What Managed IT Solution is Best for Your Business?

by blackbottledev | May 24, 2023 | Cybersecurity

What Managed IT Solution is Best for Your Business?

When engaging Companies, our team here at Black Bottle IT receives many questions about what tools and services are right for their business. But, there is one question Black Bottle IT frequently gets, “what solutions would you recommend to us?” The answer isn’t simple. There is no “silver bullet” that cures all cybersecurity risks.

To simplify, when looking for a cybersecurity solution, typically companies fall into three categories:

1. Companies that recognize the need to upgrade security solutions and HAVE in-house technical talent:

In this scenario, Black Bottle IT will advise the Company on the right security solutions to fit its situation. Once the solutions are selected, Black Bottle IT will help implement and craft the correct policies and procedures to govern the new processes. This activity is typically done side by side with the in-house talent to hand off 100% of the operations back to the Company’s technical team. Post implementation, we strategically advise, when necessary, as the ever-changing security threat landscape changes with new solutions to keep pace.

2. Companies that recognize the need to upgrade security solutions and DO NOT HAVE in-house technical talent:

These businesses are our favorite Companies to consult with at Black Bottle IT. Business leadership is savvy enough to understand the risk a cyber attack poses and knows the Company doesn’t have enough in-house talent to find, implement and manage the necessary solutions. Cybersecurity talent is hard to find, and most SMB businesses do not have the budget for a dedicated security team. In these instances, Black Bottle IT will recommend, implement and manage a security solution that meets the Company’s needs and reduces their risk of a cyber attack. Going forward, Black Bottle IT will act as advisors and part of the technology team.

3. Companies that may not understand their cyber risk and need some education:

Part of our mission is to inform Companies of the risk a cyber attack can have on their business. In these conversations, we provide industry information, statistics, case studies relevant to the Companies industry. Our goal is to make sure leadership knows the risk. Ultimately, we want to help them and gain them as a client, but the reality is, most Companies that fall into this category need time to digest the information and then quickly realize they need to address the risk. Implementation of solutions will start with low-hanging fruit, as the Company plans and budgets for future improvements.

How can we help your business? There is always a go-forward plan that is right for you, your business, and your stakeholders.

Contact Black Bottle IT today to learn more.

What Does Cybercrime Look Like

by blackbottledev | Jan 5, 2022 | Cyber Insurance, Cybersecurity, Cybersecurity Awareness, Risk Management

Have you gone phishing lately? It’s beginning to look a lot like cybercrime is just around the corner. But what does cybercrime look like? And, how will you know if cybercrime will impact your business?

The number one question our team at Black Bottle IT receives is, “Will my business be impacted by cybercrime?” The short answer is, “It is a question of when not if.” The short answer should encourage us all to learn a bit more about the most recent cybercrimes and their impact on small businesses.

Email and Internet Fraud Scenarios

You receive an event email titled “Your Market Growth Strategy Webinar Is About To Start!” but don’t see this event on your calendar or recall registering.
You receive a voicemail message attachment via email through a notable telecom company, but your company doesn’t utilize its services.
You receive an email marked “high priority” from what appears to be your boss. He claims to be busy in a meeting and requires urgent action on your part to call a specific number.

These are examples of phishing that seem legitimate and often create a false sense of urgency, leading you as the user to click on a malicious link within the message or give away confidential organizational or personal information that can be used to infiltrate your company’s networks.

#1 Email and Internet Fraud: Phishing

Globally, 323,972 internet users fell victim to phishing attacks in 2021. This means half of the users who were a victim of cyber crime fell for a phishing.

What’s Next?

Those who have personally lost money to a phishing scam typically file a police report with their local department and a fraud report with the FBI. But what happens when one of your employees clicks on a phishing email and transfers a large payment for services away from your business’s bank account to a fraudulent one? And then what if that incident turns into a breach that exposes your entire network?

Cyber Insurance

Peace of mind for your business’s cybersecurity doesn’t come from quick fixes or turning a blind eye to digital threats strong enough to put you out of business. It all comes down to a total risk management solution that provides peace of mind. What does this include:

Endpoint detection and response and segregated backups
Next-generation anti-virus
Multi-factor authentication everywhere
Cybersecurity training for employees
A cyber insurance policy specifically for your industry, size, and risk

Get started with Cybersecurity Employee Awareness Training today!

