Tag Archive for: ransomware

Posts

lessons from data breaches

Lessons from Data Breaches

/0 Comments/in , , , , , /by

learning lessons from data breachesMore than 6 million Canadians were impacted by the Capital One data breach that happened this year – and that was not even the biggest breach by any stretch. The biggest data breach is still Yahoo, whose breach impacted more than 3 billion people. Big or small, however, each data breach is costly and damaging – to consumers, to businesses, and to the economy. We can – and should – learn everything we can from these incidents to avoid repeating them. In analyzing security breaches that have occurred over the last 10 years, experts found that the main reasons data breaches occur are:

  • Failure to patch
  • Human error
  • Insider attacks
  • Poor mobile device management

Failure to Patch

Too often, a breach occurs because an organization has delayed patching, leaving them vulnerable to hackers. This often happens because the organization does not have a dedicated IT staff, leaving one or more employees responsible for IT on top of their other duties. Those other duties – their “real” jobs – take priority and patching jobs get postponed.

Partnering with a managed services provider (MSP) can help solve this problem and extend the strength of your IT team, whether your team is a whole department, or one person assigned with additional responsibilities. An MSP ensures patches are installed in a timely manner, but they’re also there to monitor your network 24/7.

Human Error

Clicking links and opening attachments in emails that appear to come from within your organization or from a trusted vendor cause more data breaches than we can measure. It’s possible your organization has malware sitting on your network right now that has been introduced by an errant employee and has yet to have been detected.

While we can never completely remove human error from the equation, we can drastically reduce the number of email-related data breaches by:

  • Developing, implementing, and enforcing strict zero-trust policies
  • Providing ongoing training to employees to help them recognize potential phishing scams
  • Limiting the data to which employees have access
  • Requiring multi-layer authentication that includes complex passwords and other access barriers

Download The ITeam Email Security Guide; then discover how you can transform your employees from your weakest link to your first line of defense through security training.

Insider Attacks

Insider attacks don’t account for many data breaches, but they can be the most devastating simply because of the betrayal involved. According to the 2019 Verizon Data Breach Investigations Report, insider threats are on the rise, accounting for 34% of data breaches. In one case highlighted in the DBIR, a hacker admitted that when all other efforts failed, he bribed an employee to get him inside the network.

Preventing insider attacks can be difficult; they are often only discovered after the fact during forensic analysis– and often after the employee is long gone. But you can minimize the risk of insider threats by having multiple layers of security, strictly limiting employee and third-party access to data, and by conducting regular audits. Often, insider attacks come from former employees whose access to the network was not terminated; make it protocol to immediately revoke all access to employees who leave – whether they leave on good terms or not.

Poor Mobile Device Management

Mobile phones are being used to conduct business whether you authorize it or not, so your best bet for protecting your organization is to have a highly sophisticated MDM security plan in place that includes the following:

  • Strict usage requirements that include installing your security on the device being used and requiring the use of a secure network when conducting business
  • Remote wipe capabilities to disconnect the device from your network in the event that it is stolen, or the employee leaves the organization
  • A no-tolerance policy for any employee who refuses to comply with the security requirements

Data breaches are not going away, but you can minimize the risk to your organization with strong IT security and a comprehensive disaster recovery plan. You can’t just address one of these issues; you must have a comprehensive, proactive data security program that addresses all of these risks and more.

The ITeam understands the IT security issues facing businesses in Canada. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.

How To Avoid Becoming a Repeat Defender of Ransomware

/0 Comments/in , /by

Can your system be infected with the same ransomware twice?

Technically, yes.

If your IT department does not make the appropriate corrections to your cybersecurity infrastructure following a cyber-attack, leaving your infrastructure essentially vulnerable with the same weaknesses, a hacker will be more than happy to reinfect your systems.

However, performing the appropriate updates and installing the necessary patches does not always secure you against the same ransomware either.

Hackers are using more advanced technology every day, leaving organizations susceptible to new methods of attack.

Defensive approaches aren’t enough

How To Avoid Becoming a Repeat Defender of RansomwareUnfortunately, it isn’t enough to play defence against the tactics that hackers are now using.

One infection could easily lead to another if you prove to be an easy target.

Your main concern should be your overall strength against any attack, rather than concern over the same ransomware breaching your defences twice.

For organizations that utilize constant cybersecurity monitoring and other preventative approaches to their security strategy, their systems are less likely to be infected by the same ransomware or other malware a second time.

But many organizations spend too much time repairing holes made by malicious attempts to access data, rather than reinforcing the entire IT infrastructure.

Cybercriminals are using a classic bait-and-switch

Although the ransomware used is technically not the same, cybercriminals are discovering that they can double their luck by attacking twice in the same email distribution.

Hackers distributing phishing emails will load one set of emails with one ransomware, and another set of emails with different ransomware.

This tricks the organization into thinking they have already set up defences against one strain, only to be taken advantage of hours or days later by yet another strain.

Any ransom paid to retrieve stolen information must be paid again to the very same hackers who had previously demanded payment.

Ransomware is always evolving

The answer to whether your systems can be infected twice by the same ransomware depends more upon your level of cybersecurity than the efficiency of hackers.

New distribution methods are proving successful against organizations of every size and taking a proactive approach to cybersecurity – playing offence and anticipating attacks – is the only way to truly protect your data.

First steps involve educating all employees on what a phishing email looks like, as well as establishing constant monitoring systems that can alert you in advance of breaches.

