Wednesday, December 30, 2020

2021 Trend Watch: Ransomware Never Goes Out of Style

Ransomware is the monster under the bed that every company should be worried about these days. From stealing data to disrupting operations and even nation-state hacking, ransomware was a favored tool of cybercriminals worldwide in 2020 – and that looks set to continue in 2021.

Ransomware surged at the start of the pandemic, with an incredible 148% increase in attacks in March 2020alone. In Q3 2020, researchers estimate that cybercriminals successfully completed at least 1 new ransomware attack every day. That’s not a trend that your business wants to get in on.

Protecting your business from cybercrime like ransomware starts with building a strong cybersecurity culture. It’s important to make sure that every one of your staffers is up to date on the latest threats and following cybersecurity best practices – after all, they’re part of your security team too.

Using a solution like BullPhish ID to help employees learn to spot and stop phishing attempts is essential these days- phishing messages are the number one delivery system for ransomware. Plus, adding a secure identity and access management solution like Passly adds powerful protection against cyberattacks including ransomware by adding multifactor authentication, a recommended risk mitigation by CISA and other experts. 

Take smart precautions now to ensure that your business isn’t a trendsetter because no company can afford to be a part of the expected wave of continued growth in ransomware attacks in 2021.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Tuesday, December 29, 2020

Millions of Stolen User Records Create Risk for Your Business

Millions of Stolen User Records Create Risk for Your Business 

It’s not just information that’s stolen from your company that puts your business in jeopardy. Your company’s security is also in danger because of information stolen in data breaches at other businesses or through breaches at hospitals, government agencies, utilities, colleges, and other organizations – and that risk is growing every day as more information makes its way to the Dark Web.

Dark Web activity has exploded in 2020. The combination of millions of people suddenly working from home, a thirst for knowledge about the pandemic, and advancements in ransomware and other cybercrime technology has made it easier than ever for cybercriminals to get their hands on the information that they need to target and attack organizations – 60% of the information on the Dark Web has the potential to harm enterprises. 

One common way that cybercriminals use this information is to gather or obtain huge lists of passwords that have been stolen in data breaches around the world. It’s a well-known fact among bad actors that people tend to recycle passwords, often using a few that they cycle through for both work and home applications. If those passwords are stolen in a data breach and hit the Dark Web, they’re added to the pool that cybercriminals draw from when gathering ammunition for attacks.

That can create severe risks for your business. For example, if one of your staffers is recycling a favorite password by using it for both their company O 365 password and their personal Spotify account, and that password gets stolen in a data breach (Spotify has had 3 data breaches in 2020 alone), then cybercriminals now have a key that unlocks the front door to your business.

That’s why you should add Dark Web monitoring with a dynamic solution like Dark Web ID to your security plan. Find out that one of your company’s credentials has been compromised before the bad guys do with 24/7/365 monitoring using human and machine analysis. Dark Web ID constantly sweeps Dark Web data markets to find your potentially compromised credentials and alert your IT team immediately when one pops up.

Don’t take chances on an unexpected credential compromise incident, because even the best-laid security plan can be undone in a second with one compromised credential that goes undetected, allowing cybercriminals to slide right in to your business. Include reliable, affordable Dark Web monitoring in your 2021 security plan and gain peace of mind against unpleasant surprises like credential compromise from the Dark Web.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Wednesday, December 16, 2020

Fake Zoom Invites Bring Real Trouble

Is that Zoom invite from a new client or a cybercriminal? As many companies continue working from home, fake Zoom invites, bogus password reset messages, and social media ploys are just the latest tool that bad actors are exploiting to get their foot in the door at your business.

Scams like this are abundant this time of year, as people get busy with holiday activities or take time off and many offices are a little more lax. Without IT experts to turn to, your staffers could be at risk of falling for a malicious Zoom invite, a malware-laden LinkedIn message, or other unexpected phishing threat without knowing what to do about it.

Email attachments have become so notorious that cybercriminals are hunting for new ways to launch phishing attacks. But if you’re keeping your security awareness and phishing resistance training up to date, your staffers probably won’t fall for the ploy. Businesses that engage in regular security awareness training that includes phishing resistance reduce their chance of having a cybersecurity incident by up to 70%.

As long as it’s regularly refreshed, that is. Studies show that staffers retain the knowledge and skill developed through phishing resistance training for about 3 months. By instituting quarterly training at minimum, you’re not only keeping your staff on their toes to encourage good cybersecurity habits, but you’re also making sure they’re up to date on the latest threats.

BullPhish ID is the ideal training solution for in-office and remote staff. We add 4 new plug-and-play phishing resistance training campaigns every month to make sure that your employees are ready for the latest threats, including COVID-19 scams, Google’s biggest phishing topic in history.

