Technology companies come and go, but Bit by Bit backs its service with 30 years of experience helping businesses achieve their goals with reliable IT solutions and support.
We were established in 1987 as a database application development and networking company, and since then we’ve evolved into a full-service IT firm and leader in delivering powerful and cost-effective technology solutions. visit our site at www.bitxbit.com
As was recently illustrated by the Microsoft hack, third-party and supply chain risk is a threat that every business is vulnerable to in our interconnected world. But not all of your vendors, service providers, or partners take information security seriously, and that creates risk for your business.
Over90% of US businessesexperienced a cybersecurity incident like a data breach in 2020 because of a third-party or supply chain risk. These businesses didn’t make a cybersecurity misstep themselves – another company created vulnerabilities for them. Often these are vulnerabilities that you won’t even know about until it’s too late.
Third-party and supply chain risk will continue to be a growing problem in 2021 and beyond. The data that cybercriminals glean from data breaches inevitably makes its way into dark web markets and data dumps, providing ample fuel for future cyberattacks. Data breaches exposed36 billion recordsin the first half of 2020 alone, feeding plenty of cybercrime.
Are you positioned to gain the kind of intelligence that helps you get a clear picture of how stolen data may put your business at risk? If you’ve gotDark Web ID, you are. Dark Web ID sends up a red flag to warn you when your company’s credentials make an appearance on the dark web, enabling your security team to take care of that vulnerability before cybercriminals can exploit it.
This is just one increasing risk factor in 2020. As the fallout from the global pandemic settles, more risk from dark web sources will become a problem for businesses. Even cybercriminals have to work a little harder these days to make ends meet. Don’t let them snatch your piece of the pie – add dark web monitoring today to stay in the know about your company’s risk.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
Secure identity and access management withPasslyis the gift that keeps on giving when it comes to third-party and supply chain risk. Multifactor authentication (MFA) alone tops99% of password-related cybercrime. Passly packs MFA into a neat package with all of the best tools to control access and permissions like sign-on (SSO), secure shared password vaults. Now it even eliminates a huge headache for IT teams with automated password resets. Get a huge amount of security for a very small price!LEARN MORE ABOUT HOW PASSLY FIGHTS CYBERCRIME>>
Do Your Homework
Study up on how third-party and supply chain risk has evolved through the pandemic to have an outsized impact on cybersecurity in 2021. In our new eBookBreaking Up with Third Party and Supply Chain Risk, we’ll take you on a journey into the heart of this threat and how it can impact every business – plus we’ll give you strategies and solutions that can be put into place quickly and affordable to secure systems and data.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
As another huge bomb hits the cybersecurity world in the form of the recent Microsoft Exchange hack, it’s a good time to take a look at third-party and supply chain risk to see how it can impact businesses and how it can be mitigated. Over90% of US businessesexperienced a cybersecurity incident like a data breach in 2020 because of a third party or supply chain fault.
It’s important to prepare for this risk because it’s less of a possibility and more of an eventuality in today’s ever more connected world. Those connections are one of the reasons why it has ramped up so steadily. As more and more information about people and businesses accumulates in dark web markets and data dumps, that provides fuel for cyberattacks that perpetuate the cycle, feeding the market.More than 60%of the information available now on the Dark Web could damage businesses, and data breaches exposed36 billion recordsin just the first half of 2020.
More than 60% of data breaches are a result of exposure through third party or supply chain risk. Unfortunately, any business partner, supplier, or service provider with sloppy cybersecurity practices can put an innocent business at risk by doing things that make it easy for data to walk out the door, like the17% of companiesthat have all of their sensitive files accessible to all of their employees – or the41% of US companies that allow employees unrestricted access to sensitive data.
Also included in that risk calculus, the siren song of making money on the dark web in a challenging economy has increased the possibility of data being snatched for nefarious purposes. An estimated30% of data breaches involve internal actors with ill intent, including employees moonlighting by selling data or access on the Dark Web.
