800-214-0957 info@blackbottleit.com
Payroll Companies are a Lucrative Business for Hackers

Payroll Companies are a Lucrative Business for Hackers

by | Jan 24, 2026 | Compliance, Cybersecurity, Risk Management

Payroll Companies Remain Prime Targets for Cybercriminals

As we enter 2026, the cybersecurity landscape for accounting firms, payroll providers, and tax preparers has never been more complex—or more critical. With regulatory requirements tightening and threat actors growing more sophisticated, compliance is no longer just about checking boxes. It’s about building a cyber-resilient operation that protects your clients’ most sensitive data while keeping your business operational.

The FTC Safeguards Rule, state data privacy laws, and industry-specific compliance mandates continue to evolve, placing greater responsibility on financial services professionals to demonstrate robust security measures. Yet many firms still treat their Written Information Security Plan (WISP) as a document that sits on a shelf rather than a living, breathing framework for daily operations.

Here’s the reality: Payroll and accounting firms hold the keys to the kingdom—Social Security numbers, bank account details, tax records, and financial histories. For cybercriminals, you’re not just a target; you’re a goldmine. And if your cybersecurity program isn’t actively identifying, prioritizing, and addressing vulnerabilities, you’re leaving the door wide open.

Questions Only You Can Answer About Your WISP Plan

Your WISP Can’t Just Sit on a Shelf!

  • Have you performed an Annual Risk Assessment?
  • Do you have an Incident Response Plan, and have you TESTED IT?
  • Has your organization implemented Advanced Security Controls?
  • Do you have a Cybersecurity Awareness Training Program?
  • Who is your CISO; one must be identified in your WISP!
  • Do you know what systems contain sensitive client data and how it’s protected?
  • What’s your process to communicate your plan across the organization?

There’s no time for complacency. Failure to comply could subject your organization to legal liability, regulatory penalties, client lawsuits, and reputational damage that takes years to repair.

Let’s Dive a Bit Deeper with AV & EDR: A Better Core Control

Traditional Anti-Virus (AV)

  • Can only detect previously known threats
  • Minimal to no data collection
  • Minimal to no added features or benefits

Endpoint Detection & Response (EDR)

  • Can detect previously known AND unknown threats due to behavioral-based monitoring
  • Complex and detailed endpoint data collection
  • Added benefits include application monitoring, threat-hunting capabilities, and advanced reporting

Wouldn’t it be nice to know at which bend in the road your business might encounter a breach?

Your Preparedness Should Include:

  • An updated WISP and tested Incident Response Plan
  • Employees who are current on cybersecurity awareness training
  • Multi-Factor Authentication (MFA) on every device and application
  • 24×7 monitoring of all systems and endpoints
  • A comprehensive Cyber Insurance policy

As a whole industry, we’re improving. Training initiatives are making a difference—breaches caused by human error continue to decline. But bad actors aren’t just after your data; they’re after your money. Payroll companies remain lucrative targets because of the direct access to bank accounts, wire transfers, and financial credentials.

Compliance and Cyber Resilience Go Hand-in-Hand

Black Bottle IT specializes in helping payroll companies, accounting firms, and tax preparers meet compliance requirements while building truly resilient cybersecurity programs. We don’t just help you pass an audit—we help you protect your business and your clients every single day.

Ready to strengthen your defenses in 2026? Contact Black Bottle IT today. We have a bench of cyber analysts ready to fight alongside you.

Key changes made:

  • Updated intro with 2026 context and current compliance landscape
  • Emphasized the evolving regulatory environment (FTC Safeguards Rule, state privacy laws)
  • Maintained all core technical content while refreshing the tone to be more urgent and relevant
  • Strengthened the call-to-action with partnership language

To get started, contact Black Bottle IT today. Our team is ready to support your business’s growth. 

Black Bottle IT Achieves HIPAA Compliance with Compliancy Group

Black Bottle IT Achieves HIPAA Compliance with Compliancy Group

by | Aug 30, 2022 | Compliance, Risk Management

Black Bottle IT Achieves HIPAA Compliance with

Compliancy Group

 

Black Bottle IT  has demonstrated its good faith effort toward HIPAA compliance by completing Compliancy Group’s proprietary HIPAA compliance process.

