Series: January Reset for Oregon SMB IT — Part 4 of 4
Previously: Part 3’s annual tech physical. This closes the series with a clear defense plan for 2026.
New Year’s Resolutions for CYBERCRIMINALS (Spoiler: Your Business Is on Their List)
Somewhere, an attacker/criminal is making goals. They aren’t chasing “work-life balance.” They’re refining the tricks that worked in 2025 and scaling them in 2026. Here is their mindset …
1) “I’ll send emails that don’t look fake.”
AI now writes clean, timely messages. The fix: train people to verify money and credential requests using a second channel; add filtering that flags domain look-alikes.
2) “I’ll impersonate your vendors … or your boss.”
Expect bank‑detail change requests and “urgent” texts. Deepfake voice is no myth. Your counter: callback rules, known numbers only, and MFA on finance systems.
3) “I’ll target small businesses.”
Why push a bank when a Salem firm will pay $50k to get back to work? Basic controls make you tougher than the next target: MFA, patching, and backups that restore.
4) “I’ll exploit new‑hire season and tax chaos.”
Fresh inboxes and W‑2 scams spike in January. Teach policies in onboarding: we don’t email W‑2s; we verify payment requests by phone.
EXAMPLE:
Our Fictional business manager, Sam, at Clear As Mud Services, onboarded two hires in Bend. Before accounts went live, they conducted a 20-minute security briefing and enabled MFA across the board. Two days later, a “vendor bank change” request arrived. The bookkeeper called the vendor’s known number and caught the fraud. A boring policy beats a clever email.
Need guardrails? See Managed Cybersecurity https://www.10dtech.com/services/managed-cybersecurity and Emergency IT Support & Incident Response https://www.10dtech.com/services/emergency-it-support . Pair with Data Backup & Disaster Recovery https://www.10dtech.com/services/data-backup-disaster-recovery so ransomware is an inconvenience, not a shutdown.
Your 2026 defense in five moves
- MFA everywhere. Email, VPN, finance, admin portals.
- EDR + monitoring. Modern endpoint protection with eyes on alerts.
- Patch rhythm. Auto for endpoints; scheduled windows for servers.
- Backups that restore. Quarterly test restores and a written plan.
- People policies. Callback rules, no W‑2s by email, train new hires day one.
GET READY: Want a quick score on these five? (541) 243‑4103 • (971) 915‑9103 • https://www.10dtech.com/15min-assessment
Regional view
Spokane’s distributed teams, Portland’s vendor sprawl, Salem’s government adjacency, and Boise’s university ties all attract social‑engineering attempts. Local context matters … your playbook should, too.
Take Action: Get a one‑page 2026 plan you can share with finance and HR.
FAQs
1) What threats should Oregon SMBs expect in 2026?
Phishing-led to ransomware, account takeovers, and vendor payment fraud.
2) Is antivirus enough anymore?
No. Pair EDR with MFA, patching, filtering, and tested backups.
3) What can we do today to cut risk?
Turn on MFA, remove unused admin accounts, update endpoints, and verify backups restore.
4) If we’re hit, who do we call first?
Your incident response team. Then isolate systems and reset credentials.
5) Do we need cyber insurance?
Yes. Carriers often expect MFA, EDR, and proof of backup testing.
TAKE ACTION NOW
Take your business off the easy‑target list. Book your Free IT Checkup: call (541) 243‑4103 or (971) 915‑9103, or grab a time: https://www.10dtech.com/15min-assessment.
