800-214-0957 info@blackbottleit.com
Payroll Companies are a Lucrative Business for Hackers

Payroll Companies are a Lucrative Business for Hackers

Payroll professionals, CPAs, and tax preparers need high-level planning and third-party execution expertise to develop company-wide cybersecurity programs that identify new and existing risks and vulnerabilities, prioritize them, and create a plan to fix, enhance, and train staff.

A WISP, outlined in the FTC Safeguards Rule, may be required, but remember, cybersecurity is only effective with the continued execution of the best cybersecurity implementation!

Questions only you can answer about Your WISP Plan

Your WISP can’t just sit on a shelf!

  • Have you performed an Annual Risk Assessment?
  • Do you have an Incident Response Plan, and have you TESTED IT?
  • Has your organization implemented Advanced Security Controls?
  • Do you have a Cybersecurity Awareness Training Program?
  • Who is your CISO; one must be identified in WISP!
  • Do you know what systems contain sensitive client data and how it’s protected?
  • What’s your process to communicate your plan?

There’s no time for sleeping. Failure to comply could subject your organization to legal liability, penalties, and fines.

Let’s Dive a Bit Deeper with AV & EDR: A Better Core Control 

Traditional Anti-Virus or AV

  • Can only detect previously known threats
  • Minimal to no data collection
  • Minimal to no added features or benefits

Endpoint Detection & Response of EDR

  • Can detect previously known and UNKNOWN threats due to behavioral-based monitoring
  • Complex and detailed endpoint data collection
  • Added benefits include application monitoring  threat-hunting capabilities and advanced reporting

Wouldn’t knowing at which bend in the road your business would encounter a breach be nice?

Your preparedness may then include:

  • An updated WISP or Incident Response Plan
  • Employees would be up-to-date on training
  • MFA on every device and application
  • 24×7 monitoring of all systems and endpoints
  • A better Cyber Insurance  policy

As a whole industry, we are getting better at training! Keep up your Cybersecurity Awareness Training!  According to the Verizon Report, breaches caused by human errors are down 8% from last year! Bad actors are interested in your data but really interested in your MONEY!

Payroll Companies are a lucrative business for hackers. We will help your organization meet compliance and become cyber-resilient. To get started, contact Black Bottle IT today We have a bench of cyber analysts ready to fight! 

Black Bottle IT Achieves HIPAA Compliance with Compliancy Group

Black Bottle IT Achieves HIPAA Compliance with Compliancy Group

Black Bottle IT Achieves HIPAA Compliance with

Compliancy Group


Black Bottle IT  has demonstrated its good faith effort toward HIPAA compliance by completing Compliancy Group’s proprietary HIPAA compliance process.


We are pleased to announce that Black Bottle IT has taken all necessary steps to prove its good faith effort to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA). Through the use of Compliancy Group’s proprietary HIPAA solution, The Guard™. Black Bottle IT  can track its compliance program and has earned its Seal of Compliance™. The Seal of Compliance is issued to organizations implementing an effective HIPAA compliance program using The Guard. 


HIPAA comprises a set of regulatory standards governing the security, privacy, and integrity of sensitive healthcare data called protected health information (PHI). PHI is any individually identifiable healthcare-related information. If vendors who service healthcare clients come into contact with PHI in any way, those vendors must be HIPAA compliant.


Black Bottle IT  has completed the Compliancy Group’s Implementation Program, adhering to the necessary regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH. Compliancy Group has verified Black Bottle IT’s good faith effort to achieve HIPAA compliance through The Guard. 


“Our streamlined solution with Compliance Group will drastically cut down the time needed to achieve HIPAA compliance, saving our clients time and stress,” said John Hensberger, Partner. “We are excited about our partnership and look forward to helping our clients grow their business, safely.”



About Compliancy Group

HIPAA should be simple. That’s why Compliancy Group is the only software with Compliance Coaches™ walking you through HIPAA to simplify compliance. Built by auditors, Compliancy Group gives you confidence in your compliance plan to reduce risk, increase patient loyalty, and profitability of your organization. Visit https://www.compliancy-group.com to learn how simple compliance can be.

Black Bottle IT Joins MSP Alliance®

Black Bottle IT Joins MSP Alliance®

Black Bottle IT joins a vibrant global consortium of cloud-managed service providers and technology-enabling vendors.


MSPAlliance is the oldest Managed Services group and the only Accrediting and Standards based body created specifically for the Managed Services Industry. With thousands of members worldwide, the MSPAlliance is a powerful and influential global network of IT professionals. MSPAlliance works in a collaborative effort with service providers, technology-enabling vendors, governmental bodies, as well as other industry associations to further the acceptance of the managed services and cloud industry to the business consumer. 


MSPAlliance Member companies can achieve MSP and Cloud Certifications including MSP Verify, Cloud Verify, GDPR Verify, Cyber Verify, SOC audits, as well as other certifications and audits relevant to this profession. 


