic updates for your operating system, browsers, and apps

    • Restart your device after updates

    • Pro tip: Don’t want to lose open tabs? If your browser doesn’t reliably reopen them, use “Bookmark All Tabs” and save them in a folder labeled with today’s date for peace of mind.

  • 🫵 Last week’s Security Done Easy blog post: Phishing Scenarios Every Woman Business Owner Should Know—and What You Can Do »

  • We have a new free 3-page PDF resource: How to Identify and Avoid Scams: A Simple Guide »

  • Follow us on Facebook or Instagram.

🤖 The LOL-gorithm

Feels that way sometimes…

🧷 THE SAFETY SNAP

Stalkerware (also called spouseware or creepware) is spy software secretly installed on phones or computers—often by someone with physical access. It can record texts, calls, photos, GPS, and more—without your consent or knowledge.

The recent Catwatchful breach revealed how thousands of victims were silently monitored via Android apps that hid in plain sight.

🔗 Check if your email is affected: haveibeenpwned.com/Breach/Catwatchful

“Catwatchful is invisible. It cannot be detected. It cannot be uninstalled. It cannot be stopped. It cannot be closed.”

~Company claim

⚠️ Important: If you’re in a domestic abuse or high-risk situation, do not try to remove a suspicious app immediately—it could alert the person who installed it.

Instead, visit: stopstalkerware.org and click “Click Here for Help” in the top bar for safety-first steps.

💬 A PERSONAL NOTE

This week—both personal and global—has felt especially heavy.

Like many of you, I’ve been following the devastating floods across parts of the U.S. and the record-breaking heat sweeping through Europe. On a more personal note, it’s been a tough week behind the scenes, too—mom-wise.

I’m reminded how quickly we can all become overwhelmed—by the headlines, by our workloads, by life.

If you're feeling stretched thin or knocked off balance, please know: you’re not alone.

Take the space you need. Slow down if you can. Step outside. Unplug.
And most importantly—be gentle with yourself and others. We’re all carrying more than we show.

👂 TELL ME

Are you finding this newsletter helpful? Do you have questions or topics you’d like addressed? Let me know :-) [email protected]

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