ITSecureNow

As we begin the holiday weekend, we'd like to thank our clients, friends, and partners for a wonderful 2022. We appreciate you, and we're grateful for the opportunity to work with you. Have a safe, happy, and prosperous new year!

"The state court's decision follows a trend of exclusion from commercial property and liability insurance policies of cyber incidents..." This trend should be a wake-up call for any business that doesn't already have a standalone cyber insurance policy.

The new year is a great time to evaluate and take steps forward in your company's cybersecurity maturity. Give us a call to discuss your options!

Ohio Supreme Court Says Ransomware Is Not Physical Damage An Ohio software developer that attempted to use business insurance to pay for a 2019 ransomware attack was stymied by the Ohio Supreme Court. The justices

The team at ITSecureNow wishes you and yours a wonderful holiday season!

In local cybersecurity news, a suburban municipality has suffered a ransomware attack. If it isn't clear yet, cyber criminals target organizations that are limited in cybersecurity resources but rich in data, putting both the organizations and their stakeholders at risk.

Personal information of 37,000 people exposed in Whitehall ransomware data breach The City of Whitehall mailed notifications to about 37,000 whose personal information may have been compromised in a May ransomware attack.

The education sector has been under persistent attack, and this time, another Ohio school has fallen victim to ransomware. Schools are often woefully underfunded in their cyber defenses, and cybercriminals like Vice Society know and exploit these vulnerabilities.

While no tool will provide perfect protection from these attacks, there are ways to lower the risk and minimize damage should criminals breach your network. Call us to learn more!

Vice Society ransomware claims attack on Cincinnati State college The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with the threat actors now leaking data allegedly stolen during the attack.

From all of us at ITSecureNow, have a safe and happy Thanksgiving!

In 2021, the global number of businesses attacked was at “66% of mid-sized organizations [...] up from 37% in 2020. Average ransom payments reached $812,000 during 2021, compared with $170,000 the prior year.” Read more to understand the current cybersecurity landscape, then call us so we can help you be prepared.

https://oal.lu/3oUth

Phishing emails target employees as a "weak link" in your cybersecurity. This article demonstrates the importance of providing cybersecurity and email security awareness training for employees. Give us a call. We can help your people learn to spot phishing emails.

https://oal.lu/TMiy0

Forbes explains cyber insurance in clear terms and helps you think through the application process. Give it a read, then talk to our team about implementing the cybersecurity protocols needed to be approved for cyber insurance.

https://oal.lu/zNcLM

Every insurance company and their policies are unique. However, this Cyber Insurance Academy article is a good starting place to help align your IT security protocols with underwriters' expectations. Need some help figuring out your cyber insurance? Let's talk.

https://oal.lu/BzdGK

To all those who served, thank you. Happy Veterans Day!

We love our customers, and we're always honored when we receive positive feedback from them. This particular customer had a strict compliance deadline to meet, and we helped them through their network pe*******on test in a timely but thorough manner. It was our pleasure to help them meet their deadlines and requirements as well as advance their security maturity.

*******ontesting

Ransomware payments are up dramatically. 2021's reported payments of over $1 billion were more than twice that of 2020. If someone ransomwared your company's data, would you have the resources to deal with it?

First on CNN: US banks report more than $1 billion in potential ransomware payments in 2021 | CNN Politics US financial institutions reported more than $1 billion in potential ransomware-related payments in 2021 — more than double the amount from the previous year and the most ever reported, according to Treasury Department data shared exclusively with CNN.

Depending on the client, our email filtering blocks anywhere from 7% to a staggering 96% of incoming emails flagged as spam. It also blocks up to 3.2 % of incoming emails flagged as containing viruses.

If it never hits your inbox, you can't accidentally open it, click on it, or download it. Are you confident you're protecting yourself and your business with adequate email filtering?

On today, the last day of cybersecurity awareness month, we implore you to have a plan for when things go wrong. While we, as defenders of security, have to have a 100% success rate, the malicious actors only have to succeed once. Thus, our goal should be to put in place as many layers of security as practical so as to increase our odds of success, but also to have a disaster recovery plan. Having a plan makes managing a breach that much easier, but it's also good for dealing with all kinds of other disasters (think hurricanes, earthquakes, major power outages, etc.) Develop a plan; practice it; and revise it as your business grows and changes.

Today's cybersecurity awareness tip is about your Internet of Things ("IoT) devices. Anything connected to the internet can be attacked. That means all the nifty gadgets you have around your home and office are potential entry points for malicious actors. You might think that you're too small or too unimportant to be a target, but most attacks are those of opportunity. It's like wandering through a parking lot, jiggling car doors to see which ones are unlocked. It's not you or your car (or you or your network) they're trying to target. They're just looking for any vulnerable entry point, regardless of who it belongs to.

