Ransomware Shouldn’t Cost You a Thing
If fortune smiles on your company, you won’t ever have to deal with what we are about to discuss: ransomware. For the past several years ransomware has been a major issue for businesses, governments, and individuals. Today, we will talk about ransomware, how there are different strategies, and how some people want to put a ban on ransomware payments.
Common Types of Ransomware
As with most cyberthreats, ransomware keeps mutating, flooding the market with all types of dangerous malware. It can often be difficult to keep track of the threats. One thing is for certain, ransomware often relies on similar tactics to ultimately hold the data hostage. Let’s quickly take a look at five of the most common types of ransomware right now:
● Cerber - Cerber targets Microsoft 365 users through the use of an elaborate phishing campaign.
● CryptoLocker - One of the most famous ransomware strains that is now just a copy of the original that was shut down back in 2014.
● CryLocker - CryLocker uses a personalized ransom note using the encrypted files on a person’s computer or server. This ransomware locks a person out of their computer entirely.
● Locky - Spread through phishing, this ransomware instructs users to enable macros to read the message. Once that’s complete, the malware will start encrypting files, and demanding a ransom.
● Jigsaw - One of the worst of a bad lot. When triggered, Jigsaw will delete one or more files every hour for 72 hours. If the ransom hasn’t been paid when the 72-hour window is up, all the files are deleted.
Steps You Should Take
No business can afford to have their data encrypted, deleted, or worse. Fortunately, there are things you can do to avoid it. Let’s take a look at 10 steps that users can take to avoid dealing with any of the above threats.
1. Never click on unverified links
2. Do not open email attachments unless they are from a trusted source
3. Don’t download files from websites you don’t trust
4. Do your best to avoid giving out personal data
5. Don’t use USB or SD Card drives that you didn’t purchase yourself
6. Keep your software patched and updated, including security software
7. Utilize antivirus, firewall, and other security software
8. Use a virtual private network on public Wi-Fi
9. Backup your data onsite and in the cloud
10. Use a mail server with spam protection and content filtering software
But, If You Do Get It…
The ten tips above will help you avoid getting ransomware, but all it takes is one time for the nightmare to happen. In the past 12 months, $380 million has been spent trying to buy back access to ransomware-infected files, computing systems, and servers. At COMPANYNAME, we are of the belief that there are no good reasons to buy back your data. In your haste to get control over your data, you may consider paying the extortion fee, but here are a few reasons why you shouldn’t:
● The attack might be fake
● You may not get all your data back
● The hackers could leave malware behind
● You set a precedent that you will pay if attacked
● You are reinforcing the notion that hacking and scamming is profitable.
In fact, there are some legislatures in the US that are looking to make paying scammers’ ransom illegal. Since multiple municipalities have already gotten ransomware and paid the fine, more hackers are targeting them. The U.S. Treasury has already stated that they are firmly against payments to any ongoing extortion, including ransomware; and, in some cases, doing so may be breaking the law.
If you would like more information about ransomware, or if you are looking to get a comprehensive backup and recovery platform in place to stay proactive against a possible ransomware attack, call the IT professionals at Jackson Thornton Technologies today at 334-834-7660.
How to Monitor Your Employees’ Activities without Crossing Any Lines
Of all the contentious topics in the workplace, employee monitoring is among the most divisive. As an authority figure in your business, it is only natural that you would want to make sure that your team is working diligently—especially as they are working remotely. That being said, there are some lines that cannot be crossed you should be aware of. Let’s discuss the concept of monitoring your employees and what cannot be done.
Monitoring Your Team Without Telling Them
For starters, you can’t just start monitoring your team without informing them and obtaining their consent. This is generally illegal, and therefore should be avoided at any and every opportunity. The basic rule of thumb is this: unless you have a valid and legitimate reason to suspect an employee of acting out and are actively investigating their behaviors, you are not cleared to utilize monitoring software without informing your team that it is in place.
Therefore (as obvious as this point may be), don’t do that.
What you should instead do is be transparent with your team. Let them know that their systems will be monitored, what it is that will be monitored, and—this is the really important part—why you are monitoring their computers at all. Maintaining this level of transparency will be important to keep your team comfortable with the thought of being monitored, while you enjoy the security benefits of keeping your fingers on the pulse of your business.
