Ransomeware cyber-attacks

With the recent developments related to COVID-19, we are witnessing an increasing number of attempted cyber-attacks involving ransomware.

Criminals are looking to exploit the COVID-19 situation as an opportunity to penetrate corporate networks and IT systems. Many of these attempted attacks have originated with bogus emails sent to members of staff that appear to be from a legitimate internal source and have the potential to open a path to any of your systems.

Reduce the risk of attack on your systems

Below are several suggested steps that we believe should be considered in order to reduce the risk of attack on your mission critical systems.

1. Communicate on a regular basis with all employees to maintain good security hygiene and awareness. This should include safe use of email (validation of senders email address, attachments, embedded web links) as well as password policies and practices.
2. Consider controlling the installation of 3^rd party software on employees devices – especially those that require access to corporate networks and systems.
3. Limit user privileges. In most cases, it is not necessary for a user to have administrator rights.
4. Ensure you have an up-to-date password policy that is known and used by all employees. If possible, implement Two Factor Authentication (2FA).
5. Ensure you have an up-to-date employee off-boarding process which includes the timely deactivation of employee accounts and access permissions once they leave the business.
6. System administrators should ideally use separate accounts for system administration and regular work functions. The account used for regular work functions should not have administrator privileges on the domain.
7. Don’t use default accounts and passwords. Ensure any software or hardware systems that are deployed within the corporate network either have default user accounts disabled or passwords changed in-line with corporate password policy.
8. Document and implement  robust backup and disaster recovery processes. This should include:
   1. Regular and routine backups. Each system within the business may require a different schedule depending on the frequency of change.
   2. Store backups offsite using media that is disconnected from the corporate network.
   3. Testing of your  backups and disaster recovery on a regular basis.
9. Create and use dedicated Service Accounts where possible for backup processes. Avoid using commonly known Admin or Administrator accounts. Only the backup tools should be aware of these accounts.

We hope this information helps you to keep your valuable data, systems and ultimately your business safe and secure.