Tuesday, May 26, 2020

5 Ways an IT Service Provider can Help You Avoid Scams

Many businesses face scams on an almost daily basis. These IT scams come in all shapes and sizes, whether it is a phishing email or a social engineering scheme. Understanding how to identify these scams is essential in staying a step ahead of these criminals. An IT service provider can play a key role in keeping your organization well-protected against these ever-evolving schemes. Here are five ways a managed IT service provider can help your business avoid scams in the workplace.

#1 IT Security Awareness Training
One of the most effective ways to avoid these scams is to enroll in IT security awareness training from a managed service provider. These IT training courses educate employees on the latest cyber schemes that target businesses. One cyber attack can devastate any company, but these IT training classes can be scheduled on an ongoing basis to give you the ultimate protection from these threats.

#2 Password Management
Creating strong passwords is essential in keeping your data safe and secure. A managed service provider can help your employees develop effective passwords to maximize security. A few traits of a strong password is that it consists of multiple lowercase and uppercase letters, symbols, and numbers. These passwords should never contain common phrases or any personal information. An IT service provider will ensure that each employee follows these password protocols to maximize data security in the workplace.

#3 Access to Latest Security Updates
Keeping all of your software updated is critical in enhancing cybersecurity for your company. An IT service provider will automatically download these updates to give your business the best protection against cyber threats. These security updates play a crucial role in patching any potential software vulnerabilities and is just one more layer of protection against cybercriminals.

#4 Download Advanced Malware Protection
Advanced malware protection is critical to combat the ever-growing number of cyber threats that businesses face each day. Advanced malware protection differentiates itself from traditional malware protection by providing continuous analysis and retrospective IT security. Advanced features also include outbreak control, global threat intelligence, file trajectory, and much more. An IT service provider will also monitor your business at all times to identify any unusual activity that may compromise your organization.

#5 Upload Data Backups on the Cloud
Many times cybercriminals attempt to hold your data hostage by requiring you to pay a large amount of money to regain access to these files. These ransomware attacks can devastate your entire business and lead to many hours of downtime. However, a managed service provider can help you avoid these attacks by uploading all of your critical data on to the cloud each day. These data backups allow you to easily access your information at any time without giving in to the demands of cybercriminals.

Understanding how to avoid these scams is essential in today's work environment. Focusing on IT security awareness training, password management, and access to the latest security updates play a big role in keeping your business protected against scams. A managed service provider will also give you access to advanced malware protection and data backups to help you avoid being a victim of cyber crimes. These cyber attacks will continue to pose major threats, but an IT service provider is one of the most effective ways to keep your company secure.

Robert Blake   Director, Bit by Bit Computer
photo Phone: 877.860.5831 x190
Mobile: 972.365.7010
Email: Robert.Blake@bitxbit.com
Website: www.bitxbit.com/texas
Address: 721 N Fielder Road, Suite B Arlington TX 76012
Blog: www.3boffice.com
Request meeting: https://calendly.com/robertblake
"A true friend is one who overlooks your failures and tolerates your success!" - Doug Larson.

Bit by Bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

IT Leaders Recognize the Risks of Remote Work


The cybersecurity risks of remote work have received center-stage in light of the workplace restrictions in place because of COVID-19. However, these risks were well-known, even before COVID-19. According to a recent study, in 2019, nearly half of IT leaders admitted that remote workers had intentionally or accidentally put data security at risk. Most prominently, apathy or a failure to take security seriously was identified as one of the most substantial risks associated with remote work. 
Simply put, many remote workers are not attuned to the data security risks experienced when working from home. In some cases, murky technology policies contribute to the risk, but other factors, like being unprepared to identify and respond to phishing scams, pose a significant threat to data security. Fortunately, companies can move the meter in this regard, as intentional strategies, like comprehensive employee awareness training, can equip employees to be a prominent defender of data security. 
We have created a toolkit to help you secure your remote workforce quickly and affordably. Please don’t hesitate to contact my team to find out more about how our cybersecurity suite can help mitigate the risks of remote work.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Monday, May 25, 2020

Many Employees Feel Vulnerable to Cyberattacks


A survey of more than 1,500 UK employees found widespread fear of becoming the victim of a cyberattack following the national order to impose social distancing and transition to remote work. 49% of respondents indicated that they lack confidence in their computer hardware, and 42% reported receiving a suspicious email while working from home.  
Notably, 18% indicated that they’d experienced a cybersecurity event while working from home, and more than half of breach victims indicated a malicious email was to blame. Phishing attacks have soared, up over 600% in the wake of COVID-19.  
While some participants felt that their employers provided helpful defensive tools, like antivirus software or access to a VPN service, only 28% received specific training for the endpoints and applications that comprise their workflow.  
The risks of remote work are well-documented, and with this arrangement likely to continue for the foreseeable future, now is the perfect time to ensure that your employees have the tools necessary to protect your valuable data.   

