Our 24/7/365 IT Support Techs are Certifiably Great

No images? Click here   Our 24/7/365 IT Support Techs are Certifiably Great It's a pretty easy correlation to make. The more training and certification technology support experts have, the more they have to offer our clients that come to them daily with a range of requests for help with their IT [...] Read more   Smart Tips for Good Password Hygiene We can't say it enough. Practicing good password hygiene is a good thing.  A really important, good thing. So, here are some key tips to help keep your passwords secure and protect your data and devices [...] Read more   Meet Collin Torrens: Tech Network Engineer Extraordinaire There are certain qualities that make our Bit by Bit tech engineers so valuable. Things like responsiveness, breadth of IT knowledge, creativity, flexibility, and an ability to understand a customer’s needs and respond quickly so they feel at ease and know that we’ll be able to fix their problem [...] Read more       Questions? Get in touch with us today!     CONTACT US   SUPPORT CENTER   www.bitxbit.com   ©2020 Bit by Bit. All Rights Reserved.   Share    Tweet    Share    Forward

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Ransomware Incidents and Expenses Are on the Rise – and No Business is Safe

 

Ransomware is a terrifying threat that every business is facing these days and a favored tool of cybercriminals. Ransomware incidents are becoming more frequent, and both ransoms and recoveries are growing more expensive. Here are our best tips for avoiding getting caught up by expensive, damaging ransomware.  

Add an automated phishing defense solution. Your employees can’t click on a ransomware-laden email if they never get it. Automated phishing protection using a smart solution like Graphus reduces the chances of a dangerous email reaching your employees and also provides warnings to call out unusual communications. 

Never stop training. Cybercriminals are constantly updating their phishing attack playbooks. Shouldn’t you be constantly updating your phishing resistance training to fight back? When you use BullPhish ID for phishing awareness training, you have access to more than 100 plug-and-play phishing simulation kits, with new kits added every month to ensure that you’re training for the latest threats. 

Lock your doors. Take the sting out of a stolen, phished, or cracked password by adding secure identity and access management to your defenses. It’s a recommended mitigation for cybercrime by the FBI. Choose a multifunctional solution like Passly to get all of the features that you need like multifactor authentication, secure shared password vaults, and easy remote management, in one affordable package. 

By making a few simple and affordable tweaks to your defensive security plan, you can add several shields to protect your systems and data (and your bottom line) from the devastating effect of a ransomware disaster.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Would you open this? What do you see wrong here?

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Just got a zoom meeting request.. hmm that looks odd.. Would they have got you with his scam?

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Why Weak Passwords Are a Security Risk

by Robert Blake

A password is the most commonly used primary security measure for protecting access to websites. Passwords are also commonly used to restrict access to hardware devices, such as computers. While some people may consider the need to use passwords a nuisance, the reality is that we rely on passwords to keep prying eyes away from sensitive data.

Just creating a password may not be enough to protect data. If you choose simple passwords like "password," "qwerty," or "123456," you are greatly increasing the risk that your online accounts or local hardware can be accessed by third parties.

Who would try to access my computer or online accounts? 

Any person who wants access to information stored on your computer or in an online account may try to crack your password; it could be somebody known to you, such as a spouse, partner, relation or work colleague, or it could be a total stranger with fraud on his or her mind. You could also be subjected to automated attacks, where special apps try to break your password by using millions of combinations of characters.

Weak passwords 

Regardless of whether it's somebody you know, a total stranger, or an automated program that is trying to crack your password, if you have a weak password, you are at increased risk of your defenses being breached. 

Weak passwords are ones that can easily be guessed. They include combinations like those mentioned above or passwords based on the date of birth of you, your children, or other relatives. Those based on your favorite books, poems, songs, pets, or geographical locations associated with you are also potentially weak passwords. 

How your personal details can be found 

You may think it is unlikely that a stranger, or even an acquaintance, knows your date of birth, or information about your likes and dislikes. However, it is surprising how much information is in the public domain.

Social media platforms are great sources of information for people who may want to hack passwords. Those birthday greetings from your friends that say "Can't believe you're 20" reveal your date of birth. Greetings to or from "my favorite mum/sister/uncle/brother etc." reveal the names of other family members and their relationship to you. 

