800-214-0957 info@blackbottleit.com
Embrace Cybersecurity with Your Partners and Vendors

Embrace Cybersecurity with Your Partners and Vendors

by | Mar 18, 2023 | Breach Response, Cybersecurity

Top 3 Things to Know BEFORE Partnering with Vendors

 

As cybercrime is always knocking on the door of your business, one of the most crucial things you can do is partner with vendors that embrace a good cybersecurity posture. This means that they value your business as much as they value their own!  But how do you know which vendor relationships are safe?  Here are three things to know before you partner.

  1. Does your business have a PROCESS to audit third-party vendors for their cybersecurity resilience before sharing sensitive information?
  2. VERIFY that your third parties have implemented strong third-party risk cybersecurity monitoring and plans.
  3. DEFINE cybersecurity risk expectations and requirements with your vendors.

 

It’s in the Data

 

Payroll Companies, Financial Institutions, Accounting firms — they all have one ‘big’ thing in common.  These industries store large volumes of data.  Data that is very interesting to cyber criminals. It really doesn’t matter what they actual data is — just know that criminals want it!   

 

Types of Risky Data Include:

  • Employee Data
  • Social Security Numbers
  • Bank Account
  • Health Care information
  • Client Data
  • Account numbers
  • Sensitive information owned by Client
  • Credit Card/Bank Account
  • Protected Information
  • Industry specific proprietary information
  • Controlled Unclassified Information

 

 

As a business leader, do any of these pain points resonate with you?

 

  • The Increase in ransomware /phishing schemes
  • Lack of compliance with increases in regulation
  • Lack of an incident response plan
  • Third-party vendor cybersecurity maturity
  • Our Insufficient in-house cybersecurity expertise

 

By understanding third-party security policies and procedures, you can take corrective steps to address the risks to your data. Without the proper controls, your vendors and contractors can become the weakest link to your organization and customers’ privacy.

Cybersecurity, in General, Doesn’t Have to Be Hard.

Cybersecurity, in General, Doesn’t Have to Be Hard.

by | Mar 16, 2022 | Cybersecurity

Don’t Sweat it. 

Less than 1% of manufacturers will require CMMC Level 3


It may be one of your largest accounts if you’re a manufacturer with a contract with the Department of Defense (DoD). Winning DoD contracts can contribute to years of work and good cash flow. It isn’t nearly as easy for many contractors as it used to be to win those contracts, and in fact, it will get more complex.

 

Once CMMC 2.0 arrives – the rule-making of the Cybersecurity Maturity Model Certification (CMMC) if you have contracts, will you keep them?  Don’t sweat the big stuff. Your organization will most likely fall under CMMC 1 and CMMC 2 levels, considering the projection for 99.9%* of all DoD contractors. 

 

  • Level 1: 59.9% (77,789 companies)
  • Level 2: 40.0% (51,860 companies)
  • Level 3: 0.1% (160 companies)

 

These regulatory requirements aren’t moving as fast as everyone thought. Still nervous about meeting these compliances?  Black Bottle IT recommends protecting your business without a big pot of gold!  Our affordable solution gets you to NIST 800-171 compliance. 

 

Cybersecurity, in General, Doesn’t Have to Be Hard.

Whether you have DoD contracts or not, improving your cyber posture will go a long way to building trust and keeping your business safe. Manufacturers, education, nonprofits, and legacy systems, typically lack staff IT teams and utilize legacy systems. 


Once ransomware attackers lose interest in what’s happening in Russia and Ukraine, the industries most vulnerable will need, and should always have, proper controls in place. 


It doesn’t have to be hard to get started with better cybersecurity practices.

Here are the top four weaknesses organizations are facing as they LACK:

 

  1. Vulnerability Scans: Scanning systems are advised to ensure security from all known vulnerabilities.  One of the most significant security vulnerabilities of the last few years, Log4j, is prevalent in many technology applications. Vulnerability scanning will identify this and many other vulnerabilities so that a remediation plan can be developed and executed.

  2. Security Monitoring Tools: If your network is breached, having intrusion detection/response will alert key personnel and potentially stop the attack.

