Monday, November 30, 2020

To Err is Human, But Preventing Expensive Disasters is Divine.

Making mistakes is part of being human. Even your most conscientious employees are bound to screw up at some point. But employee mistakes don’t have to be a gateway to cybersecurity disaster. Putting fail safes in place between your data and cybercriminals can mitigate the risk of employee errors.

While errors like misconfiguration and failure to patch software are dangerous, one particular source of employee error definitely tops the trouble list: passwords. In a recent survey, an outrageous 91% of employees admitted to reusing nor recycling passwords at work and between their work and home accounts, and password sharing is endemic.

Password compromise is by far the fastest, easiest way for cybercriminals to gain access to your systems and data. A password alone, even if it is updated regularly, will not provide strong protection for your systems and data – over 80% of breaches can be attributed to password hacking or password compromise.

Put extra protection between your business and employee errors like poorly made passwords by adding a secure identity and access management solution like Passly to your security plan. An expert-endorsed best practice and a requirement for compliance in many industries, multifactor authentication is your strongest shield against these types of brute force hacking attacks.

Passly also includes other highly recommended security tools like simple remote access control for IT staffers, secure shared password vaults, and single sign-on LaunchPads for every user to boost your endpoint security. This multifunctional dynamo can dramatically reduce your threat risk from employee cybersecurity errors at a price that fits any budget. 

Securing the access gateways to your company’s systems and data is the fastest, most effective way to prevent a small mistake from becoming an expensive cybersecurity disaster. Streamline access, improve endpoint security, and add the fail safes that you need to make sure that only the right people are accessing your systems and data in a flash with Passly.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Social Engineering is a Bigger Problem Than Ever in 2020. Here’s How to Fight Back.

Social Engineering is a Bigger Problem Than Ever in 2020. Here’s How to Fight Back. 

Cybercriminals these days are a lot smarter than you might think. Just like any other business, cybercrime gangs are always looking for ways to break through with a slick new attack style that scores them a big payday before cybersecurity professionals even have it on their radar. One of the most successful areas of expansion for cybercrime in 2020 has been social engineering. 

A major component of phishing-related cybercrime, the premise behind social engineering is very simple: to influence the target to take an action. Whether that action is to buy a certain brand of coffee, share a news story, or click on a link in a phishing email, social engineering is a common tactic in all sorts of business operations for one simple reason: it works. 

Recent examples illustrate some of today’s craftiest social engineering tactics. For example, take a dull, routine subject like compliance. It’s both complicated and constantly changing, with huge penalties for violations. Cybercriminals know that GDPR fines are a specter that haunts most European businesses – and detailed information about many businesses is an easy score on the Dark Web.

So why not try out a cleverly disguised social engineering trick by creating an email that’s designed to look like it’s from a consultancy helpfully informing you that there are new regulations about email security that you might not be compliant with. Of course, their company can help. They may “already be working with you to resolve the problem”, and they just need a little bit more information. You know the rest of this story. 

Or, at larger companies, the classic access scam. A contractor or service for your corporation contacts you, maybe even by phone. He is trying to repair something crucial that’s just broken fast. It’s a big problem, the bosses are mad, and they have a quick fix to temporarily patch it until they can fix it. They just need a password that gives them access to a certain system, and they were told that you’re the person to talk to. Password sharing is so endemic, most staffers will hand theirs right over. 

This may not sound like a plausible scenario to you, and you’d probably be inclined to ask for more proof – and you’d be right, it’s a scam. But many employees won’t recognize it, even at big tech companies where you’d expect them to know better. After all, this sequence of events is exactly what happened to cause the giant Twitter breach earlier this year.

Fighting back against social engineering means fighting back against cybercriminal trickery with education. Security awareness training, especially phishing resistance training, is every company’s best bet for teaching employees to spot and stop social engineering attacks. Companies that engage in regular security awarenesstraining have up to 70% fewer cybersecurity flubs.

BullPhish ID is the answer for your clients. Not only can it be easily configured for companies and test groups of any size, but it’s also ideal for both in-office and remote workforce training. It’s easy to manage and easy to use. Plus, phishing resistance training doesn’t just help companies defend against phishing – it increases overall security awareness too. 

