Protecting Small Businesses from the Growing Threat of Social Media Cyber Attacks

In today’s digital age, the power of social media is undeniable. It connects businesses with their customers, drives marketing efforts, and boosts brand visibility.  

However, as the influence of social media grows, so does the threat of cyber-attacks. Small businesses, in particular, find themselves vulnerable to these attacks, with limited resources and support. We have recently helped multiple Hampton Roads Businesses recover from Social Media Attacks and here is what we have learned. 

  • In 2023, 25% of Facebook accounts were hijacked, while the hacking percentage of Instagram accounts reached 85%.
  • Facebook accounts are the most compromised account types in the United States, reaching around 67,941 every month.
  • Around 64% of data breaches that occur in smartphones are for financial reasons.


The Problem Areas

Social media cyber-attacks are a rapidly growing menace, targeting small businesses with alarming frequency. These attacks take various forms, from phishing attempts to account takeovers and impersonations.

  1. Phishing Attacks: Cybercriminals often use deceptive emails or messages that appear legitimate to trick employees into revealing sensitive information or login credentials.
  2. Account Takeovers: Once hackers gain access to a business’s social media accounts, they can wreak havoc by posting damaging content or hijacking communication with customers.
  3. Impersonations: Perpetrators impersonate your brand, potentially causing confusion among your audience or even committing fraud in your name.


Negative Impacts

The consequences of social media cyber attacks on small businesses are far-reaching and detrimental. Here’s what can happen:

  1. Financial Losses: Cleaning up the mess left behind by cybercriminals can be expensive. Moreover, the loss of customer trust can lead to a decline in sales.
  2. Brand Reputation Damage: Cyber attacks can tarnish your brand’s reputation and erode the trust you’ve built with your audience over time.
  3. Lost Time and Downtime: As you scramble to respond to an attack, your business can experience significant downtime, impacting productivity and profits.


What Small Businesses Can Do

The good news is that there are proactive steps small businesses can take to protect themselves from social media cyber attacks:

  1. Strong Cybersecurity Measures: Invest in robust cybersecurity tools and practices, including secure password management, multi-factor authentication, and regular software updates.
  2. Employee Training: Educate your team about the risks of social media cyber attacks and how to identify potential threats. Ensure they understand the importance of not clicking on suspicious links or sharing sensitive information.
  3. Monitor Social Media Accounts: Regularly monitor your social media accounts for unusual activity. Quick detection can help mitigate the damage.


How Valor Cybersecurity Helps Our Community

At Valor Cybersecurity, we understand the unique challenges small businesses face in today’s digital landscape. We’re here to provide expert guidance and support:

  1. Expertise in Digital Account Management: Our team specializes in digital security, ensuring that your business is up to speed with best practices.
  2. Cybersecurity Solutions: Valor offers a range of cybersecurity solutions tailored to the needs of small businesses. From training and awareness to account monitoring, we’ve got you covered.
  3. Incident Response: In the unfortunate event of a social media cyber-attack, Valor Cybersecurity can swiftly respond to contain the threat, minimize damage, and help you recover. We are dedicated to protecting your business in the face of evolving cyber threats, ensuring that your brand remains secure and resilient.

Overall, social media cyber attacks pose a real and growing threat to small businesses, and the lack of support from social media giants like Meta (formerly Facebook) can leave business owners feeling vulnerable. However, by taking proactive steps to protect your brand and partnering with experts like Valor Cybersecurity, you can defend your business against these threats and safeguard your reputation and financial stability.

Don’t wait until an attack occurs; act now to fortify your defenses and ensure that your small business remains resilient in the face of evolving cyber threats.

Reach out to Valor Cybersecurity today, and let us be your trusted partner in the battle against social media cyber-attacks. Your business’s future depends on it.

Author(s): Greg Tomchick 

If you are interested in determining if your business is at risk, schedule an expert assessment here.

If you like our content, please subscribe today and check out our other channels.

Digital Risk Digest Newsletter | YouTube | LinkedIn | Twitter

Data Leak Compromises Information of Thousands of Hampton Roads Patients

NEWPORT NEWS, Va. (WAVY) – A data leak is impacting thousands of patients of healthcare systems around Hampton Roads, including the Sentara Health system.

Credit Control Corporation, otherwise known as R&B Corporation, fell prey to hackers, according to a report published by the Attorney General’s Office of Maine. Hackers accessed files that included patients’ personal information, including names, addresses and Social Security numbers.

Included in the breach are Children’s Specialty Group, Dominion Pathology Laboratory, Emergency Physicians of Tidewater, Medical Center Radiology, Mary Washington Healthcare, Riverside Health System, Sentara Health and Valley Health.