 

We are pleased to announce that Black Bottle IT has taken all necessary steps to prove its good faith effort to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA). Through the use of Compliancy Group’s proprietary HIPAA solution, The Guard™. Black Bottle IT  can track its compliance program and has earned its Seal of Compliance™. The Seal of Compliance is issued to organizations implementing an effective HIPAA compliance program using The Guard. 

 

HIPAA comprises a set of regulatory standards governing the security, privacy, and integrity of sensitive healthcare data called protected health information (PHI). PHI is any individually identifiable healthcare-related information. If vendors who service healthcare clients come into contact with PHI in any way, those vendors must be HIPAA compliant.

 

Black Bottle IT  has completed the Compliancy Group’s Implementation Program, adhering to the necessary regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH. Compliancy Group has verified Black Bottle IT’s good faith effort to achieve HIPAA compliance through The Guard. 

 

“Our streamlined solution with Compliance Group will drastically cut down the time needed to achieve HIPAA compliance, saving our clients time and stress,” said John Hensberger, Partner. “We are excited about our partnership and look forward to helping our clients grow their business, safely.”

 

 

About Compliancy Group

HIPAA should be simple. That’s why Compliancy Group is the only software with Compliance Coaches™ walking you through HIPAA to simplify compliance. Built by auditors, Compliancy Group gives you confidence in your compliance plan to reduce risk, increase patient loyalty, and profitability of your organization. Visit https://www.compliancy-group.com to learn how simple compliance can be.

Black Bottle IT Joins MSP Alliance®

Black Bottle IT Joins MSP Alliance®

by | Jan 26, 2022 | Cybersecurity, Risk Management, Vendor Management

Black Bottle IT joins a vibrant global consortium of cloud-managed service providers and technology-enabling vendors.

 

MSPAlliance is the oldest Managed Services group and the only Accrediting and Standards based body created specifically for the Managed Services Industry. With thousands of members worldwide, the MSPAlliance is a powerful and influential global network of IT professionals. MSPAlliance works in a collaborative effort with service providers, technology-enabling vendors, governmental bodies, as well as other industry associations to further the acceptance of the managed services and cloud industry to the business consumer. 

 

MSPAlliance Member companies can achieve MSP and Cloud Certifications including MSP Verify, Cloud Verify, GDPR Verify, Cyber Verify, SOC audits, as well as other certifications and audits relevant to this profession. 

 

“We are delighted to have Black Bottle IT as a member of our global association,” said Celia Weaver, MSPAlliance president. “By upholding the MSPAlliance Managed Service Provider’s Code of Ethics, Black Bottle IT  will work with MSPAlliance, as well as their industry peers, to help ensure the integrity of the managed services and cloud profession.”

 

ABOUT BLACK BOTTLE IT

When you choose Black Bottle IT, you are adding a TEAM of Experts to fight ransomware and cyber Criminals. For many organizations that make the move to Managed IT Services and Support they have been reliant on a small team who simply doesn’t have the skills or the bandwidth to do much more than fix problems as they occur. At Black Bottle IT, our Managed IT Service Team allows you to proactively manage the IT function so that your team and your goals are no longer hindered but enabled by technology. 


ABOUT MSPALLIANCE

MSPAlliance® is a global industry association and accrediting body for the Cyber Security, Cloud Computing and Managed Services Provider (MSP) industry. Established in 2000 with the objective of helping MSPs become better MSPs. Today, MSPAlliance has thousands of cloud computing and managed service provider members across the globe and works in a collaborative effort to assist its members, along with foreign and domestic governments, on creating standards, setting policies and establishing best practices. 

For more information, visit www.mspalliance.com

What Does Cybercrime Look Like

What Does Cybercrime Look Like

by | Jan 5, 2022 | Cyber Insurance, Cybersecurity, Cybersecurity Awareness, Risk Management

Have you gone phishing lately? It’s beginning to look a lot like cybercrime is just around the corner.  But what does cybercrime look like? And, how will you know if cybercrime will impact your business?


The number one question our team at Black Bottle IT receives is, “Will my business be impacted by cybercrime?”  The short answer is, “It is a question of when not if.” The short answer should encourage us all to learn a bit more about the most recent cybercrimes and their impact on small businesses. 