Cybersecurity Awareness Training

The Breach: Part 4

by John Hensberger | Oct 25, 2021 | Breach Hotline, Cybersecurity, Risk Management

The Breach – Part 4

And the Story picks up where we left off here.

Date of Discovery

All along the way, third-party companies were lining up with bags opened, hoping to get them filled with “incident response” money. Most of them were trying to create some real sense of urgency to engage and take action. I never fell for the high-pressure tactics; I wanted to get some options, evaluate the risks, and make an informed decision. However, in the days that followed, the attorneys started educating us in the generalities of cyber statutes. Most of them had a requirement to respond with their timelines after the “date of discovery.” This was the only timeline that mattered. So, we had time, but much, to rationally engage third-party forensics to a specific scope of the data breach so that we could formulate a responsible response plan.

250 Records Lost – What A Relief

After sending the forensic team copies of the hard drives from machines in scope, we had many calls with the team. After their investigation, they thought we could have lost about 250 records of personal information. At first, it was a relief, as it could have been much worse. But shortly after, I started to realize that their analysis was speaking in hypotheticals. The words beings used were “we think,” “they might have,” “it possible,” rather than more explicit language. So, I started to understand that they didn’t know, but the forensics team advised me on the potential risk of what was accessible to the cyber attackers. After this call, we had a pretty good idea about the size and scope of the attack. At this point, I was finally able to provide some tangible details to the stakeholders of the company. Until now, the information I had was all hypothetical; now, we had some excellent news to act on.

The First Invoice — Yikes

A few weeks into this saga, the Company received its first invoice from the Data Breach Coach (attorneys) and the forensics company. Let’s back up. We engaged this firm because we had access to them through our insurance coverage. And, we received about 60% more financial relief from all the expenses if we used the insurance companies’ providers rather than just find our resources. So, naturally, we engaged the providers recommended by our insurance company. But, there was a limit to what the coverage would allow for. At first, I thought the coverage was way more than enough until the first invoice arrived. The hourly billable rates were so high, and I felt they misplaced a decimal point. Our first invoice ate up around 35% of our allowed coverage. I needed to make sure the Company was using its coverage limit wisely. The Data Breach Coach and forensics team afforded plenty of opportunities to do work and eat up our remaining coverage.

The Response

After the scope of the event had been determined, it was time to work on the response. The legal team briefed us on the types of actions that we needed to take. First, we needed to determine what states the impacted parties were residing in. Each state has its reporting requirements when a data breach involves personally identifiable information. Some states even require credit monitoring and other services to protect individuals from identity theft.* I quickly realized that the attorneys understood these requirements and would be an extremely valuable resource. They took on crafting notification letters to 15+ states on our behalf and having guidance that his juncture of the story was very comforting. I understood our risk and felt comfortable we were doing the right things.

*note — These requirements are now commonplace in most states, but during this time, these requirements were not the norm

Our MSP Should Know How To Help Us Remediate… Not So Fast

At the same time our talks with the attorney and forensics, the Company was actively trying to remediate the root cause of the cyber attack. We were confident we had stopped the attack. But, verifying we had no lingering effects of our attack proved harder than we thought. We reach out to our MSP for advice and assistance. We planned a weekend to come in, install advanced cleaning tools, and clean every machine in the building (over 100). We only completed the task to find the infected device (that was cleaned) with some unrelated malware. We scheduled another weekend to re-clean all the machines again. After the 2nd round of cleansing, the malware was found again. It was then I realized our MSP was not equipped to handle our situation. To date, they have served us well, but the problem overmatches us. In summary, they were not security experts, so we needed additional support.

The moral of this story, Managed Service Providers, are good at traditional things, procurement of new hardware, architecting new infrastructure, end-user support.. etc. But, cyber security experts were not. Through lots of activity and a few 3rd parties, we could get our environment clean and remove any remnants of the attackers.

Final Part 5 is coming soon.

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT. Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014. Connect with John here.

The Breach: Part 3

by John Hensberger | Oct 18, 2021 | Breach Response, Cybersecurity

The Breach – Part 3

In “The Breach – Part I” and “The Breach – Part 2 ”, Black Bottle IT shares a true story of cybercrime that took place with a manufacturing client and how it unfolded.

“The Breach” continues…

Engaging the Data Breach Coach

It turns out; Data Breach Coaches are law firms that specialize in cyber statutes. It finally felt good to be talking to someone who I thought would guide us through our options. Their role, as it was explained to me, was to quarterback the breach response. They would:

Take the lead and run point
Advise our team on what to do next
Bring in third-party expertise, if necessary, to help us mitigate any legal risk.

