Wednesday, August 26, 2020

The Stakes Are Rising As Breach Penalties Expand

The Stakes Are Rising As Breach Penalties Expand

The former CSO of Uber was charged with obstruction of justice and misprision of a felony this week for his role in an alleged coverup of the notorious 2016 data breach which impacted an estimated 57 million individuals. What does that mean for companies that suffer a breach now, and what can you do to reduce your breach risk?

Breach penalties have been steadily increasing worldwide as regulators and lawmakers respond to public pressure to hold executives and companies to account that play fast and loose with data protection or attempt to cover up incidents. and the penalties aren’t just monetary – legal implications for executives and companies are becoming more common, especially if companies are uncooperative in investigations. 

So what can you do right now to prevent a costly data breach? Add a secure identity and access management solution. A solution like Passly that combines multifactor authentication, secure shared password vaults, single sign-on, and simple remote management increases your company’s compliance with data safety best practices and protocols while also protecting your systems from cybercrime.

Adding better protection against hackers is essential for protecting not only your data, but it’s also essential for protecting your business. Between the exorbitant cost of recovery and the regulatory nightmares that can follow a senstive data breach, investing in a secure identity and access management solution now to guard your gateways is a small price to pay for greater peace of mind.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

IoT and Home Router Vulnerabilities Can Spell Trouble For Businesses

IoT and Home Router Vulnerabilities Can Spell Trouble For Businesses

As kids start heading back to class, colleges begin another year, and parents work to find a new home/life balance, things have changed a bit from the usual back-to-school routine. Unlike in past years, most everyone is doing their thing by logging in from home – and that can create an unexpected danger for your business.

While we’ve been at home during the pandemic, many people realized that their homes could use a little sprucing up. Maybe they had time that they didn’t usually have to research new devices, or they decided to treat themselves at a dark time. For many folks, that translated into fun conveniences like smart plugs, a digital assistant, or a robot vacuum that can be controlled by an app. 

Internet of Things (IoT) devices have never been more popular – 5.8 billion home and auto IoT devices are expected to connect to the internet this year. While these small creature comforts may not seem like a source of harm for your business, they can be – 57% of IoT devices are vulnerable to medium or high severity attacks. 

That means that if a cybercriminal hacks into your employee’s smart plug, then uses that opening to get into their smartphone, then slips through another opening to get into their business email account – you’ve been hacked, and the resulting danger to your systems and data is no different than it would be if the same thing happened from a hacker penetrating your enterprise security directly. 

So how can companies combat this danger? The fastest way is to add a secure identity and access management solution like Passly. Multifactor Authentication (MFA) provides a crucial extra layer of security between hazards like this and your data. Adding MFA means that you can rest a little easier knowing that no matter how a cybercriminal manages to sneak past your security, they won’t be able to affect your business severely – helping alleviate one source of stress in uncertain times.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Thursday, August 20, 2020

IoT and Home Router Vulnerabilities Can Spell Trouble For Businesses


As kids start heading back to class, colleges begin another year, and parents work to find a new home/life balance, things have changed a bit from the usual back-to-school routine. Unlike in past years, most everyone is doing their thing by logging in from home – and that can create an unexpected danger for your business.

While we’ve been at home during the pandemic, many people realized that their homes could use a little sprucing up. Maybe they had time that they didn’t usually have to research new devices, or they decided to treat themselves at a dark time. For many folks, that translated into fun conveniences like smart plugs, a digital assistant, or a robot vacuum that can be controlled by an app. 

Internet of Things (IoT) devices have never been more popular – 5.8 billion home and auto IoT devices are expected to connect to the internet this year. While these small creature comforts may not seem like a source of harm for your business, they can be – 57% of IoT devices are vulnerable to medium or high severity attacks. 

That means that if a cybercriminal hacks into your employee’s smart plug, then uses that opening to get into their smartphone, then slips through another opening to get into their business email account – you’ve been hacked, and the resulting danger to your systems and data is no different than it would be if the same thing happened from a hacker penetrating your enterprise security directly. 

So how can companies combat this danger? The fastest way is to add a secure identity and access management solution like Passly. Multifactor Authentication (MFA) provides a crucial extra layer of security between hazards like this and your data. Adding MFA means that you can rest a little easier knowing that no matter how a cybercriminal manages to sneak past your security, they won’t be able to affect your business severely – helping alleviate one source of stress in uncertain times.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Why should businesses be concerned with the state of cybersecurity education?