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Thursday, May 21, 2020

DarkWeb Trends

phishing scams compromise patient data, ransomware disrupts remote work, the sale of the world’s largest whiskey collection is thwarted, and employees struggle to deter cybersecurity threats while working from home.
  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 1-10

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Wednesday, May 20, 2020

50,000 Companies Send Employees Home with Infected Devices


In a rush to enable employees to work remotely, many companies unknowingly sent staffers home with compromised devices. A recent study found that as many as 50,000 companies issued already-compromised devices that were protected at the office by company firewalls and other in-house defensive measures but not outside of it.  
These compromised devices are now operating on lightly-secured home or public Wi-Fi networks in an unmoderated environment, and that brings a deluge of cybersecurity risks. At ID Agent, we’ve compiled several resources to help mitigate risks like this for your remote workforce including a guide for addressing remote work vulnerabilities
Adding an extra layer of protection for access to your data and systems is crucial. That’s why we’re excited to be able to provide you with a cutting-edge secure identity and access management solution that was designed with remote workers in mind – at an excellent value.
Passly is perfect for securing company data when workers and administrators are away from the office. Scalable and quick to deploy, Passly provides a single sign-on Launchpad tailored for each user and integrates seamlessly with the applications that your staffers use every day. Multifactor authentication means that even if passwords are compromised, an extra credential is needed to access your data and systems. 
We’re here to help as your company adjusts its cybersecurity strategy to meet the new challenges of our changed world and shifting threat landscape. If we can support your efforts during this tumultuous time, please contact us today. 

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Tuesday, May 19, 2020

Hackers Use Stolen Credentials to Attack Hospitals with Ransomware

Since the onset of the COVID-19 pandemic, hospitals, and healthcare facilities have dealt with a deluge of cyberattacks, and ransomware has been especially pernicious. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), hackers infiltrated many of these organizations using stolen credentials obtained from a known vulnerability in their Pulse Secure VPN servers.  

This threat was first identified in October 2019, with the CISA and the US Federal Bureau of Investigation both issuing subsequent alerts in January and April of 2020. Unfortunately, even after repairing the vulnerability, the agencies have seen examples of cybercriminals using compromised credentials to access company networks. 
The incident is a reminder of the importance of acting swiftly to address cybersecurity vulnerabilities but also of maintaining insights into the Dark Web, where stolen login information can quickly circulate and create chaos for your IT infrastructure.  
COVID-19 is creating a more perilous digital environment for companies, making now the right time to double-down on cybersecurity initiatives that can prevent a breach.  

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Monday, May 18, 2020


United States – Beaumont Health 

Exploit: Phishing scam   
Beaumont Health: Healthcare provider  
gauge indicating severe risk
Risk to Small Business: 1.537 = Severe
A phishing scam gave hackers access to IT infrastructure containing patients’ protected health information. The breach was identified on March 29, 2020, but data was exfiltrated between May 23, 2019, and June 2, 2019, leaving patient data exposed for nearly a year. This incident has come to light as healthcare providers face cybersecurity threats while battling the COVID-19 crisis, and Beaumont Health will undoubtedly face both regulatory troubles and financial woes on a long road to recovery.
gauge showing severe risk
Individual Risk: 1.509 = Severe 
Hackers accessed patients’ personally identifiable information and protected health information, including names, birth dates, Social Security numbers, and medical conditions. In some cases, hackers also accessed bank accounts and driver’s license information. Those impacted by the breach should immediately contact their financial service providers to notify them of the incident. In addition, they will need to closely monitor their accounts for suspicious or unusual activity. They should be especially critical of incoming messages, as hackers often use information from one breach to craft authentic-looking spear phishing campaigns that can compromise additional data.   
Customers Impacted: 112,000
How it Could Affect Your Customers’ Business: Phishing scams are a significant risk to every company’s data. Especially during the COVID-19 pandemic, healthcare companies have seen a precipitous increase in these attacks, as hackers look to capitalize on the urgency and unease of the situation to trick employees into compromising critical data.  
ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Click the link to get started: https://www.idagent.com/bullphish-id 

