Ransomware Recovery is Long and Expensive. Should You Just Pay the Ransom to Make it Easier?

Ransomware Recovery is Long and Expensive. Should You Just Pay the Ransom to Make it Easier?

---

Ransomware has been the story of the year in cybersecurity, as attacks have boomed by more than 40% since March 2020. This slippery, dangerous foe is a nightmare that can wreak havoc on your business and cost a fortune in restoration and recovery on top of the lost business and general damage.

No one wants to deal with ransomware. But since you’re already looking at an expensive proposition, can you save yourself the money, time, and headaches of undertaking a ransomware incident response by paying the ransom and getting the encryption key to unlock your systems and data – and will you get in legal trouble for doing it?

The answer is complicated. While paying the ransom may not be expressly prohibited by law, legal officials are not fans of the practice. The US Treasury issued new guidance this month urging people not to pay hackers, and noting that businesses could face civil penalties if they pay ransoms to hacker groups affiliated with sanctioned nation-states, a particular concern for the healthcare sector.

The better approach to protecting your business from phishing danger including ransomware is increased security awareness and phishing resistance training. Ransomware is most likely to arrive at your doorstep as the cargo of a phishing email, as well as other dangerous cyberattacks like business email compromise, spear phishing, and whaling.

Regular phishing resistance training and testing with a solution like BullPhish ID is extremely effective – security awareness training including phishing resistance can reduce your cybersecurity incident rate by up to 70%. No matter how you slice it, increased security awareness training is the best way to ensure that your employees are ready for the threats they face ahead to keep ransomware from taking your profits hostage.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

• Sudden Spike in Healthcare Attacks May Be Nation-State Hackers 
• The Week in Breach 10/21/20 – 10/27/20 
• 2020 Election Phishing Email Creates Business Risk 
• 2020 Election Cybersecurity Fears Boosted by New Hacked Voter Data in Dark Web Markets 
• The Ink This Week Cybersecurity News 10/23/20 
• The 3 Threats to Watch for Election 2020 Cybersecurity
• Will the Vaastamo Patient Data Breach Set a GDPR Penalty Record 

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Dark Web Data Powers Impersonation & Business Email Compromise Scams

Dark Web Data Powers Impersonation & Business Email Compromise Scams 

---

Dark Web danger doesn’t just come to your company’s doorstep from compromised passwords – it also comes from data dumps full of email addresses, employee information, website user logs, supplier records, medical data, and more that can provide cybercriminals with exactly what they need to lure your staffers into a nasty (and expensive) trap. 

Every kind of data about your employees that you can think of is available on the Dark Web – sometimes for free. As the 2020 US elections race to the finish, voting registration data and records from special interest groups have fueled extremely dangerous spear phishing attacks including impersonation scams. 

General business email compromise attempts are landing in employee inboxes every day too. A recent survey reported that over 30% of respondents reported receiving one every day. Running the gamut of impersonations including scary vendor notices, fake unpaid invoices, spoofed supplier communications, and even fake emails from colleagues, cybercriminals are pulling out all the stops to trick your staffers into falling into a business email compromise scam.

---

See how to enlist your staff in the fight against ransomware to transform them into your biggest security asset! WATCH THE WEBINAR>>

---

The most efficient and effective way to put the brakes on business email compromise risks is to mitigate the foundation that they’re built on: phishing email. With a more than 600% increase in phishing attacks clocked in 2020, making sure that your staff is ready to defend against phishing attacks is crucial to protecting your business from cybercrime like business email compromise.

BullPhish ID can help with that. Regular security awareness training including phishing awareness can reduce your company’s risk of falling prey to a cyberattack by up to 70%. The key is regularity though – research shows that employees only retain security awareness training for about 4 months unless it’s regularly refreshed.

That’s not a problem with BullPhish ID. Featuring a huge library of more than 80 plug-and-play phishing simulation campaign kits in 8 languages, we also add 4 new kits every month to make sure that your staffers are getting the training that they need to be on guard against the latest threats.