Because it brings unexpected risks to the table. 


As the world continues to evolve in the wake of the global pandemic, every aspect of life has changed. Students are headed back to school and most will be attending virtually at least some of the time. With many parents still working from home, that means that everyone is sharing a network – and the underwhelming state of cybersecurity education for kids creates unexpected cybersecurity risks for businesses.

Cybersecurity isn’t a priority in most K – 12 curriculums. But cybercriminals have learned that kids are easy targets for social engineering attacks, and schools are generally way behind the curve in internal cybersecurity, creating openings for them to strike. 


The Hard Facts About Cybersecurity & Education


Very few resources are expended on cybersecurity education in US schools. Before the pandemic, most school systems had no system in place for distance learning, and cybersecurity education wasn’t a priority – even schools that had adequate funding for technology were more likely to use it for coding or robotics. 

How Can You Protect Your Business From Unanticipated Risk?


Unfortunately the neglected state of cybersecurity education like phishing resistance and security awareness training in schools means that children aren’t likely to be as cautious about cybercrime risks as they should be – and with parents and children sharing networks and devices, that can put a company’s cybersecurity at risk too. 

What’s the fastest, easiest, and simplest way to immediately protect company systems and data from danger in this situation? Passly. Our state-of-the-art solution provides 7 essential components to immediately secure your gateways and manage identity and access like:

  • Multifactor authentication, with tokens delivered through apps, messaging, text, and more.
  • Single Sign-on Launchpads to allow for access to be quickly adjusted or removed in case of compromise
  • Dark Web alerts if your protected credentials are exposed
  • Full-featured functionality in one cost-effective solution
  • Seamless integration with more than 1,000 applications
  • Secure identity and access management that goes to work on Day 1
  • Protection that rolls out in days, not weeks.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Phishing resistance training for students is a business problem too – because one bad click could open a gateway for cybercriminals into business data and systems.

Phishing resistance training for students is a business problem too – because one bad click could open a gateway for cybercriminals into business data and systems.  


It’s back to school time for students around the globe. Considering the dismal state of cybersecurity education in US schools, many students aren’t aware of the potential dangers that they face from cybercrime like phishing. With a huge increase in IoT devices adding extra cybersecurity challenges when people work from home, cybersecurity awareness like phishing resistance training for students (through their parents) isn’t just a good way to keep kids safe online – it’s also a smart idea for keeping company data and systems safe from unforeseen dangers.

Everyone with an email account is a target for this year’s biggest cybersecurity threat: phishing. As kids continue with distance learning, that means that they’ll be using email more frequently. Most schools do not have sufficient email security to repel even a clumsy cyberattack, as a school system in Australia recently discovered. Cybercriminal know this, and they’ve been taking advantage of this opportunity by making more phishing attempts against schools to launch lucrative ransomware attacks 


Teaching parents and kids about phishing dangers won’t just protect them from danger, it will also protect companies from danger.  


Consider this scenario: 

  • A parent is working from home connecting to cloud-based services every day. 
  • A child is distance learning and using cloud-based tools. 
  • The child opens their home network to compromise by falling for a phishing attack. 
  • The cybercriminals use that opening to penetrate security on other devices connected to that network – like the parent’s laptop. 
  • They’re able to breach security on the laptop, giving them access to what it’s connected to – the parent’s employer’s systems and data.  
  • The employer has a data breach, and no one is clear on exactly how it happened. 

The warning goes on to detail potential mitigations against this scam, including using warning banners for all emails external to an organization, ensuring that all systems have the latest security updates, and maintaining up-to-date antivirus signatures and engines. 

BullPhish ID Boosts Phishing Resistance Fast


By updating and upgrading phishing resistance training for your staff, you’re also raising their awareness of overall cybersecurity. While company training won’t directly help children learn to spot and avoid phishing attempts, it will create greater security awareness in adults that they’re likely to share, because everyone wants to keep their children safe.

BullPhish ID is an ideal solution for both in-office and remote training. Up-to-date information and training around the latest phishing threats is presented in bite-sized pieces with memorable animated video, to help increase retention and understanding. 