People regularly use social media to tell the world about their favorite pet, actor, movie, song, etc. In short, making innocent posts or comments online can reveal a lot of information about you. Even if you don't actively do this, other people can reveal your personal information in their posts or comments. Social media can be a rich source for people trying to break your password.

Automated attacks 

Unlike an individual trying to guess what your password is, automated, or brute force, attacks do not use information about you to assist them. Instead, they try various combinations of characters. While this may seem like a very inefficient way to crack a password, it should be remembered that it is often possible to try millions of combinations in a very short time. 

While these attacks use random sequences of characters, they are often structured to try well-known words or phrases first. These may be followed by combinations of common names and digits that could be dates. Weak passwords are likely to be discovered more quickly.

In summary, using simple passwords is risky. Individuals can try to guess your password based on your personal data. Automated attacks are more likely to find readable passwords, even if they are combinations of words and numbers. Avoid weak passwords if you want to keep your data safe.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

The Week in Breach: Featured Threat

---

Business Email Compromise is a Messy, Expensive, Preventable Disaster

---

Securing highly privleged executive and administrator accounts has to be a high priority for every business

---

Business email compromise is a nightmare proposition for any company. Trading firm Virtu Financial learned that lesson the hard way in May 2020 when it lost it lost $6.9 million in a nasty incident. 

The scam took off when a hacker accessed the email account of one of its executives, reading and analyzing that account’s email for at least two weeks. In phase two, the hacker altered the account’s settings and started sensing out their own fraudulent emails. 

The cybercriminals involved then moved into phase 3 of the scam. After monkeying with the inbox rules to hide certain messages from being seen by the account owner they sprung the most important phase of their plan: sending a series of emails to the company’s accounting department asking it to issue two wire transfers to banks in China. 

The accounting department didn’t see any red flags, and the two transfers, totaling about $10.8 million, were sent in due course in late May 2020. Shortly after the transfers were made, a routine audit clued accounting staffers into possible trouble but the damage was done, and Virtu Financial was only able to freeze $3.8 million of the money.

This whole nightmare stemmed from a single compromised executive email account. While the integrity of every credential is important to maintain security, executive and administrator credentials can cause the most damage to a company, as Virtu Financial learned to their peril.

It’s essential that every account for every user is under the umbrella of a strong secure identity and access management solution to prevent these incidents. Account compromise like this is frequently the result of a password compromise. 

No matter how it’s obtained, whether it’s through spear phishing or it’s a lucky break from a credential stuffing attack, that compromised executive password can be neutralized when a second credential is needed to login to the endangered account. Plus, secure shared password vaults enable companies and IT teams to keep passwords for essential systems and access points especially protected. 

Secure identity and access management was cited as the top priority of CISOs in a recent study on 2021 cybersecurity planning, and one reason it tops the list is that it goes a long way toward preventing disasters like this. Add Passly to your security offerings now to be ahead of the curve when it comes to securing your clients against business email compromise.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Malicious Insiders Could Be Just Around the Corner

Cybersecurity risks don’t just come from outside your business. Sometimes, it’s the new staffer in payroll or the disgruntled clerk in receiving that pose your biggest cybersecurity threat and you may not even notice them until it’s too late, like Shopify this week. 

But it’s not difficult or expensive to take sensible precautions against potentially malicious employees and you should do that right away – because it will happen to you. Insider threats like this are a never-ending source of worry for business owners, and that’s why secure identity and access management should be at the top of your list for solutions that help prevent malicious insiders from stealing sensitive information. 

Using a dynamic secure identity and access management tool like Passly gives you more control over who has access to what, enabling tight controls on sensitive data. It also adds protection against your staffers selling their login credentials by adding multifactor authentication. And if you do have a malicious inside incident, single sign-on LauncPads for every user makes it easy for your security team to cut off access for a user and limit the damage. 

Security experts at companies around the globe agree – secure identity and access management is a key component of a strong cybersecurity defense that acts as a major deterrent to malicious insiders. Adding a cost-effective solution like Passly to your security plan now can save you a fortune in incident recovery costs and heartache later.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863