Several Florida municipalities have been infected with ransomware, a malicious software that infects entire computer networks by freezing important equipment and files and essentially locking you out of your own data until the organization pays a ransom for a key to unlock the information. Unfortunately, ransomware has become a lucrative tactic for cybercriminals and no organization is immune from the threat. When your systems come under attack, it can be a frightening situation to navigate.
Ransomware often travels through emails known as phishing attempts, but it can also take advantage of backdoors or vulnerabilities. Cybercriminals often prey on a user’s inattentiveness. Nothing can protect a system like human vigilance. Prevention is key, train your employees and educate yourself!
Here are some ways you can help prevent these types of attacks:
- Teach employees to recognize the signs of a phishing attack and encourage them to think before clicking. Check the senders email address, look for typos, and beware of anything asking you to click on a link. Emails with the attachments .exe,.vbs, or .scr, even from a trusted source should not be opened. These are executable files that are most likely a virus.
- Local and off site backups are essential in keeping your information in a safe area that hackers cannot easily access. It will also make it easier for you to repair your system in the event of an attack. Use a cloud backup solution to protect your data. Cloud backups add an extra layer of protection and redundancy. Have multiple backups in case the last backup got overwritten with ransomware.
- Early Threat Detection – You can install ransomware protection software that will help identify potential attacks and find intrusions as they happen to prevent them. Use a traditional firewall to block unauthorized access. Windows offers a function called Group Policy that allows you to block the execution of files from your local folders which stops attacks that begin by placing malware in a local folder that then opens and infects the computer system.
- Make sure to download and install any software updates or patches for systems you use. These updates can repair vulnerable security spots to help keep out attackers.
- Segment network access so that parts of the network can be separated from others in the event of a discovered threat.
There are several cyber resources available online. The Department of Homeland Security’s Critical Infrastructure Cyber Community Voluntary Program (C3) provides cybersecurity resources to operators of critical infrastructure for State and Local Governments and provides webinars, publications, and best practices. https://www.us-cert.gov/resources/sltt
Preferred offers four Vector Solutions courses on Cyber Awareness. Educating your employees is one of the best ways to prevent a cyber attack. Cyber Awareness improves the awareness of threats to online security and provides best practices for safeguarding data. As always, these courses are available to Preferred members free of charge.
- Cybersecurity Awareness for Employees: Classifying and Safeguarding Data for Corporate and Personal Use
- Cybersecurity Awareness for Employees: End User Best Practices
- Cybersecurity Awareness for Employees: Security Awareness Essentials
- Cybersecurity Awareness for Employees: Social Engineering
Preferred offers access to the Risk Management Resource Center at no cost for those members who place their EPLI coverage with Preferred. The Cyber Support Center includes several resources:
- Breach Healthcheck: Measurable data breach exposure and protection with instant feedback
- Privacy and Security templates including a customizable incident response plan (IRP), which can be tailored to meet industry and regulatory requirements
- Resources for keeping staff up to date on a range of issues related to privacy, data security and compliance
- Latest news and events regarding data breaches, regulations, cyber threats and protective technologies
For more information on these and other Cyber related resources please contact your Preferred Loss Control Consultant.