Don’t wait until the newest phishing scam like fake Zoom invites or maladvertising is rocking your business, disrupting your operations, and draining your budget – commit to a dynamic security awareness training program now and save yourself a raft of headaches later.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Cyber Security Statistics

  • 41% of respondents in a survey of business owners had a cybersecurity mishap related to COVID-19
  • 94% of executives say their firms have experienced a business-impacting cyber-attack or compromise within the past 12 months
  • 47% of businesses reported experiencing five or more attacks in the last 12 months
  • 78% of respondents said they expect an increase in cyber-attacks over the next two years
  • 63% of security leaders admit it’s likely their systems suffered an unknown compromise over the past year
  • 65% of attacks involved operational technology assets
  • 21% of companies have adopted formal, enterprise-wide security response plans
  • 74% have ad-hoc plans or no plans at all for any type of incident
  • Only 39% of organizations with a formal, tested incident response plan experienced an incident, compared to 62% of those who didn’t have a plan
  • Having a tested incident response plan can save 35% of the cost of an incident.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Thursday, December 10, 2020

Amazon Brings Unwanted Holiday Gifts to Businesses

Amazon Brings Unwanted Holiday Gifts to Businesses 

Everyone loves giving and getting gifts – it’s part of what makes this season special. It’s the most wonderful time of the year for cybercriminals too. As you and your staffers buy everything from business essentials to toys on Amazon this holiday season, you’re opening your business up to extreme risk from phishing. 

While an increase in holiday-time phishing attacks isn’t unusual, the combination of people shopping from home because of the pandemic plus a huge increase in overall cybercrime spells trouble for your company in 2020. A recent report shows that Amazon-related phishing messages have more than doubled this year, and they’re continuing to climb, with a more than 60% increase in November alone. 

So how can you protect your business? By making sure that all of your employees are well-versed in the types of phishing schemes that cybercriminals are bringing to the table this year. Up-to-date training that’s regularly refreshed can lower your incidence of a cybersecurity problem by up to 70%, making it a smart investment in your business. 

insider threats like human error represented by the silhouette of a woman with her head in her hands in front of a laptop.

Is your company’s biggest security threat a member of your team? Learn to spot insider threats with this free resource package! GET IT>>

BullPhish ID is perfect for training your employees to be vigilant about the latest threats. We constantly update the plug-and-play phishing resistance training kits that are available to use for your business, including adding 4 new ones per month covering all the latest scams like COVID-19 threats.

Get your business a gift this holiday season – improved cyber resilience with a commitment to security awareness training with BullPhish ID that reduces your chances of becoming a victim of cybercrime. Your IT team will thank you when your well-trained staff avoids major cybersecurity blunders that would have caused huge problems – and your accounting department will thank you too because BullPhish ID is cost-effective and it could save you a fortune if you avoid even one cybersecurity disaster.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Tuesday, December 8, 2020

Monday, December 7, 2020

Wednesday, December 2, 2020

My second published book!! Chapter 8 Are you as secure as you feel? Why you should be intrusion testing your business network.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Cyber Risk Literacy is Critical for a Strong Defense

Cyber Risk Literacy is Critical for a Strong Defense 

Business cyberattack threats have never been higher. Massive increases in phishing (more than 600%), ransomware (more than 150%) and other cybercrime might keep you up at night, but are your staffers aware of exactly how important cybersecurity really is to your business? Your employees might not be on the same page as you are about cybersecurity risks – and that’s a problem that could end up costing you a fortune. 

For most people outside of directly technology-related positions, a cyberattack is a vague, hard to understand threat. It just doesn’t seem possible that one misclick on an email could cost a company millions. That’s why making risk literacy a top priority for every employee is crucial to maintaining a strong defense against cybercrime.

One effective way to increase your employees’ risk literacy is with regular, engaging security awareness training that includes phishing threats since phishing is by far the most common delivery system for cyberattacks. Over 90% of incidents that end in a data breach start with a phishing email and no company can afford that right now.

Insider threats include phishing. Explore cybercriminal tricks to stop phishing with our new book represented by a light blue comic panel of a phishing hook and old-fashionesd comic book style in light blue on dark blue

Uncover Cybercriminal Secrets to See How They Trick You Into Falling for Phishing Attacks & How to Fight Back!

Read Phish Files Now>>

BullPhish ID is the ideal choice to increase your staff’s risk literacy with memorable, easy-to-understand security awareness and phishing resistance training in 8 languages. Using engaging video lessons, risk information is served to your employees in bite-sized pieces for easy comprehension no matter how tech-savvy they may be. 