  • It’s simple to set up, fast to deploy, and easy to run. 
  • Training raises your staff’s overall cybersecurity awareness, making them more alert to other potential phishing threats, like SMS text and chat phishing attempts
  • Over 80 plug-and-play phishing resistance training kits are available, with 4 new kits added each month including COVID-19 threats. 
  • Engaging animated video delivers effective training in bite-sized pieces for improved retention in 8 languages.  
  • Online testing quickly determines who needs more training and enabling you to adjust training groups accordingly. 

Boosting a company’s phishing resistance and security awareness training is extremely effective – cybersecurity safety training can reduce incidents by up to 70%. And it doesn’t just have benefits for staffers in the office – it also keeps companies safe when staffers are working from home. Plus, by raising overall security awareness, you’re also giving your staffers important safety information that they can share with their children to help keep everyone safe from cybercrime.  


Want to learn more about network security, call us at 877.860.5863


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Why Phishing Resistance Training Matters: Defending Against the New SBA COVID-19 Relief Phishing Scam

Why Phishing Resistance Training Matters: Defending Against the New SBA COVID-19 Relief Phishing Scam 


With an increase of more than 600% since the start of the global pandemic, phishing is the most common (and dangerous) threat of 2020. But not all phishing and spear phishing scams are built the same. Clever cybercriminals know they need to go the extra mile to try to pull off major scams with major paydays – and major consequences. Enter the new SBA COVID-19 relief phishing scam.  

In a Cybersecurity & Infrastructure Security Agency (CISA) warning that released on 8/12/20, the agency noted that it is “currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.” 


A clever and dangerous new scam preys on businesses


So far, investigators have determined that the bad actors have kicked off their cybercrime spree by sending a phishing email to Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. 

Here’s the structure of the scam:

  • A highly convincing phishing email hooks the user
  • The subject line, SBA Application – Review and Proceed, looks legitimate
  • The sender is marked as disastercustomerservice@sba[.]gov 
  • Text inside urges the recipient to click on a hyperlink to address: 
    hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov 
  • The domain resolves to IP address: 162.214.104[.]246 
  • And that website appears to be intended for malicious re-directs and credential stealing 

The warning goes on to detail potential mitigations against this scam, including using warning banners for all emails external to an organization, ensuring that all systems have the latest security updates, and maintaining up-to-date antivirus signatures and engines. 


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

FBI Warns Against Increased Danger From Netwalker Ransomware


Ransomware attacks are the monster in the closet that keeps IT teams up at night – and they’re only getting worse. Recently, the US Federal Bureau of Investigation released a new Flash Alert warning about the danger of Netwalker ransomware to businesses and infrastructure, as attacks with this tool ramp up against US-based targets. 

Companies of all sizes are at risk for ransomware attacks of this nature, especially in the healthcare, infrastructure, defense, or technology sectors. Netwalker ransomware has also been used to disrupt production lines, as unfortunately happened to a manufacturer of respirators urgently needed in the fight against COVID-19. 

To add to your defenses quickly, upgrade the protection on the access points to your data and systems by adding a secure identity and access management solution. Passly is an affordable and effective tool that combines multifactor authentication and single sign-on to create a more secure gateway to the heart of your business. 

Adding a dynamic tool like Passly strengthens your defense against cybercrime like ransomware and password hacking fast. Passly deploys in days, not weeks – because in today’s fast-evolving threat atmosphere, no business has time to wait and see what cybercriminals are up to next.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

The Hard Facts About Cybersecurity & Education



Very few resources are expended on cybersecurity education in US schools. Before the pandemic, most school systems had no system in place for distance learning, and cybersecurity education wasn’t a priority – even schools that had adequate funding for technology were more likely to use it for coding or robotics. 


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Why should businesses be concerned with the state of cybersecurity education?

Because it brings unexpected risks to the table. 


As the world continues to evolve in the wake of the global pandemic, every aspect of life has changed. Students are headed back to school and most will be attending virtually at least some of the time. With many parents still working from home, that means that everyone is sharing a network – and the underwhelming state of cybersecurity education for kids creates unexpected cybersecurity risks for businesses.