United States – Small Business Administration  

Exploit: Unauthorized database access
Small Business Administration: Government agency overseeing small business affairs
gauge showing severe risk
Risk to Small Business: 2.177 = Severe
A cybersecurity vulnerability in the portal processing small business owners applying for an emergency loan under the Economic Injury Disaster Loan Program experienced a data breach. The breach, which was detected on March 25th, impacts a vital program for small businesses, and it could harm small business owners who are already grappling with an especially challenging time. Additionally, this oversight has caught the attention of news media, legislatures, and small business owners, weakening its credibility at a critical time. 
gauge showing severe risk
Individual Risk: 2.230 = Severe
The breach exposed applicants’ names, addresses, email addresses, dates of birth, citizen status, and insurance information. This data can quickly circulate on the Dark Web, and bad actors will frequently reuse the information in phishing scams and other fraud attempts. The Small Business Administration is offering victims a year of free identity monitoring services, and victims should enroll in this program to receive a notification if their information is misused.      
Customers Impacted: 8,000 
How it Could Affect Your Customers’ Business: Now, more than ever, the consequences of a data breach are traumatic for victims. Organizations collecting and storing personal data can support their users during the COVID-19 pandemic by taking extra care to ensure that personal data remains private. It’s a priority that always matters, but that is especially amplified during the pandemic.
ID Agent to the Rescue: With Passly, you can protect your employees’ digital identities, data, and business continuity. We offer integrated multi-factor authentication, single sign-on, and password management solutions to protect your credentials and your data. Find out more at https://www.idagent.com/passly

Canada – MNP

Exploit: Ransomware
MNP: Accounting firm 
gauge showing severe risk
Risk to Small Business: 1.619 = Severe
MNP identified a ransomware attack that forced the company to shut down all systems, preventing employees from working for nearly a week. The company is deducting banked overtime for the affected employees, which could come with severe backlash. Similarly, many are being asked to bring their computers back to the company for a cybersecurity analysis, likely placing them in harm’s way as social distancing guidelines are intended to keep people apart to stop the spread of COVID-19. 
Individual Risk: At this time, no personal information was compromised in the breach.   
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In many cases, ransomware attacks double as data breaches when cybercriminals steal company data before encrypting critical technology. In this case, the consequences of a ransomware attack are amplified, increasing both the cost and practical implications of these increasingly common attacks. 
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

Canada – Webkinz  

Exploit: Unauthorized database access 
Webkinz: Online children’s game  
gauge indicating moderate risk
Risk to Small Business: 2.727 = Moderate
Hackers compromised a database containing customer information and subsequently posted the information on the Dark Web. The breach includes more than 22 million usernames and passwords. Although the company has patched the vulnerability, this information could give bad actors access to the personally identifiable information of minors. In addition to being a veritable PR disaster for a company marketing its products to children, the breach has safety implications as well.   
gauge indicating moderate risk
Individual Risk: 2.603 = Moderate
Those impacted by the breach should immediately update their Webkinz account passwords and their login credentials for any other accounts using the same information. Since this data has already been posted on the Dark Web, users should act quickly to update their credentials, and they need to monitor their accounts for suspicious or unusual activity.    
Customers Impacted: 23,000,000
How it Could Affect Your Customers’ Business: In recent years, the consumer privacy pendulum has swung towards conservative vigilance, and they are increasingly unwilling to do business with companies that can’t protect their data. This is especially true when it comes to companies marketing products to minors. Parents have to feel confident in a company’s data security practices if they are going to support their children’s involvement with your platform. 
ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/.   

Portugal – Aptoide 

Exploit: Unauthorized database access
Aptoide: Alternative Android App Store  
gauge indicating severe risk
Risk to Small Business: 1.637 = Severe
Hackers posted a trove of user data on a Dark Web hacking forum, forcing Antoide to temporarily disable new account registrations, logins, reviews, and comments. It’s unclear if those responsible are seeking a ransom payment, but the cache of 20 million accounts is part of a larger, 34 million account collection that hackers have yet to release. This breach is particularly problematic for the alternative app store because the service has lauded itself as a more secure and credible alternative to the more popular Google Play store.
gauge showing severe risk
Individual Risk: 2.217 = Severe
According to Aptoide, the breach affects users who registered for an account between July 21, 2016, and January 28, 2018. The compromised information includes names, email addresses, hashed passwords, registration dates, IP addresses, device details, and dates of birth. Those impacted by the breach should immediately update their account passwords and enroll in credit and identity monitoring services to ensure that this information isn’t being misused.  
Customers Impacted: 20,000,000
How it Could Affect Your Customers’ Business: This incident is a damaging blow to Aptoide’s reputation. Notably, the breach resulted from a third-party data center, serving as a reminder to all companies that, even when they do everything right to protect customer information, third-party data breaches can still compromise this highly-valued data. Therefore, companies committed to data security need to put the right measures in place to ensure that accounts remain secure, even when third-parties are compromised.  
ID Agent to the Rescue: Passly is the remote-ready secure identity and access management solution that SMBs need to protect employees’ digital identities, data, and business continuity through multi-factor authentication, single sign-on, and easy remote management. Learn more at https://www.idagent.com/passly.

