Copeland News - January, 2017
SPECIAL SECURITY EDITION
We welcome you to the winter edition of Copeland News. The world is a different place these days. Businesses both small and large are being targeted by hackers, falling victim to spoofed email addresses requesting funds and having their data encrypted unless a ransom is paid. This trend will continue and we all need to think differently about our security risks, realizing it takes time and money to mount a defense against the latest threats.
Please read this special edition thoroughly, as it pertains to all types of businesses. That being said, if you think of anything today or in the future that you would like to discuss as it applies to your situation, never hesitate to drop us a note. We are here to help and serve you in any way we can.
In this issue of Copeland News
What's Going On?
In the past, companies would assess their risk of being attacked and would elect whether or not to engage in preventative measures to better protect themselves. High risk companies were the ones possessing something that the cyber-criminals wanted like proprietary business information or personal information like social security numbers and credit card data that could be sold on the Internet or used maliciously by the hackers themselves.
Today, CryptoLocker-style ransomware and email phishing are on the rise and all types of companies are at risk. If you have information that your organization needs in order to operate, your business can be held for ransom. If your business processes wire transactions, it can be targeted for email phishing. Let's briefly review the two top threats of today...
Heightened CryptoLocker, Ransomware and Phishing Activity
Ransomware locks down your systems by encrypting important data until a ransom is paid to the hackers responsible. You are required to reach out to the criminals via email and submit payment via bitcoin in the hopes that they will provide the secret key to unencrypt your data. Ransom amounts can range from $1,000 to $10,000 or more and paying the ransom DOES NOT guarantee you will get your data back. They may ask for more after the first payment is made or unencrypt your data but leave a program behind that does it again at a later date.
While we have seen all year long where CryptoLocker-style infections come from email attachments or links. We have also seen attacks from hackers actively coming in through a customer's Internet connection. They scan network ports for any openings and once in they can sell your information or encrypt your data to begin the ransom process.
Email phishing is the attempt to trick you into entering sensitive information such as usernames, passwords, credit card details and money into legitimate-looking websites. Carefully crafted email messages appear to originate from well-known sites such as Apple or PayPal. We have a full blog on these types of attacks with ways to prevent them by clicking here.
What are the Best Practices to Protect against CryptoLocker/Phishing Attacks?
Here are some ways to reduce the risk of these types of threats. While we understand that many of these steps and processes may be inconvenient, it's insignificant compared to the financial costs and downtime incurred by an attack.
- Most importantly, review your insurance for coverage of Cyber Attacks, Ransomware activity and Interruption of Business.
- Ensure you have a business continuity plan and a disaster recovery plan in place and documented.
- Educate your staff about fake links and fake attachments that can introduce CryptoLocker into your organization. Realize that the intention of these emails is to bait the user into opening an attachment or link, so common business terms like "Invoice Attached" and "Track your Package" get used. If ever in doubt, call or text the sender to verify that they indeed sent you something.
- Lock down your routers. Do not open ports on firewalls to easily access your network remotely. Hackers will find these openings and exploit them. Use trusted methods such as VPN or remote tools like LogMeIn.
- Use strong passwords throughout your establishment. Adding special characters, numbers and length adds strength. Change your passwords routinely.
- Ensure your backup is solid by reviewing logs daily.
- Keep your systems patched and updated.
What Should We Do if We Are a Victim of an Attack?
How you respond to these types of events is timely and critical if you want to recover from an attack. Here are the steps to perform if you find yourself with encrypted files or a message on your screen saying you have been hit with an encryption:
- Immediately detach the PC or device from the network. To do this, unplug the Ethernet cable (thick "phone-cord looking" wire going into the back of the device) or turn your wireless connection off.
- Call us immediately, regardless of day or time. This step is critical. Many times we can recover files with some built-in versioning. We also have to stop your backup so that you do not overwrite your latest good backup with encrypted files.
- At this point we will determine next steps and communicate with you.
- DO NOT PAY THE RANSOM WITHOUT TALKING TO US!
What is Disaster Recovery?
Disaster Recovery is a combination of written procedures, backup copies of your data and resources to bring your systems back online in the event of a major interruption of business. Many business feel this solution is too expensive or their organization is too small for such a plan.
Disaster recovery solutions today cost about the same as a simple backup but bring more value when needed. Simple backups can take days or weeks to fully get back online. Most disaster recovery solutions can have you up and operational in 24 hours, allowing your business to function while your server is being rebuilt. Remember, it can take weeks for a new server to come online and your business still needs to operate during this waiting period.Please discuss a disaster recovery solution to help protect your business against these latest threats. The world has changed and the risks of not being prepared are too high.