Online testing measures their retention of the lessons, giving you the information that you need to see who has a handle on security awareness and who needs more help. More than 80 training campaigns are available for you to use right now, and 4 more are added every month, including content about the latest threats like COVID-19 scams.

Training your staff to be aware of potential threats pays handsome dividends for your business – companies that engage in regular security awareness training have up to 70% fewer damaging cybersecurity incidents. By establishing a strong culture of cybersecurity awareness and giving everyone the help that they need to be part of the team, your company gets a huge overall cybersecurity boost that can make the difference between success and failure for cyberattacks now and in the future.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Monday, November 30, 2020

To Err is Human, But Preventing Expensive Disasters is Divine.

Making mistakes is part of being human. Even your most conscientious employees are bound to screw up at some point. But employee mistakes don’t have to be a gateway to cybersecurity disaster. Putting fail safes in place between your data and cybercriminals can mitigate the risk of employee errors.

While errors like misconfiguration and failure to patch software are dangerous, one particular source of employee error definitely tops the trouble list: passwords. In a recent survey, an outrageous 91% of employees admitted to reusing nor recycling passwords at work and between their work and home accounts, and password sharing is endemic.

Password compromise is by far the fastest, easiest way for cybercriminals to gain access to your systems and data. A password alone, even if it is updated regularly, will not provide strong protection for your systems and data – over 80% of breaches can be attributed to password hacking or password compromise.

Put extra protection between your business and employee errors like poorly made passwords by adding a secure identity and access management solution like Passly to your security plan. An expert-endorsed best practice and a requirement for compliance in many industries, multifactor authentication is your strongest shield against these types of brute force hacking attacks.

Passly also includes other highly recommended security tools like simple remote access control for IT staffers, secure shared password vaults, and single sign-on LaunchPads for every user to boost your endpoint security. This multifunctional dynamo can dramatically reduce your threat risk from employee cybersecurity errors at a price that fits any budget. 

Securing the access gateways to your company’s systems and data is the fastest, most effective way to prevent a small mistake from becoming an expensive cybersecurity disaster. Streamline access, improve endpoint security, and add the fail safes that you need to make sure that only the right people are accessing your systems and data in a flash with Passly.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Social Engineering is a Bigger Problem Than Ever in 2020. Here’s How to Fight Back.

Social Engineering is a Bigger Problem Than Ever in 2020. Here’s How to Fight Back. 

Cybercriminals these days are a lot smarter than you might think. Just like any other business, cybercrime gangs are always looking for ways to break through with a slick new attack style that scores them a big payday before cybersecurity professionals even have it on their radar. One of the most successful areas of expansion for cybercrime in 2020 has been social engineering. 

A major component of phishing-related cybercrime, the premise behind social engineering is very simple: to influence the target to take an action. Whether that action is to buy a certain brand of coffee, share a news story, or click on a link in a phishing email, social engineering is a common tactic in all sorts of business operations for one simple reason: it works. 

Recent examples illustrate some of today’s craftiest social engineering tactics. For example, take a dull, routine subject like compliance. It’s both complicated and constantly changing, with huge penalties for violations. Cybercriminals know that GDPR fines are a specter that haunts most European businesses – and detailed information about many businesses is an easy score on the Dark Web.

So why not try out a cleverly disguised social engineering trick by creating an email that’s designed to look like it’s from a consultancy helpfully informing you that there are new regulations about email security that you might not be compliant with. Of course, their company can help. They may “already be working with you to resolve the problem”, and they just need a little bit more information. You know the rest of this story. 

Or, at larger companies, the classic access scam. A contractor or service for your corporation contacts you, maybe even by phone. He is trying to repair something crucial that’s just broken fast. It’s a big problem, the bosses are mad, and they have a quick fix to temporarily patch it until they can fix it. They just need a password that gives them access to a certain system, and they were told that you’re the person to talk to. Password sharing is so endemic, most staffers will hand theirs right over. 

This may not sound like a plausible scenario to you, and you’d probably be inclined to ask for more proof – and you’d be right, it’s a scam. But many employees won’t recognize it, even at big tech companies where you’d expect them to know better. After all, this sequence of events is exactly what happened to cause the giant Twitter breach earlier this year.

Fighting back against social engineering means fighting back against cybercriminal trickery with education. Security awareness training, especially phishing resistance training, is every company’s best bet for teaching employees to spot and stop social engineering attacks. Companies that engage in regular security awarenesstraining have up to 70% fewer cybersecurity flubs.

BullPhish ID is the answer for your clients. Not only can it be easily configured for companies and test groups of any size, but it’s also ideal for both in-office and remote workforce training. It’s easy to manage and easy to use. Plus, phishing resistance training doesn’t just help companies defend against phishing – it increases overall security awareness too. 

