Tech for Humans Newsletter

September 18, 2025

Most business owners don’t realize that when accounts get breached by a cybersecurity attack, it often isn’t obvious.

In fact, on average it takes more than 200 days before a company even notices. That’s a long time for someone else to be poking around in your systems.

This month, we’ll look at how these breaches slip under the radar and the signs you can watch for right now.

You’ll also learn a quick tech tip that could save you in an emergency, why most small businesses are still unprepared for cyber incidents, a gadget that makes note-taking smarter (and less wasteful), and a book that helps you solve problems by seeing the bigger picture.

So grab your favorite beverage of choice, get comfy, and let’s dig in.

Purple and Black Clean and Professional New Employee LinkedIn Post (5)

THE BIG IDEA

System Hack

🔐How Account Breaches Slip Under the Radar and How to Spot Them Before It’s Too Late

One of the biggest challenges with account breaches is how long they can go undetected.

If someone gains access to your Microsoft 365, Google Workspace, or email account, they often don’t start deleting files or sending spam. Instead, they quietly observe, gather information, and wait for the right moment to act.

According to the latest IBM Cost of a Data Breach Report, organizations take an average of 204 days to identify a breach and then another 73 days to contain it.

In other words, malicious activity can lurk in your system for nearly nine months before being managed.

Other industry data backs this up too: some organizations report that average dwell times, the time attackers remain in your system, can stretch to 280 days.

That’s more than two-thirds of a year in which attackers can poke around without being seen.

It also depends on the type of breach and the nature of the attacker. The most sophisticated ransomware gangs often remain hidden for months, corrupting backups, forcing victims to pay.

In some cases, they even search for the size of a company’s cyber insurance policy and then set the ransom to match. Nation-state actors and corporate espionage groups tend to linger even longer, siphoning off data.

On the other end of the spectrum, smaller ransomware gangs or hacktivists defacing websites usually operate much faster, going from breach to noticeable impact in days rather than months.

All that to say, you need to be aware of the potential signs of a breach. Here are some of the signs you should be looking out for.

Signs an Account Might Be Compromised

  • New or changed multi-factor authentication (MFA) methods

Attackers may try to disable or change MFA to avoid triggering alerts.

  • Unexplained account delegations or admin access changes

This can silently give someone else permissions they shouldn’t have.

  • Unusual file downloads or uploads

Small changes, such as moving documents or exporting data, can signal data gathering.

  • Notifications from external services

If shared documents or calendar items suddenly get comments or views from unfamiliar accounts, investigate.

  • Unexpected alerts from apps or services

A benign alert to you may actually signal an attacker has triggered (and silenced) the alert.

  • Changes to security or logging settings

If logs, alerts, or notifications suddenly stop working, it could be intentional sabotage.

What You Can Do This Week

  • Enable MFA everywhere. Yes, it’s a chore sometimes, but it stops most account takeovers dead in their tracks.
  • Weekly sign-in spot-checks. Look for weird hours, odd locations, or unfamiliar devices.
  • Audit email rules and delegation. Any mysterious forwarding or admin rights? Remove them immediately.
  • Set up alerts for logins from new devices, unusual locations, or multiple failed attempts.
  • Log and monitor admin/security settings. An easy way to know if someone’s quietly disabling your defenses.

The longer an attacker stays inside, the more they can do and the more expensive it gets. IBM data shows breaches that go beyond 200 days cost significantly more, around $5.46 million on average, compared to breaches resolved more quickly.

Breaches don’t need to be high drama. In fact, the worst ones go completely unnoticed until it’s too late. But with clearer eyes on the signs and simple, reliable steps, you can spot them early.

If you’d rather not dig through logs yourself, we can handle it for you. We’ll monitor activity, watch for changes, and let you know the moment something looks off, so you're never left wondering if something’s hiding in plain sight.