  3. Data Backup Strategy: The best practice is to have an offsite backup solution.

  4. Security Awareness Training: Human error is the most significant attack vector; regular employee training introduces/re-enforces good security hygiene and habits.

 

Chose to Partner with Black Bottle IT.

We are certified trusted, and we will take steps to achieve compliance and protect your organization from threats like ransomware and data breaches.

 

Lessons From the Breach Hotline

Lessons From the Breach Hotline

by | Mar 7, 2022 | Breach Hotline, Breach Response, Cybersecurity

Email Compromise Trends The Highest on Breach Hotline: Lessons Learned

 

Breaches happen to ALL businesses.  Of the calls into the Black Bottle IT  Breach Hotline, 33% directly resulted from email compromise and user error! Unsurprisingly, ransomware was a close second that resulted in calls to the Breach Hotline. 


Most often, scammers go right for the finance employees and their emails, and they use phishing or malware to access a finance employee’s email account, such as an accounts receivable manager. Then the scammer emails the company’s suppliers fake invoices that request payment to a fraudulent bank account.


Types of Breaches You Should Know About

 

  • Backdoor Attack: A backdoor is a malware type that negates standard authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, allowing perpetrators to issue system commands and update malware remotely.

 

  • Printer Cyber Attacks: Hackers can connect your printer to a botnet, which can be used to steal your data and carry out cyber attacks.

 

  • Spoofing Attacks: When someone or something pretends to be something else in an attempt to gain your confidence, get access to your systems, steal data, steal money, or spread malware.

 

  • User Error: An unintentional or lack of action results in a data breach; this category includes activities like downloading infected software and keeping a weak password.

 

  • Email Account Compromise: EAC is not limited to phishing and malware emails to compromise victims’ email accounts, gaining access to legitimate mailboxes.

 

  • Ransomware: During the first half of 2022, there were an astonishing 236.1 million ransomware attacks worldwide. The top five industries impacted include Banking and Financial Services, Education, Energy and Utilities, Government, and Manufacturing.

 

  • Third-Party Compromise: Third-party risk is the likelihood that your organization will experience an adverse event: data breach, operational disruption, or reputational damage. A third-party attack occurs when a criminal infiltrates your system through an outside partner or provider with access to your systems and data.

 

  • Data Leak: A data leak is when sensitive data is accidentally exposed physically, on the Internet, or any other form, including lost hard drives or laptops. This means a cybercriminal can gain unauthorized access to sensitive data without effort. The consequences may include the destruction or corruption of databases, the leaking of confidential information, and the theft of intellectual property.



What Can Businesses Do to Protect Themselves

According to Michael Valentine, Black Bottle IT’s Compliance Security Expert, the businesses that called their breach hotline over the last 24 months did not have monitoring; some only had Anti-Virus or nothing at all. 


Having an incident response plan to manage third parties is also a must. While the benefit typically outweighs the risk for many third-party relationships, partnering with third parties increases your attack surface risk. At Black Bottle IT, we answer third-party relationships as it is not necessarily “if” but when an incident will occur and how severe it will be.


Human error continues to be a concern. Black Bottle IT  and industry experts agree that Cybersecurity training should occur about two to three times per year — or almost every four to six months. One of the most common reasons security training programs fail is a lack of adequate planning and effort on behalf of organizations.


Tools alone don’t do the trick. Implementing multi-factor authentication, or MFA, across all devices and updating software is necessary. We alleviate businesses’ pressures, such as assessing and remediating against new attacks, protecting their organization against data theft,  addressing skills shortages, and filling resource gaps.

 

Contact Black Bottle IT today for a no-obligation Cyber Risk Gap Assessment. 

Black Bottle IT Joins MSP Alliance®

Black Bottle IT Joins MSP Alliance®

by | Jan 26, 2022 | Cybersecurity, Risk Management, Vendor Management

Black Bottle IT joins a vibrant global consortium of cloud-managed service providers and technology-enabling vendors.

