800-214-0957 info@blackbottleit.com
What Managed IT Solution is Best for Your Business?

What Managed IT Solution is Best for Your Business?

What Managed IT Solution is Best for Your Business?

 

When engaging Companies, our team here at Black Bottle IT receives many questions about what tools and services are right for their business. But, there is one question Black Bottle IT frequently gets, “what solutions would you recommend to us?” The answer isn’t simple. There is no “silver bullet” that cures all cybersecurity risks.


To simplify, when looking for a cybersecurity solution, typically companies fall into three categories:

 

1. Companies that recognize the need to upgrade security solutions and HAVE in-house technical talent:


In this scenario, Black Bottle IT will advise the Company on the right security solutions to fit its situation. Once the solutions are selected, Black Bottle IT will help implement and craft the correct policies and procedures to govern the new processes. This activity is typically done side by side with the in-house talent to hand off 100% of the operations back to the Company’s technical team. Post implementation, we strategically advise, when necessary, as the ever-changing security threat landscape changes with new solutions to keep pace.

 

2. Companies that recognize the need to upgrade security solutions and DO NOT HAVE in-house technical talent:


These businesses are our favorite Companies to consult with at Black Bottle IT. Business leadership is savvy enough to understand the risk a cyber attack poses and knows the Company doesn’t have enough in-house talent to find, implement and manage the necessary solutions. Cybersecurity talent is hard to find, and most SMB businesses do not have the budget for a dedicated security team. In these instances, Black Bottle IT will recommend, implement and manage a security solution that meets the Company’s needs and reduces their risk of a cyber attack. Going forward, Black Bottle IT will act as advisors and part of the technology team.

 
3. Companies that may not understand their cyber risk and need some education:


Part of our mission is to inform Companies of the risk a cyber attack can have on their business. In these conversations, we provide industry information, statistics, case studies relevant to the Companies industry. Our goal is to make sure leadership knows the risk. Ultimately, we want to help them and gain them as a client, but the reality is, most Companies that fall into this category need time to digest the information and then quickly realize they need to address the risk. Implementation of solutions will start with low-hanging fruit, as the Company plans and budgets for future improvements.


How can we help your business?  There is always a go-forward plan that is right for you, your business, and your stakeholders. 

Contact Black Bottle IT today to learn more.

Embrace Cybersecurity with Your Partners and Vendors

Embrace Cybersecurity with Your Partners and Vendors

Top 3 Things to Know BEFORE Partnering with Vendors

 

As cybercrime is always knocking on the door of your business, one of the most crucial things you can do is partner with vendors that embrace a good cybersecurity posture. This means that they value your business as much as they value their own!  But how do you know which vendor relationships are safe?  Here are three things to know before you partner.

  1. Does your business have a PROCESS to audit third-party vendors for their cybersecurity resilience before sharing sensitive information?
  2. VERIFY that your third parties have implemented strong third-party risk cybersecurity monitoring and plans.
  3. DEFINE cybersecurity risk expectations and requirements with your vendors.

 

It’s in the Data

 

Payroll Companies, Financial Institutions, Accounting firms — they all have one ‘big’ thing in common.  These industries store large volumes of data.  Data that is very interesting to cyber criminals. It really doesn’t matter what they actual data is — just know that criminals want it!   

 

Types of Risky Data Include:

  • Employee Data
  • Social Security Numbers
  • Bank Account
  • Health Care information
  • Client Data
  • Account numbers
  • Sensitive information owned by Client
  • Credit Card/Bank Account
  • Protected Information
  • Industry specific proprietary information
  • Controlled Unclassified Information

 

 

As a business leader, do any of these pain points resonate with you?

 

  • The Increase in ransomware /phishing schemes
  • Lack of compliance with increases in regulation
  • Lack of an incident response plan
  • Third-party vendor cybersecurity maturity
  • Our Insufficient in-house cybersecurity expertise

 

By understanding third-party security policies and procedures, you can take corrective steps to address the risks to your data. Without the proper controls, your vendors and contractors can become the weakest link to your organization and customers’ privacy.

