Stop Crying Over Ransomware: 3 Actions You Can Take Now May 26 2017 Ransomware attacks and cyber invasions can make even the most prepared companies want to cry. That said, companies can proactively limit the damage and prepare for when an attack will occur. The best course of action is to stop talking about attacks and take action now: 1. Educate your end users Make sure employees and other users receive training about how malware and ransomware can infect a system. One way hackers will try to enter a system is through email. Train your employees to only open emails that look legitimate and are from recognizable sources. Sixty-six percent of malware was installed through malicious email attachments, according to the Verizon 2017 Data Breach Investigations Report that examined 42,000 incidents and 1,900 confirmed breaches. Quick tip: Hover over the url in an email to see if the actual url matches the link. Hackers often disguise malicious links as something inconspicuous like a UPS tracking link. Social engineering or social attacks – 43 percent of all breaches, Verizon reported – happens when people are manipulated into giving up confidential information. A hacker can pretend to be a service provider or another representative and cleverly ask questions over the telephone or to a receptionist and discover enough information to attack the system. They can also attend networking events where they lure information from targeted employees. Users also need to be aware of their surroundings – whom is around and why – and they need to be mindful of anything that seems suspicious. For example, if a USB drive is found in the parking lot or restroom, don’t plug it into the company’s system. 2. Know your software and ensure its updated The “WannaCry” ransomware affected many more than it probably would have because businesses and individuals didn’t install the security update or patch that Microsoft issued in March. The installation of updates and patches protects older versions of Microsoft Windows Operating Systems. A full-blown worldwide cyber attack occurred in mid-May that spread across local networks and the Internet to systems that had not been updated. It affected approximately 75,000 computers across the globe. Incidents like WannaCry demonstrate the importance of knowing what business software you’re using and ensuring it’s up to date. Waiting can make your system vulnerable to attack. It’s similar to how and why vehicles need regularly scheduled oil changes. Delaying maintenance, can make the overall engine vulnerable and potentially cause irreparable damage just as it can with a computer network or system. 3. Make a disaster recovery plan and test it A cyber attack is likely to happen at some level. You need to know what to do to restore the system to known and future unknown threats. Another vicious malware attack called “XData” is under way and affecting computers and systems at three times the rate of WannaCry. It is unclear how the virus is being spread, which is why your systems need continual analysis, maintenance and updates. A Disaster Recovery (DR) Plan will lay out the details of what to do when your system is compromised and how to restore your environment. The DR plan will need to be tested to ensure its up to date, effective, and that your employees know what to do. How often a DR test should be performed will depend on the level of risk the company is willing to take. In light of recent events all companies should perform a DR test now. Though healthcare and financial companies are targeted more often because their data is highly valuable on the black market, WannaCry proved the Average Joe's, small-town governments and churches also are at risk. Infecting older versions of Microsoft Windows enabled the hackers to capitalize on quantity rather than quality. Ransom demands were set at $300, much smaller than the usual ransom demand. Smaller businesses are often targeted because they have not invested in the same cyber security measures as larger entities. A security gap analysis by an outside company will determine where risks exist. The gap analysis will examine all cyber-related risks, as well as security procedures that include physical security of the site, whether the system is up to date, and identify if all programs are current and have the most recent security updates. Often forgotten but just as important as a DR Plan is an organization’s need to develop an Incident Response Plan. This plan can be used as part of your DR Plan or stand alone. An incident Response Plan specifically outlines what to do in the midst of a breach or hack. It covers areas like security and systems response, public relations, legal actions, and more. These are all steps that companies and users should take as soon as possible. Remember, it’s not a matter of if a cyber attack will occur but when and how bad. Hackers don’t discriminate, investing in the security and resiliency of your systems now will pay in dividends later.