The best training is training that people remember. BullPhish ID delivers on that front, with information presented in bite-sized pieces that are easy to understand no matter how tech-savvy your staffers are in 8 languages. Engaging video lessons make BullPhish ID the perfect tool to use when training employees and online testing enables you to quickly determine who needs extra help.

Research indicates that employees retain the skills that they gain from training for about 4 months before they disappear, but don’t lose skills if their training is regularly updated. BullPhish ID has the content you need, with over 80 complete phishing simulation kits are ready to go, with 4 new kits added every month. Plus we add training on all the latest threats, including COVID-19 lures.

Contact us to see how we can help you combat these threats!

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Wednesday, November 18, 2020

Ransomware Risks Highest for Remote Workers

Ransomware Risks Highest for Remote Workers  

The global pandemic has changed the way that we work, and that’s been good news for cybercriminals. Remote workers are a juicy target for ransomware attacks since they’re more likely to be drawn in by common lures and less likely to be up to date on current phishing scams. So how can you protect your business from ransomware while your staffers are still working remotely?

While we wish there was a magic bullet, the closest we’ve come is a magical solution: phishing resistance and security awareness training. Companies that engage in regular security awareness training that includes information about the latest phishing threats have up to 70% fewer cybersecurity incidents.

The biggest cybersecurity threat of 2020 is phishing, and ransomware almost always arrives on your doorstep paired up with a phishing email. More than 65% of ransomware is delivered through phishing, which has boomed during the global pandemic – Google reports that it’s measured phishing email as up by more than 600% in 2020.

Regular, easy-to-understand phishing training is essential for protecting your business from dangers like spear phishing attacks designed to deliver ransomware. BullPhish ID delivers just what you need with plug-and-play phishing simulation kits to test your staff and engaging video lessons to demonstrate today’s phishing lures, including COVID-19 bait.

Protect your business from phishing-based cybersecurity disasters with simple, sensible tools like security awareness and phishing resistance training using BullPhish ID to transform your staff from cybercriminal targets to defensive assets fast at a price you’ll love.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

o Inside the Ink to Get the Inside Scoop on Cybercrime

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

4 Reasons to Consider an IT Security Audit

4 Reasons to Consider an IT Security Audit

By Robert Blake

Looking at ways to protect your IT infrastructure from cyber threats is critical for small business owners. A cybersecurity incident can create hours of downtime and ruin the reputation of your company. Conducting an IT security audit on a routine basis is a great way to stay proactive and limit the chance of a successful cyber attack. A managed IT service provider can identify any areas of weakness within your organization and develop a detailed plan to give you the best cybersecurity available.

Here are a few more of the top reasons to consider an IT security audit from a managed service provider.

1) Establish Benchmarks

One of the first objectives of an IT service provider is to establish benchmarks for your company. These IT security professionals will evaluate your current level of protection and look at ways to boost your cybersecurity. Setting these benchmarks early on will provide your organization with an IT roadmap that will give you short-term and long-term goals related to IT security. Always finding ways to improve cybersecurity is a top concern for a managed service provider, as cyber threats never stop evolving.

2) Identify Areas of Weakness

Cybercriminals are constantly finding new ways to target small businesses. An IT security incident can easily bankrupt your business and ruin trust with your clients. However, conducting IT security audits on a routine basis can help identify any weaknesses within your organization before they are exploited by cybercriminals. These proactive IT services can save you a lot of stress and help your business stay one step ahead of cyber threats in the workplace.

3) Create an Action Plan

Performing IT security audits are only valuable if they result in an action plan for your business. An IT service provider will work with your employees to create a plan that addresses potential vulnerabilities to give you greater protection from cyber threats. Following these guidelines from an IT security audit will greatly reduce the chance of downtime while also giving your business an extra layer of protection against data breaches.

4) Educate Employees

A cybersecurity incident can happen to your business in many different ways. An unsuspecting employee may fall victim to a phishing scam or accidentally click on an unsafe website. An IT security audit provides a perfect opportunity to train your employees on how to recognize and learn from their mistakes. A managed service provider can conduct cybersecurity training classes based on the results of an IT security audit.

Final Thoughts

Conducting an IT security audit is a critical aspect of giving your business the best protection against cybercrime. Typically, it is recommended to conduct IT security audits at least twice a year. However, it is often a good idea to perform these audits more often if you are a bigger organization. These IT security audits play a key role in identifying areas of weakness while also allowing you to develop an action plan. Cybercrime is a lucrative business, as remaining proactive against these threats is essential for business owners.

