Will you fall for the scam?

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

The Increasing Cost of a Data Breach

As the headlines continually demonstrate, data breaches are quickly becoming a prominent problem for organizations of any size and operating in any sector. The bad news, according to IBM’s annual report on the cost of data breaches, is that they are also becoming more expensive. 

In 2019, companies can expect to spend $3.92 million on a data breach, a 12% increase in just five years. 

With today’s regulatory landscape trending toward consumers, companies can expect these numbers to continue increasing as governments intend to exact financial penalties from organizations that can’t protect their customers data. 

Consequently, highly-regulated industries like healthcare and financial services saw the most significant price escalations.

The report is especially troubling for SMBs. IBM concluded that companies with less than 500 employees will still incur losses in excess of $2 million if a data breach occurs, and they can expect these costs to continue to for several years after a breach.

The high cost of a data breach makes cybersecurity partnerships a relatively inexpensive way to protect your organization from the catastrophic consequences that accompany a breach.

https://www.cbronline.com/news/data-breach-costs-2

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

How To Build And Remember A Strong Password

The first stage in helping to secure our devices or online accounts is to construct strong passwords. A strong password is one that cannot easily be guessed or generated by human or automated attacks. Strong passwords are long, and they should appear meaningless to others.

Because strong passwords have to be difficult for somebody to guess, it may also become difficult for you to remember your passwords. You can get around this problem by using a secure password manager. You then need to remember only the password you use for your password manager account. The password manager looks after all other passwords.

Constructing a strong password

The basic rules are simple: 

1) Make your password a long stream of random characters

2) Use a mixture of upper and lower case letters 

3) Include some non-letter symbols 

The longer a password is, the harder it is for trial and error attacks to stumble on it. Using the letters A-Z and digits 0-9, there are more than 94 million ways to make a 9-character, single case password. There are more than 9 trillion ways to make an 18-letter combination from the same set.

By introducing a mixture of upper and lower case letters, we increase the number of possible 18-character combinations to over a quadrillion (a quadrillion is 1 followed by 15 zeroes). Adding in six symbol characters to the mix makes 12 quadrillion plus combinations possible. 

Method for building a password

One good idea is to select a random location from a book, or another text source, and choose the first or last character in a given number of words from that location. To demonstrate the principle, we will construct an 18-character password using the play Romeo and Juliet. You will have to remember your master password. Writing it down somewhere is bad practice, so you need to come up with a system that will enable you to retrieve it. As we build our password, we will also build a key that will help us do this.

We decide to start at Act I, Scene I and choose the first 12 words of spoken text (ignoring stage directions, who is speaking, punctuation, etc.). The opening 12 spoken words in Romeo and Juliet are:

Gregory, o' my word, we'll not carry coals.  

No, for then we  

We take the last letter of each of those words to begin our password, which gives us: 

yoydltysorne

We start to build our key at the same time. Since we only use the works of Shakespeare, we can use an abbreviated key, 12LR&JAISI, for Romeo and Juliet, Act I, Scene I. The '12' at the start of the key tells us how many words we're picking, and the 'L' tells us we are using the last letter of each word (we could use the first letter and code F). 

We now want to capitalize some of the letters. We can use a simple pattern, like capitalizing every second letter, or something less obvious. Let's capitalize every fourth letter.

We now have: 

yoyDltySornE

We add U4 to our key to tell us every fourth letter is uppercase, giving us: 

12LR&JAISIU4

Next, we want to add some digits and symbols to bring our password up to 18 characters. We end up with:

4y%oy2DltySo$r#n6E

This is a very strong password indeed. 

The last step is to add the digit and symbol information to our key. We use a simple position, character pair to tell us the rest of our password. 14 tells us that at position 1 is the digit 4, 3% tells us that at position 3 we have the % symbol, and so on.

Our full key now looks like this:  

12LR&JAISIU4143%6213$15#176

This is indecipherable to anybody else. (Do not tell others what techniques you are using to construct your passwords. If they know your techniques, it gives them a chance of working out your password). You can store your key as your password recovery hint in your password manager. In this example, if we ever forget our password, all we need to do is look up the appropriate part of Romeo and Juliet, and we can rebuild it.

Flexibility

Note that we can make multiple passwords from the same piece of seed text just by changing our capitalization rule, by using different symbols and digits, by positioning symbols and digits differently, or by using the first letter of each word instead of the last. To recall our password, all we need is the seed text and our key. We chose to use Shakespeare because any of his works can easily be found online, so we have no need to worry about being unable to access our seed text.

You can use whatever method you prefer to choose seed text. As long as the seed text is globally available to you, you will never have to worry about forgetting your master password

Robert Blake
877.860.5831 x 190

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

What We’re Listening to:

What We’re Listening to:

Know Tech Talks
Security NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Ransomware Gets a New Lease on Life

Ransomware attacks have made a precipitous return to public life, making them one of the most potent threats in today’s digital landscape. 

Once targeting individual computer systems, ransomware fell out of favor with cybercriminals as it failed to net significant returns. That changed when cybercriminals began targeting local governments and small and medium-sized businesses where they can earn thousands of dollars from the relatively inexpensive attack method. 

Many attribute this shift in approach to the WannaCry ransomware virus, which captured national headlines and set a new direction for future cybercriminals.

As municipalities and organizations grapple with the best response plan, it’s clear that bad actors will continue to wreak havoc with new iterations of ransomware. A strong defense is the most affordable and advantageous approach to these attacks and getting expert eyes (like ours!) on your cybersecurity landscape can ensure that your vulnerabilities are accounted for. 

https://www.zdnet.com/article/ransomware-why-cities-have-become-such-a-big-target-for-cyberattacks-and-why-itll-get-worse-before-it-gets-better/

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

What do you post?

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

800,000 Computers Still Vulnerable to BlueKeep

Despite the well-publicized threat that the BlueKeep vulnerability poses to individuals and enterprises, more than 800,000 systems are still not protected from the threat. 

BlueKeep is a backdoor that allows hackers to access networks where they can directly deliver malware. The flaw can cause significant damage, and neutralizing the threat is surprising easy. A simple software update, which Microsoft issued in May, nullifies the vulnerability, but according to data compiled by a New Internet scan, less than 20% of eligible systems were updated in the past month. 

With cyber threats coming from all directions, fixing security vulnerabilities through software updates is an easy way to prevent obvious threats from wreaking havoc on your company's IT infrastructure. Partnering with security specialists can help organizations identify vulnerabilities, fortifying their defenses before a data breach occurs. 

https://www.darkreading.com/vulnerabilities---threats/800k-systems-still-vulnerable-to-bluekeep/d/d-id/1335286

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com