Simplify in 3: Stop spam, phishing & protect your money

Simplify in 3: Three weekly tips to grow your business, stay organized, and save time without the overwhelm.

It's Cybersecurity Awareness Month, and this year's focus is on small businesses like yours.

Before: Registering your business means your contact info is now out there in the world. And yes, there's definitely an uptick — if you're noticing a surge in spam and phishing emails, you're not alone. One wrong click and someone's in your bank account or payroll system.

After: In 30 minutes, you'll know what to watch for and have significantly reduced your risk. No security degree required.

Your 3 Actions

🛡️ 1. Turn on two-factor authentication (2FA) everywhere

Why it matters: Your email and bank accounts are the gateway to everything else. Two-factor authentication (the thing that texts you a code) stops 90% of automated attacks.

Do this today:

• Turn it on for: email, bank, payroll, cloud storage, CRM, and password manager
• Use an authenticator app (Google Authenticator, Authy) instead of text messages when you can
• Update your recovery info: remove old phone numbers and emails you don't use anymore

Time: 15–20 minutes

👉 Team or family message to copy/paste:

"Everyone: Turn on two-factor authentication for work email and banking by end of day tomorrow. Use an authenticator app if available."

✉️ 2. Create one email filter to catch suspicious attachments

I got an email recently with immediate red flags — so I marked it as phishing.

Why it's phishing:

• Unexpected payment notice with a vague subject ("Payment for order Invoice has been approved") — pressure/urgency to act
• Sender is unfamiliar / odd domain (henricco.torquatro@eaportal.org) that doesn't match any vendor I work with
• Massed recipients (lots of people in the To line) — phishing campaigns often blast many addresses
• Weird capitalization/grammar in the subject — common in scam messages
• Likely contains an invoice/attachment or a link asking for payment/credentials — never open those from an unverified sender

What I did: didn't click anything, reported it as phishing, and deleted it. If you get something similar, forward it to your IT/security contact and verify any payment requests by calling the vendor on a trusted phone number (don't use numbers or links in the email).

Why it matters: Most breaches start with a convincing email. One filter dramatically reduces your risk.

Do this today (in Gmail):

• Create a filter that catches unexpected attachments from outside your company.
• Search for: has:attachment -from:yourdomain.com
• Replace yourdomain.com with your actual domain (e.g., simplifyai.tools)
• What this does: The -from (read as "minus from") part keeps your legitimate company emails flowing normally. Only attachments from outside sources get filtered.
• Action: Skip inbox, apply label "Review"
• New rule/mindset: If you didn't expect an attachment, don't open it. Forward to your IT person (or yourself) and mark as spam.
• Report obvious phishing (three dots → Report phishing) to help Gmail learn

Time: 10–15 minutes

Team or family message to copy/paste:

"New rule: Do not open unexpected attachments. Forward to [your email] and mark as spam."

💳 3. Freeze your credit and turn on bank alerts

Why it matters: Scammers move fast. Credit freezes prevent new accounts being opened in your name. Bank alerts let you catch fraud in real time.

Do this today:

Freeze your credit (free and reversible):

• Equifax: equifax.com/personal/credit-report-services/credit-freeze
• Experian: experian.com/freeze
• TransUnion: transunion.com/credit-freeze

• Turn on transaction alerts for all business and personal bank accounts (both email and text)
• Check Gmail forwarding: Settings → Forwarding and POP/IMAP → make sure no one unexpected has access

Time: 15–20 minutes

Team message to copy/paste:

"I froze my credit and set up bank alerts. Please do the same and confirm when done."

💬 GenAI Prompt (Copy & Paste in Claude or ChatGPT)

"Act as a small-business security advisor. Review this list of our accounts: [paste your list]. Give me the top 5 security priorities for the next 30 days, with one simple action for each."

This creates a custom checklist for your specific setup.

💡 Mindset Reset

You don't need to secure everything at once. Pick the highest-risk area (probably email or banking), do the three actions above, and you've raised your defenses significantly.

A little effort today avoids a lot of cleanup later.

🔐 Bonus: Password Manager Recommendation (Mac & PC)

If you don't use a password manager yet, start with Bitwarden (free tier is excellent):

• Stores all your passwords securely
• Works on Mac, Windows, phone, and browser (you can always access it)
• Can unlock with your fingerprint (Touch ID on Mac, Windows Hello on PC)
• Bonus: Also stores "passkeys" — the new password replacement that's nearly impossible to phish

Get it: bitwarden.com

Pro tip for Mac users: If you have an Apple Silicon Mac (M1, M2, M3) but use an external monitor, get the Apple Magic Keyboard with Touch ID (~$150). It gives you fingerprint unlock on your desktop setup, which means unlocking Bitwarden becomes instant instead of typing your master password every time. I use Touch ID to unlock Gmail and many other apps.

For Windows users: Most modern laptops have built-in fingerprint readers that work with Windows Hello. If you're on a desktop, add a USB fingerprint reader like the Kensington VeriMark (~$40) for the same instant-unlock experience.

Want to add a security key for your most critical accounts? YubiKeys are the gold standard. They're small USB devices that make it nearly impossible for someone to access your accounts even if they have your password. Only get these if you're already using a password manager and two-factor authentication. Don't skip the basics for the fancy stuff.

Which action are you tackling first? Hit reply and tell me — I read every message.

Know a business buddy who needs this? Forward this to them.

Let's keep it simple and sustainable.

Anne-Cécile Guillot Bellisario
Your AI-Powered Business Coach
Founder, Simplify with digital and AI

PS: If you found today's tips helpful, hit reply and tell me which one you're trying first — I read every message.

P.P.S. — I'm building something new: Simplify AI Signal — a tool to help you grow your voice and engagement on LinkedIn. It researches articles based on your interests, helps you draft posts in your voice, and creates custom feeds (by person, company, or topic) so you see what matters to you — not what the algorithm wants you to see. We're building this to fight the algorithm and amplify underrepresented voices. Interested in early access? Reply with "Signal".