If you think your systems have been compromised by ransomware, the first step is to immediately mitigate the damages. The next step is to conduct a complete analysis of your systems and implement a proactive action to prevent future breaches and to protect your sensitive data. Hackers will stop at nothing to profit from your data; you should stop at nothing to protect it.

The ITeam understands the cybersecurity issues facing Canada businesses. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.

The ITeam Security Bulletin: WannaCry Ransomware

/5 Comments/in /by
Important information about WannaCry ransomware

You may have seen the news this weekend.
WannaCry Ransomware

Criminal hackers have released a new strain of ransomware that spreads itself automatically across all workstations in a network, causing a global epidemic.

If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation but immediately everyone else’s computer too.

The initial infection was stopped on Friday, but it has since been rewritten and is again spreading in the wild.

There are 200,000 confirmed infections in over 150 countries as of this afternoon.

While most of the damage has been in Europe, Russia and Asia, there are over 6000 confirmed incidents in North America.

According to CrowdStrike’s Vice President of Intelligence Adam Meyers, the initial spread of WannaCry is coming through phishing, in which fake invoices, job offers and other lures are being sent out to random email addresses.

Within the emails is a password protected .zip file, so the email uses social engineering to persuade the victim to unlock the attachment with a password, and once clicked that initiates the WannaCry infection. Microsoft confirms this in a blog post.

Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: “When in doubt, throw it out!”

At The ITeam we work hard to ensure your networks are protected. Technology cannot stop every threat, and the last line of defence is alert and educated users.

Please share this information within your organization and outside your organization as you see fit. If your company requires IT support in Calgary, call us for a quote.

How to Prevent Your Business From Phishing, Malware, or Ransomware

How To Prevent Your Business From Phishing, Malware, or Ransomware

/0 Comments/in , /by

You realize that the data in your business network has been compromised.

Your IT systems are infected with malware or a hacker has gained access to your private client data.

It is every manager’s worst nightmare.

How to Prevent Your Business From Phishing, Malware, or RansomwareIn some cases, a malevolent third party may have even locked your systems and demanded payment for you to access your hijacked data.

Should your current IT infrastructure succumb to one of these cyber attacks, there are a few things you can do to minimize the damage and return to business as quickly as possible.

This includes immediate shut down of your network and calling your managed services provider.

As with anything, however, prevention is the best solution, and addressing the possibility of a cyber attack now can help you reap huge dividends down the road.

Can you protect your business from phishing, malware, or ransomware?

While 100% security can never be guaranteed, you can take several steps to greatly reduce the risk of your business falling prey to one of these schemes.

The most important thing you can do to prevent such occurrences is to invest in IT security.

A good IT security team will know exactly what risks to look for and how to protect your network against them.

Furthermore, if a cybercriminal is successful in infiltrating your IT system, a professional IT team will have the tools and ability to shut down your network and restore it with minimal disruption to your customers.

Offsite backup is crucial

One thing an effective IT team will do is work to ensure that your sensitive data is regularly backed up offsite.

This means that if your IT system does fall victim to ransomware or other malware, you can simply load your data from the last successful backup and continue working.

The more frequently you back up your data, the less damage any malware attack will inflict.

Prevention is the best form of security

When it comes to securing your business, the importance of a professional IT team cannot be understated.

And the best time to take proactive steps to protect your business is now – before problems arise.

By taking the time to implement a comprehensive IT security plan, and by giving your IT professionals time to create an IT security protocol, you can help ensure that your business is protected tomorrow and beyond.

Download The ITeam Email Security Guide

The ITeam provides essential IT support to Calgary- and Alberta-based businesses, with fully managed and customized services designed to meet the needs of virtually any business. The ITeam will work with you to customize a cost-effective solution and help you develop a comprehensive IT strategy that will help you survive economically stressful times. Contact us for a free consultation or schedule a network assessment today.

Locky: New, Insidious Ransomware

/0 Comments/in /by

Locky: New, Insidious Ransomware

By now, we’re all familiar with the threat of ransomware, which accounts for nearly 20 percent of all spam.

One wrong click on a seemingly legitimate email and your network is held hostage.

Until you pay a ransom to the cyber hackers who managed to catch the unlucky email recipient off guard, your network remains vulnerable.

What Is Locky?

Locky is the latest ransomware to wreak havoc and works.

It contains a hidden JavaScript file in the attachment that evades most common malware detection software because it appears to be a harmless file.

Locky has proliferated so quickly that it now accounts for more than 16 percent of all ransomware attacks.

While the U.S., Japan, and France have been the most severely targeted, Locky has made its way to Canada.

Canadian businesses must take precautions against the threat.

How Does Ransomware Work?

Ransomware works by creating fear.

The messages are usually designed to make the recipient of the email believe that the email was sent by someone they trust.

It makes the recipient believe that the action needed to take (opening the file or clicking on the link) is necessary to conduct business and that it is an urgent matter.

Cyber hackers are clever, so businesses have to be constantly on alert.

In addition to implementing robust email security as well as offsite backup and recovery solutions, the most important step is to immediately warn staff.

It is easy to be fooled by emails that seem to be coming from legitimate sources, and once the person has clicked on the link or opened the file, there is no recovering.

Employees must learn to treat every email with caution and follow the ITeam Email security guidelines every time.

Download the ITeam Email Security Guide Here.

email security guide

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OK