Get the latest retail news straight to your inbox

    Don’t go searching for insights in the retail space, we deliver them direct.
Perspective + Technology + Security

A message from our Security Team

mm
Andrew Gorecki

May 12, 2020

Ransomeware cyber-attacks

With the recent developments related to COVID-19, we are witnessing an increasing number of attempted cyber-attacks involving ransomware.

Criminals are looking to exploit the COVID-19 situation as an opportunity to penetrate corporate networks and IT systems. Many of these attempted attacks have originated with bogus emails sent to members of staff that appear to be from a legitimate internal source and have the potential to open a path to any of your systems.

Reduce the risk of attack on your systems

Below are several suggested steps that we believe should be considered in order to reduce the risk of attack on your mission critical systems.

  1. Communicate on a regular basis with all employees to maintain good security hygiene and awareness. This should include safe use of email (validation of senders email address, attachments, embedded web links) as well as password policies and practices.
  2. Consider controlling the installation of 3rd party software on employees devices – especially those that require access to corporate networks and systems.
  3. Limit user privileges. In most cases, it is not necessary for a user to have administrator rights.
  4. Ensure you have an up-to-date password policy that is known and used by all employees. If possible, implement Two Factor Authentication (2FA).
  5. Ensure you have an up-to-date employee off-boarding process which includes the timely deactivation of employee accounts and access permissions once they leave the business.
  6. System administrators should ideally use separate accounts for system administration and regular work functions. The account used for regular work functions should not have administrator privileges on the domain.
  7. Don’t use default accounts and passwords. Ensure any software or hardware systems that are deployed within the corporate network either have default user accounts disabled or passwords changed in-line with corporate password policy.
  8. Document and implement  robust backup and disaster recovery processes. This should include:
    1. Regular and routine backups. Each system within the business may require a different schedule depending on the frequency of change.
    2. Store backups offsite using media that is disconnected from the corporate network.
    3. Testing of your  backups and disaster recovery on a regular basis.
  9. Create and use dedicated Service Accounts where possible for backup processes. Avoid using commonly known Admin or Administrator accounts. Only the backup tools should be aware of these accounts.

We hope this information helps you to keep your valuable data, systems and ultimately your business safe and secure.

Share this article via
mm

About the author

Whether it is retail, technology, current events or entrepreneurship – Andrew Gorecki brings an unconventional approach to the subject matter. He provides a compelling alternative narrative, challenging mainstream views, and is sought out by industry insiders for his strategic advice and insights. Andrew co-founded the retail software company Retail Directions in 1994, and was a non-executive director of Reece Ltd and its subsidiary companies between 2008 and 2017. His latest book, Gearing Up for Success covers the critically important secrets of success that our schools choose not to teach.

Get the latest retail news straight to your inbox

    Don’t go searching for insights in the retail space, we deliver them direct.

Explore related articles

Related articles

Perspective + Technology + Business

Five lessons from the COVID-19 emergency

May 18, 2020

Ransomeware cyber-attacks With the recent developments related to COVID-19, we are witnessing an increasing number of attempted cyber-attacks involving ransomware. Criminals are looking to exploit the COVID-19 situation as an opportunity to penetrate corporate networks and IT systems. Many of these attempted attacks have originated with bogus emails sent to members of staff that appear […]

Read More
Perspective + Technology + Business

An Important Message from Retail Directions

May 4, 2020

Ransomeware cyber-attacks With the recent developments related to COVID-19, we are witnessing an increasing number of attempted cyber-attacks involving ransomware. Criminals are looking to exploit the COVID-19 situation as an opportunity to penetrate corporate networks and IT systems. Many of these attempted attacks have originated with bogus emails sent to members of staff that appear […]

Read More
Press Release + Strategy + Business

COVID-19 Policy and Business Continuity Statement

October 12, 2020

Ransomeware cyber-attacks With the recent developments related to COVID-19, we are witnessing an increasing number of attempted cyber-attacks involving ransomware. Criminals are looking to exploit the COVID-19 situation as an opportunity to penetrate corporate networks and IT systems. Many of these attempted attacks have originated with bogus emails sent to members of staff that appear […]

Read More