In the early Middle Ages, knights spent hours getting ready for battle putting on their armor with the help of a squire. There were hooded coats, trousers, gloves and shoes made of chain mail. Add the helmet, shield, and sword, and they were ready for an attack.
In order to prepare for the inevitable cyber battle, you do not want and cannot avoid, you need your own form of chainmail. Here’s how you can prepare your home or business.
Ransomware attacksTo avoid the ransom for your hostage data, you should be backing up critical business data nightly or more often if operations require. In that case, you will only lose one day’s worth of data plus the time and resources it takes to restore your infected system.
This happened to Haywood County School District in North Carolina. A trusted employee innocently opened a malicious email attachment. Then the computers were attacked by Suncrypt ransomware. They did not pay the ransom because they had backups, however, they had to delay school for a week to restore everything. Suncrypt uses a Windows administrator utility called “PowerShell” to send a file to other computers on the network that renames and encrypts every file and folder on the infected computer. The hackers now have your data hostage.
What could the school district have done to avoid the infection altogether?
First, the person who clicked on the phishing email had “administrative” privileges. Cybersecurity has a concept called “least privilege” where a user has a least amount of privilege to do her work. All internet browsing and email reading should be done as a non-admin user. It is critical to use admin privileges ONLY when performing admin functions (configuration and installation).
Second, the computer security policy allowed PowerShell to connect out to the internet. The system policy should have disabled this capability. Powershell is the new favorite of hackers. Eighty-seven percent (87%) of common malware uses PowerShell, research shows. This one change to your system can block much of the current malware.
Finally, for this particular attack, and those like it, the entire attack would have been thwarted if the systems had a simple setting enabled called “Controlled Folder Access.” This feature allows only authorized applications and users to modify folders. This would have completely blocked Suncrypt.
Phishing attacksPhishing is getting very complex. There are new targeted phishing campaigns where emails are sent to company users claiming to be from the IT Department (for example). The emails explain that certain sent emails were quarantined and provides a link for the user to login and review the files. The link takes you to a screen that looks exactly like the company login. The hackers grab the user’s credentials when they attempt to login and fix the problem.
The lesson here is to always hover over any link in an email. Do NOT click the link without checking it. When you hover over the link, the details of the link show in the bottom left-hand corner of your browser or pops out on your email application. Verify the entire link carefully. Hackers can be creative with their domain names making them similar to the real domain names. So look closely. When it comes to links, hover, hover, and hover again.
Lastly, review your business insurance policy and ensure it covers computer fraud, and think about looking into cybersecurity insurance. A few extra dollars a month may be more palatable than $100,000 in lost business while you clean up the mess from the inevitable cyber battle.
The moral of this sad tale is: along with that first cup of coffee or tea in the morning, remember to put on your cyber armor before you check your emails.