“We are delighted to have Black Bottle IT as a member of our global association,” said Celia Weaver, MSPAlliance president. “By upholding the MSPAlliance Managed Service Provider’s Code of Ethics, Black Bottle IT  will work with MSPAlliance, as well as their industry peers, to help ensure the integrity of the managed services and cloud profession.”



When you choose Black Bottle IT, you are adding a TEAM of Experts to fight ransomware and cyber Criminals. For many organizations that make the move to Managed IT Services and Support they have been reliant on a small team who simply doesn’t have the skills or the bandwidth to do much more than fix problems as they occur. At Black Bottle IT, our Managed IT Service Team allows you to proactively manage the IT function so that your team and your goals are no longer hindered but enabled by technology. 


MSPAlliance® is a global industry association and accrediting body for the Cyber Security, Cloud Computing and Managed Services Provider (MSP) industry. Established in 2000 with the objective of helping MSPs become better MSPs. Today, MSPAlliance has thousands of cloud computing and managed service provider members across the globe and works in a collaborative effort to assist its members, along with foreign and domestic governments, on creating standards, setting policies and establishing best practices. 

For more information, visit www.mspalliance.com

What Does Cybercrime Look Like

What Does Cybercrime Look Like

Have you gone phishing lately? It’s beginning to look a lot like cybercrime is just around the corner.  But what does cybercrime look like? And, how will you know if cybercrime will impact your business?

The number one question our team at Black Bottle IT receives is, “Will my business be impacted by cybercrime?”  The short answer is, “It is a question of when not if.” The short answer should encourage us all to learn a bit more about the most recent cybercrimes and their impact on small businesses. 

Email and Internet Fraud Scenarios

  • You receive an event email titled “Your Market Growth Strategy Webinar Is About To Start!” but don’t see this event on your calendar or recall registering.
  • You receive a voicemail message attachment via email through a notable telecom company, but your company doesn’t utilize its services.
  • You receive an email marked “high priority” from what appears to be your boss. He claims to be busy in a meeting and requires urgent action on your part to call a specific number.

These are examples of phishing that seem legitimate and often create a false sense of urgency, leading you as the user to click on a malicious link within the message or give away confidential organizational or personal information that can be used to infiltrate your company’s networks.

#1 Email and Internet Fraud: Phishing

Globally, 323,972 internet users fell victim to phishing attacks in 2021. This means half of the users who were a victim of cyber crime fell for a phishing.  


What’s Next?

Those who have personally lost money to a phishing scam typically file a police report with their local department and a fraud report with the FBI.  But what happens when one of your employees clicks on a phishing email and transfers a large payment for services away from your business’s bank account to a fraudulent one?  And then what if that incident turns into a breach that exposes your entire network? 

Cyber Insurance

Peace of mind for your business’s cybersecurity doesn’t come from quick fixes or turning a blind eye to digital threats strong enough to put you out of business. It all comes down to a total risk management solution that provides peace of mind.  What does this include:

  • Endpoint detection and response and segregated backups
  • Next-generation anti-virus
  • Multi-factor authentication everywhere
  • Cybersecurity training for employees 
  • A cyber insurance policy specifically for your industry, size, and risk

Get started with Cybersecurity Employee Awareness Training today!

The Breach: Part 4

The Breach: Part 4

The Breach – Part 4


And the Story picks up where we left off here.

Date of Discovery

All along the way, third-party companies were lining up with bags opened, hoping to get them filled with “incident response” money.  Most of them were trying to create some real sense of urgency to engage and take action.   I never fell for the high-pressure tactics; I wanted to get some options, evaluate the risks, and make an informed decision.  However, in the days that followed, the attorneys started educating us in the generalities of cyber statutes.  Most of them had a requirement to respond with their timelines after the “date of discovery.”  This was the only timeline that mattered.  So, we had time, but much, to rationally engage third-party forensics to a specific scope of the data breach so that we could formulate a responsible response plan.

250 Records Lost – What A Relief

After sending the forensic team copies of the hard drives from machines in scope, we had many calls with the team. After their investigation, they thought we could have lost about 250 records of personal information.  At first, it was a relief, as it could have been much worse.  But shortly after, I started to realize that their analysis was speaking in hypotheticals.  The words beings used were “we think,” “they might have,” “it possible,” rather than more explicit language.  So, I started to understand that they didn’t know, but the forensics team advised me on the potential risk of what was accessible to the cyber attackers.  After this call, we had a pretty good idea about the size and scope of the attack.  At this point, I was finally able to provide some tangible details to the stakeholders of the company.  Until now, the information I had was all hypothetical; now, we had some excellent news to act on. 