The best training is training that people remember. BullPhish ID delivers on that front, with information presented in bite-sized pieces that are easy to understand no matter how tech-savvy your staffers are in 8 languages. Engaging video lessons make BullPhish ID the perfect tool to use when training employees and online testing enables you to quickly determine who needs extra help.

Research indicates that employees retain the skills that they gain from training for about 4 months before they disappear, but don’t lose skills if their training is regularly updated. BullPhish ID has the content you need, with over 80 complete phishing simulation kits are ready to go, with 4 new kits added every month. Plus we add training on all the latest threats, including COVID-19 lures.

Contact us to see how we can help you combat these threats!

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Wednesday, November 18, 2020

Ransomware Risks Highest for Remote Workers

Ransomware Risks Highest for Remote Workers  

The global pandemic has changed the way that we work, and that’s been good news for cybercriminals. Remote workers are a juicy target for ransomware attacks since they’re more likely to be drawn in by common lures and less likely to be up to date on current phishing scams. So how can you protect your business from ransomware while your staffers are still working remotely?

While we wish there was a magic bullet, the closest we’ve come is a magical solution: phishing resistance and security awareness training. Companies that engage in regular security awareness training that includes information about the latest phishing threats have up to 70% fewer cybersecurity incidents.

The biggest cybersecurity threat of 2020 is phishing, and ransomware almost always arrives on your doorstep paired up with a phishing email. More than 65% of ransomware is delivered through phishing, which has boomed during the global pandemic – Google reports that it’s measured phishing email as up by more than 600% in 2020.

Regular, easy-to-understand phishing training is essential for protecting your business from dangers like spear phishing attacks designed to deliver ransomware. BullPhish ID delivers just what you need with plug-and-play phishing simulation kits to test your staff and engaging video lessons to demonstrate today’s phishing lures, including COVID-19 bait.

Protect your business from phishing-based cybersecurity disasters with simple, sensible tools like security awareness and phishing resistance training using BullPhish ID to transform your staff from cybercriminal targets to defensive assets fast at a price you’ll love.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

o Inside the Ink to Get the Inside Scoop on Cybercrime

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

4 Reasons to Consider an IT Security Audit

4 Reasons to Consider an IT Security Audit

By Robert Blake

Looking at ways to protect your IT infrastructure from cyber threats is critical for small business owners. A cybersecurity incident can create hours of downtime and ruin the reputation of your company. Conducting an IT security audit on a routine basis is a great way to stay proactive and limit the chance of a successful cyber attack. A managed IT service provider can identify any areas of weakness within your organization and develop a detailed plan to give you the best cybersecurity available.

Here are a few more of the top reasons to consider an IT security audit from a managed service provider.

1) Establish Benchmarks

One of the first objectives of an IT service provider is to establish benchmarks for your company. These IT security professionals will evaluate your current level of protection and look at ways to boost your cybersecurity. Setting these benchmarks early on will provide your organization with an IT roadmap that will give you short-term and long-term goals related to IT security. Always finding ways to improve cybersecurity is a top concern for a managed service provider, as cyber threats never stop evolving.

2) Identify Areas of Weakness

Cybercriminals are constantly finding new ways to target small businesses. An IT security incident can easily bankrupt your business and ruin trust with your clients. However, conducting IT security audits on a routine basis can help identify any weaknesses within your organization before they are exploited by cybercriminals. These proactive IT services can save you a lot of stress and help your business stay one step ahead of cyber threats in the workplace.

3) Create an Action Plan

Performing IT security audits are only valuable if they result in an action plan for your business. An IT service provider will work with your employees to create a plan that addresses potential vulnerabilities to give you greater protection from cyber threats. Following these guidelines from an IT security audit will greatly reduce the chance of downtime while also giving your business an extra layer of protection against data breaches.

4) Educate Employees

A cybersecurity incident can happen to your business in many different ways. An unsuspecting employee may fall victim to a phishing scam or accidentally click on an unsafe website. An IT security audit provides a perfect opportunity to train your employees on how to recognize and learn from their mistakes. A managed service provider can conduct cybersecurity training classes based on the results of an IT security audit.

Final Thoughts

Conducting an IT security audit is a critical aspect of giving your business the best protection against cybercrime. Typically, it is recommended to conduct IT security audits at least twice a year. However, it is often a good idea to perform these audits more often if you are a bigger organization. These IT security audits play a key role in identifying areas of weakness while also allowing you to develop an action plan. Cybercrime is a lucrative business, as remaining proactive against these threats is essential for business owners.

We offer a free initial network and security assessment.  Please contact our office for details, 877860.5863 x190

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863