2020 has been a groundbreaking year on many fronts. Unfortunately, the majority of them have not been good ones. On October 28, 2020, the FBI, HHS, and CISA jointly reported on an imminent threat to healthcare organizations (the Health and Public Health Sector) surrounding the Ryuk variant of ransomware and other malware most recently seen accompanying it. “We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States,” said Charles Carmakal, Chief Technical Officer of the cybersecurity firm Mandiant, in a statement.
While this specific report was focused on the healthcare sector, the truth is that all businesses are increasingly vulnerable to cyber-attacks, and attackers seek those who are a good match for their malware and their skills, they care far less about what type of company you are.
Many cyber-attacks involve ransomware, a form of malicious software or malware, designed to deny access to a computer system or data until a ransom is paid and a decryption key (commonly called a decryptor) is given to the victim. The encryption is virtually unbreakable without the decryption key, and you should not spend valuable time seeking a way around the encryption if you are attacked with it. Ransomware can spread in multiple ways, but most typically, through phishing emails or by unknowingly visiting an infected website. Ransomware can be catastrophic to healthcare and other organizations, preventing critical information and systems for patient care from being accessed, for example.
ConvergeOne never advocates paying the ransom to cybercriminals. You are paying a criminal organization to extend their attack infrastructure further, rather than putting them out of business. Instead, you should build a cyber-aware culture within your organization and proactively follow a number of steps to keep your information and people protected from cyber-attacks.
As we plan for 2021, here are 21 cyber tips to get your organization started.
Don’t open a message or a link just because the correspondent seems to know a lot about you and never be afraid to ask before committing to any next step requested by the sender, especially if the sender signals a sense of urgency.
You should also send a “voice of leadership” messages to everyone containing guidance on what to look for, who to call, what to do, and that it is okay to not click or respond to any message that looks unusual or suspicious.
Ensure you are simulating phishing attacks against your users regularly to ensure they are sensitive to real approaches attackers will take. Have a continuous learning platform to deliver them. Educate staff to detect fast:
Use Multi-Factor Authentication everywhere you log in, as you need a second mechanism to authenticate to system resources that is independent of that password. Use passwords that are made up of multiple random words strung together, with numbers and special characters. Leverage every privacy control available on social media, and develop a healthy skepticism of trusting any information or messages from those you do not know.
Report on how many times per day you get attacked, but you thwart the attack. How? Start at the outside interface of your perimeter firewall. Pull stats indicating your number of dropped packets at that interface. Do it for 30 straight days. It will give you a good idea of how many attacks you are defending against. Your leadership will gain perspective and you will gain credibility with them.
Patch operating systems, software, and firmware as soon as manufacturers release updates. Advise remote users not using company-owned assets to turn on auto-update and ensure they are current on software and patches, as well.
Also, make sure to take one additional step after an update and check your privacy settings. Sometimes the update reverts them back to a prior default setting.
Your personally identifiable information may get swept up in the endless tide of breaches. The appearance of your firm’s data on the dark web requires prompt notification to your business. Contact ConvergeOne today to find out more about how we help hundreds of organizations keep from being a future dark web victim.
Your firm’s digital transformation needs modern, identity- and workload-centric Zero Trust security solutions to protect your work-from-home workforce. Remember: Companies that wait to act are tempting fate, so please ask us about Zero Trust today.
Check back for the next part of this blog series for the seven more tips. Can’t wait? Download the full white paper below.
As you prepare for 2021, you should prioritize building a cyber-aware culture within your organization and proactively follow a number of steps to keep your information and people protected from cyber-attacks. Download this ConvergeOne white paper to receive all 21 cyber tips to get your organization started.