Tuesday, March 31, 2020

Essential Workers




Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Breached!

United States – Idaho Central Credit Union

Exploit: Unauthorized data access
Idaho Central Credit Union: Financial institution
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.555 = Severe:
The Idaho Central Credit Union has reported two data breaches that compromised personally identifiable customer information. The first incident occurred in November 2019 when a third-party mortgage portal was victimized by hackers. While investigating the first breach, cybersecurity experts identified a second incident stemming from several compromised employee email accounts. In today’s digital economy, a company’s competitive advantage is predicated on its ability to protect customer data. Two consecutive data breaches will have far-reaching repercussions for the credit union.
1.51 – 2.49 = Severe Risk
Individual Risk: 2.142 = Severe:
In both incidents, the personally identifiable information of the bank’s customers was compromised. This included names, dates of birth, Social Security numbers, financial account information, tax identification numbers, and other sensitive financial details. Cybercriminals can redeploy this information in a host of harmful ways.Those impacted by the breach should enroll in identity and credit monitoring services as soon as possible.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Email accounts are serious vulnerabilities for every company, as there are many ways by which cybercriminals can exploit social engineering and malware to find their way in. However, every company can lock down their email accounts by implementing two-factor authentication to prevent unauthorized access, even if login credentials are compromised.
ID Agent to the Rescue: With AuthAnvil, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at https://www.idagent.com/authanvil-multi-factor-authentication.

United States – Monroe County Hospital & Clinics

Exploit: Phishing scam
Monroe County Hospital & Clinics: Public medical practice
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.666 = Severe:
Hackers gained access to the clinic’s email system, which contained patients’ protected health information. The breach, which was discovered in December 2019, spanned several months and gave bad actors plenty of time to misuse patient data. Now Monroe County Hospital and Clinics faces intense regulatory scrutiny due to the sensitive nature of the breach, and their reputation has been badly damaged in an industry that is especially sensitive to privacy concerns. In addition to other recovery expenses, they will bear the cost burden of providing credit and identity monitoring services for the thousands of patients impacted by the breach.
1.51 – 2.49 = Severe Risk
Individual Risk: 2.428 = Severe:
Personal data was compromised in the breach. This includes names, dates of birth, addresses, insurance information, and treatment information. In some cases, patients’ Social Security numbers were also exposed. Those impacted by the breach are encouraged to enroll in the credit monitoring service provided by the company and monitor their accounts and digital communications for potential instances of fraud.
Customers Impacted: 7,500
How it Could Affect Your Customers’ Business: Despite incredible advancements in fraud detection technology, phishing scams will inevitably make their way into employees’ inboxes. When employees engage with malicious content, it can have enormous consequences for your organization. Nobody wants to endure the rising costs associated with a data breach, and comprehensive employee awareness training can ensure that those phishing scams don’t impact your bottom line.
ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Canada – University of Saskatchewan 

Exploit: Denial of Service (DoS) attack
University of Saskatchewan: Public academic institution
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.555 = Severe:
The University of Saskatchewan was targeted by a DoS attack that attempted to overload the school’s network. The institution took steps to mitigate the consequences of potential DoS attacks and prevent data exfiltration. Currently, the school believes that it successfully protected its data, but a similar attack on a Canadian institution, which we reported last week, ultimately compromised user data.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Today’s organizations face risks on many fronts. Given the increasing costs and serious consequences of a potential breach, data security needs to be a top priority at every company. A company’s ability to protect sensitive information is quickly becoming the difference between long-term success and failure in the marketplace, especially for small-to-medium sized businesses.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security can be a challenge. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

Canada – Public Services and Procurement Canada

Exploit: Accidental data sharing
Public Services and Procurement Canada: Government department for administration
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.666 = Severe:
An administrative oversight compromised the personal information of thousands of Canadians. Unfortunately, the victims are public servants already impacted by the Phoenix pay systems problem, which resulted in employees being overpaid or receiving little income for months. As part of the department’s efforts to fix this mistake, employee information was inadvertently emailed to the wrong recipients.
1.51 – 2.49 = Severe Risk
Individual Risk: 2.142 = Severe:
The email contained employees’ personally identifiable information, including their names, addresses, personal record identifiers, and overpayment amounts. This information could make victims especially susceptible to phishing scams that could extract even more damaging information. Those impacted by the breach should carefully evaluate online communications to ensure their veracity, while also monitoring their other accounts for unusual or suspicious activity.
Customers Impacted: 69,000
How it Could Affect Your Customers’ Business:  An external data breach is a priority risk for any company handling sensitive data – making a preventable internal data breach especially egregious. Employee errors are bound to happen but those errors can have far-reaching negative consequences for any business. In this case, one missent email led to financial, reputational, and practical damage.
ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/.

