Tuesday, April 17, 2018

Are you ready for Voice over IP phones?

In just the last few years VOIP phone have made their way from cutting edge to main stream..  Do you know what it takes for a successful implementation?

Here are some things that you should look for:

- What type of internet connection do you have? If you are still on and old connection, it won't turn out well.. Look at cable or fiber connections. Now 50 meg circuits are rather common.

- Evaluate your internet usage, if you have high data usage, consider a 2nd circuit for the voice system.

- Check your hardware infrastructure. Are you on old switching hardware? If so look at upgrading to a gigabit switch, it will help managed the throughput.  Consider what your firewall is capable of! The Firewall needs to be able to give priority to the voice traffic. Often referred to as QOS (Quality of service)  The hardware, especially the firewall is the most often overlooked key piece of the system.

- Picking a good service is key, do you want a managed cloud service? Or do you want to purchase a premise based voip system? The cloud service required better internet, while the premise system is still reliant and depended on local phone lines, and or hardware.  The cloud system will often have greater redundancy and fault tolerance this equal less down time.

Evaluate your needs..

- How many users?
- How many groups? What are they?
- Do you have any remote extensions?
- Do you need a auto Attendant or will an operator answer the phones?
- Do you have remote extensions? Cell phones, Home office, remote workers?
- Map your current call flow. What happens when a call comes in.

Bit by Bit offers consulting services that can help you evaluate what you need for a successful implementation.

Contact us at 877.860.5831 or visit our website 

Monday, April 16, 2018

A free e-book from Bit By Bit to answer all your burning questions


If it has been a while since you've paid a visit to our site, we have a resource that we think you'll find extremely helpful. Our free e-book has a lot to say about why we think our support model can do more for your technology than in-house staff or a break/fix contractors.
20 Signs That Your Business is Ready for Managed Services is an exhaustive comparison of what various aspects of your technology probably look like now, and what they would definitely look like under the guidance of a managed IT services provider (MSP).
Our free e-book introduces a number of ways we can turn IT red flags into all-clear signals with no more than a flat monthly fee. With absolutely zero obligation, you can finally get answers to questions like: How can I increase the mobility of my employees? What tools should I be utilizing to gain access to better performance metrics? And, how can I improve the speed of my technology deployments?
Don't forget to fill out the self-assessment on the final page and contact us with any questions you have about the content. Until then, sit back and enjoy some free advice from our experts!

Blog www.3boffice.com

Signature Image
Robert Blake Consultant
Bit by Bit Computer Consultants
721 North Fielder Suite B, Arlington TX 76012
Managing technology and Protecting Data.


[Heads-Up] Phishing Scam of the Week: Bad Guys Sink to Scary New Low

[Heads-Up] Phishing Scam of the Week: Bad Guys Sink to Scary New Low
Email not displaying?
View Knowbe4 Blog

CyberheistNews Vol 8 #16   |   April 16th., 2018

[Heads-Up] Phishing Scam of the Week: Bad Guys Sink to Scary New Low 

So, this one is the next new criminal low.

This particular phish spoofs a campus-wide security alert for a community college in Florida.

Given that it appears to be tailored to a particular educational institution and its students and employees, it's a good bet that other educational institutions could see similarly targeted phishing attacks. From there, the campaign will move to other targets.

What makes this particular attack so infuriating is that it exploits current concerns over active shooters on education campuses — a sensitive issue that could likely generate panicked, reflexive clicks from recipients who are already on edge over the recent shooting at Marjory Stoneman Douglas High School — also in Florida.

This social engineering scheme could be easily used against any school system, state and local government, large private corporations (think of the recent mass shooting at YouTube headquarters) — or any organization that is likely to have established active shooter protocols and training in place.

If there is any saving grace with this phish, it lies with the awkward choice of language ("an emergency scare"), which should tip off most users that something is not right with this email. Those for whom English is second language might not pick up on that, though, and students whose native language is not English are quite common on college campuses.

We have seen several variations on this Scam of the Week with the following subject lines:

"IT DESK: Security Alert Reported on Campus" "IT DESK: Campus Emergency Scare" "IT DESK: Security Concern on Campus Earlier"

All three contain embedded links that lead to credentials phishes that spoof Microsoft — a large IT presence on campuses.