“We classify it as third-party risk,” said Greg Tomchick, CEO of Valor Cybersecurity. “It’s a risk of working with someone who’s working with your business, and at the end of the day, that brings a risk.”

While the origins of the hack aren’t made public, Tomchick said that 85% of cyber incidents occur through email. Commonly, bad actors monitor employees, learning their names and roles. They make email accounts nearly identical to people the employee corresponds with. They send a link, pretending to be a colleague or someone known to the victim. The victim, by clicking on the link, can open the door of the company wide open, Tomchick said.

Tenilces Adams of Norfolk said she’s a patient in the Sentara Health System. She told 10 On Your Side she was disturbed to learn that she is a victim of the attack. 

“It’s not acceptable,” Adams said. “I was real upset when I first found out. I was worried about what information do they have. It can mess up your credit or whatever. Somebody can get your identity or something like that.”

Adams said that she intends to regularly check on her credit score through a bureau such as Credit Karma or Equifax.

Victims of the data breach are offered a year of complementary credit monitoring through Kroll. Adams said she would not accept the services because she has already lost trust in CCC.

She said that she is disturbed her information was shared through an avenue intended to make her safe.

“I thought my information would be protected. You go to the doctor, you think that your information would be protected you put all your information out there to them,” she said.

Tomchick said the best way to defend against attacks like this is to train employees to recognize attempts to sneak into networks.

“It all starts with training and awareness,” he said. “So, making sure that that person who potentially clicked on the link is now trained to be able to recognize that. I think that’s really the starting point,” if the leak originated through a phishing scam. He also said that many companies are moving to advanced monitoring to filter suspicious emails before they hit employees’ inboxes.

Sentara Health released a statement through spokesman Dale Gaulding.

“Sentara is one of many CCC customers in health care and other businesses affected by this breach. CCC is providing mailed written notices of the incident and the steps they are taking to mitigate it. The security of Sentara patients’ and members’ personal information is important to us. We encourage patients or health plan members who received a letter and have additional questions to contact CCC in the manner described in the letters,” Gaulding wrote.

Check out the full story: Data leak compromises information of thousands of Hampton Roads patients (

Want to find out how you can prevent this from impacting your organization? Don’t worry, we’re here to help!

Give us a call at (757) 276-8412 or email us at

Whether the Valor Team can help you now or in the future, we remain poised to support your business’ success and protection.  

Defense contractors must prepare for ‘trust but verify’ era

Defense contractors across the U.S., including those in and around the District of Columbia, are facing new and more stringent information security regulations that require companies to pass additional hurdles before engaging in contract work with the Department of Defense and its ancillary agencies.

These regulations, some of which may begin appearing in RFPs as early as this spring, trace their roots back to early 2020 when the DoD, in partnership with Carnegie Mellon and John Hopkins, formed what is known today as the Cybersecurity Maturity Model Certification (CMMC) program, governed by the Cyber Accreditation Body (Cyber AB). The program requires all Defense prime and subcontractors who access, store and/or transmit Controlled Unclassified Information to implement a specified level of cybersecurity.

The upcoming contract requirement known as the DFARS 7021 clause adds a “trust but verify component” to existing federal contract data protection identified under DFARS 252.204-7012, Safeguarding Covered Defense Information & Cyber Incident Reporting. Prior to CMMC’s release, defense contractors were able to self-attest that the businesses were abiding by established contract security standard.

All that is changing now.

While these regulations will undoubtedly mean additional time and effort for defense contractors, they are essential to ensure that sensitive information is kept secure. With more than 500 government contractors in the Hampton Roads, Virginia, area alone, preparing for these new requirements is of utmost importance. Those who do so most efficiently and effectively are likely to come out on top in the highly competitive government contracting landscape.

To prepare for the new regulations, organizations should take proactive action to determine their gaps, prioritize resource allocation to address those gaps, and continually adjust to the moving target of cybersecurity compliance across the DoD contracting landscape.

Here are a few key steps for accomplishing those objectives:

  • Review any existing (if applicable) or upcoming contracts to identify security requirements/DFARS clauses.
  • Identify whether the business handles only FCI or more sensitive CUI (Controlled Unclassified Information). As a reference, a company’s contracting officer should be able to assist in determining this.
  • Review NIST 800-171 controls in preparation for performing a security controls analysis.
  • Ensure there is an established company-wide cybersecurity training program, to include initial and ongoing cybersecurity awareness and education. Continuous cyber training will empower and enable company personnel to identify threats and mitigate their business impact.
  • Consider obtaining outside resources, either over the short-term or long-term, to supplement in-house resources to help identify gaps in the organization’s readiness posture, assist with drafting operational security policies, and to help position the organization for continued CMMC compliance.