by James Cavenaugh | May 1, 2026 | Email Security
Business email compromise at a law firm or CPA practice doesn’t always start with your firm. About half the time, from what the FBI’s IC3 reports show, the attacker compromises a vendor or a client first, and then uses that mailbox to defraud you. Which...
by James Cavenaugh | Apr 29, 2026 | Microsoft 365 Security
In January 2024, Microsoft filed an 8-K with the SEC disclosing that a Russian state-sponsored group called Midnight Blizzard had breached their corporate network and read the email of members of their senior leadership team. The attackers were in the environment for...
by James Cavenaugh | Apr 27, 2026 | Identity & Access Security
If your firm’s idea of multi-factor authentication is “we get a text message with a code,” you don’t really have MFA. You have something that feels like MFA, and that feeling is worth less than you think. NIST deprecated SMS as a second factor...
by James Cavenaugh | Apr 24, 2026 | Email Security
The FBI’s 2023 Internet Crime Report logged $2.9 billion in business email compromise losses. That’s the line that gets quoted. What doesn’t get quoted is the mechanism. Almost all of that loss runs through a tiny, boring piece of Microsoft Outlook...
by James Cavenaugh | Apr 3, 2026 | Compliance & Risk
In December 2023, the FTC finalized updates to the Safeguards Rule under the Gramm-Leach-Bliley Act that apply to tax preparers, accountants, and any business that handles consumer financial information. The rule now requires specific technical controls: encryption,...