2020 was not a friendly year for businesses when it came to cybersecurity, especially in the supply chain. About80% of firms responding to a recent survey said that they’d experienced an increase in cyberattacks in 2020. Supply chain cybersecurity risk warnings increased right along with surging cybercrime, up by 80% in Q2 2020 alone.Two in fiveSMBs were impacted by a cyberattack in 2020.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
Third-party and supply chain risk is growing more dangerous for every business as cybercriminals maximize on past breaches to create new ones. Find great ways to reduce third-party and supply chain risk in our new eBook “Breaking Up with Third Party and Supply Chain Risk”. You’ll discover:
Examples that demonstrate third-party and supply chain data risks to businesses
A winning formula for solutions to secure companies
Statistics about how and why threats are heating up in the third-party and supply chain risk landscape
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
A new, aggressive hacking campaign that exploits vulnerabilities in Microsoft Exchange Server has hit as many as 30,000 U.S. businesses and government agencies. Microsoft is attributing these attacks to cyber espionage organization, HAFNIUM, based in mainland China.
FortiGuard Labs was notified right away though MAPP (Microsoft Active Protections Program). We’ve already released four FortiGuard IPS patches to protect Fortinet customers from these exploits.
What You Can Do
If you believe that your organization is vulnerable to this exploit, we recommend the following actions:
Apply a “hot patch”, which according to Fortinet CISO Phil Quade, is the strategy of updating security devices to automatically block exploitation attempts using signatures from the threat actor’s exploit while you work to upgrade and patch devices.
Conduct an asset inventory to identify all affected Microsoft Exchange Servers deployed in your organization.
Run version checks to see if they have been patched.
Apply appropriate patches where possible. Devices that cannot be patched should be secured behind a security device able to detect and prevent such an exploit.
Apply advanced, scanning leveraging known Indicators of Compromise to detect leave-behinds and anomalous behaviors resulting from a successful breach, such as the use of an unauthorized back door.
More details on the attack and how to mitigate it are available in the full blog post. To receive future information from Fortinet, don’t forget to subscribe.
What source puts a company’s data most at risk? It’s not hackers, or nation-state cybercriminals, or even disgruntled employees – it’s email. Seemingly routine, everyday email is the most likely vector for a damaging cyberattack that leads to a data breach. But a few smart steps can be taken to reduce the risk of an email-related data breach in 2021.
Results from a recent survey of 500 IT leaders and 3,000 remote-working employees in the US and UK across vertical sectors including financial services, healthcare and legal affairs make one thing clear: every business is at risk for trouble. More than 80 percent of surveyed organizations have experienced a data breach in the past year because of email. Further, 95 percent of the IT leaders surveyed believed that client and company data is most at risk from actions that are taken over or in response to email.
Human Error, Stress and Distraction Cause Worrisome Jumps in Data Breaches
Employees are handling more email these days as the expected return to offices is slowed by the continued global pandemic. An estimated 85 percent of employees reported sending more emails since they’ve been working remotely. Throughout the last year as companies remained fully or mostly remote, email handling has grown less predictable as well, bringing new challenges to IT teams – 73 percent of employees surveyed said that they regularly read and respond to work emails outside of their working hours, and almost one-quarter of employees (24%) reporting that they handle work email while doing other things.
This tracks with the long established IT maxim that the number one cause of a data breach is human error. One of the major contributors to email based data breaches noted in the survey was remote workers making mistakes and because of distraction, tiredness and stress. About 60 percent of employees noted that they are working in environments where distractions are commonplace. A further 73 percent of employees reported that they feel tired, stressed or upset because of the pandemic.
IT leaders agree that the pandemic and remote work spurred by it are major contributing factors to email-related data breaches. Almost 60 percent of IT leaders reported an increase in email data leaks since implementing remote working as a result of the pandemic. Those same IT leaders reported that email-related data handling mistakes were one of their company’s biggest risks, with almost one quarter of breaches caused by an employee sharing data in error by sending an email containing sensitive data to the wrong recipient or attaching the wrong file.
Employees Are Handing Out Credentials at an Eye-Popping Rate
Employees under pressure and working remotely are also interacting with much more phishing email and handing out their credentials at an alarmingly high rate. In a recent multi channel phishing exercise, researchers noted that one-fifth of the tested employees fell for phishing emails even if they have gone through some security awareness training. Of employees that fell for the phishing email, more than two-thirds also entered their credentials, such as a password.
