Many retailers have experienced online sales booms during the pandemic as customers flocked online, denied the ability to shop in stores during lockdowns.Read More
A message from our Security Team
May 12, 2020
Ransomeware cyber-attacks alert. With the recent developments related to COVID-19, we are witnessing an increasing number of attempted cyber-attacks involving ransomware.
Criminals are looking to exploit the COVID-19 situation as an opportunity to penetrate corporate networks and IT systems. Many of these attempted attacks have originated with bogus emails sent to members of staff that appear to be from a legitimate internal source and have the potential to open a path to any of your systems.
Reduce the risk of attack on your systems
Below are several suggested steps that we believe should be considered in order to reduce the risk of attack on your mission critical systems.
- Communicate on a regular basis with all employees to maintain good security hygiene and awareness. This should include safe use of email (validation of senders email address, attachments, embedded web links) as well as password policies and practices.
- Consider controlling the installation of 3rd party software on employees devices – especially those that require access to corporate networks and systems.
- Limit user privileges. In most cases, it is not necessary for a user to have administrator rights.
- Ensure you have an up-to-date password policy that is known and used by all employees. If possible, implement Two Factor Authentication (2FA).
- Ensure you have an up-to-date employee off-boarding process which includes the timely deactivation of employee accounts and access permissions once they leave the business.
- System administrators should ideally use separate accounts for system administration and regular work functions. The account used for regular work functions should not have administrator privileges on the domain.
- Don’t use default accounts and passwords. Ensure any software or hardware systems that are deployed within the corporate network either have default user accounts disabled or passwords changed in-line with corporate password policy.
- Document and implement robust backup and disaster recovery processes. This should include:
- Regular and routine backups. Each system within the business may require a different schedule depending on the frequency of change.
- Store backups offsite using media that is disconnected from the corporate network.
- Testing of your backups and disaster recovery on a regular basis.
- Create and use dedicated Service Accounts where possible for backup processes. Avoid using commonly known Admin or Administrator accounts. Only the backup tools should be aware of these accounts.
We hope this information helps you to keep your valuable data, systems and ultimately your business safe and secure.
About the author
Whether it is retail, technology, current events or entrepreneurship – Andrew Gorecki brings an unconventional approach to the subject matter. He provides a compelling alternative narrative, challenging mainstream views, and is sought out by industry insiders for his strategic advice and insights. Andrew co-founded the retail software company Retail Directions in 1994, and was a non-executive director of Reece Ltd and its subsidiary companies between 2008 and 2017. His latest book, Gearing Up for Success covers the critically important secrets of success that our schools choose not to teach.