Cybersecurity isn’t a priority in most K – 12 curriculums. But cybercriminals have learned that kids are easy targets for social engineering attacks, and schools are generally way behind the curve in internal cybersecurity, creating openings for them to strike.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Tuesday, August 11, 2020

Double Extortion Ransomware is in Fashion This Summer

In a tough economy, everybody’s looking for a way to make a little more money and increase profitability – even cybercriminals. Why should a cybercriminal only benefit once from the hard work of hacking into systems and deploying ransomware, when they could benefit twice?

Double extortion ransomware is becoming more trendy as a means of cybercrime because it opens up extra opportunities for profit as cybercriminals not only attempt to get paid by selling you the encryption key to unlock your systems and data, they also try to extort a little extra by threatening to release especially sensitive information on the Dark Web. 

The majority of ransomware infections are delivered via phishing- and phishing isn’t just an email threat these days. Instead of the proverbial malware-laced attachment, phishing has expanded to include attack attempts through malicious links, SMS messages, texts, chats, and more. 

By implementing and updated regular phishing resistance training, companies can improve their defense against ransomware. Choose an innovative solution like BullPhish ID that offers constantly updated, plug-and-play phishing training in bite-sized pieces using engaging video lessons in 8 languages to keep staffers on alert for suspicious messages and stop ransomware attacks before they start.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

The BlackBaud Breach Fallout Continues to Pile Up


The recent data breach at fundraising technology provider BlackBaud is an object lesson in how third party risks can compromise cybersecurity and cause huge problems for other businesses, leading to a cascade effect that keeps the damage rolling. 

Initially, BlackBaud obfuscated the details it released about the breach, including insinuating that the initial ransomware attack was unsuccessful. Two weeks ago, we reported on the real story of that breach, noting that BlackBaud had actually paid the ransom demanded for the encryption key. The company also claimed that very little user data was stolen and the breach would only impact a small subset of its users. 

Once again, that wasn’t necessarily the case. As the ripple effect of the initial breach became more apparent,large universities and institutions around the world began disclosing that information including details about their alumni, donors, and fundraising efforts had been compromised in the BlackBaud breach, Including The National Trust (UK), Texas Tech, the University of York, the University of South Wales, Aberystwyth University, and UK Charities including The Wallich, Crisis, Sue Ryder, and Young Minds.

The UK’s Information Commissioner’s Office (ICO) told the BBC that 125 organizations had reported that they were impacted by the event, including dozens of universities and 33 charities. Internationally, the breach is expected to impact many more universities, trusts, museums, schools, churches, and food banks.  

So how can you protect your clients’ sensitive data and systems from breach danger or exposure because of third party service providers? We’ll be coming out with a new book addressing that problem soon, but here’s a sneak peek at our advice – and you can put this into practice right now.

Start employing single sign-on (SSO) and multifactor authentication (MFA) immediately. Those two tools combines add a strong barrier between cybercriminals and sensitive data and systems by giving IT staffers more control. MFA is often the star of the show when considering secure identity and access management solutions, but single-sign-on is the unsung hero. 

SSO allows for the creation of a unique Launchpad for every user, giving IT staff the opportunity to control each user’s access to applications and data with one action. If someone’s account is compromised, instead of figuring out what they ad access to and turning each one off individually, IT staffers can cauterize the bleeding quickly by simply deactivating that user’s Launchpad, eliminating their access to everything.

Get these essential protections and more with our freshly updated secure identity and access management solution Passly. Not only do you get MFA and SSO, Passly also includes easy remote management tools, secure password storage vaults, and seamless integration with over 1,000 commonly used business applications. Start using Passly now to provide an essential upgrade in protection from unexpected threats that won’t break the bank – and gets to work securing data and systems from Day 1.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Cybercrime Boom Means Data Breach Risks are Rising


In a challenging economy, even cybercriminals have to work a little bit harder – and they’re working overtime. A 23% overall increase in cybercrime in 2020 so far (and a more than 600% increase in phishing attacks) means that your data is at greater risk than ever before. So what can you do right now to improve data security immediately, and add additional protection that keeps your data safer in the future?  

For the quickest security upgrade, a secure identity and access management solution like Passly has the most immediate bang for your buck. Passwords are a thorny problem for IT departments, but they don’t have to be. By combining multifactor authentication, single sign-on, and secure password vaults with easy management, Passly immediately puts an extra layer of protection between bad actors and your business – and it seamlessly integrates with the business applications that you use every day to start working from day 1.