This information all sounded great. My first question was, “Where do we start?”

A formal engagement letter was emailed to me shortly after our call ended. I read it and found some language I didn’t like, as with most legal documents. Most things I could live with, except the clause that says, “Data Breach Coach, acting in the best interest of the client, can engage and agree to terms with third party services, with all financial responsibility passed on the client, without client consent.” It says the law firm can spend company money without anyone consenting or agreeing. The second call we would have was to review the engagement letter. When I questioned this language, “only to be told,” the response was, “It’s standard language, for your own good so that we can move quickly.” I had this line removed from the agreement and officially engaged the Data Breach Coach.

Forensic Swat Team

One of the first things the Data Breach Coach advised was to engage a third-party computer forensic company to determine what data was lost when it was lost, etc. We had a call, and the person leading the conversation had a super high sense of urgency. He wanted to send 2-3 forensics technicians on-site the next day. I paused and said, “How much is that going to cost?”

Our insurance coverage was up to 250K of expenses. Anything over was coming from the company coffers. We were a small company; having thousands of dollars in fees would put the company in a vulnerable financial state. So, I was always trying to walk the line of protecting the company, doing our duty to investigate, and being very mindful of the financial situation.

Back to the story – The forensics company said we didn’t have time to wait, which was the best option. I countered with, can’t we gather information with our staff and send you what you need? Let’s start there, make a list, and we’ll begin compiling.

Date of Discovery

All along the way, third-party companies were lining up with their bags wide open, hoping to get them filled with “incident response” money. Most of them were trying to create some real sense of urgency to engage and take action. I never fell for the high-pressure tactics; I wanted to get some options, evaluate the risks, and make an informed decision. However, in the days that followed, the attorneys started educating us in cyber statutes’ generalities. Most of them had a requirement to respond with their timelines after the “date of discovery.” This timeframe was the only timeline that mattered. We had time to rationally engage third-party forensics to identify the scope of the data breach to formulate a responsible response plan.

Continue to Part 4

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT. Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014. Connect with John here.

My Breach Story: Part 1

by John Hensberger | Sep 28, 2021 | Breach Hotline, Breach Response

The Breach – Part 1

I’m not sure how many cyber security professionals have been on the receiving end of a data breach and had to navigate their way through it. But, part of my passion for this industry was born in my experience. I was a typical IT Manager, supporting a companies software and infrastructure. They had a few on-site IT professionals, and some outsourced partners, and were focused on growing revenue, operational efficiencies, and doing more with less. The Company had what I’d consider typical security tools in place. A firewall with IP blocking and blacklisting, a modern AV/Anti-Malware agent, email security tools, etc.

The Call

One typical day, I’m at a lunch meeting with the CEO at Panera. I got a call from my IT Manager since I was at lunch with the CEO. I wanted to stay focused on our conversation, so I ignored the call. Immediately following I got an SOS text to call her ASAP. This was not like her, so I knew something needed to be addressed, so I excused myself from the CEO and stepped outside to call her back. I could sense a little panic in her voice, so I immediately asked her “What’s wrong?”. She tells me that they received a call from the FBI, stating that an agent would be on-site the next morning to discuss a cyber security incident and that IT leadership and any 3rd party related to infrastructure should be present. I paused, and being somewhat skeptical, I said, call the FBI office and verify the information provided (thinking it was a scam call). She said, I already did, and it’s real. After returning the table, the CEO asked me “What’s wrong?”, I relayed the information, and his first question was “Is this something that could put the company out of business?”, to which I replied, “I don’t know yet”. This was the beginning of a very long and hectic three months.

FBI On-site

True to their word, the FBI showed up the next morning, and we had all the necessary players around the table to ask questions and determine the scope of the situation. Before we could open our mouths the FBI proceeds to tell us that he’s not even a cyber crime agent, he’s a kidnapping/ransom agent. That he doesn’t know anything about cyber crime, and his job is to read us the information about the incident. So, he begins and reads a document that says the FBI had been monitoring some bad actors in eastern Europe and that our Company was 1 of 30 companies transmitting data to foreign IP addresses. After reading the statement, he gave us the specifics of which IP addresses were in scope. We start asking questions, to which he simply says “My job was to inform you of this activity, if you need more specifics, here is a card of a cyber crime agent that might help you”. We shake hands, the meeting is over.

Continue to Part 2

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT. Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014. Connect with John here.