March has been a busy month for the IT departments in Connecticut towns and not for good reasons. Several town computer networks, namely Plymouth and Colchester's, fell victim to ransomware attacks.
Here's how ransomware attacks generally work.
A criminal emails the potential victim in hopes of getting some virus to encrypt data and lockdown the computer. In the case of the towns here in CT, the victims were employees for the town and they accidentally assumed the e-mail was coming from a credible source, such as a colleague, an e-commerce vendor like Amazon or perhaps even another government agency.
When the evil email is opened, sometimes the virus is sophisticated enough for the computer to get locked down, whereas in other cases, one more click of a link is what triggers the ransom message to appear.
Train employees on how to spot suspicious emails
Much of the battle defending against ransomware attacks is having constant training on what cyber attacks typically look like. You can read our complete blog post on how to identify phony emails, but keep in mind that there are 5 quick ways to spot a hoax: false sender, weird salutation like "Dear Client", strange links and footers.
Keep software up to date
Cyber attackers are constantly creating new malware that takes advantage of software vulnerabilities. The best way to be secure for this kind of attack is by updating software regularly, or even automatically.
Implement secure password policies
Password security is an essential component when it comes to protecting your business from a cyber attack. Just to give you an idea of how important it is to have a secure password, Verizon’s 2017 Data Breach Investigation Report said that 81% of hacking incidents leveraged weak or stolen passwords.
Keep the essentials in mind. Your passwords should have at least 8 characters, a digit or punctuation, use upper and lower cases, and they should be unique for every software or website you log in to.
Be Careful with Storage Devices
Storage devices, such as a thumb drives that plug into the USB port of your PC, may contain malware that you copy into the system unknowingly or that gets launched automatically by the Autoplay feature of yomur PC. It’s important to understand that smart devices (phones, tablets, etc.) also have the potential to infect your PC or network when you download applications or games containing malware or viruses.
You can mitigate risks by scanning the devices when plugged into your pc before opening them, never plugging in a device that you do not know where it came from, disabling the autoplay feature on your computer and encouraging employees to keep personal data separate from work data.
Maintaining clean backups, both of critical systems and business data, can provide a fail-safe in the event of a security breach. Data backups are a routine task that is usually more cost-effective to outsource to an external service provider.
These are 5 practical and easy ways to protect your organization from cyber attacks. But remember, the common defense is being educated.