Email and Internet Fraud Scenarios

  • You receive an event email titled “Your Market Growth Strategy Webinar Is About To Start!” but don’t see this event on your calendar or recall registering.
  • You receive a voicemail message attachment via email through a notable telecom company, but your company doesn’t utilize its services.
  • You receive an email marked “high priority” from what appears to be your boss. He claims to be busy in a meeting and requires urgent action on your part to call a specific number.


These are examples of phishing that seem legitimate and often create a false sense of urgency, leading you as the user to click on a malicious link within the message or give away confidential organizational or personal information that can be used to infiltrate your company’s networks.


#1 Email and Internet Fraud: Phishing

Globally, 323,972 internet users fell victim to phishing attacks in 2021. This means half of the users who were a victim of cyber crime fell for a phishing.  

 

What’s Next?

Those who have personally lost money to a phishing scam typically file a police report with their local department and a fraud report with the FBI.  But what happens when one of your employees clicks on a phishing email and transfers a large payment for services away from your business’s bank account to a fraudulent one?  And then what if that incident turns into a breach that exposes your entire network? 


Cyber Insurance

Peace of mind for your business’s cybersecurity doesn’t come from quick fixes or turning a blind eye to digital threats strong enough to put you out of business. It all comes down to a total risk management solution that provides peace of mind.  What does this include:

  • Endpoint detection and response and segregated backups
  • Next-generation anti-virus
  • Multi-factor authentication everywhere
  • Cybersecurity training for employees 
  • A cyber insurance policy specifically for your industry, size, and risk

Get started with Cybersecurity Employee Awareness Training today!

Cybersecurity Awareness Training
The Breach: Part 4

The Breach: Part 4

by | Oct 25, 2021 | Breach Hotline, Cybersecurity, Risk Management

The Breach – Part 4

 

And the Story picks up where we left off here.


Date of Discovery

All along the way, third-party companies were lining up with bags opened, hoping to get them filled with “incident response” money.  Most of them were trying to create some real sense of urgency to engage and take action.   I never fell for the high-pressure tactics; I wanted to get some options, evaluate the risks, and make an informed decision.  However, in the days that followed, the attorneys started educating us in the generalities of cyber statutes.  Most of them had a requirement to respond with their timelines after the “date of discovery.”  This was the only timeline that mattered.  So, we had time, but much, to rationally engage third-party forensics to a specific scope of the data breach so that we could formulate a responsible response plan.


250 Records Lost – What A Relief

After sending the forensic team copies of the hard drives from machines in scope, we had many calls with the team. After their investigation, they thought we could have lost about 250 records of personal information.  At first, it was a relief, as it could have been much worse.  But shortly after, I started to realize that their analysis was speaking in hypotheticals.  The words beings used were “we think,” “they might have,” “it possible,” rather than more explicit language.  So, I started to understand that they didn’t know, but the forensics team advised me on the potential risk of what was accessible to the cyber attackers.  After this call, we had a pretty good idea about the size and scope of the attack.  At this point, I was finally able to provide some tangible details to the stakeholders of the company.  Until now, the information I had was all hypothetical; now, we had some excellent news to act on. 


The First Invoice — Yikes

A few weeks into this saga, the Company received its first invoice from the Data Breach Coach (attorneys) and the forensics company.  Let’s back up. We engaged this firm because we had access to them through our insurance coverage.  And, we received about 60% more financial relief from all the expenses if we used the insurance companies’ providers rather than just find our resources.  So, naturally, we engaged the providers recommended by our insurance company.  But, there was a limit to what the coverage would allow for. At first, I thought the coverage was way more than enough until the first invoice arrived.  The hourly billable rates were so high, and I felt they misplaced a decimal point.  Our first invoice ate up around 35% of our allowed coverage.  I needed to make sure the Company was using its coverage limit wisely.  The Data Breach Coach and forensics team afforded plenty of opportunities to do work and eat up our remaining coverage. 


The Response

After the scope of the event had been determined, it was time to work on the response.  The legal team briefed us on the types of actions that we needed to take.  First, we needed to determine what states the impacted parties were residing in.  Each state has its reporting requirements when a data breach involves personally identifiable information.  Some states even require credit monitoring and other services to protect individuals from identity theft.* I quickly realized that the attorneys understood these requirements and would be an extremely valuable resource.  They took on crafting notification letters to 15+ states on our behalf and having guidance that his juncture of the story was very comforting.  I understood our risk and felt comfortable we were doing the right things.