All you have to do is reach out.
JP Headshot

JOHN'S TECH TIP

 
Have One Printed Copy of Your “Break Glass” Info

If your password manager or email ever locks you out, a single printed copy of your must-have details (admin logins, MFA recovery codes, emergency contacts) can save the day. Keep it secure, keep it updated, and only for true emergencies.

latest news

⚠️ Ransomware Attack Hits Swedish Municipalities

On August 23, Miljödata—a major IT supplier for local governments—was hit by a ransomware attack, disrupting services across approximately 200 municipalities in Sweden. The incident led to outages in critical systems like HR, sick leave, and medical records, with authorities hinting that sensitive data may have been exposed. Fixed ransom was reported at around 1.5 bitcoin (~$163,000), reinforcing how supply-chain vulnerabilities can quickly escalate.
🤖 Microsoft’s AI "Project Ire" Learns Malware Detection by Itself

Microsoft launched a prototype AI named Project Ire, capable of reverse-engineering software to detect malware autonomously. In early trials, it accurately flagged 90% of identified threats in Defender, though it's only caught about a quarter of total malware—a promising step toward faster, automated defense.
💻 Fake "Zoom Invites" Deliver Malware via Trusted Apps

A new spear-phishing campaign is hitting over 900 organizations by mimicking legitimate Zoom or Teams invites. Attackers trick users into downloading ConnectWise ScreenConnect, a remote access tool, which then gives them full control of systems.

 

The Interesting Statistic

Laptop 2

Only 14% of Small Businesses Have a Cybersecurity or Incident Response Plan in Place

According to an Accenture Cybercrime Study, only 14% of small businesses have a cybersecurity or incident response plan in place, meaning the other 86% risk a messy, expensive scramble if something goes wrong.

The reality is that most breaches aren’t discovered right away, and when they finally surface, there’s usually panic:

Who handles it? Who needs to be told? What systems should be checked first? Without a plan, precious hours get wasted just figuring out where to start.

The good news? An incident response plan doesn’t need to be complicated. Even a simple one-page document (ideally printed) can make a huge difference. For example, yours could include:

  • Who calls IT first (or which provider you reach out to)
  • Who communicates with staff or clients so the message is clear and consistent
  • Where the backups live and how to restore them if needed

Having even this much written down can save you hours of stress and keep your team calm if the unexpected happens. And once you’ve got the basics, you can refine it over time instead of scrambling during a crisis.

The Gadget of the Month

eNotepad
If you’re still scribbling on sticky notes and piling up paper notebooks, it might be time for an upgrade.

The Rocketbook Core looks like a normal notebook, but it’s anything but. You write in it with a special pen, snap a photo with the app, and your notes are instantly saved to the cloud — Google Drive, Dropbox, OneNote, wherever you want them. Then, wipe the page clean with a damp cloth and use it again.

Everything gets stored digitally, while you still get the satisfaction of writing by hand. Plus, it's eco-friendly!

And unlike a regular notebook, this one doesn’t fill up. One Rocketbook can last for years, which makes its ~$40 price tag a no-brainer.

The book of the month

Thinking Book
Most business problems aren’t caused by one bad decision or one weak link. They’re caused by systems.

That’s what Donella Meadows explains in Thinking in Systems, a classic book that shows you how to see the bigger picture, spot the hidden patterns, and make smarter decisions by understanding the systems that drive results.

It’s not a heavy academic read. Meadows had a gift for explaining complex ideas in plain English. You’ll walk away with practical tools to think differently about bottlenecks in your business, recurring issues that never seem to go away, and even the way your team communicates.

If you’ve ever felt like you’re fixing the same problems over and over, this book helps you step back and see why. And once you can see the system, you can actually change it.
Disk Drive
DID YOU KNOW?
The first-ever disk drive (IBM 350 RAMAC, 1956) stored just 5 MB, weighed over a ton, and cost $10,000 a month to lease. Today you can buy a 1 TB drive that fits in your pocket for under $100. You get 200,000 times the storage for a fraction of the cost.

Thanks for reading!

My team and I put this newsletter together to share tech advice that’s actually useful, and (hopefully) even fun to read.

When we’re not writing these, we’re helping businesses like yours become more secure and stay productive without all the tech headaches.

If you ever need a professional opinion on anything IT related, simply hit reply and let me know.

We're here to help.

 

www.tnius.com

888-233-1792

Supporting the business community in the Greater Atlanta Metro area and throughout the Southeast U.S.

Transcend Logo tagline-web address right-text
Posted in Cybersecurity, Incident Response, Uncategorized

Leave a Comment