800-214-0957 info@blackbottleit.com
What Does Cybercrime Look Like

What Does Cybercrime Look Like

Have you gone phishing lately? It’s beginning to look a lot like cybercrime is just around the corner.  But what does cybercrime look like? And, how will you know if cybercrime will impact your business?


The number one question our team at Black Bottle IT receives is, “Will my business be impacted by cybercrime?”  The short answer is, “It is a question of when not if.” The short answer should encourage us all to learn a bit more about the most recent cybercrimes and their impact on small businesses. 


Email and Internet Fraud Scenarios

  • You receive an event email titled “Your Market Growth Strategy Webinar Is About To Start!” but don’t see this event on your calendar or recall registering.
  • You receive a voicemail message attachment via email through a notable telecom company, but your company doesn’t utilize its services.
  • You receive an email marked “high priority” from what appears to be your boss. He claims to be busy in a meeting and requires urgent action on your part to call a specific number.


These are examples of phishing that seem legitimate and often create a false sense of urgency, leading you as the user to click on a malicious link within the message or give away confidential organizational or personal information that can be used to infiltrate your company’s networks.


#1 Email and Internet Fraud: Phishing

Globally, 323,972 internet users fell victim to phishing attacks in 2021. This means half of the users who were a victim of cyber crime fell for a phishing.  

 

What’s Next?

Those who have personally lost money to a phishing scam typically file a police report with their local department and a fraud report with the FBI.  But what happens when one of your employees clicks on a phishing email and transfers a large payment for services away from your business’s bank account to a fraudulent one?  And then what if that incident turns into a breach that exposes your entire network? 


Cyber Insurance

Peace of mind for your business’s cybersecurity doesn’t come from quick fixes or turning a blind eye to digital threats strong enough to put you out of business. It all comes down to a total risk management solution that provides peace of mind.  What does this include:

  • Endpoint detection and response and segregated backups
  • Next-generation anti-virus
  • Multi-factor authentication everywhere
  • Cybersecurity training for employees 
  • A cyber insurance policy specifically for your industry, size, and risk

Get started with Cybersecurity Employee Awareness Training today!

Employees Are The Largest Attack Vector

Employees Are The Largest Attack Vector

By now, our inboxes, LinkedIn feeds, and websites of cybersecurity companies have all tried to tell you that Company employees are the most significant attack vector and pose the most considerable cybersecurity risk to all businesses.  Those same companies advise firms to subscribe to some online training for “all your problems will be solved.”  This advice, unfortunately, is not valid.


Since the early days of the westward expansion, fast-talking elixir salespeople have been peddling the magic potion that cures what ales you.  As with most things, complicated problems demand a complex solution.  This could not be more true when evaluating cybersecurity risks and putting together a strategy to lower those risks.


It’s true; cybersecurity awareness training does affect reducing employee-related cyber attacks.  However, it’s only a piece of a larger strategy to improving a companies security posture.


Black Bottle IT advises clients to address six critical areas to tangibly lower cybersecurity risk. 

 

  1. Security Awareness Training – Online training, monthly newsletters, in-person training.  These are all great ways to educate employees on the day-to-day threats. Education material needs to be delivered with more regularity, we recommend monthly.
  2. Email Security – Email is the most common way employees get duped into giving credentials or cutting a check to the wrong payee.  Email security alone just isn’t enough.  A phishing AI engine that learns employee email habits can effectively flag and stop the excellent attackers from posing as an executive and social engineering an incident.
  3. Security Operation Center — Having suspicious activity analyzed in almost real-time to detect unauthorized network access is critical to stopping/limiting a cyberattack before any real sensitive data is stolen. Some companies may have cyber tools to alert, but having the expertise to analyze alerts, determine if the threat is credible, and quickly determine the next steps is crucial to respond to an actual attack.
  4. Ransomware Protection — Stopping a ransomware attack before it encrypts meaningful amounts of data is the best peace of mind a company could ask for.  Bad actors will attack, employees will click on threatening emails, and ransomware will try to encrypt critical data. 
  5. Solid Back-Up Strategy – In the unfortunate event of ransomware attacks, having off-site, isolated back-ups is the only way to restore business operations and prevent a costly crypto payment from resuming operations.
  6. Incident Response Planning — Knowing the who, what, where, when a cyber-attack is suspected saves valuable time when a cyber threat is supposed. Performing annual “fire drills” to simulate actions taken during a cyber attack will ensure a quick response and could potentially limit the damage during an actual incident.

Ok, so there are seven recommendations, but this one is outside our expertise. We’ve seen enough offer this advice:

 

7. Cyber Insurance — having a good cyber insurance policy can further reduce the financial risk of a cyber attack. Most companies with some kind of cyber insurance have no idea if the coverage is correct for their level of risk.  Look to FifthWall Solutions for more information about access to the right insurance policy for your size of business and industry. 


About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT.  Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014.  Connect with John here.