For a longer term solution, increase security awareness training, especially phishing resistance. Many of today’s most dangerous cyberattacks, like ransomware, have an element of phishing – and the lastest breach news shows that over 90% of incidents that end in a data breach start with a phishing email. Phishing attacks aren’t always attempted with an email attachment either; they can be links, PDfs, even SMS messages. BullPhish ID has simple, plug-and-play phishing training that’s constantly updated to keep your staff ready for the latest threats, including COVID-19 bait.

By taking an approach that combines both a fast fix and continuous improvements in security awareness, businesses can reduce their risk of falling victim to cybercrime like a potentially disastrous data breach and be ready for future threats as they crop up. 



Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Billions of Leaked Credentials Create New Risk


Two huge data dumps of leaked credentials in recent weeks have drawn attention in breach news this week raising questions about the risk posed by these treasure troves of information for cybercriminals. These batches of information from past breaches demonstrate the danger of a third party data breach and how that can create a cascade effect that damages other companies. 

In early July, Dark Web researchers found over 15 billion credentials from more than 100,000 data breaches on the Dark Web, including everything that a bad actor might need for unrestricted access to everything from streaming services to banking accounts and financial services. 

Later in the month, cybersecurity analysts found another giant cache of sensitive information on the Dark Web, this time including personally identifiable information including names, addresses, dates of birth, Social Security numbers, and other sensitive personal information for an estimated 40,000 Americans. 

This is far from a rare occurrence. As time goes on, more data dumps of this type will happen regularly as data accumulates from a constant spate of breaches, putting even more peoples’ personally identifying information on the Dark Web – and putting the companies that they work for in danger. 

Two major concerns about how cybercriminals may use this information to damage other companies are credential stuffing attacks and spear phishing. With a bit of research and a big enough list of email addresses and potentially associated passwords, cybercriminals can mount dangerously accurate credential stuffing operations that can quickly bypass many data protections. They can also use personal details collected from other breaches to craft extremely convincing phishing emails touse against targeted companies that lure in unwary staffers to unwittingly deploy ransomware or give up access credentials, passwords, and data.

What’s the first thing to do to throw up a roadblock against attacks that make use of these huge data dumps? Deploy a secure identity and access management solution like Passly. It seems like an easy fix because it is. Passly is simple yet effective protection that goes to work immediately to mitigate the consequences of things like staff credential compromise from a third party data breach – because they’re almost inevitably recycling passwords

In one affordable tool, Passly adds peace of mind for businesses that their entry points are protected as it uses the combined security power of MFA, single sign on, and easy remote management to add crucial layers of protection between cybercriminals and company systems and data fast, while making sure that the right people have access to the right things at the right level – and only the right people.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Ransomeware is on the rise!

From Inc.comYikes!

While there’s no shortage of examples of ransomware attacks, a recent study by data protection firm Veritas suggests an even bigger problem that few, if any, companies are prepared for: Customers are increasingly laying the blame on companies, specifically their CEOs, rather than on the hackers perpetrating the attacks.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Covid phone scam

Apparently, we need to prepare for these phone calls ...just in case 🙄
‘Good morning, According to our system, you are likely to have been in close proximity to someone who has tested positive for COVID-19. This means that you now need to self-isolate for 7 days and take a COVID-19 test.'
'OK. Can you tell me who that person was?'
'I'm not able to tell you that. That is confidential information.'
'Right. Um... so ....'
'But you do need to be tested within the next 72 hours. So can I just get the best mailing address so that we can send a kit to you?'
'Ok (gives address)'
'Thank you - and I just need to take a payment card so that we can finalize this and send the kit to you.'
'Sorry - a payment card? I thought this was all free?'
'No - I'm afraid not. There is a one-off fee of $50 for the kit and test results. Could you read off the long card number for me, please, when you're ready.'
'No - that's not right.
'I'm afraid it is. Can you give me the card number please - this is very important, and there are penalties for not complying.'
Puts the phone down.
This is how scammers work. And vulnerable people will fall for it.”
Don't fall for it...! COPY and PASTE
watch out ...🤬
Tell our elderly.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863