 

MSPAlliance is the oldest Managed Services group and the only Accrediting and Standards based body created specifically for the Managed Services Industry. With thousands of members worldwide, the MSPAlliance is a powerful and influential global network of IT professionals. MSPAlliance works in a collaborative effort with service providers, technology-enabling vendors, governmental bodies, as well as other industry associations to further the acceptance of the managed services and cloud industry to the business consumer. 

 

MSPAlliance Member companies can achieve MSP and Cloud Certifications including MSP Verify, Cloud Verify, GDPR Verify, Cyber Verify, SOC audits, as well as other certifications and audits relevant to this profession. 

 

“We are delighted to have Black Bottle IT as a member of our global association,” said Celia Weaver, MSPAlliance president. “By upholding the MSPAlliance Managed Service Provider’s Code of Ethics, Black Bottle IT  will work with MSPAlliance, as well as their industry peers, to help ensure the integrity of the managed services and cloud profession.”

 

ABOUT BLACK BOTTLE IT

When you choose Black Bottle IT, you are adding a TEAM of Experts to fight ransomware and cyber Criminals. For many organizations that make the move to Managed IT Services and Support they have been reliant on a small team who simply doesn’t have the skills or the bandwidth to do much more than fix problems as they occur. At Black Bottle IT, our Managed IT Service Team allows you to proactively manage the IT function so that your team and your goals are no longer hindered but enabled by technology. 


ABOUT MSPALLIANCE

MSPAlliance® is a global industry association and accrediting body for the Cyber Security, Cloud Computing and Managed Services Provider (MSP) industry. Established in 2000 with the objective of helping MSPs become better MSPs. Today, MSPAlliance has thousands of cloud computing and managed service provider members across the globe and works in a collaborative effort to assist its members, along with foreign and domestic governments, on creating standards, setting policies and establishing best practices. 

For more information, visit www.mspalliance.com

What Does Cybercrime Look Like

What Does Cybercrime Look Like

by | Jan 5, 2022 | Cyber Insurance, Cybersecurity, Cybersecurity Awareness, Risk Management

Have you gone phishing lately? It’s beginning to look a lot like cybercrime is just around the corner.  But what does cybercrime look like? And, how will you know if cybercrime will impact your business?


The number one question our team at Black Bottle IT receives is, “Will my business be impacted by cybercrime?”  The short answer is, “It is a question of when not if.” The short answer should encourage us all to learn a bit more about the most recent cybercrimes and their impact on small businesses. 


Email and Internet Fraud Scenarios

  • You receive an event email titled “Your Market Growth Strategy Webinar Is About To Start!” but don’t see this event on your calendar or recall registering.
  • You receive a voicemail message attachment via email through a notable telecom company, but your company doesn’t utilize its services.
  • You receive an email marked “high priority” from what appears to be your boss. He claims to be busy in a meeting and requires urgent action on your part to call a specific number.


These are examples of phishing that seem legitimate and often create a false sense of urgency, leading you as the user to click on a malicious link within the message or give away confidential organizational or personal information that can be used to infiltrate your company’s networks.


#1 Email and Internet Fraud: Phishing

Globally, 323,972 internet users fell victim to phishing attacks in 2021. This means half of the users who were a victim of cyber crime fell for a phishing.  

 

What’s Next?

Those who have personally lost money to a phishing scam typically file a police report with their local department and a fraud report with the FBI.  But what happens when one of your employees clicks on a phishing email and transfers a large payment for services away from your business’s bank account to a fraudulent one?  And then what if that incident turns into a breach that exposes your entire network? 


Cyber Insurance

Peace of mind for your business’s cybersecurity doesn’t come from quick fixes or turning a blind eye to digital threats strong enough to put you out of business. It all comes down to a total risk management solution that provides peace of mind.  What does this include:

  • Endpoint detection and response and segregated backups
  • Next-generation anti-virus
  • Multi-factor authentication everywhere
  • Cybersecurity training for employees 
  • A cyber insurance policy specifically for your industry, size, and risk

Get started with Cybersecurity Employee Awareness Training today!