*note — These requirements are now commonplace in most states, but during this time, these requirements were not the norm


Our MSP Should Know How To Help Us Remediate… Not So Fast

At the same time our talks with the attorney and forensics, the Company was actively trying to remediate the root cause of the cyber attack.  We were confident we had stopped the attack.  But, verifying we had no lingering effects of our attack proved harder than we thought.  We reach out to our MSP for advice and assistance.  We planned a weekend to come in, install advanced cleaning tools, and clean every machine in the building (over 100).  We only completed the task to find the infected device (that was cleaned) with some unrelated malware. We scheduled another weekend to re-clean all the machines again.  After the 2nd round of cleansing, the malware was found again.  It was then I realized our MSP was not equipped to handle our situation.  To date, they have served us well, but the problem overmatches us.  In summary, they were not security experts, so we needed additional support.   


The moral of this story, Managed Service Providers, are good at traditional things, procurement of new hardware, architecting new infrastructure, end-user support.. etc.  But, cyber security experts were not.  Through lots of activity and a few 3rd parties, we could get our environment clean and remove any remnants of the attackers.


Final Part 5 is coming soon.

 

 

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT.  Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014.  Connect with John here.

 

Employees Are The Largest Attack Vector

Employees Are The Largest Attack Vector

by | Aug 30, 2021 | Cybersecurity, Risk Management

By now, our inboxes, LinkedIn feeds, and websites of cybersecurity companies have all tried to tell you that Company employees are the most significant attack vector and pose the most considerable cybersecurity risk to all businesses.  Those same companies advise firms to subscribe to some online training for “all your problems will be solved.”  This advice, unfortunately, is not valid.


Since the early days of the westward expansion, fast-talking elixir salespeople have been peddling the magic potion that cures what ales you.  As with most things, complicated problems demand a complex solution.  This could not be more true when evaluating cybersecurity risks and putting together a strategy to lower those risks.


It’s true; cybersecurity awareness training does affect reducing employee-related cyber attacks.  However, it’s only a piece of a larger strategy to improving a companies security posture.


Black Bottle IT advises clients to address six critical areas to tangibly lower cybersecurity risk. 

 

  1. Security Awareness Training – Online training, monthly newsletters, in-person training.  These are all great ways to educate employees on the day-to-day threats. Education material needs to be delivered with more regularity, we recommend monthly.
  2. Email Security – Email is the most common way employees get duped into giving credentials or cutting a check to the wrong payee.  Email security alone just isn’t enough.  A phishing AI engine that learns employee email habits can effectively flag and stop the excellent attackers from posing as an executive and social engineering an incident.
  3. Security Operation Center — Having suspicious activity analyzed in almost real-time to detect unauthorized network access is critical to stopping/limiting a cyberattack before any real sensitive data is stolen. Some companies may have cyber tools to alert, but having the expertise to analyze alerts, determine if the threat is credible, and quickly determine the next steps is crucial to respond to an actual attack.
  4. Ransomware Protection — Stopping a ransomware attack before it encrypts meaningful amounts of data is the best peace of mind a company could ask for.  Bad actors will attack, employees will click on threatening emails, and ransomware will try to encrypt critical data. 
  5. Solid Back-Up Strategy – In the unfortunate event of ransomware attacks, having off-site, isolated back-ups is the only way to restore business operations and prevent a costly crypto payment from resuming operations.
  6. Incident Response Planning — Knowing the who, what, where, when a cyber-attack is suspected saves valuable time when a cyber threat is supposed. Performing annual “fire drills” to simulate actions taken during a cyber attack will ensure a quick response and could potentially limit the damage during an actual incident.

Ok, so there are seven recommendations, but this one is outside our expertise. We’ve seen enough offer this advice:

 

7. Cyber Insurance — having a good cyber insurance policy can further reduce the financial risk of a cyber attack. Most companies with some kind of cyber insurance have no idea if the coverage is correct for their level of risk.  Look to FifthWall Solutions for more information about access to the right insurance policy for your size of business and industry. 


About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT.  Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014.  Connect with John here.