It's worth noting that institutions of higher education are at higher risk for phishing attacks generally, as well as ransomware attacks.

I suggest you send this email to your employees, friends and family, whether they are in a college or not. You're welcome to copy/paste/edit: 

"Heads-up. You'd think it could not get any worse, but some bad guys have sunk to a new low. They are now exploiting recent active shooter events on campus to get people panicked and "click-by-reflex" to find out if a loved one is safe.

This same phishing attack could be used against any organization with an active shooter protocol and training in place. If you see emails with titles like: 

  • "IT DESK: Security Alert Reported on Campus"
  • "IT DESK: Campus Emergency Scare"
  • "IT DESK: Security Concern on Campus Earlier"
Please think before you click, and look for any red flags related to a phishing scam. In any case, click on the Phish Alert Button to send this email to IT." 

In this particular case, KnowBe4 is *not* providing pre-made templates to send out. This type of template has what we call a high "runaway risk" meaning recipients will forward the simulated attack to authorities, the police, and/or call 911, causing a potential further escalation, downtime and possible harm.

We do not recommend KnowBe4 customers create this type of template and send it to their users either. Stick with messaging, PSA's, banners, posters and other awareness training methods.

This is the first time in our history that we recommend *not* sending a phishing template when we seen an attack like this.

Here is the blog post with screen shots:

And here is the general press release, intended as a general alert:

Please forward to anyone you think will benefit.

Let's stay safe out there. 

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
Ransomware, Phishing, and Pretexting in 2018 Verizon Databreach Report

Did you know that according to the new 2018 Verizon report, phishing emails account for 98% of all social engineering related incidents and breaches?

Ransomware and phishing attacks have garnered a great deal of recent attention in the cybersecurity community. As the Verizon Databreach Report has long warned, ransomware is the most common type of malware carried by phishing attacks. It's used in 56% of such incidents.

Ransomware is very effective for criminals. It exposes them to relatively little risk. But even as ransomware surges in criminal use and popularity, there are signs that businesses and local governments aren't investing in appropriate security against it.

Social engineering schemes such as phishing and pretexting are responsible for well over 90% of breaches. The targets of choice are finance and human resource employees. When successful the attackers can collect ransom in the six-figure range. Training users combined with common sense are essential in combating cyberattacks.

It only takes one person to click on a phishing email to put an entire organization at risk. The good news is that 78% of peopled know not to click. But let's try to help that remaining 22% and step them through new-school security awareness training.

Here is the full Verizon report: "Tales of dirty deeds and unscrupulous activities", which by the way, KnowBe4 contributes to with phishing data:
[LIVE Webinar] Levers of Human Deception: The Science and Methodology Behind Social Engineering

No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.

Join Stu Sjouwerman, CEO at KnowBe4, and Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4. We'll provide fun and engaging examples of mental manipulation in everyday life: from the tactics used by oily car dealers, to sophisticated social engineering and online scams.

Additionally, we'll look at how to ethically use the very same levers when educating our users.

Key Takeaways:

  • The Perception vs. Reality dilemma 
  • Understanding the OODA (Observe, Orient, Decide, Act) Loop
  • How social engineers and scam artists achieve their goals by subverting OODA Loop's different components
  • How we can defend ourselves and our organizations 
Date/Time: Wednesday, April 25, 2018, 2:00 pm ET
Register now - limited space available!
Britain Braces for Russian Cyber Warfare Targeting Transport Links, Water Supplies, Hospitals and Airports

The UK Mirror reported that Britain is braced for a wave of crippling cyber attacks in Russian retaliation for the Syrian missile strikes. Here is an excerpt:

"Vital transport links, water supplies, gas networks, banks, hospitals and air traffic control could be targeted following the joint assault on Bashar al-Assad's chemical weapons compounds on Friday night.

Experts believe hackers in Moscow are already trying to break into key computer networks that could bring the UK's infrastructure to a halt. Full story at the KnowBe4 blog:
"I get my audits done in half the time and half the cost".
- Join our Live Demo of KnowBe4's Compliance Manager.