Cybersecurity Awareness Training
The Breach: Part 4

The Breach: Part 4

by | Oct 25, 2021 | Breach Hotline, Cybersecurity, Risk Management

The Breach – Part 4

 

And the Story picks up where we left off here.


Date of Discovery

All along the way, third-party companies were lining up with bags opened, hoping to get them filled with “incident response” money.  Most of them were trying to create some real sense of urgency to engage and take action.   I never fell for the high-pressure tactics; I wanted to get some options, evaluate the risks, and make an informed decision.  However, in the days that followed, the attorneys started educating us in the generalities of cyber statutes.  Most of them had a requirement to respond with their timelines after the “date of discovery.”  This was the only timeline that mattered.  So, we had time, but much, to rationally engage third-party forensics to a specific scope of the data breach so that we could formulate a responsible response plan.


250 Records Lost – What A Relief

After sending the forensic team copies of the hard drives from machines in scope, we had many calls with the team. After their investigation, they thought we could have lost about 250 records of personal information.  At first, it was a relief, as it could have been much worse.  But shortly after, I started to realize that their analysis was speaking in hypotheticals.  The words beings used were “we think,” “they might have,” “it possible,” rather than more explicit language.  So, I started to understand that they didn’t know, but the forensics team advised me on the potential risk of what was accessible to the cyber attackers.  After this call, we had a pretty good idea about the size and scope of the attack.  At this point, I was finally able to provide some tangible details to the stakeholders of the company.  Until now, the information I had was all hypothetical; now, we had some excellent news to act on. 


The First Invoice — Yikes

A few weeks into this saga, the Company received its first invoice from the Data Breach Coach (attorneys) and the forensics company.  Let’s back up. We engaged this firm because we had access to them through our insurance coverage.  And, we received about 60% more financial relief from all the expenses if we used the insurance companies’ providers rather than just find our resources.  So, naturally, we engaged the providers recommended by our insurance company.  But, there was a limit to what the coverage would allow for. At first, I thought the coverage was way more than enough until the first invoice arrived.  The hourly billable rates were so high, and I felt they misplaced a decimal point.  Our first invoice ate up around 35% of our allowed coverage.  I needed to make sure the Company was using its coverage limit wisely.  The Data Breach Coach and forensics team afforded plenty of opportunities to do work and eat up our remaining coverage. 


The Response

After the scope of the event had been determined, it was time to work on the response.  The legal team briefed us on the types of actions that we needed to take.  First, we needed to determine what states the impacted parties were residing in.  Each state has its reporting requirements when a data breach involves personally identifiable information.  Some states even require credit monitoring and other services to protect individuals from identity theft.* I quickly realized that the attorneys understood these requirements and would be an extremely valuable resource.  They took on crafting notification letters to 15+ states on our behalf and having guidance that his juncture of the story was very comforting.  I understood our risk and felt comfortable we were doing the right things.


*note — These requirements are now commonplace in most states, but during this time, these requirements were not the norm


Our MSP Should Know How To Help Us Remediate… Not So Fast

At the same time our talks with the attorney and forensics, the Company was actively trying to remediate the root cause of the cyber attack.  We were confident we had stopped the attack.  But, verifying we had no lingering effects of our attack proved harder than we thought.  We reach out to our MSP for advice and assistance.  We planned a weekend to come in, install advanced cleaning tools, and clean every machine in the building (over 100).  We only completed the task to find the infected device (that was cleaned) with some unrelated malware. We scheduled another weekend to re-clean all the machines again.  After the 2nd round of cleansing, the malware was found again.  It was then I realized our MSP was not equipped to handle our situation.  To date, they have served us well, but the problem overmatches us.  In summary, they were not security experts, so we needed additional support.   


The moral of this story, Managed Service Providers, are good at traditional things, procurement of new hardware, architecting new infrastructure, end-user support.. etc.  But, cyber security experts were not.  Through lots of activity and a few 3rd parties, we could get our environment clean and remove any remnants of the attackers.


Final Part 5 is coming soon.

 

 

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT.  Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014.  Connect with John here.