To that end, make sure you're practicing good cybersecurity hygiene on your IoT devices, just as you would any computer in your home or office.

Our fourth and final installment of our Back to Cyber School Lunch 'n Learn series was last week, and the video is now posted for you to view at your leisure! Check it out for the history of remote work, where it's headed, what technology challenges it presents, and how to be safe while working remotely.

Remote Work in 2022 This is the fourth and final installment of ITSecureNow's 2022 Back-to-Cyber School Lunch & Learn series. This week we go over the history of remote/hybrid w...

Today's cybersecurity awareness tip focuses specifically on email attachments. Just because an email appears to be from someone you know, doesn't mean you shouldn't still be wary of unexpected or unsolicited attachments. Exercise caution and verify that attachments are legitimate before opening.

In the spirit of Halloween, we thought we'd share something that's scary to our team! Individual users having admin rights on their workstations and laptops is scary, because it gives each user the ability to download and install anything and everything. Unfortunately, that download that *looks* like the latest version of your favorite game may harbor malware in the background. Limiting users' ability to install software is an easy way to keep devices, data, and networks safe. Do you know what your users are installing on their devices?

Today's cybersecurity awareness tip is about monitoring your presence on the dark web. While it may be scary to think about what's happening on the dark web, ignorance is not bliss. Keeping an eye on compromised passwords, credit cards, personal health information and other sensitive data on the dark web can help you stay ahead of attackers. Want to know more about how to keep an eye on the dark web? Reach out today!

Today's cybersecurity tip is about a fundamental principle in the cybersecurity world: there's no such thing as secure enough. (Actually there is, but it involves disconnecting from the internet permanently). Understanding that cybersecurity is constantly changing and evolving allows you to stay in front of best practices, bettering your chances at avoiding a breach.

We've only got one session left in our Back to Cyber School Series, and next week it's about safe hybrid work environments. More folks are working remotely than ever before, so join us Wednesday at noon for some tips and tricks for doing so safely. Register at https://itsecurenow.com/2022-back-to-cyber-school

Today's tip is one we wish everyone would listen to and follow! No matter how much of a hurry you're in, think before you click. So often we're on auto-pilot, especially at work, and we click on links or files in emails before we've had a chance to fully process what we're seeing. Taking an extra beat before you click on anything is always a good choice.

For today's Cybersecurity Awareness post, we'd like to introduce you to voice phishing, also known as "vishing." Vishing attacks are much like phishing attacks, except malicious actors target their victims via telephone. Many folks are rightfully skeptical when they're called out of the blue, but attackers can and do use victims' previously exposed data to sound incredibly convincing. If you receive an incoming call allegedly from a financial institution or some other organization with which you do business, be rightfully suspicious. You can also ask to call them back and use a phone number that you know is affiliated with the organization in question. If it truly is a legitimate call, they won't mind you taking the extra step to verify their identity.

Are you and your team working remotely? Check out our latest blog post for some simple tips to keep your devices and data safe while working from home!

Working Remotely AND Securely – ITSecureNow Working Remotely AND Securelyby ITSN Team The move to remote and hybrid work that started in 2020 represented a giant shift in the way modern companies do business, and even after the initial waves of COVID-19 passed, many companies continue to embrace some variety of work-from-home. Studies show th...

Today's tip for Cybersecurity Awareness Month is about user education and training. While properly implemented technology can go a long way towards protecting your business, an untrained team can undo all of your technology with the click of a mouse. Make sure you and your colleagues are up-to-date on the latest cybersecurity threats, and be sure to build a culture that values good cybersecurity hygiene. Encourage your employees to ask questions if something looks suspicious. As much as you need technology, you need a careful and conscientious team to help protect your business!

Our second tip for Cybersecurity Awareness Month focuses on safe social media use. While everyone knows that posting too much personal information online is risky, not everyone understands why. Yes, posting vacation pics while you're away may invite a burglary. But posting too much about your life online also allows malicious actors access to details that help them craft social engineering attacks. Knowing personal details about you may give a hacker everything they need to write a convincing phishing email that doesn't look suspicious to you. The internet is public, permanent and you should thoughtfully consider everything you put in the public eye!

Did you know that the first documented ransomware attack was distributed by floppy disk and required its victims to send money to a post office box in Panama? If you'd like to learn more about the history of ransomware, how we got to our modern day ransomware, and what to do to protect yourself, check out the latest installment of our Back to Cyber School series!