Join us on Tuesday, April 17, 2018, at 2:00 PM (ET) for a 30-minute live product demonstration of KnowBe4's Compliance Manager to see how you can simplify the complexity of getting compliant and ease your burden of staying compliant year-round. 
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • Ability to build your own templates using our simple custom template feature.
  • You can assign responsibility for controls to the users who are responsible for maintaining them.
  • Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation. 
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Finally, an affordable and user-friendly compliance management tool!

See how you can get audits done in half the time at half the cost. Register now:

Let's stay safe out there. Here is something fun to read if you are traveling to RSA this week. 
Quotes of the Week
"Associate with people who are likely to improve you."
- Lucius Annaeus Seneca - Philosopher, Statesman, Dramatist (5 BC - 65 AD)

"Nothing can now be believed which is seen in a newspaper. Truth itself becomes suspicious by being put into that polluted vehicle. "I will add, that the man who never looks into a newspaper is better informed than he who reads them; inasmuch as he who knows nothing is nearer to truth than he whose mind is filled with falsehoods & errors."
- Thomas Jefferson, 3rd President of the United States from 1801 to 1809

You could say the same thing of the internet these days... 

Thanks for reading CyberheistNews
But if you want to unsubscribe, you can do that right here

You can read CyberheistNews online at our Blog
Security News
Positive Technologies Social Engineering Report: 17 Percent Fall Foul to Attacks

Employees download malicious files, click phishing links, correspond with hackers, and even share contact information for their colleagues.

Positive Technologies has released a new report "Social Engineering: How the Human Factor Puts Your Company at Risk", with statistics on the success rates of social engineering attacks, based on the 10 largest and most illustrative pentesting projects performed for clients in 2016 and 2017.

To verify the security of corporate systems, Positive Technologies testers imitated the actions of hackers by sending emails to employees with links to websites, password entry forms, and attachments. In total, 3,332 messages were sent. If the "attacks" had been real, 17 percent of these messages would have led to a compromise of the employee's workstation and, ultimately, the entire corporate infrastructure. Full story and link to report at the KnowBe4 blog:
[NEW WHITEPAPER] 10 Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

Organizations have been victimized by a wide range of threats and exploits, most notably phishing attacks that have penetrated corporate defenses, targeted email attacks launched from compromised accounts, and sensitive or confidential information accidentally leaked through email.

A survey conducted among corporate decision makers in early 2018 discovered that nearly 28% of organizations had experienced a phishing attack that was successful in infecting their networks. Don't let this happen to your organization.

Download the new Osterman Research white paper, Best Practices for Protecting Against Phishing, Ransomware and Email Fraud, and learn ten best practices you should consider to better protect your systems and network, train your users to be security-aware, and safeguard your organization's sensitive and confidential data from phishing attacks, ransomware, and CEO Fraud.

Get your copy here:
Forum Discussion at Spiceworks: "Are Your Users Human Firewalls or Are They Email Cannon Fodder?"

"This morning as I read through the lists of Phish Alerts my users are sending in this morning, I realize that not every IT guy has end users that actually do this work for them. I will get to what a Phish Alert is in a moment, but this lead me to think how many IT teams are being reactionary to email bound threats.

"Oh I know we all have our Email spam and virus filters. Heck I got two in sequence, but don't you know these danged Phishing emails still get through. Now I know the Spam and Virus firewall needs to be tended, but what about the brand new threats that pop up regularly or the Spear Phishing emails that are being hand customized to your executives?

"Your email filter would be so restrictive you would never get new emails from new potential clients. In fact just got off the phone with a former co-worker whose current employer has been hit by ransomware repeatedly. They clearly don't have a human firewall.

"I don't think we should stop trying to stop the ransomware from coming in, but we do need to train our users so they can be a part of the solution and not part of the problem." Here is the full discussion with lots of comments:
Social Engineering: A Trick as Old as Time

By Joe Gray who is speaking at RSA, April 15-20 in SanFran:

Social engineering is a growing epidemic that can be either an endgame in itself or a stepping stone toward bigger threats such as ransomware. This age-old tactic can be traced back to the Trojan Horse story featured in Virgil's "Aeneid" and Homer's "The Odyssey," from which the malware variant gets its name.