Black Bottle IT Achieves HIPAA Compliance with Compliancy Group

Black Bottle IT Achieves HIPAA Compliance with Compliancy Group

Black Bottle IT Achieves HIPAA Compliance with

Compliancy Group

 

Black Bottle IT  has demonstrated its good faith effort toward HIPAA compliance by completing Compliancy Group’s proprietary HIPAA compliance process.

 

We are pleased to announce that Black Bottle IT has taken all necessary steps to prove its good faith effort to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA). Through the use of Compliancy Group’s proprietary HIPAA solution, The Guard™. Black Bottle IT  can track its compliance program and has earned its Seal of Compliance™. The Seal of Compliance is issued to organizations implementing an effective HIPAA compliance program using The Guard. 

 

HIPAA comprises a set of regulatory standards governing the security, privacy, and integrity of sensitive healthcare data called protected health information (PHI). PHI is any individually identifiable healthcare-related information. If vendors who service healthcare clients come into contact with PHI in any way, those vendors must be HIPAA compliant.

 

Black Bottle IT  has completed the Compliancy Group’s Implementation Program, adhering to the necessary regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH. Compliancy Group has verified Black Bottle IT’s good faith effort to achieve HIPAA compliance through The Guard. 

 

“Our streamlined solution with Compliance Group will drastically cut down the time needed to achieve HIPAA compliance, saving our clients time and stress,” said John Hensberger, Partner. “We are excited about our partnership and look forward to helping our clients grow their business, safely.”

 

 

About Compliancy Group

HIPAA should be simple. That’s why Compliancy Group is the only software with Compliance Coaches™ walking you through HIPAA to simplify compliance. Built by auditors, Compliancy Group gives you confidence in your compliance plan to reduce risk, increase patient loyalty, and profitability of your organization. Visit https://www.compliancy-group.com to learn how simple compliance can be.

Cybersecurity, in General, Doesn’t Have to Be Hard.

Cybersecurity, in General, Doesn’t Have to Be Hard.

Don’t Sweat it. 

Less than 1% of manufacturers will require CMMC Level 3


It may be one of your largest accounts if you’re a manufacturer with a contract with the Department of Defense (DoD). Winning DoD contracts can contribute to years of work and good cash flow. It isn’t nearly as easy for many contractors as it used to be to win those contracts, and in fact, it will get more complex.

 

Once CMMC 2.0 arrives – the rule-making of the Cybersecurity Maturity Model Certification (CMMC) if you have contracts, will you keep them?  Don’t sweat the big stuff. Your organization will most likely fall under CMMC 1 and CMMC 2 levels, considering the projection for 99.9%* of all DoD contractors. 

 

  • Level 1: 59.9% (77,789 companies)
  • Level 2: 40.0% (51,860 companies)
  • Level 3: 0.1% (160 companies)

 

These regulatory requirements aren’t moving as fast as everyone thought. Still nervous about meeting these compliances?  Black Bottle IT recommends protecting your business without a big pot of gold!  Our affordable solution gets you to NIST 800-171 compliance. 

 

Cybersecurity, in General, Doesn’t Have to Be Hard.

Whether you have DoD contracts or not, improving your cyber posture will go a long way to building trust and keeping your business safe. Manufacturers, education, nonprofits, and legacy systems, typically lack staff IT teams and utilize legacy systems. 


Once ransomware attackers lose interest in what’s happening in Russia and Ukraine, the industries most vulnerable will need, and should always have, proper controls in place. 


It doesn’t have to be hard to get started with better cybersecurity practices.