 

When Firewall Security Expires

When Firewall Security Expires

Prioritizing the security of your company’s network is an essential practice when it comes to remaining as productive as possible. Unfortunately, failure to do so could easily result in a large number of legal complications.

 

When it comes to firewall security, you may be surprised to learn this type of protection can expire. Let’s take a deeper look at what you need to know.

 

When Does Firewall Security Expire?

 

As time goes on, cybercriminals develop more advanced tools to procure sensitive data. As a result, the firewall protection you implement can quickly become outdated if you aren’t regularly updating it.

 

To clarify, even a firewall defense that uses relatively contemporary safeguards can become highly inefficient as hackers begin to use new types of malware.

 

In fact, a firewall that looks notably strong on paper may not accomplish its task appropriately.

 

However, to answer the above question, firewall security can be considered expired when it no longer receives regular patches, updates, and other similar services.

 

What Are the Risks?

 

As you might assume, the most significant risk of having your firewall security expire comes from failing to protect sensitive information adequately.

 

Depending on the industry you work in, this often includes data that should never fall into the wrong hands (such as medical patient info).

 

Additionally, you run the risk of hackers procuring trade secrets that they can then sell to other companies within your industry. In many scenarios, a situation like this is complicated to recover from for any business.

 

What Should I Look For in a Provider?

 

The ideal provider to work with implements a renewal policy. In practice, this will allow you to continually renew your firewall service automatically so that you can ensure you are always protected.

 

This firewall service often includes frequent threat detection updates and new firmware implementation.

 

Additionally, the provider you work with should also have some form of continual customer support for your firewall service. This level of customer support means that you should be able to quickly get in touch with your service provider with questions or concerns.

 

While it isn’t always practical to assume that your provider will offer 24/7 customer service, many provide round-the-clock service 365 days a year.

You should also take a look at their past reviews. You’ll gain insight into whether or not you can expect to receive the level of service you are looking for for your business.

 

Maintaining Proper Firewall Security Is Crucial

 

You must take the necessary steps to maintain firewall security properly. From here, you’ll have no issue ensuring that your firewall security is as protective as possible over the sensitive data in your organization.

 

Want to learn more about what Black Bottle IT has to offer your business? Feel free to reach out to us today and see how we can help. 

 

The Importance of Cybersecurity Awareness and Training for Employees

The Importance of Cybersecurity Awareness and Training for Employees

The average cost of a data breach is a massive $8.19 million in the US. This cost means a data breach can spell disaster for any business, making cybersecurity a significant concern for businesses.

 

Assimilation of your staff in good cybersecurity practices is a must for any company in the modern era. Yet, what are the specific benefits of cybersecurity awareness? 

 

In this article, we’ll take a closer look at why cybersecurity training is of the utmost importance. Are you ready to learn more?

Then read on.

 

1. A Cost-Effective Solution to an Expensive Problem

As we’ve discussed, a data breach is expensive. There are a few different ways that you can try to prevent them, but the most cost-effective way to avoid them is by training your employees. 

 

A well-trained workforce will be able to recognize cyberattacks and social engineering attacks that they may otherwise not. The training is the most effective way to prevent a data breach and all its subsequent costs.

 

A well-trained workforce is a protected one. Think of training costs as a small investment today to prevent a more significant problem further down the road.

 

2. Ensure Compliance With Data Security Regulations

 

Data breaches aren’t the only issue that you need to worry about these days. Your customer’s data may fall under various regulations that you need to adhere to on their behalf.  These may include HIPAA and GDPR, depending on your industry.

 

Failure to comply with these regulations can have severe consequences, including fines. As these regulations are very complex, a thorough training regime is required to ensure compliance, and combining it with cybersecurity awareness is very cost-effective.

 

3. Enhance Your Business’ Reputation

 

Investing in cybersecurity can offer a significant boost to your company’s reputation. Demonstrating that you value your customers’ security is a valuable trait in today’s world.

 

It may also help you market your company: if you make a point of your company’s data security approach, clients will be more likely to trust you with their data. 

 

4. Your Employees Will Gain New Skills

 

Cross-training your employees comes with some fantastic benefits. When your employees understand cybersecurity to a greater level, they will solve the more simple and common problems that arise in day-to-day work.

 

This cross-training means that you may save money on your IT costs, too. If your staff understand cybersecurity best practices, they will feel more empowered and confident when working with sensitive information.

 

5. You Can Minimize Human Error

 

Human error is a big problem in cybersecurity, with human error accounting for a large proportion of data breaches. There is no need to be malicious intent by a third party: human error can lead to sensitive data being exposed or leaked without anyone else being involved.

 

Cybersecurity awareness minimizes human error, which cuts out a great deal of potential data breaches.

 

Cybersecurity Awareness Is Vital

 

Why should companies increase cybersecurity awareness among their employees? There is a vast range of benefits, including better security, a better reputation for your business, and a better skill set for your employees.

 

Cybersecurity awareness and training are of vital importance in today’s world. If you want to train your employees, we’re here to help. For more information and to discuss our services, get in touch with us today.