Ransomware in 2022 This is the third installment of ITSecureNow's 2022 Back-to-Cyber School Lunch & Learn series. This week we go over the history of Ransomware, where it's hea...

Today's lunch 'n learn was all about ransomware, including its history and how to be prepared for an attack (link to the video forthcoming). On a more urgent note, educational institutions should remain on high alert, as ransomware gangs continue to target vulnerable organizations. Check out CISA's warning and guide from earlier in the fall, and reach out to us if you have questions about how to protect your network or check for indicators of compromise.

#StopRansomware: Vice Society | CISA Actions to take today to mitigate cyber threats from ransomware: • Prioritize and remediate known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication.

Welcome to 2022 Cybersecurity Awareness Month tips from ITSecureNow! Today's tip is about keeping USB and other external hard drives secure. Encrypting your drives and turning off 'autorun' helps keep your data and your computer safe.

It's Cybersecurity Awareness Month! To kick off this month, we're excited to share our most recent Lunch 'n Learn presentation on cybersecurity and changing insurance requirements. Check out the video at our YouTube channel!

Cyber Insurance 2022 This is the second installment of ITSecureNow's 2022 Back-to-Cyber School Lunch & Learn series. A history of cyber insurance and an examination of its impact...

Two sessions down, and two to go! Next week we'll be talking about ransomware, one of the most common ways malicious actors attack businesses and individuals. Join us, and register at https://itsecurenow.com/2022-back-to-cyber-school

"Recently, the U.S. Securities and Exchange Commission proposed that companies be required to disclose detail on board members’ cyber expertise and how often the board addresses cybersecurity."

Are you treating cybersecurity as a core part of your business risk? Give us a call if you want to start!

Companies Should Treat Cyber Threats as Core Business Risk, U.S. Cyber Official Says Brandon Wales, executive director of CISA, said boards need to push their companies to invest more on digital defense, adding that insurers and shareholders will be exerting pressure as well.

Do you use a password manager? If not, have you considered why you might want to use one? Check out our latest blog post to learn more!

Password Managers – Why You Need One – ITSecureNow Password Managers – Why You Need Oneby ITSN Team If you hang around cybersecurity folks long enough, you’ll hear us talk about passwords until we’re blue in the face. The fact is that in spite of wild and complex new exploits that hackers take advantage of, there is one thing that makes their ...

Did you know that cybersecurity research firms collect and publish lists of the most commonly used passwords across different countries and the world? Below is a list of the top 10 most common passwords in the U.S. in 2021.

1. 123456
2. password
3. 12345
4. 123456789
5. password1
6. abc123
7. 12345678
8. qwerty
9. 111111
10. 1234567

These ones are obvious, but for a longer list, or to look at international data, check out https://nordpass.com/most-common-passwords-list/

Top 200 Most Common Password List 2021 Many people use the same weak passwords year after year. Check our 2021 list of top 200 most common passwords used around the world.

One down, three to go! Next Wednesday's Lunch 'n Learn session is an important one about cybersecurity and insurance. If your friendly neighborhood insurance broker hasn't asked you about your cybersecurity measures, we guarantee they will soon. Join us on 9/21/22 at noon EDT, and register today! https://itsecurenow.com/2022-back-to-cyber-school

Our Back to Cyber School series kicked off this week, and we were so excited to talk to our attendees about COVID scams and how they still persist even two and a half years into the pandemic. We were also happy to surprise attendee, Chris, with a $20 Starbuck's gift card just for spending lunch with us! We're looking forward to three more sessions as we head into fall, and we'd love to have you join us! Register today at https://itsecurenow.com/2022-back-to-cyber-school

Our fall lunch 'n learns start today, and it's not too late to register!

https://itsecurenow.com/2022-back-to-cyber-school

Back to school isn't just for kids! This fall, ITSN is hosting a Back to Cyber School Lunch 'n Learn series for anyone who wants to stay up-to-date on the latest in tech and cybersecurity trends. Each one-hour, virtual session will have time for Q&A, AND one lucky attendee at each session will leave with a $20 Starbuck's gift card. You can register now at the link below!

https://itsecurenow.com/2022-back-to-cyber-school/

Back to school isn't just for kids! This fall, ITSN is hosting a Back to Cyber School Lunch 'n Learn series for anyone who wants to stay up-to-date on the latest in tech and cybersecurity trends. Each one-hour, virtual session will have time for Q&A, AND one lucky attendee at each session will leave with a $20 Starbuck's gift card. You can register now at the link below!

https://itsecurenow.com/2022-back-to-cyber-school/