In the world of cybersecurity, it is difficult to protect yourself if you don’t know what you are up against. Cyberattacks succeed because many individuals and organizations are unaware of the types of threats that leave them vulnerable to security breaches. The following guide will help you recognize and prevent cybersecurity attacks.


Phishing occurs when a hacker sends an email posing as a trustworthy organization or individual with the objective of acquiring sensitive information. It is the most commonly deployed form of cybertheft. Hackers use phishing campaigns because 62% of the time people who receive the phishing email will click on a link or open an attachment they shouldn’t and give their log-in information to the hacker.

Phishing campaigns succeed at a high rate because the emails appear to be from someone you know or a company you do business with. Hackers use company logos to create an authentic feel and an urgent tone to illicit a response. The email includes directions to clink a link and share sensitive information. 

There are several red flags to help you recognize phishing campaigns. The email may be from a hacker if the message contains one or more of the following indicators:

• Intimidating tone requiring swift action

• Vague subject line or generic greeting

• Incorrect sender email

• Grammatical and spelling errors 

• Request for private or sensitive information

• Request to open an email attachment

• Spoofed URLs and hyperlinks

If an email contains one or more red flag, delete the email or call the organization the email claims to be affiliated with to verify the veracity of the message (use the official website to get the phone number). 


Malware is similar to phishing in that 93% of malware is delivered via email. Malware, however, has a different objective. Phishing tries to get you to provide sensitive information, but Malware installs malicious software on your computer in order to cause damage or gain unauthorized access. Malware includes viruses, worms, Trojans, ransomware, and spyware. The need to be diligent is apparent as four out of five small to medium-sized businesses report that malware has evaded their antivirus software.

Prevent a malware attack using the following measures:

• Don’t click on links in emails or open email attachments unless you’re sure they are legitimate (call the sender if you are unsure).

• Stay away from questionable websites.

• Keep antivirus/antimalware software up to date.

Password Attack

Password attacks occur when a hacker uses keylogging software or brute force to learn a user’s password and access their private and secure data. Keylogging password attacks use software or devices to secretly monitor and log all keystrokes in order to gain access to users’ passwords. In a brute force attack, the hacker uses trial-and-error to guess the password. An example of this is the dictionary attack. The hacker systematically enters every word in a dictionary and any derivatives as a password until the correct password is discovered. 

Password attacks are particularly damaging to those who use the same password across online platforms. Although users find it easier to remember only one password, this leaves them particularly vulnerable in the event a hacker is able to discover the password as it can provide the hacker access to banking, social media, and even business accounts. 

Use the following suggestions to defend against key logging and brute-force password attacks.  

• Create passwords that are more than 20 characters long.

• Use a different password for each system.

• Use one-time passwords or two-step authentication.

• Install a system designed to detect keylogging software.

• Use a virtual keyboard.

Inside Attack

An inside attack occurs when someone with administrative privileges fraudulently misuses their credentials to gain access to sensitive company information. Former employees who leave on bad terms pose the biggest threat when it comes to inside attack. You can prevent this possibility by disabling access for former personnel upon termination.

Additional Resources

Now that you know the risks, you can take steps to protect yourself and your organization. If you have further questions or would like to work with a cybersecurity advisor, our team is here to help. Call 434.296.2156 or email us to set up an appointment today.  

Contact Us

© Copyright 2020 Thomson Reuters. 

Disclaimer of Liability
Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisors. Before making any decision or taking any action, you should consult a professional advisor who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided “as is,” with no assurance or guarantee of completeness, accuracy or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability and fitness for a particular purpose.




Nonprofit Insights


Valuation Report