This is a troubling trend, especially for businesses that do not have adequate access point security. Researchers noted that the number of surveyed employees who fell for phishing tricks and clicked on a phishing link increased by 77 percent in this year’s survey, going up from 11.2 percent in 2019 to 19.8 percent in 2020. Those employees were also quick to hand over their credentials. An astonishing 644 percent year-on-year increase in employees that provided their credentials in response to phishing illustrated the increased danger of an email related data breach for companies, skyrocketing from 1.8 percent in 2019 to 13.4 percent in 2020.
What Will Mitigate This Risk?
Reducing a company’s danger from phishing starts with reducing its proximity. The less exposure employees have to phishing, the better. If a company uses an affordable automated phishing defense solution like Graphus, it’s already making great strides toward solving that problem. Otherwise, two strong mitigations to put in place to lower the risk of an email-related data breach in both the short and long term are secure identity and access management and better security awareness training around email.
Secure identity and access management with Passly won’t stop staffers from mishandling email, and credentials, but it can stop cybercriminals from gaining access to your systems and data with a phished password. Multifactor authentication stops 99 percent of password-based cybercrime. That’s just one of the overlapping defensive tools that you get with Passly. This is the fastest, easiest mitigation to put n place for an business.
Advanced phishing resistance training with the new BullPhish ID is the gift that keeps on giving for organizations. Security awareness training like this, when refreshed at least quarterly, lowers a company’s chance of falling victim to a phishing attack by up to 70 percent. The newly unveiled user-friendly, customizable training portals make training painless for IT staff and employees. Plus, training materials can be customized to reflect a company’s real threats. Add white labelling at every turn and MSPs can be sure that their business is top-of-mind- for users.
Helping prevent email-related data breaches is essential for securing businesses as we shift into a more permanent work-from-home world. Companies have realized that remote work is here to stay and it brings them unexpected IT challenges (and huge risks) that can only be solved with the right combination of cybersecurity solutions to keep data in and cybercriminals out.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
Keeping up with the latest tech changes is always a challenging task for small businesses. Trying to take care of your technical needs while also managing your business is often a challenging situation. One way to overcome these obstacles is to reach out to a managed IT service provider. A partnership with a managed service provider offers numerous benefits while also helping you better serve your customers.
Here are a few of the top reasons why managed IT services can help your small business become more successful.
Around the Clock Support
Downtime is a major problem that can impact your business in a variety of ways. One way to keep downtime to a minimum is to partner with an IT provider that offers around the clock tech support. These IT professionals are available to provide immediate support while also monitoring your network for any unusual activity.
Scalable Options
Another reason to consider using a managed IT service provider is that it gives your business the flexibility to scale up or down. You will only pay for what you use instead of wasting money on unnecessary features. Cloud computing also makes it possible to purchase more storage space or add new software programs to better meet the needs of your business.
Data Protection
A data breach often destroys trust with your consumer base, and it can also lead to expensive fines. However, you can limit the chance of a data breach by choosing an IT service provider. Patch management, network monitoring, and the creation of data backups are only a few examples of the many ways a managed service provider can keep your information secure from cybercriminals.
Cybersecurity Awareness Training
Cybersecurity incidents at work often happen due to employee negligence. Phishing scams and social engineering attacks usually prey on employees that make careless mistakes. One way to avoid this situation is to use a managed IT service provider that offers cybersecurity awareness training classes. These courses can cover a variety of cybersecurity topics while also keeping your business up to date with the latest scams.
Enhance Productivity
One of the biggest obstacles facing small businesses is reducing employee turnover. Unfortunately, it isn't easy to keep employees with your business for the long-term if they are constantly feeling overworked. However, you can reduce employee workload by partnering with an IT provider to handle day-to-day IT-related tasks. Over time, this can save your employees a lot of extra work and make their jobs much easier.
Closing Thoughts
Selecting a managed IT service provider is a great long-term option for small business owners. Partnering with an IT provider allows you to focus on your core business operations without having to manage additional IT tasks. An IT service provider also gives your company additional protection against cybersecurity schemes that continue to evolve. Technology will only continue to play a more important role in the workplace, as a managed IT provider is an essential service for small business owners.
Robert Blake
Bit by Bit
877.860.5831
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831