PHISH & TELL 016

The Cybersecurity Brief for Women Who Mean Business

Author

Alexia Idoura
August 08, 2025

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

You’re not just building a business.
You’re building something worth protecting.

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

Top stories of the week, how they are relevant to you, and what to do about them.

  1. Polyworking: One Job Too Many for Your Cybersecurity
    Source: IT Pro, Polyworking is a cybersecurity nightmare waiting to happen

    Why it matters: More Gen Z professionals are “polyworking”—holding multiple jobs at once, often across different companies, platforms, and devices. This creates a sprawling digital footprint: separate (and sometimes overlapping) email accounts, collaboration tools, logins, and file storage systems. Cybercriminals love it—because with more accounts in play, the odds rise that at least one will have weak credentials, outdated security, or be accessed from a less-secure device.

    What to do:

    • Separate workspaces: Use dedicated devices or profiles for each role.

    • Upgrade authentication: Turn on multi-factor authentication for all accounts, personal and professional.

    • Minimize app sprawl: Regularly audit and delete unused accounts or software.

    • Stay sharp: Be extra wary of emails, links, or app downloads—especially when they seem to cross from one “job world” into another.

    • Password hygiene: Use a password manager to ensure unique, strong passwords for every account.

    Even if you’re a master multitasker, your cybersecurity shouldn’t be stretched as thin as your time.

  2. Fake “VPN,” “Spam Blocker” Apps Push Scams

    Source: The Hacker News, Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
    Why it matters: Malicious apps masquerading as helpful tools can still slip past store reviews. (Every time cybersecurity folks make a recommendation, cybercriminals create a malicious version of that thing and try to scam people with it.)
    What to do: Use only reputable apps from the makers’ verified websites, vet developer reviews, and monitor expense statements for unexpected charges.

  3. SMB Cyberattacks Cost Up to $653K, One in Four Due to Vendor Relationships

    Source: BD Emerson, Must-Know Small Business Cybersecurity Statistics for 2025
    Why it matters: SMBs face breaches costing between $826 and $653,587—with one in four vulnerabilities tied to vendor relationships. Third-party risk and cost exposure remain top vulnerabilities.
    What to do: Map your vendors, assess their security, and factor in insurance or reserve funds to absorb attack costs.

  4. Cyber Insurance: A Critical Shield

    Source: MoneyWeek, Cyber insurance is critical to your business
    Why it matters: Breach costs now average thousands of pounds—even small SMEs risk closure without coverage. Cyber insurance adds both financial protection and preventive support.
    What to do: Explore policy options for your business—check coverage for support services like risk assessment and employee training. (Read the fine print about what is actually covered and what is required of you to maintain coverage.)

  5. ShinyHunters Breach Hits Google’s SMB Data

    Source: Cyber News Centre, Google Falls Victim to ShinyHunters Salesforce Breach
    Why it matters: Hackers used voice-phishing to breach Google’s Salesforce and steal SMB contact data—showing even top tech firms can be vulnerable.
    What to do: Harden your CRM access by training staff against phone-based social engineering and limiting privileged access.

Not sure what applies to your business or what your options are? Let’s talk.

🔍 In Case You Missed It (ICYMI)

🤖 The LOL-gorithm

🧷 THE SAFETY SNAP

Whether you’re heading to a meeting or squeezing in some travel:

Verify your ride. If you use rideshare services, always confirm the car’s licence plate and driver’s name before getting in. Stand in a safe, well‑lit area and share your trip details with a trusted friend using the app’s built‑in sharing feature. Trust your instincts—if something feels off, cancel and request a new ride.

Lyft and Uber have rolled out a number of safety features. What was an interesting experience recently was being able to choose to be matched with women drivers. It was also interesting to see some of the other safety practices women drivers for Uber and Lyft are taking, such as having a code provided in-app that has to provided by the passenger to the driver to agree to take a rider. Like MFA for humans.

💬 A PERSONAL NOTE

To be quite honest, the week was a blur and I’m tired! Phew! I am excited because all of my kids will be in one place at one time for several hours, which is a treat now that some have headed off to college and have also gotten the travel bug.

In other news: one productivity tool I’ve enjoyed lately is Cora, an AI email assistant by Every. I’ve tried several email assistants. That was my holy grail. This is the first one that actually cut the amount of time I spent in my email while also making sure I didn’t miss anything. I slowly have stopped double and triple checking to make sure it’s catching everything important. (Their security seems to be good for most use cases. I wouldn’t use it for highly regulated industries or highly sensitive accounts, out of an abundance of caution.) What makes Cora unique: It’s not just slapping labels on my emails. It prepares an intelligent brief based on my emails and gives me easy ways to scan, digest what I need to know, respond with pre-drafted replies, make decisions, act on the items, and so on. It’s like nothing I’ve tried so far. (I do disagree with one of their bits of marketing copy that says it could replace a $150,000 Chief of Staff.) I discovered Cora from a Lenny’s Podcast episode (a must-listen to think deeply about product) about a company that is an AI-native startup. Take a listen.

👂 TELL ME

Are you finding this newsletter helpful? Do you have questions or topics you’d like me to cover? Let me know :-) [email protected]

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