No images? Click here    Well, you need it. Cyber liability insurance. You've got health insurance, right? So, you should invest in coverage to insure your cyber health against hackers and [...]  As a full-service IT firm, Bit by Bit has entered into a partnership with New York-based cybersecurity firm Cybersafe Solutions to enhance our [...]  As the premier exam management program, 3bExam connects thousands of employers, employees, drivers, and providers from a wide range of [...] Upcoming Webinar: The Cyber Threat Oct. 28th Visit our Event Page     Questions?  |
Monday, October 26, 2020
Bit by Bit November Newsletter
Wednesday, October 21, 2020
Too Many Privileged Credentials Can Lead to Disaster
Too Many Privileged Credentials Can Lead to Disaster
How many administrator or above credentials are around for your business systems? How many people have access to an administrator password who shouldn’t? Can you be sure that every former staffer’s access has been removed? How many of your staffers are reusing passwords at work and at home?
Compromised credentials cause big business problems, and privileged credentials are Golden Tickets for cybercriminals. In a recent analysis, experts determined that as many as a fifth of employees with privileged user credentials don’t need them – a third of the respondents even said that everyone at their level has the same access, whether they need it or not.
Playing fast and loose with privileged access to your systems and data is a disaster waiting to happen, as the US Government recently found out. Bad actors were able to gain access to critical data and systems with stolen access credentials for O365, including administrator credentials. The attackers were then able to conduct a complex malware attack, remotely logging into staffers’ computers.
Sometimes it’s inconvenient to have to track down someone to click a button. But giving out privileged access to everyone is no good at all, and sharing administrator passwords is not the answer. Simple secure identity and access management is the solution.
Secure identity and access management is a top CISO priority for 2021. Let us show you why with Passly. Your clients will love the price and you’ll love the MRR!
Passly combines multiple security tools into one solution, giving you more for your money including multifactor authentication and secure shared password vaults. But the most important feature that Passly provides to alleviate this headache is single sign-on. It makes everyone’s job easier.
Instead of writing down administrator passwords to access a system or giving people blanket access, single sign-on allows every staffer to have a personalized LaunchPad that signs them in to all of the apps they’ll use at work in one swoop.
It’s also a boon for IT departments. No need to go into every single application a staffer might use and grant them access permissions. No more endless password resets when somebody lost that sticky note. Every user has an individual LaunchPad that IT staff can access from anywhere, granting and removing permissions with just a few clicks.
Secure identity and access management was cited as a top priority for next year by CISOs in a recent survey, and it’s no wonder. Making it easier for IT staffers to control your access points while making it easier to make sure that the right people have access to the right things exactly when they need it just makes good sense.
Just When You Thought It Was Safe – COVID-19 Phishing is Back for an Encore
Just When You Thought It Was Safe – COVID-19 Phishing is Back for an Encore
COVID-19 quickly rose to the top of Google’s list of the biggest phishing topics in history in the spring of 2020. After a monster increase of more than 600% in phishing in Q2 2020, the tsunami of phishing email around the global pandemic seemed to be slowing down as the topic became less sensational.
But the fall of 2020 is shaping up to be the return of the COVID-19 phishing scam. As disease rates climb in some countries and COVID-19’s second wave starts making its way through the world, cybercriminals are looking for ways to get some replay value out of their best pandemic-themed phishing tricks.
In a study of user reactions to cybersecurity dangers like phishing lures, researchers at Verizon discovered that even with all of the hype surrounding COVID-19 scams, users are three times more likely to click on a phishing link and then enter their credentials than they were before the pandemic, and thousands of new COVID-19 scam pages are still being created every day.
Don’t let cybercriminals get their hooks in you. Learn how to spot and stop today’s biggest security threat: phishing.
Our long COVID-19 phishing nightmare isn’t even close to over. Fresh warnings about COVID-19 relief scams and pandemic-related phishing emails from entities like the FBI serve as fresh warnings that there doesn’t seem to be an end in sight for the audacity of cybercriminals in the time of COVID – 19. The UK’s National Computer Security Center (NCSC) recently announced that it had taken down about 2,000 scams in just one month.
That means it’s time to remind your clients about the value of security awareness training, especially phishing resistance training. Companies that engage in regular cybersecurity awareness training have 70% fewer cybersecurity incidents – as long as that training is regularly updated. Staffers hold on to what they learned in training for about 4 months at most, so regularly updating training is a must.
BullPhish ID provides a robust training solution that’s good for you and your clients. With 4 new plug-and-play phishing simulation kits added every month, including COVID-19 threats, your clients will have plenty of material to use for their training campaigns – and you’ll have a nice boost to your MRR when they keep using our easy, cost-effective solution.
Everyone’s trying to save money in a tight economy, but security awareness training isn’t the place to make cuts in the IT budget. A small up-front investment in training with a dynamic solution like BullPhish ID pays huge dividends in improved overall cybersecurity when a phishing email lands in an employee inbox and gets deleted instead of opened, saving a fortune.
Customers Are Ready to Break Up With Businesses That Have Breaches
While data breach can be an expensive and complex recovery proposition for your company, there’s one area that you may never fully repair: customer trust. Customers are indicating that they’re more motivated than ever to terminate their relationships with firms that can’t keep their data safe – and that’s bad news for the 49% of companies that will experience a data breach this year.
While that number is high (and continues growing) there’s one sure-fire way to reduce your risk of joining the club. That’s good news for your business because a recent cybersecurity poll determined that customers are 84% less likely to do business with a company that’s been breached.
The secret? Security awareness training. Engaging in regularly updated security awareness training including phishing resistance training is crucial for reducing your risk of having a cybersecurity incident. Adequate cybersecurity awareness training reduces your chance of a disaster like a data breach by up to 70%.