United Kingdom – ISS

Exploit: Ransomware
ISS: Cleaning, catering, and security services provider
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2.333 = Severe:
A ransomware attack has caused an extensive and elongated network outage at ISS. The attack brought down the company’s network on February 17th and (at the time of writing) many services are still disrupted. Forty-three thousand staff members are without email. An email outage can cause a serious business disruption leading to project delays and missed opportunities that can’t be recovered. ISS now faces an uphill and expensive battle to restore its damaged IT infrastructure, while navigating the consequences of reduced employee productivity.
Individual Risk: At this time, no personal information was compromised in the breach.
 Customers Impacted: 43,000
How it Could Affect Your Customers’ Business: Although this incident has not immediately resulted in data loss, the loss of business advancement caused by the breach can never be recovered. Cybercriminals often steal company data before encrypting IT infrastructure. This compounds the consequences of a ransomware attack, especially for companies governed by data privacy regulations that can cause them to run afoul of the latest guidelines. When it comes to ransomware attacks, the only adequate response is a proactive one that prevents the malware from taking root in the first place.
ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager

United Kingdom – Redcar and Cleveland Borough Council

Exploit: Ransomware
Redcar and Cleveland Borough Council: Local municipality and resort town government
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2.111 = Severe:
A ransomware attack has disabled nearly all online services for this UK-based resort town government. Employees are unable to access appointment software, planning documents, citizen complaint systems, and other critical functions – causing delays in municipal services and distress to the public. Even if it avoids paying the ransom, this municipality will still be plagued by productivity losses and other expenses that promise to make this attack a costly cybersecurity incident.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: 135,000
How it Could Affect Your Customers’ Business: Cybercriminals are increasingly using ransomware attacks to target vulnerable organizations, especially systems with outdated technology or lax cybersecurity standards. These attacks were already incredibly costly, but many criminals have begun stealing and releasing company data before encrypting a network. This compounds the cost and raises the stakes for achieving a robust defensive posture that can address these attacks.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us give you the support that you need to maximize your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.

Australia – Manheim

Exploit: Ransomware
Manheim: Wholesale automotive retailer
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.333 = Severe:
A ransomware attack has disrupted Manheim’s computer systems and workflows. Although the company can operate in a limited capacity, the company will still incur high costs to decrypt their hardware and update their cybersecurity standards plus unrecoverable productivity losses. At the same time, ransomware attacks can cause significant reputational damage, ensuring that the company will grapple with the fallout for much longer than hackers hold their systems hostage.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are not only becoming more costly, they are also becoming frighteningly familiar. Unfortunately, there are no good response methodologies once an attack happens. The best defense is for every company to take meaningful steps to prevent ransomware from worming its way into their systems. The cost of assessing your organization’s readiness and enacting preventative measures is a small price to pay in order to repel these potentially devastating attacks.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Australia – Natonic

Exploit: Malware attack
Natonic: Health and beauty product retailer
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.777 = Severe:
Security researchers have identified payment skimming malware on Natonic’s online store. The script appears to be related to MageCart, a prominent hacking group that steals customers’ personal and financial data by injecting malware into online stores. Although security researchers confirmed that the script is no longer active on Natonic’s webstore, the attack could have costly implications for the retailer – consumers may be less likely to shop with an online retailer with a history of data security issues.
1.51 – 2.49 = Severe Risk
Individual Risk: 2 = Severe:
Payment skimming malware tricks customers into entering their payment information at checkout then sends that information to the cybercriminals instead of the retailer. While it’s unclear what information was compromised in this breach, shoppers should assume that any information entered on the webstore could be impacted. Users should notify their financial institutions of the breach while taking additional steps to secure their accounts and personal details.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers are aware that online transactions can be risky. They count on the companies that they do business with to help keep their personal and financial data secure. For companies that rely on online sales to drive revenue, data security has to be a top priority. The fallout from customer dissatisfaction caused by a data breach can badly damage a company’s reputation and significantly harm their ability to compete in today’s digital environment.
ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Monday, March 30, 2020

Are You as Secure As You Feel? Why You Should Be Intrusion Testing Your Business Network

As a business owner, you have a vested interest in the security of your network and the integrity of the data it contains. Even a small data loss could mean months of painstaking recovery, and a large data breach could put your firm out of business for good.