Here are the top four weaknesses organizations are facing as they LACK:

 

  1. Vulnerability Scans: Scanning systems are advised to ensure security from all known vulnerabilities.  One of the most significant security vulnerabilities of the last few years, Log4j, is prevalent in many technology applications. Vulnerability scanning will identify this and many other vulnerabilities so that a remediation plan can be developed and executed.

  2. Security Monitoring Tools: If your network is breached, having intrusion detection/response will alert key personnel and potentially stop the attack.

  3. Data Backup Strategy: The best practice is to have an offsite backup solution.

  4. Security Awareness Training: Human error is the most significant attack vector; regular employee training introduces/re-enforces good security hygiene and habits.

 

Chose to Partner with Black Bottle IT.

We are certified trusted, and we will take steps to achieve compliance and protect your organization from threats like ransomware and data breaches.

 

Lessons From the Breach Hotline

Lessons From the Breach Hotline

Email Compromise Trends The Highest on Breach Hotline: Lessons Learned

 

Breaches happen to ALL businesses.  Of the calls into the Black Bottle IT  Breach Hotline, 33% directly resulted from email compromise and user error! Unsurprisingly, ransomware was a close second that resulted in calls to the Breach Hotline. 


Most often, scammers go right for the finance employees and their emails, and they use phishing or malware to access a finance employee’s email account, such as an accounts receivable manager. Then the scammer emails the company’s suppliers fake invoices that request payment to a fraudulent bank account.


Types of Breaches You Should Know About

 

  • Backdoor Attack: A backdoor is a malware type that negates standard authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, allowing perpetrators to issue system commands and update malware remotely.

 

  • Printer Cyber Attacks: Hackers can connect your printer to a botnet, which can be used to steal your data and carry out cyber attacks.

 

  • Spoofing Attacks: When someone or something pretends to be something else in an attempt to gain your confidence, get access to your systems, steal data, steal money, or spread malware.

 

  • User Error: An unintentional or lack of action results in a data breach; this category includes activities like downloading infected software and keeping a weak password.

 

  • Email Account Compromise: EAC is not limited to phishing and malware emails to compromise victims’ email accounts, gaining access to legitimate mailboxes.

 

  • Ransomware: During the first half of 2022, there were an astonishing 236.1 million ransomware attacks worldwide. The top five industries impacted include Banking and Financial Services, Education, Energy and Utilities, Government, and Manufacturing.

 

  • Third-Party Compromise: Third-party risk is the likelihood that your organization will experience an adverse event: data breach, operational disruption, or reputational damage. A third-party attack occurs when a criminal infiltrates your system through an outside partner or provider with access to your systems and data.

 

  • Data Leak: A data leak is when sensitive data is accidentally exposed physically, on the Internet, or any other form, including lost hard drives or laptops. This means a cybercriminal can gain unauthorized access to sensitive data without effort. The consequences may include the destruction or corruption of databases, the leaking of confidential information, and the theft of intellectual property.



What Can Businesses Do to Protect Themselves

According to Michael Valentine, Black Bottle IT’s Compliance Security Expert, the businesses that called their breach hotline over the last 24 months did not have monitoring; some only had Anti-Virus or nothing at all. 


Having an incident response plan to manage third partie
s is also a must. While the benefit typically outweighs the risk for many third-party relationships, partnering with third parties increases your attack surface risk. At Black Bottle IT, we answer third-party relationships as it is not necessarily “if” but when an incident will occur and how severe it will be.


Human error continues to be a concern.
Black Bottle IT  and industry experts agree that Cybersecurity training should occur about two to three times per year — or almost every four to six months. One of the most common reasons security training programs fail is a lack of adequate planning and effort on behalf of organizations.


Tools alone don’t do the trick. Implementing multi-factor authentication, or MFA, across all devices and updating software is necessary. We alleviate businesses’ pressures, such as assessing and remediating against new attacks, protecting their organization against data theft,  addressing skills shortages, and filling resource gaps.

 

Contact Black Bottle IT today for a no-obligation Cyber Risk Gap Assessment.