We offer a free initial network and security assessment.  Please contact our office for details, 877860.5863 x190

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Thursday, November 12, 2020

Ransomware Recovery is Long and Expensive. Should You Just Pay the Ransom to Make it Easier?

Ransomware Recovery is Long and Expensive. Should You Just Pay the Ransom to Make it Easier?

Ransomware has been the story of the year in cybersecurity, as attacks have boomed by more than 40% since March 2020. This slippery, dangerous foe is a nightmare that can wreak havoc on your business and cost a fortune in restoration and recovery on top of the lost business and general damage.

No one wants to deal with ransomware. But since you’re already looking at an expensive proposition, can you save yourself the money, time, and headaches of undertaking a ransomware incident response by paying the ransom and getting the encryption key to unlock your systems and data – and will you get in legal trouble for doing it?

The answer is complicated. While paying the ransom may not be expressly prohibited by law, legal officials are not fans of the practice. The US Treasury issued new guidance this month urging people not to pay hackers, and noting that businesses could face civil penalties if they pay ransoms to hacker groups affiliated with sanctioned nation-states, a particular concern for the healthcare sector.

The better approach to protecting your business from phishing danger including ransomware is increased security awareness and phishing resistance training. Ransomware is most likely to arrive at your doorstep as the cargo of a phishing email, as well as other dangerous cyberattacks like business email compromise, spear phishing, and whaling.

Regular phishing resistance training and testing with a solution like BullPhish ID is extremely effective – security awareness training including phishing resistance can reduce your cybersecurity incident rate by up to 70%. No matter how you slice it, increased security awareness training is the best way to ensure that your employees are ready for the threats they face ahead to keep ransomware from taking your profits hostage.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Dark Web Data Powers Impersonation & Business Email Compromise Scams

Dark Web Data Powers Impersonation & Business Email Compromise Scams 

Dark Web danger doesn’t just come to your company’s doorstep from compromised passwords – it also comes from data dumps full of email addresses, employee information, website user logs, supplier records, medical data, and more that can provide cybercriminals with exactly what they need to lure your staffers into a nasty (and expensive) trap. 

Every kind of data about your employees that you can think of is available on the Dark Web – sometimes for free. As the 2020 US elections race to the finish, voting registration data and records from special interest groups have fueled extremely dangerous spear phishing attacks including impersonation scams. 

General business email compromise attempts are landing in employee inboxes every day too. A recent survey reported that over 30% of respondents reported receiving one every day. Running the gamut of impersonations including scary vendor notices, fake unpaid invoices, spoofed supplier communications, and even fake emails from colleagues, cybercriminals are pulling out all the stops to trick your staffers into falling into a business email compromise scam.

a red envelope on a computer screen representing phsihing like ransomware threats up 33% in 2020

See how to enlist your staff in the fight against ransomware to transform them into your biggest security asset! WATCH THE WEBINAR>>

The most efficient and effective way to put the brakes on business email compromise risks is to mitigate the foundation that they’re built on: phishing email. With a more than 600% increase in phishing attacks clocked in 2020, making sure that your staff is ready to defend against phishing attacks is crucial to protecting your business from cybercrime like business email compromise.

BullPhish ID can help with that. Regular security awareness training including phishing awareness can reduce your company’s risk of falling prey to a cyberattack by up to 70%. The key is regularity though – research shows that employees only retain security awareness training for about 4 months unless it’s regularly refreshed.

That’s not a problem with BullPhish ID. Featuring a huge library of more than 80 plug-and-play phishing simulation campaign kits in 8 languages, we also add 4 new kits every month to make sure that your staffers are getting the training that they need to be on guard against the latest threats.

Regular training doesn’t mean expensive either – BullPhish ID is affordable and effective. Improved cybersecurity awareness and phishing resistance training isn’t something that can wait. Protect your systems and data from impersonation and business email compromise scams now to avoid a mess tomorrow.  Contact us today for a live demo of BullPhish ID to see how it can secure your customers and grow your business.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Go Inside the Ink to Get the Inside Scoop

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

Monday, November 2, 2020