Regular training doesn’t mean expensive either – BullPhish ID is affordable and effective. Improved cybersecurity awareness and phishing resistance training isn’t something that can wait. Protect your systems and data from impersonation and business email compromise scams now to avoid a mess tomorrow.  Contact us today for a live demo of BullPhish ID to see how it can secure your customers and grow your business.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Go Inside the Ink to Get the Inside Scoop

Go Inside the Ink to Get the Inside Scoop 

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

• CISA NIST Ransomware Protection Guides Highlight Simple Solution  
• Is Your Stolen Data in the Pot at a Poker Game? 
• 5 Reasons Why You can’t DIY Dark Web Monitoring 
• The Week in Breach: 10/14/20 – 10/20/20 
• Don’t Get Tricked by GDPR Compliance Phishing Scams  
• Remote Work Phishing Threats Aren’t Slowing Down 
• New Hacked Voter Data on Dark Web Stokes Election Cybersecurity Fears

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Would you fall for this scam?

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Bit by Bit November Newsletter

No images? Click here   What We Learned about Cyber Liability Insurance in Our Webinar Well, you need it. Cyber liability insurance. You've got health insurance, right?  So, you should invest in coverage to insure your cyber health against hackers and [...] Read more   Bit by Bit Partners with Cybersafe Solutions to Offer World-Class Cybersecurity Tools As a full-service IT firm, Bit by Bit has entered into a partnership with New York-based cybersecurity firm Cybersafe Solutions to enhance our [...] Read more     3bExam & DOT Physicals:  No Rush to Judgement As the premier exam management program, 3bExam connects thousands of employers, employees, drivers, and providers from a wide range of [...] Read more   Upcoming Webinar: The Cyber Threat Landscape is Evolving  You should too Oct. 28th     2-2:30 EST      Visit our Event Page  for Details!         Questions? Get in touch with us today!     CONTACT US   SUPPORT CENTER   www.bitxbit.com   ©2020 Bit by Bit. All Rights Reserved.   Share    Tweet    Share    Forward

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Too Many Privileged Credentials Can Lead to Disaster

Too Many Privileged Credentials Can Lead to Disaster 

How many administrator or above credentials are around for your business systems? How many people have access to an administrator password who shouldn’t? Can you be sure that every former staffer’s access has been removed? How many of your staffers are reusing passwords at work and at home? 

Compromised credentials cause big business problems, and privileged credentials are Golden Tickets for cybercriminals. In a recent analysis, experts determined that as many as a fifth of employees with privileged user credentials don’t need them – a third of the respondents even said that everyone at their level has the same access, whether they need it or not.

Playing fast and loose with privileged access to your systems and data is a disaster waiting to happen, as the US Government recently found out. Bad actors were able to gain access to critical data and systems with stolen access credentials for O365, including administrator credentials. The attackers were then able to conduct a complex malware attack, remotely logging into staffers’ computers.

Sometimes it’s inconvenient to have to track down someone to click a button. But giving out privileged access to everyone is no good at all, and sharing administrator passwords is not the answer. Simple secure identity and access management is the solution.

---

Secure identity and access management is a top CISO priority for 2021. Let us show you why with Passly. Your clients will love the price and you’ll love the MRR!

WATCH THIS WEBINAR>>

---

Passly combines multiple security tools into one solution, giving you more for your money including multifactor authentication and secure shared password vaults. But the most important feature that Passly provides to alleviate this headache is single sign-on. It makes everyone’s job easier.

Instead of writing down administrator passwords to access a system or giving people blanket access, single sign-on allows every staffer to have a personalized LaunchPad that signs them in to all of the apps they’ll use at work in one swoop.

It’s also a boon for IT departments. No need to go into every single application a staffer might use and grant them access permissions. No more endless password resets when somebody lost that sticky note. Every user has an individual LaunchPad that IT staff can access from anywhere, granting and removing permissions with just a few clicks.

Secure identity and access management was cited as a top priority for next year by CISOs in a recent survey, and it’s no wonder. Making it easier for IT staffers to control your access points while making it easier to make sure that the right people have access to the right things exactly when they need it just makes good sense.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863