You know that the security of your data is one of your key responsibilities as a business owner, and you have done everything you can to lock down the systems and protect the data on your network. You take pains to keep your servers updated, and you follow best practices with your desktops and mobile devices. But are you really as secure as you feel?

If you have not done formal intrusion testing on your business network, you could be relying on blind faith and misplaced confidence. Without a formal plan to probe your network for weaknesses, you could be setting yourself up for some very unpleasant surprises. Here are some reasons why intrusion testing is a must for every business owner.

Intrusion Testing Is about Uncovering Hidden Weaknesses
No matter how secure you think your network is, there may be weaknesses hiding in plain sight. From built into custom pieces of software to old accounts that are still active, each one of these weaknesses presents an entryway into your network.

The companies that conduct intrusion detection testing are experts at finding these hidden weaknesses, and every back door they close will make your business network more secure. So you can rely on your own limited knowledge or hire experts to find dangers you did not know were there.

Intrusion Testing Will Help You Prepare for Emerging Threats
The cybersecurity landscape is always changing, and the bad guys are constantly adapting their methods and fine-tuning their nefarious plans. Armed with an in-depth knowledge of what works and what doesn't, they change their tactics and work hard to overcome the cyber defenses business owners have built.

No matter how good you are at running your business, chances are you are not a cybersecurity expert. By outsourcing this key part of your cyber defenses, you gain access to real expertise, including the detection of emerging threats.

If you want to keep your business network secure, it is not enough to protect yourself against known threats. With the cybersecurity landscape changing so rapidly, identifying and responding to new threats as they emerge is even more vital.

Intrusion Detecting Can Help Your Business Stay Compliant
For businesses in some industries, regular intrusion testing is more than a good idea - it is a regulatory requirement. From pharmaceutical makers and health insurance companies to banks and brokerage firms, many businesses are required to continuously monitor their networks for threats.

Failing to take these threats seriously and respond to them in real time could trigger civil penalties, fines and other serious consequences for the business involved. By conducting regular intrusion testing, firms in those key industries can protect themselves, their customers and the reputations they have worked so hard to build.

Intrusion testing is a key part of keeping your network secure, and one you cannot afford to ignore. If you have not yet conducted intrusion testing on your network, your data may not be as secure as you think it is.

Robert Blake
Bit by Bit Computer Consultants
721 North Fielder Suite B, Arlington TX 76012
877.560.5831 x190

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Thursday, March 26, 2020

Coronavirus Phishing Scams Capitalizing on Fear & Urgency

As concern over the Coronavirus (COVID-19) spreads around the globe, hackers are exploiting the  atmosphere of panic and fear created by the pandemic to steal peoples’ personal information. According to a recent report, more than 4,000 Coronavirus-related domains have been registered since the beginning of the year. Experts consider 3% to be outright malicious, and 5% are categorized as suspicious – more than double the usual number. Hackers are likely to target organizations with phishing attacks in an attempt to steer employees toward these malicious sites where they can steal critical data. 

The World Health Organization has already issued a warning about Coronavirus-related phishing attacks that purport to be from to their organization, and CISA has released several warnings about the emerging threat of COVID-19 related phishing scams. Taken together, it’s a reminder that while phishing scam awareness training is an effective defense against cybercrime, security education isn’t a static endeavor. It must always adapt to address today’s shifting threats in order to keep your organization a step ahead of tomorrow’s bad actors. 

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Coronavirus Scams - Great advise from the Arlington PD


It has been brought to our attention that scammers have already begun trying to take advantage of people regarding the coronaviris (COVID-19) pandemic. Here is some information to remember and how to avoid coronavirus scams: •Do not click on links on your phone or computer from sources you do not know. They could download viruses onto your computer or device. •Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying they have information about the virus. For the most up-to-date information about the Coronavirus, visit the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO). •Ignore online offers for vaccinations. There currently are no vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure Coronavirus disease 2019 (COVID-19) — online or in stores. •Do your homework when it comes to donations, whether through charities or crowdfunding sites. Do not let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, do not do it! Stay vigilant everyone!

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Ever wonder what I am doing when I am not helping my clients with technology?

Taking pictures for River Legacy when when they are reading a 105 pound alligator snapping turtle. This male was not the largest caught the area.




Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

BBB Newsletter: Bit by Bit's Commitment to You During COVID-19


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

What is SOC-as-a-Service?