Monitoring Your Team, Outside of Work
Remote work has added an extra wrench into your considerations, as it obviously gives your team an increased level of access to their work devices. So, if you no longer have simple access to and control over these devices, it makes sense that you would want to continue monitoring their computers even after regular working hours.
Here’s the problem with that: who is to say how your employees are going to use their work devices after the work day has ended, and what kind of data could you inadvertently capture through your monitoring solution? Even if it happened by accident, you could wind up capturing the access credentials to one of your team member’s bank accounts, potentially putting you in hot water legally. There are a few different methods that you can use to avoid this, ranging from banning your employees from using work devices for personal reasons to giving your team members the ability to switch off their monitoring while using or accessing personal information.
Monitoring Your Team, For the Sake of Monitoring Them
Finally, you need to have a direct reason for monitoring your employees’ activities. Whether you’re trying to identify data leaks or resolve inefficiency in your processes, monitoring can be used to help collect the information you need. However, if you want to implement a monitoring solution simply to ensure that your team members are working diligently, you need to pause and reconsider.
A good rule of thumb to follow, in terms of employee monitoring, is that there always needs to be a specific goal that serves as the purpose for monitoring your team in the first place. Otherwise, you could be on shaky ground. Using it strategically, employee monitoring can bring you significant operational benefits.
With the right strategy, considerable benefits can be brought to your operations through the right technology solutions. Jackson Thornton Technologies can help. Find out how by calling 334-834-7660.
Four Key Components of Successful Network Security
Nowadays, a business’ network security needs to be amongst its top priorities if it is to have any chance of operating without undue risk of data breaches and other incidents. Admittedly, managing this sounds like a Herculean task, but a few relatively simple implementations can help give your security a considerable advantage as you lock down your business’ future. Here, we’ve reviewed four such areas you need to focus on.
Software is notoriously imperfect, as indicated by the constant updates and patches that are rolled out for different titles and platforms. Cybercriminals are highly motivated to identify these imperfections and take advantage of them to achieve their own ends. As a result, the importance of promptly installing these packages is elevated to help avoid experiencing the ill impacts of such threats.
Many businesses will only patch after testing the update (if they manage their patches at all). While this isn’t necessarily a bad policy, it is crucial that this process happens as quickly as possible to avoid exposing you to more risk.
To state it plainly, you need to have some level of control over the security of any and all devices that connect to your business’ network—regardless of whether they belong to the company, or if they are privately owned. This will help to ensure that vulnerabilities aren’t making their way into your business by piggybacking in on devices that may have connected to an insecure network.
As more people than ever are also taking advantage of remote work, you should also make sure that your employees are able to securely access the resources they require to successfully complete their responsibilities. Again, the networks they use at home aren’t likely to be as secure as the one your business relies on should be. Implementing the use of virtual private networking to facilitate secure remote work should be considered a must.
It is also valuable to know A: which solutions you are currently using and B: how well your security best practices line up to what can be considered acceptable. This can be accomplished by contrasting your own with the levels that have been previously established.
With the information and data gleaned from such assessments, you will be better able to identify your most pressing security shortcomings and resolve them accordingly.
Of course, we can’t discuss network security without also bringing up the idea of controlling access to data based on a user’s role and associated need for the data in question. After all, someone in one department may have no need for the very same data that another department finds absolutely essential. Even more pressing is the fact that you need to ensure that only authorized users can access the network and its stored resources at all.
Many security experts have shared opinions about how best to do so, and the modern consensus is swiftly migrating away from relying solely on passwords for authentication. Instead, a shift to multi-factor authentication—where an additional proof of identity is required—has become the prevailing wisdom. This can range from implementing time-sensitive generated codes into your authentication processes, to providing your users with a hardware-based security key that will provide them with access.
Are you looking to improve your company’s network security?
Jackson Thornton Technologies is here to help. Our experts have the expertise gained from years of experience to evaluate your IT infrastructure and its protections to make recommendations as to the best improvements to make. Reach out to us at 334-834-7660 to learn more.