That’s why we make sure that we’re constantly updating the content in BullPhish ID, like adding 4 plug-and-play phishing training kits every month. Studies show that the maximum length of time for employees to retain cybersecurity training is about 4 months, which means that we’ll have plenty of campaign kits (including COVID-19 threats) available for your staff when you launch your next cybersecurity awareness training initiative.
Sharepoint scam, would you open this?
Please leave what you see wrong in the comments
Friday, October 16, 2020
IRS Email Scam - What do you see wrong with this message?
Wednesday, October 7, 2020
Our 24/7/365 IT Support Techs are Certifiably Great
No images? Click here    It's a pretty easy correlation to make. The more training and certification technology support experts have, the more they have to offer our clients that come to them daily with a range of requests for help with their IT [...]  We can't say it enough. Practicing good password hygiene is a good thing. A really important, good thing. So, here are some key tips to help keep your passwords secure and protect your data and devices [...]  There are certain qualities that make our Bit by Bit tech engineers so valuable. Things like responsiveness, breadth of IT knowledge, creativity, flexibility, and an ability to understand a customer’s needs and respond quickly so they feel at ease and know that we’ll be able to fix their problem [...]  |
Ransomware Incidents and Expenses Are on the Rise – and No Business is Safe
Ransomware is a terrifying threat that every business is facing these days and a favored tool of cybercriminals. Ransomware incidents are becoming more frequent, and both ransoms and recoveries are growing more expensive. Here are our best tips for avoiding getting caught up by expensive, damaging ransomware.
Add an automated phishing defense solution. Your employees can’t click on a ransomware-laden email if they never get it. Automated phishing protection using a smart solution like Graphus reduces the chances of a dangerous email reaching your employees and also provides warnings to call out unusual communications.
Never stop training. Cybercriminals are constantly updating their phishing attack playbooks. Shouldn’t you be constantly updating your phishing resistance training to fight back? When you use BullPhish ID for phishing awareness training, you have access to more than 100 plug-and-play phishing simulation kits, with new kits added every month to ensure that you’re training for the latest threats.
Lock your doors. Take the sting out of a stolen, phished, or cracked password by adding secure identity and access management to your defenses. It’s a recommended mitigation for cybercrime by the FBI. Choose a multifunctional solution like Passly to get all of the features that you need like multifactor authentication, secure shared password vaults, and easy remote management, in one affordable package.
By making a few simple and affordable tweaks to your defensive security plan, you can add several shields to protect your systems and data (and your bottom line) from the devastating effect of a ransomware disaster.
Would you open this? What do you see wrong here?
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863
Monday, October 5, 2020
Just got a zoom meeting request.. hmm that looks odd.. Would they have got you with his scam?
Thursday, October 1, 2020
Why Weak Passwords Are a Security Risk
by Robert Blake
A password is the most commonly used primary security measure for protecting access to websites. Passwords are also commonly used to restrict access to hardware devices, such as computers. While some people may consider the need to use passwords a nuisance, the reality is that we rely on passwords to keep prying eyes away from sensitive data.
Just creating a password may not be enough to protect data. If you choose simple passwords like "password," "qwerty," or "123456," you are greatly increasing the risk that your online accounts or local hardware can be accessed by third parties.
Who would try to access my computer or online accounts?
Any person who wants access to information stored on your computer or in an online account may try to crack your password; it could be somebody known to you, such as a spouse, partner, relation or work colleague, or it could be a total stranger with fraud on his or her mind. You could also be subjected to automated attacks, where special apps try to break your password by using millions of combinations of characters.
Weak passwords
Regardless of whether it's somebody you know, a total stranger, or an automated program that is trying to crack your password, if you have a weak password, you are at increased risk of your defenses being breached.
Weak passwords are ones that can easily be guessed. They include combinations like those mentioned above or passwords based on the date of birth of you, your children, or other relatives. Those based on your favorite books, poems, songs, pets, or geographical locations associated with you are also potentially weak passwords.
How your personal details can be found
You may think it is unlikely that a stranger, or even an acquaintance, knows your date of birth, or information about your likes and dislikes. However, it is surprising how much information is in the public domain.
Social media platforms are great sources of information for people who may want to hack passwords. Those birthday greetings from your friends that say "Can't believe you're 20" reveal your date of birth. Greetings to or from "my favorite mum/sister/uncle/brother etc." reveal the names of other family members and their relationship to you.
People regularly use social media to tell the world about their favorite pet, actor, movie, song, etc. In short, making innocent posts or comments online can reveal a lot of information about you. Even if you don't actively do this, other people can reveal your personal information in their posts or comments. Social media can be a rich source for people trying to break your password.
Automated attacks
Unlike an individual trying to guess what your password is, automated, or brute force, attacks do not use information about you to assist them. Instead, they try various combinations of characters. While this may seem like a very inefficient way to crack a password, it should be remembered that it is often possible to try millions of combinations in a very short time.
While these attacks use random sequences of characters, they are often structured to try well-known words or phrases first. These may be followed by combinations of common names and digits that could be dates. Weak passwords are likely to be discovered more quickly.
In summary, using simple passwords is risky. Individuals can try to guess your password based on your personal data. Automated attacks are more likely to find readable passwords, even if they are combinations of words and numbers. Avoid weak passwords if you want to keep your data safe.
Subscribe to:
Posts (Atom)
-
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831 -
What is SOC-as-a-Service? By Robert Blake Having a Security Operations Center (SOC) in-house is expensive for the average business. Large ...
-
In today's digital age, where the internet is an integral part of our lives, safeguarding our digital devices from malicious threats is ...
