During May, Microsoft released a critical security patch to address a vulnerability in remote desktop, or terminal services. Attackers are now leveraging this gap to breach unpatched Windows 7 desktop and Server 2008 R2 machines. This vulnerability requires no authorization or user interaction.

Everyone is familiar with frustrations stemming from computers, software or other devices not functioning properly in the workplace. These issues waste time and resources, especially in small and medium-sized businesses where IT support resources may be scarce, and time is of the essence.

Microsoft announced earlier this year they will be ending support and software updates for Windows 7 operating system on January 14, 2020. Any machine still using the system past that date will be vulnerable to security risks. Approximately 43% of Windows users are still running Windows 7 so this change will impact an enormous number of businesses and users.

Cybersecurity concerns affect nearly everyone in an organization. A company’s team members, as well as external clients, are connected through technology, and protecting systems and data from cyberattack becomes increasingly difficult and complex. At the same time, a shortage of trained cybersecurity professionals continues to grow.

Today’s hackers are often driven by political or financial motivations, or they may seek to gain notoriety. The more we know about how they think and act, the better we can protect our organizations from harm. Small and mid-sized businesses that lack the cybersecurity infrastructure of big corporations are especially at risk of exploitation.

Phishing attacks on small to mid-sized businesses are increasing in frequency and sophistication. Luckily for Office 365 users, some serious updates have been made in the defense against email phishing. In April 2018, Microsoft upgraded Office 365’s Advanced Threat Protection (ATP) features to better detect spoofed emails, compromised accounts, unsafe links, and harmful attachments, and thereby prevent a wide variety of phishing scams.

Small and mid-sized business owners have so much on their plate that being proactive about cybersecurity often gets pushed to the bottom of the to-do list. Unfortunately, it takes a breach or hack to bring this issue to the forefront of many organizations, but it doesn’t have to be that way.

In 2019, cyberattack damages for small to mid-sized businesses are expected to increase significantly. Verizon’s 2018 Data Breach Investigations Report found 58% of all cyberattacks target small businesses. Ransomware, fileless malware, and email phishing scams comprise a large portion of the attacks.

Fraudsters are becoming more creative with email attacks. As an example, C-Suite fraud is a scam impacting all business sectors, wherein cybercriminals spoof corporate email accounts and impersonate a C-Level executive (CEO, CFO, COO, etc.) to trick unsuspecting employees into executing a task such as wiring funds for a transaction, revealing personally identifiable employees’ information, or sharing company trade secrets.