It’s a pretty crazy time out there, and that’s an understatement. We are all currently a part of a once-in-a-generation event that will have far-reaching economic and social effects. In fact, we are already knee deep in the changes that COVID-19 has brought with it!
Many businesses are on standby, while others have moved to a fully remote workforce worldwide. This means a greater reliance on technology. VPNs, in-home support of devices, and the reliance on applications for delivery and services have gone from already being necessary to being #1 critical infrastructure. Protecting these assets now, more than ever, is crucial for business operations.
Unfortunately, the adversary is not as keen to quarantine their efforts.
Microsoft recently released a report referencing current malware attack statistics, with findings that may make your skin crawl. Malware, specifically ransomware, has not slowed down during the current healthcare crisis. In fact, it continues to spread and propagate, targeting critical systems such as hospitals, financial institutions, and government agencies. And many of the targets of these attacks are unlikely to report, as during a time of crisis options may be limited. Such attacks can be extremely costly and can interrupt daily functions, especially remote functionality. Most of these attacks actually began before April 2020 through social engineering attacks and campaigns specifically targeting vulnerabilities on business networks, and the results of those attacks will continue to rear their ugly heads.
But it is not all gloom and doom. Yes, the “roaches are still crawling;” attackers are still out there deploying malware and causing serious harm. But businesses have a lot of options to protect themselves, and that can begin today! Here are some tips for holding the line against ransomware, and how you can keep your business online during these strange times.
One: Secure Your Endpoints
Endpoints include any entryway to the network. This can include VPNs, firewalls, and remote access software and devices. It is crucial that these things are all properly updated and monitored to the best of your business’s ability. Maintaining patches can be as simple as enabling automatic updates. Staying informed through device distributor social media and news is also a good option. Make sure that any configurations and installations are according to best practice, as many remote services have been stood up on the fly lately.
Two: Keep Your Staff Aware
The primary transport ransomware uses to piggyback into a network tends to be social engineering: spam emails, malicious links, trustworthy looking files, all built to trick users into downloading devastating material. Especially with so many users working remotely, it’s important that they recognize threats and resist tempting or convincing social engineering attacks.
Three: Apply Patches
Ransomware can’t attack vulnerabilities that aren’t there. Up-to-date patches help plug many security holes, so you can maintain an air-tight environment.
Four: Bring in the Big Guns – Hire a Professional
Sometimes it can be hard to see where the holes in your defenses may be, and where ransomware may try to crawl in and lock down a business. Professional security testing and consultation can make a huge difference! External testing can help lock down VPN tunnels and remote services. Internal testing can tie up loose ends in patching and network structure. Social engineering campaigns can help ensure users are ever-alert for threats. And having someone who can answer questions and provide clarity and realistic solutions can be invaluable.
This is an amazing time to be optimistic, to improve, and to protect your business! To talk over your security concerns and goals with an expert, contact Pivot Point Security.