Modern Social Engineering Tactics

Today, social engineering exists in a variety of forms, including phishing, spear phishing, vishing (voice phishing), pretexting (impersonation), whaling (phishing targeting the C-Suite), smishing (SMS phishing) and more.

Of these threats, phishing and spear phishing seem to be the most common. Think of the typical ebb and flow of emails: You might receive legitimate messages, sales pitches, spam and bald-faced phishing attempts throughout the course of a normal day.

Run-of-the-mill phishing emails will likely wind up in your spam folder, but with a little open source intelligence (OSINT), an attacker can develop a pretext to appear at least quasi-legitimate. Full story at SecurityIntelligence:
Social Engineering: It's Time to Patch the Human

You know the phrase. "Social engineering: Because there's no patch for human stupidity." But there absolutely is, says Jayson Street.

"They're not a liability, they're an asset. [Humans] are the biggest intrusion detection system that you're going to get."

Jayson Street, the DEF CON Groups Global Ambassador, and VP of InfoSec for SphereNY, has likely forgotten more about social engineering than some of us have learned over the years working in security.

That's not fluff, he really does live for this stuff.

Our conversation with Street started passively, a simple question asking him about his conference plans this year.

As it turns out, Street has a training class this year at Black Hat in Las Vegas, along with April C. Wright, where the goal is teaching security teams to create human intrusion detection systems. Full story at CSOonline:
Compromised Credentials: An IT or an HR Issue?

Whose fault is it when credentials are compromised? IT or HR? Dow Jones Customer Intelligence on behalf of Centrify recently surveyed eight-hundred executives in the UK and the US on the risk posed by credential compromise.

The results suggest that too many of them think it's basically an HR issue. Worse yet, they tend to underrate the risk credential compromise poses to their organization. Consider that credentials are among the more common targets of social engineering.

Consider also that compromised credentials can enable hostile outsiders to act as if they're trusted insiders. Protecting the organization requires a whole-of-company approach, and the centerpiece of any such approach should be realistic training tailored to your business's needs.

And do explain to your executives what someone who had credentials for your networks could do to you. Global Banking and Finance Review has the story:

Here is a complimentary tool to find out which of your credentials actually *are* compromised:
Not All Polls Are Benign

Phishing personal information is easier than you think. What is your first pet's name? Who was your first-grade teacher? What is your favorite vacation spot? Do these questions sound familiar? They should...many financial institutions use questions like these to set your "secret word," or the answer to the security questions that you can use to unlock your account if you forget a password.

Someone who knows those secrets can use them to gain unfettered access to sensitive and confidential information. Unfortunately, these questions and answers are also found on those innocent looking polls that are all the rage on social media. Lesson learned here: it's better to keep the name of your first pet private because "Fido" or "Sparky" may come back to bite you!

Not that Fido or Sparky would do that, really, but you get the drift. KrebsOnSecurity has the story:
What IT Pros Are Saying About KnowBe4 On Reddit

A Reddit user asked: "I just found this company called KnowBe4 and they claim to be the best at preventing and teaching about social engineering and cyber attacks. They have a complimentary tool that sounds like it sends an email to your employees that tells you if the users clicked on the link. I can't find reviews anyone online saying that they're actually good that don't seem really biased.

If anyone had used this service or used this company before in any means, please tell me what you think about them. If you know of any other tools like this that you used that can show who clicked on what link and record that data, please let me know. Thanks!

Here is what users on Reddit answered:

Now, about online reviews, here are a few sources that are not biased, and vetted before they actually get published. First there is Gartner Peer Insights. You can compare all major (and minor) players in our space here:

Next, Spiceworks, the world largest community of IT pros. They have a reviews section there as well, and "spiceheads" can rate a product from one to five stars:

Third, there is the independent G2 Crowd site, which does reviews of awareness training platforms as well. No one gets rewarded in any way for any of these reviews. You can sort by ratings, company size, user role and user industry:

And here is a Case Studies Page with some videos of existing users, links to the above platforms, and a few non-gated PDFs with Education and Financial Institution case studies:

And here is a recent email I received:

"Good morning, Stu. Thank you for checking with us! KB4 phishing tests have been very helpful for us to understand our users. Since we deployed, we have been testing our users on weekly basis. The click rate has been decreasing, which is good sign.

