Our real threat. But is it COVID?
By Lisa Smellie, Senior Recruitment Consultant, Eden Ritchie Recruitment
I think we have a real threat on our hands and it’s NOT COVID. How secure are we really in this wide world of web? Pretty much everything is digitised and online, we do our banking online, all of our utilities are managed through a digital online platform. Our everyday lives could be at risk…have you thought about this? What if it all goes down?
It’s real and is happening now! There are many ransomware gangs. One in particular from Russia, called REvil, have collected tens of millions of dollars in ransom payments in return for restoring computer systems it has hacked.
And this year a major New Zealand hospital faces a second week of disruption as it struggles to fix its computer system following a massive cyber-attack. The attack on Waikato district health board (DHB), which began in May, has been described by its chief executive, Kevin Snee, as “probably the biggest cyber-attack in New Zealand’s history”.
It is not only large organisations that are being attacked, but also YOU and YOUR business! Please be weary and don’t click on something that looks suspicious in emails at work or home. Clicking on the wrong link could be enough to set off a sequence of events that ends with all your data being encrypted by criminals, who will only unlock it in return for a hefty ransom.
This level of threat means there’s no way to absolutely protect yourself or your business from ransomware or any other kind of malware. But there are a number of steps you can take to minimise your attack surface.
MAKE SURE YOUR ANTIVIRUS SOFTWARE IS UP TO DATE
Many antivirus packages now offer ransomware-spotting features or add-ons that try to spot the suspicious behaviour that’s common to all ransomware
UNDERSTAND WHAT’S HAPPENING ACROSS THE NETWORK
There’s an array of related security tools — from intrusion prevention and detection systems to security information and event management (SIEM) packages — that can give you an insight into the traffic on your network.
SCAN AND FILTER EMAILS BEFORE THEY REACH YOUR USERS
The easiest way to stop staff clicking on a ransomware link in an email is for the email never to arrive in their inbox. This means using content scanning and email filtering.
HAVE A PLAN FOR HOW TO RESPOND TO A RANSOMWARE ATTACK, AND TEST IT
A recovery plan that covers all types of tech disaster should be a standard part of business planning, and should include a ransomware response.
THINK VERY LONG AND HARD BEFORE YOU PAY A RANSOM
There are reasons why you might not want to pay.
First, there’s no guarantee that the criminals will hand over the encryption key when you pay up, they are criminals, after all. If your organisation is seen to be willing to pay, that will probably encourage more attacks, either by the same group or others.
UNDERSTAND WHAT YOUR MOST IMPORTANT DATA IS AND CREATE AN EFFECTIVE BACKUP STRATEGY
Having secure and up-to-date backups of all business-critical information is a vital defence, particularly against ransomware.
UNDERSTAND WHAT’S CONNECTED TO YOUR NETWORK
Thanks to the office wi-fi, the Internet of Things and working from home, there’s now a wide variety of devices connecting to the company network, many of which will lack the kind of built-in security you’d expect from a corporate device. The more devices, the greater the risk that one will offer hackers a backdoor into your network.
MAKE IT HARDER TO ROAM ACROSS YOUR NETWORKS
Make this harder by segmenting networks, and also by limiting and securing the number of administrator accounts, which have wide-ranging access.
TRAIN STAFF TO RECOGNISE SUSPICIOUS EMAILS
Training staff to recognise suspicious emails can help protect against ransomware and other email-borne risks like phishing. The basic rule: don’t open emails from senders you don’t recognise
CHANGE DEFAULT PASSWORDS ACROSS ALL ACCESS POINTS
APPLY SOFTWARE PATCHES TO KEEP SYSTEMS UP TO DATE
Patching software is vital to your security. Malware gangs will seize on any software vulnerabilities and attempt to use them as a way into networks before businesses have had time to test and deploy patches.
Be aware and be vigilant, we certainly live-in unprecedented times. The web is great of course and benefits us all, but there are always pros and cons to everything in our lives.
To view our current opportunities, visit us at Eden Ritchie Recruitment