PHISH & TELL 014

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

Top stories of the week, how they are relevant to you, and what to do about them.

1. Navigating the Cybersecurity Minefield: On-Demand Expertise Needed
   📖 Source: JDSupra – “Navigating the Cybersecurity Minefield: Why Midsize Companies Need On-Demand Expertise…”
   On July 24, K2 Integrity experts argue that fast-growing SMBs must blend internal leadership with external MSSP expertise to manage AI-driven threats, ransomware, and BEC (Business Email Compromise) attacks.
   ✅ Why it matters: Many SMBs lack full-time CISOs or security teams; on-demand services fill critical gaps.
   👉 What to do: Evaluate managed detection and response (MDR) offerings provided by managed security service providers, and find service-level agreements that fit your budget.

2. FBI Issues Advisory on Interlock Ransomware
   📖 Source: TechRadar Pro – “FBI urges users to beware worrying Interlock ransomware attacks”
   The FBI, CISA, HHS, and MS-ISAC warn that Interlock ransomware—active since September 2024—is using double-extortion tactics against North American businesses, encrypting files and threatening to publish stolen data unless ransoms are paid.
   ✅ Why it matters: Interlock’s sophisticated toolkit and 96-hour ransom deadline make it a severe threat for resource-constrained SMBs.
   👉 What to do: Immediately patch systems, enforce multi-factor authentication, and use monitoring solutions or hiring a managed security service provider (MSSP) to monitor your stuff for you. (Note that this is one of many double-extortion ransomware warnings this week.)

3. Texas Limits Punitive Damage Liability for Data Breaches
   📖 Source: Clark Hill PLC – “Right To Know – July 2025, Vol. 31”
   Texas’s new law shields companies with fewer than 250 employees from punitive damages in data-breach suits if they’ve implemented an approved cybersecurity program—covering many women-owned SMBs in the state.
   ✅ Why it matters: This legal safe harbor incentivizes investment in formal security measures by capping worst-case liabilities.
   👉 What to do: If you’re in Texas, adopt or certify a written information security program (WISP) aligned with the law to gain liability protection. To gain liability protection, the WISP must address legal requirements, define who is responsible, regularly train staff, document all processes, update protocols, and ensure that security standards are followed and enforced.

4. ABA, Associations Seek Revisions to Data Breach Standards
   📖 Source: ABA Banking Journal – “ABA, associations seek revisions to data breach standards for investment companies, advisers”
   On July 21, the American Bankers Association and other trade groups urged the SEC to relax certain breach notification thresholds for small advisers, arguing that complex rules disproportionately burden SMBs, including women-owned financial firms.
   ✅ Why it matters: Overly stringent notification rules can divert SMBs’ limited resources from prevention to reporting. I’d rather you be able to spend on prevention!
   👉 What to do: Review your incident response plan against upcoming SEC rule changes. Don’t have one? I’ll write a blog post on this soon, but in short: A cybersecurity incident response plan is a document that outlines exactly how your business will handle a cyberattack or data breach. Instead of panicking or making guesses during an attack, your team knows the right steps to take. The plan protects your business by reducing downtime, financial losses, and harm to your reputation.

5. Cybersecurity Insurance Market Projected to Reach $32.19 B by 2030
   📖 Source: ProgramBusiness – “Cybersecurity Insurance Market Projected to Reach $32.19 Billion by 2030”
   MarketsandMarkets forecasts the global cyber-insurance market will more than double from $16.54 B in 2025 to $32.19 B by 2030, noting SMEs as prime targets and insurers rolling out bundled policies with proactive security assessments.
   ✅ Why it matters: As premiums stabilize, accessible insurance products will become a key component of SMB risk strategies, including for women-owned firms.
   👉 What to do: Shop the evolving insurance landscape early, comparing carriers on both premium rates and value-added security services.

Not sure what applies to your business or what your options are? Let’s talk.

🔍 In Case You Missed It (ICYMI)

• Last week’s Security Done Easy blog post: The Mac Security Wake-Up Call Every Woman Business Owner Needs to Read »

• We have a new free 3-page PDF resource: How to Identify and Avoid Scams: A Simple Guide »

• Follow us on LinkedIn, Facebook or Instagram.

🤖 The LOL-gorithm

🧷 THE SAFETY SNAP

Dark Web “Travel Agents” Are Booking Flights with Stolen Cards ✈️💳

“Too good to be true” travel deals on darknet boards often mean criminals are using stolen credit cards, loyalty points, and credentials to book deeply discounted flights and hotels for unsuspecting clients, including remote workers and SMB travelers.

📈 Last year, travel-industry fraud topped $37 billion as dark-web operators leveraged breached data and AI to create convincing scam platforms.

🚫 Don’t chase ultra-cheap travel offers from unverified sources.
✅ Instead:
• Book only through official airline or hotel websites and travel agencies you trust.
• If you see a third-party deal, contact the airline or hotel directly to confirm.
• Keep a close eye on your credit card statements and freeze any card at the first sign of unauthorized charges.

🔐 Tip: Enable real-time transaction alerts on your credit cards so you’re notified immediately of suspicious activity.

🔗 More info: https://www.darkreading.com/remote-workforce/dark-web-hackers-moonlight-travel-agents

💬 A PERSONAL NOTE

What a super-charged productive week! It wasn’t even because of any extra caffeine or anything! Just put my blinders on and stuck to my priorities. Had some a-ha moments. Made some good decisions. I’m really grateful for the people in my life — kids, friends and family, team members at work, biz besties in my networking groups, and all of you. Thanks, all :-)

👂 TELL ME

Are you finding this newsletter helpful? Do you have questions or topics you’d like me to cover? Let me know :-) [email protected]

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