Netherlands – COVID19 Alert          

Exploit: Accidental data exposure 
COVID19 Alert: Mobile application
1 – 1.5 = Extreme Risk
Risk to Small Business: 1.315 = Extreme 
Developers for the mobile app, COVID19 Alert, which was pitched to the government as a way to track COVID-19 cases, compromised user data in its source code. Before the breach, the app was on the shortlist for government adoption, which could have provided a lucrative contract for developers. Instead, the company has experienced public backlash, and it seems unlikely that they will progress further in the selection process.       
gauge indicating severe risk
Individual Risk: 2.380 = Severe
The source code, which was released for public scrutiny ahead of the selection process, contained the names, email addresses, and hashed passwords from another project by the developers. This information can quickly make its way to the Dark Web where bad actors can redeploy it in a variety of cybercrimes. Those impacted by the breach should update their account credentials and carefully monitor their accounts and communications for suspicious or unusual activity.  
Customers Impacted: 200 
How it Could Affect Your Customers’ Business: Developers cited their rapid development schedule and their desire to quickly make the service available as the reason for the oversight. However, companies looking to bring a new digital product to market must ensure that user data is secure. Otherwise, the project is likely to stall out before it ever even gets started. 
ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager.       

United Kingdom – Robert Dyas       

Exploit: Malware attack 
Robert Dyas: Hardware store   
gauge showing severe risk
Risk to Small Business: 1.554 = Severe
Payment card skimming malware was injected into the company’s online store and remained active for 23 days. The company, which provides DIY and home improvement products, hosts an online store as a critical component of its business while COVID-19 social distancing guidelines are in place. Before the breach was reported, the company was enjoying a significant boost in online sales, and this incident could encourage shoppers to take their business elsewhere. In addition to consumer backlash, the company will face regulatory scrutiny that could result in financial penalties.
gauge indicating extreme risk
Individual Risk: 1.416 = Extreme
This breach applies to shoppers who used the online store between March 7, 2020, and March 30, 2020. The payment card skimming malware captured customers’ personal and financial data, including their names, addresses, payment card numbers, expiration dates, and CVV numbers. Those impacted should immediately notify their financial services providers. In addition, they should enroll in credit and identity monitoring services to ensure that this highly sensitive information isn’t misused in other ways.
Customers Impacted: 20,000
How it Could Affect Your Customers’ Business: As COVID-19 keeps many people out of stores, providing a compelling online retail experience is a critical component of any businesses’ ability to remain competitive during this time. However, companies that can’t provide a secure buying experience are unlikely to keep up with the competition, making cybersecurity a bottom-line issue for companies both now and well into the future. 
ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.     

Australia – Cognizant       

Exploit: Ransomware  
Cognizant: IT Service provider  
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.557 = Severe
Maze ransomware, a prominent form of the damaging malware, has encrypted Cognizant’s internal systems and caused disruptions for the company’s clients. Maze ransomware can be especially damaging because it exfiltrates company data before encrypting networks, doubling the damage of an attack by requiring companies to both restore network services while grappling with the impact of a data breach. The company, which has offices around the world, including in Australia, will now have to navigate productivity declines, data security concerns, and recovery costs as it grapples with a COVID-19-related downturn. 
Individual Risk: At this time, no personal information was compromised in the breach. However, Maze ransomware is known for its ability to exfiltrate company data. As a result, anyone affiliated with the company should diligently monitor their accounts and communications for signs of fraud.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Especially in the challenging business environment posed by COVID-19, ransomware is an expensive malady that every company needs to actively defend against. Although these attacks can feel random and inevitable, there are active steps that companies can take to bolster their defensive stance against the costly scourge of ransomware attacks.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.  

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863