Did you know that we celebrated World Telecommunications and Information Society Day on Monday?
The purpose of World Telecommunication and Information Society Day (WTISD) is to help raise awareness of the possibilities that the use of the Internet and other information and communication technologies (ICT) can bring to societies and economies, as well as of ways to bridge the digital divide.
Cybercrime & cybersecurity have become more topical recently. This past weekend Ireland’s Health Service Executive (HSE) suffered a full-scale cyberattack affecting their extended operations and services. The fallout is still ongoing.
Who and what are targeted in cybersecurity attacks?
Cybersecurity concerns everyone and every size business – not just governments, bodies like the HSE, and large organizations. Out of necessity, the global pandemic has pushed more citizens and businesses to adopt digital communications more deeply and faster. There has been a monumental shift to remote working and integration of personal devices for business use. The knock-on effect of increased digitization is voluminous increases in interconnected data.
For a business owner, a cybersecurity attack could affect confidential data related to you personally, your business, employees customers, partners, merchants….… all the interconnected elements.
Let’s take a look at cybersecurity and ransomware, and see what businesses can do to mitigate against disasters.
What is ransomware?
Ransomware is a type of malware that encrypts files and folders and demands payment from victims to decrypt them. It is easily spread and has proven highly effective for cyber attackers targeting businesses for a number of reasons.
ref: Datto https://www.datto.com/
Ransomware is used by criminals determined to exploit your business/data for ransom payment or out of maliciousness.
An example of ransomware is phishing email scams where the user opens or downloads links/attachments received via email. Code from the item is then injected into files, databases, networks which become infected with the malware.
Implications of malware attack on a business:
• Cannot access data leading to loss of productivity and downtime;
• Data can be copied, used, blocked, destroyed by others during an attack;
• Orders/records/bills/accounts / scheduling all affected – just like a spider web of attack ;
• The cost of downtime;
• Cost of restoration (where possible);
• Cost of the ransom (if paid);
• Loss or reputation.
What happens / how do you know if you are being attacked
The key stages for managing data breaches are:
– identification and assessment;
– containment and recovery;
– risk assessment;
– notification;
– evaluation and response.
Monitoring your services and data (either self or use a managed service provider like SenSys), you should aim to identify unusual activity – from the obvious notice on-screen advised you have been hacked – this could possibly include a ransom request. Depending on the extent of the attack, your devices may become unusable. Your software – inaccessible. Your data – emails, files, and folders may also become inaccessible.
Your immediate options are
• Do nothing and hope that systems will be restored intact;
• Pay a ransom upon payment of a ransom (not advised);
• Assess the extent of the damage by going through a series of checks;
• Fix by restoring your own data hosted on your or third-party backups.
What are your obligations?
• Contact those affected to advise of the breach;
• GDPR compliance and data breach response. Check out this GDPR checklist for data controllers.
16 tips to help to prevent or mitigate against a cyber attack
1. Create, document, and implement strict cybersecurity policies relevant to your business and business practices. Ensure that all endpoints are locked down tightly.
2. Run regular vulnerability assessments, act on recommendations.
3. Use data discovery tools to find and appropriately secure data along with business-class Software-as-a-Service (SaaS) applications that allow for corporate control of data.
4. Deploy firewall, VPN, and antivirus technologies to ensure your network and endpoints are not vulnerable to attacks.
5. Tightly control access to computers and admin privileges.
6. Keep software up to date – this can be automated by managed service providers like SenSys. Outdated systems are highly vulnerable to attack.
7. Encrypt databases network devices such as PCs, phones, Wi-Fi access points, Firewalls, Servers, Routers, Network switches. Be aware that Windows PCs and servers most at risk
8. Backup – At the very least, schedule daily backups to minimize data loss in the event of a cyber-attack. Manage patches.
9. Don’t forget to back up email – it’s not always included by providers.
10. Do not keep your data and customers data backed up to same place and know where it resides. Adopt a multi-datacenter strategy via cloud security providers.
11. Use reputable providers for applications, software, and services.
12. Run training sessions for staff in identification of vulnerabilities, best practices for storage, devices (including phones), and password policies particularly two factor authentication (2FA) or higher. Give instructions for what to do if they become suspicious of files, emails, contact. Phishing emails account for most ransomware attacks.
13. Monitor – Activate system health monitoring – processors, hard drive and memory, raid controllers, software application logs, fault logs, operating systems.
14. Implement business continuity and disaster recovery solutions (BCDR).
15. Enable uptime/instant recovery of data and applications. 92% of MSPs report that clients with business continuity disaster recovery (BCDR) products in place are less likely to experience significant downtime from ransomware and are back up and running quickly. Application downtime can significantly impact a business’ ability to generate revenue.
16. Use secure Cloud-managed networking. SenSys Proactively monitor the system’s health and in the event of an outage, with Cisco Meraki in built networking we are alerted 24/7 and we respond.
What can you do to recover
- Reinstall/reimage affected data in-house or have your provider do it for you;
- Restore machines from backup;
- Sanitize your systems – malware can lay dormant in files;
- Run a software clean-up;
- Products to consider: Remote monitoring and management (RMM) tools allow managed service providers (MSPs) to monitor and detect issues, manage applications & devices by blocking or uninstalling applications, protect and fix issues before problems arise, remotely takeover and resolve issues.
In this article, we acknowledged that global business has transitioned to digital-first which increases the opportunities for criminals. It is incumbent on business owners and individuals to remain vigilant and mitigate against cyber-attacks. We looked at the implications of data breaches and obligations arising from them.
Prevention is better than cure – we recommended ways in which businesses can improve their security and what they can do to reduce the opportunity for malware and ransomware attacks. Many of the solutions are easy to implement with policies, procedures, training, and using reputable products and service providers.
You don’t have to have the resources in-house, managed service providers is often best outsourced to the experts. This ensures peace of mind and ensures easy business continuity.
Don’t just assume you are protected – schedule an IT audit with SenSys Tech today.
Phone: 1800 815 683
Email: info@sensys.ie
Useful Links
Read: Cisco Meraki https://www.sensys.ie/it-networking-and-infrastructure/cisco-meraki/