We have noticed some users who are always click happy, and our helpdesk team is contacting them to do a one on one training with the users to point what they have missed. Our users also have increased reporting of phishing, which is a good sign they are listening to the IT department.

It creates a nice trust/dialogue relationship between the business and IT. Thank you very much for the service, we appreciate it much!" - K.J. Security Specialist, CISM, CISSP, PCIP 
Interesting News Items This Week
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | Google | YouTube
Copyright © 2014-2018 KnowBe4, Inc. All rights reserved.

Wednesday, April 11, 2018

NJ Open House Tech Breakfast Invite

Tuesday, April 10, 2018

Simple Steps to Declutter Your Smartphone

The longer you have your smartphone or tablet, the more you discover what you can do with it. Unfortunately, the more you do with them, the more digital clutter they tend to collect. Not only does this result in simple tasks such as locating pictures turning into long and tiresome undertakings but it also bogs down your device, making it run slower. These tips will help to minimize the clutter that has collected over the ages on your smartphone or tablet so that it can be used to its full potential.

1. Transfer photos from your device to the cloud
Pictures are among of the greatest offenders when it comes to phone clutter. Now that so many people have high-end cameras right in their pockets, they naturally tend to take quite a few photos. So, as your first order of business, go through all of your photos. Sort them into albums, decide which ones are worth keeping, which ones are worth backing up, and which ones you don't care to see ever again. After you've done some weeding out, download a backup program such as Google Photos, which allows you to save any pictures you'd like to hold on to in the cloud rather than on your phone. Once you've finished backing up all of your pictures, the program offers the ability to clear up space by deleting photos from your device and saving them to the cloud where you can still access them at any time.

2. Find out which apps you use -- uninstall the rest
The next order of business is going to be getting rid of any unnecessary apps. The most natural and obvious place to start is just looking through your apps folder and uninstalling anything you don't feel the need to keep. However, a lot of people tend to leave apps alone that they haven't used in ages due to the "well, I'm sure I'll use it again eventually" mindset. That is why there's another process you can use for more efficient screening. First, clear your home screen of any and all app shortcuts. From then on, any time you want to use a specific app, find it in your apps folder and drag it back to the home screen. After a couple of days or so, the apps that you use regularly will be on your home screen and the ones left collecting dust in the apps folder can be uninstalled. Remember, uninstalling the app doesn't mean you can never use it again. If you find yourself in need, just locate it again in the app store.

3. Clear your device's cache
Another thing you can do to make sure you're freeing up as much space as possible is clearing your device's cache. This one is a bit more subtle and often overlooked if you're not entirely tech savvy. "Cache" refers to the data that your device saves from different websites or applications to access them more efficiently when you reopen them. That can be a good thing, but sometimes data gets saved from sites or apps that you may never plan on revisiting. In this case, the cache data being stored is simply wasted space. The process of clearing your cache is going to vary between devices, but it shouldn't be difficult to find. Try navigating to your device's settings and locate the "storage" section. Here, you're shown how much storage space is taken up and what exactly is occupying it. Sometimes there will be a convenient "clear cache" button right on the front of this page! Sometimes you'll have to click on each app in the section and clear their caches individually. Either way, it's a short and straightforward process that has the potential of freeing up a substantial amount of storage space.

Additionally, while you're in the storage section of your device, it's good to take a close look at what is taking up the most space. This part can show you if you have anything particularly cumbersome installed that you could do without such as game data or photos. Take full advantage of cloud storage services such as Google Drive to keep your documents, photos, etc. saved online rather than on your device.

With these handy tips, hopefully you'll be navigating your smartphone or tablet faster than ever before! No more scouring through hundreds of pictures to find the screenshot you took last week or holding on to data from a game that you haven't touched in a month. Make sure to keep this list handy so that you can revisit it. Performing these steps on a regular basis will prevent your devices from becoming bogged down again in the future.

Need more help with your technology? Visit our website or call 877.860.5831 x190
Robert Blake