Technology Advisor Blog

Every year, Verizon publishes its Data Breach Investigations Report (DBIR), one of the most respected cybersecurity reports in the industry. The 2026 report analyzed more than 22,000 confirmed data breaches across 145 countries, making it one of the largest collections of real-world cybersecurity data available.

At Ekaru, we pay close attention to reports like this because they help us separate trends from headlines. Instead of relying on assumptions, we can see exactly how attackers are succeeding, where businesses are struggling, and what organizations can do to better protect themselves.

Before we dive into the findings, it's helpful to understand two terms you'll see throughout cybersecurity reports:

Incident: A security event that disrupts business operations, compromises systems, or creates a security risk.

Breach: A type of incident where sensitive information is actually accessed, stolen, or exposed to someone who shouldn't have it.

In other words, every breach is an incident, but not every incident becomes a breach. For example, a ransomware attack or website outage may be considered a security incident even if no customer or company data is stolen.

The biggest takeaway from this year's report is surprisingly simple:

Cybersecurity fundamentals matter more than ever.

While artificial intelligence, ransomware, and sophisticated cybercriminal groups continue to dominate the news, most successful breaches still come down to a handful of preventable issues. Here are the lessons small businesses should take away from Verizon's findings.

When many people picture cybercrime, they imagine hackers breaking into giant corporations with sophisticated tools and complex code. But for most small businesses, cybercrime today looks much more ordinary - and much more personal.

• It looks like an email from a trusted vendor asking for updated payment information.

• It looks like a voicemail that sounds like a company executive requesting an urgent wire transfer.

• It looks like a Microsoft 365 login page that appears completely legitimate.

And increasingly, thanks to artificial intelligence, these scams are becoming harder and harder to spot.

The FBI recently released its latest Internet Crime Complaint Center (IC3) report, highlighting billions of dollars in losses tied to cybercrime, including growing losses from AI-assisted scams and cryptocurrency fraud. While the numbers themselves are staggering, the bigger takeaway for local businesses is this:

Cybercriminals are getting better at pretending to be someone you trust.

 📩 Most employees have seen it. 

That little button in Outlook:
👉 “Report Phishing”
👉 “Report Junk”

During a recent Cybersecurity Town Hall with one of our clients in Boston, someone in the room asked about this button - The question most people haven't asked:

What actually happens when someone clicks it?
And more importantly - is anyone paying attention?

This is worth exploring.

Every year, the IRS releases its list of the “Dirty Dozen” - the most common tax scams they’re seeing across the country.

And every year, we have the same conversation with clients:

“I got an email that looked official… I just wanted to double-check before I clicked anything.”

This year’s list for 2026 is a reminder of something we’re seeing more and more - scammers aren’t just targeting individuals anymore. They’re going after small businesses, nonprofits, and busy teams who don’t have time to second-guess every message.

Let’s break down what matters most - and what to watch for.

The IRS “Dirty Dozen” tax scams for 2026 highlight the most common ways scammers target taxpayers and small businesses - from phishing emails and fake charities to misleading tax credits and identity theft. Understanding these scams can help you avoid costly mistakes, protect sensitive information, and reduce your risk during tax season. 

Is love in the air…or is it a romance scam? Whatever situation you find yourself in, if 2026 is the year for you to find love this Valentines Day, it’s generally good practice to know the person you are talking to. What I mean by that is ensuring the person of interest you met through a website or dating app is a legitimate person that’s actions and words add up. Romance scams are currently one of the highest scam methods in America. When using social media or the internet in general, it’s essential to have security and knowledge equipped to protect yourself, your time, your heart, and your personal information. At Ekaru, we provide users with educational cybersecurity awareness training, not to frighten you but to inform you to make thoughtful decisions. To react proactively when situations arise, the best form of defense is not always security tools, its knowledge.

Most of us barely notice CAPTCHA checks anymore.

You know the ones - the little box that says “I am not a robot”, or the quick image puzzle before you can move on. The little puzzle may ask you to select the images that contain traffic lights, bicycles, or crosswalks.  We see them so often that clicking through has become second nature. In fact, many people associate CAPTCHAs with extra security, not risk.

Coordinating a Wishlist for the holidays with your friends, family and loved ones can be challenging. Especially when no two people are the same. In a lot of cases, whether you utilize your time management right during the season or not, (it’s completely understandable if you don’t, it’s a stressful time in the work-life balance realm), sometimes the best gift, when you don’t know what to get, is a gift card.

As we enter Halloween, the larger national holidays such as Thanksgiving and Christmas are closing in. It’s a stressful time of year, causing a lot of folks to not act rationally how they usually would. Scammers are aware of this more than ever and will do whatever it takes for you to fall into their trap. How do they try to get you? Sometimes it’s not as obvious, sometimes its overlooking how a website HTTP link is typed out incorrectly. The term for this type of social engineering scam is called Typo squatting.

When keeping business operations alive, security is essential. Security isn’t just strong passwords of 16 or more characters across multiple different websites/accounts, or MFA, it’s a deeper-rooted step to take with your networks to prevent most cybersecurity threats.
From a 2021 Verizon study, “61% of small to mid-size businesses experienced a cyberattack in 2021”. In 2023 73% of small businesses faced cyber-attacks. In 2024, 94% of small to medium sized businesses faced a cybersecurity attack. The number keeps increasing each year with small businesses affected. Something must be done to protect businesses from such cyber attacks.

The mindset has probably come up multiple times in conversation; “I’m a small business, I’m too small to be known for hackers to try and target me”. It’s not exactly if it happens, it all matters as to when. Don’t wait until that ‘when’ turns into ‘today’ when you receive a socially engineered scam that looks legit. Scams are becoming harder to identify, when you are not investing in proper cybersecurity measures, the wrong people will notice you do not have the tools or budget.

Are you someone that does not want any trace of work on your phone with the intent of separate work from home? Well, you’re not alone.
It’s understandable that you would want to have a personal device that has no affiliation to work or receive any work-related phone calls. However, with threat actors ruthlessly and creatively generating scams for folks to fall victim to, it’s important to understand the benefits of using multi factor authentication across multiple devices.