Security

Business email compromise is a type of cyberattack in which a criminal impersonates a trusted business contact, such as a vendor, CEO or payroll manager, to trick employees into transferring funds or revealing sensitive data. These attacks are often highly targeted and convincing, using spoofed email addresses and urgent language to bypass normal verification procedures.

To protect against BEC:

• Always validate email requests for payments or sensitive data, especially if they seem urgent or unusual.

• Contact the sender through a known, trusted channel before taking action.

• Enable multi-factor authentication (MFA) on all email accounts.

Ransomware is a form of malware that encrypts a victim’s files or systems, holding them hostage until a ransom is paid, often in cryptocurrency. In many cases, even paying the ransom does not guarantee full recovery. Ransomware can enter through phishing emails, malicious downloads or unsecured networks.

Prevent ransomware attacks by:

• Keeping software and systems up to date with the latest security patches.

• Backing up data regularly and storing backups offline.

• Training employees to spot suspicious attachments and links.

Credential stuffing occurs when cybercriminals use stolen username-password pairs from one breach to try logging into other systems. Because many people reuse passwords, attackers often succeed.

To prevent credential stuffing:

• Never reuse passwords across sites or applications.

• Use a password manager to store and generate unique credentials.

• Enforce MFA and monitor for unusual login behavior.

Phishing is a type of cyberattack where scammers impersonate trusted entities—such as a known company, vendor or colleague—to trick recipients into revealing personal information, clicking malicious links or downloading malware. These messages often arrive via email or text and may appear highly convincing, using real logos or spoofed addresses.

To protect against phishing:

• Verify the sender’s email address—legitimate isolved emails will always come from @isolvedhcm.com.

• Hover over links to preview URLs before clicking and ensure they begin with https://.

• Be cautious of urgent requests or threats demanding immediate action.

• Never share passwords or login credentials via email.

• Enable MFA to protect accounts even if credentials are compromised.

If you receive a suspicious message, report it to your IT/security team and delete it. If you’ve already clicked or entered information, change your password immediately and notify your administrator.

A zero-day vulnerability is a software flaw that is unknown to the vendor and actively exploited by attackers before it can be patched. These vulnerabilities are especially dangerous because there is no defense until the flaw is discovered and fixed.

Protect your business by:

• Keeping all systems updated and patched as soon as fixes are released.

• Using endpoint protection tools that detect abnormal behavior, not just known threats.

In a MitM attack, a hacker secretly intercepts and possibly alters the communication between two parties, such as between an employee and a payroll system, without their knowledge.

MitM prevention tips:

• Avoid using public Wi-Fi for work-related tasks unless connected via a secure VPN.

• Always check for HTTPS in the browser when accessing sensitive systems.

• Use encrypted communication channels and ensure session timeouts are enabled.

Spoofing refers to a cybercriminal disguising their communication—email, website, phone number, or IP address—to appear as someone trustworthy. The goal is to deceive the recipient into providing access or information.

To identify and avoid spoofing:

• Double-check email addresses, URLs and sender details.

• Be wary of slight misspellings or formatting inconsistencies.

• Validate requests through secondary means.

MFA requires users to verify their identity using more than one credential, usually something they know (password) and something they have (authenticator app, code or hardware token). MFA dramatically reduces the risk of unauthorized access, even if a password is compromised.

A data breach occurs when unauthorized individuals gain access to confidential, sensitive or protected information. Breaches can involve personal data, financial records, employee credentials or customer databases.

To minimize risk:

• Restrict data access to only those who need it.

• Monitor systems for anomalies and maintain robust logging.

• Train employees on proper data handling and incident reporting protocols.

Report Security Concern

isolved receives hundreds of audits, cyber and risk-related requests annually. Our audit management approach and this Trust Center should provide the details needed to satisfy your requirements. However, we can provide additional information under Non-Disclosure Agreement (NDA) and, in some circumstances, are willing to host an on-site review with select executive management and expert resources. Please contact your isolved business partner for additional information.