The First Invoice — Yikes

A few weeks into this saga, the Company received its first invoice from the Data Breach Coach (attorneys) and the forensics company.  Let’s back up. We engaged this firm because we had access to them through our insurance coverage.  And, we received about 60% more financial relief from all the expenses if we used the insurance companies’ providers rather than just find our resources.  So, naturally, we engaged the providers recommended by our insurance company.  But, there was a limit to what the coverage would allow for. At first, I thought the coverage was way more than enough until the first invoice arrived.  The hourly billable rates were so high, and I felt they misplaced a decimal point.  Our first invoice ate up around 35% of our allowed coverage.  I needed to make sure the Company was using its coverage limit wisely.  The Data Breach Coach and forensics team afforded plenty of opportunities to do work and eat up our remaining coverage. 

The Response

After the scope of the event had been determined, it was time to work on the response.  The legal team briefed us on the types of actions that we needed to take.  First, we needed to determine what states the impacted parties were residing in.  Each state has its reporting requirements when a data breach involves personally identifiable information.  Some states even require credit monitoring and other services to protect individuals from identity theft.* I quickly realized that the attorneys understood these requirements and would be an extremely valuable resource.  They took on crafting notification letters to 15+ states on our behalf and having guidance that his juncture of the story was very comforting.  I understood our risk and felt comfortable we were doing the right things.

*note — These requirements are now commonplace in most states, but during this time, these requirements were not the norm

Our MSP Should Know How To Help Us Remediate… Not So Fast

At the same time our talks with the attorney and forensics, the Company was actively trying to remediate the root cause of the cyber attack.  We were confident we had stopped the attack.  But, verifying we had no lingering effects of our attack proved harder than we thought.  We reach out to our MSP for advice and assistance.  We planned a weekend to come in, install advanced cleaning tools, and clean every machine in the building (over 100).  We only completed the task to find the infected device (that was cleaned) with some unrelated malware. We scheduled another weekend to re-clean all the machines again.  After the 2nd round of cleansing, the malware was found again.  It was then I realized our MSP was not equipped to handle our situation.  To date, they have served us well, but the problem overmatches us.  In summary, they were not security experts, so we needed additional support.   

The moral of this story, Managed Service Providers, are good at traditional things, procurement of new hardware, architecting new infrastructure, end-user support.. etc.  But, cyber security experts were not.  Through lots of activity and a few 3rd parties, we could get our environment clean and remove any remnants of the attackers.

Final Part 5 is coming soon.



About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT.  Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014.  Connect with John here.


Employees Are The Largest Attack Vector

Employees Are The Largest Attack Vector

By now, our inboxes, LinkedIn feeds, and websites of cybersecurity companies have all tried to tell you that Company employees are the most significant attack vector and pose the most considerable cybersecurity risk to all businesses.  Those same companies advise firms to subscribe to some online training for “all your problems will be solved.”  This advice, unfortunately, is not valid.

Since the early days of the westward expansion, fast-talking elixir salespeople have been peddling the magic potion that cures what ales you.  As with most things, complicated problems demand a complex solution.  This could not be more true when evaluating cybersecurity risks and putting together a strategy to lower those risks.

It’s true; cybersecurity awareness training does affect reducing employee-related cyber attacks.  However, it’s only a piece of a larger strategy to improving a companies security posture.

Black Bottle IT advises clients to address six critical areas to tangibly lower cybersecurity risk. 


  1. Security Awareness Training – Online training, monthly newsletters, in-person training.  These are all great ways to educate employees on the day-to-day threats. Education material needs to be delivered with more regularity, we recommend monthly.
  2. Email Security – Email is the most common way employees get duped into giving credentials or cutting a check to the wrong payee.  Email security alone just isn’t enough.  A phishing AI engine that learns employee email habits can effectively flag and stop the excellent attackers from posing as an executive and social engineering an incident.
  3. Security Operation Center — Having suspicious activity analyzed in almost real-time to detect unauthorized network access is critical to stopping/limiting a cyberattack before any real sensitive data is stolen. Some companies may have cyber tools to alert, but having the expertise to analyze alerts, determine if the threat is credible, and quickly determine the next steps is crucial to respond to an actual attack.
  4. Ransomware Protection — Stopping a ransomware attack before it encrypts meaningful amounts of data is the best peace of mind a company could ask for.  Bad actors will attack, employees will click on threatening emails, and ransomware will try to encrypt critical data. 
  5. Solid Back-Up Strategy – In the unfortunate event of ransomware attacks, having off-site, isolated back-ups is the only way to restore business operations and prevent a costly crypto payment from resuming operations.
  6. Incident Response Planning — Knowing the who, what, where, when a cyber-attack is suspected saves valuable time when a cyber threat is supposed. Performing annual “fire drills” to simulate actions taken during a cyber attack will ensure a quick response and could potentially limit the damage during an actual incident.

Ok, so there are seven recommendations, but this one is outside our expertise. We’ve seen enough offer this advice:


7. Cyber Insurance — having a good cyber insurance policy can further reduce the financial risk of a cyber attack. Most companies with some kind of cyber insurance have no idea if the coverage is correct for their level of risk.  Look to FifthWall Solutions for more information about access to the right insurance policy for your size of business and industry. 

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT.  Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014.  Connect with John here.