Last week the Colonial Pipeline company, which operates a pipeline that carries gasoline, diesel fuel, and natural gas from Texas to New Jersey, announced that ransomware hackers had hijacked the company’s systems and forced it to shut down its pipeline.
This crippling attack against critical infrastructure comes in the midst of an escalating ransomware epidemic: Hackers have digitally crippled and extorted hospitals, hacked law enforcement databases and threatened to publicly out police informants, and paralyzed municipal systems in Baltimore and Atlanta.
Ransomware can take almost any organization hostage. These attacks generally begin when an employee opens an email attachment or visits malicious or compromised websites. This action will install code on the computer that gives attackers access to your network. They can then lock you out of your own files and demand a ransom payment for the key to unlock the systems.
YOUR BEST DEFENSE
A human firewall is the best line of defense against ransomware and other cybercrimes. Unfortunately, humans are also your biggest risk. Here’s an easy example: Your human firewall is that part of you that says, “This is too good to be true” when a Nigerian prince wants to send you money via bank transfer.
That’s an old example, but cyber criminals are devising new and more subtle ways to breach our human firewall. Cybercriminals only need the tiniest bit of information to exploit your network. While cybersecurity software can protect your systems, humans aren’t always good at spotting threats.
THE THREATS YOU FACE
Most of us probably think of hacker like we see in Hollywood movies- leather-jacketed hipsters staring at a screen, frantically typing commands or guessing a victim’s password from a random piece of information. The truth is much less glamorous. Most hackers are indiscriminate- sending out as many attacks as possible, hoping someone will fall for their tricks, or looking for a target of opportunity.
The most common examples include:
Phishing
Phishing Attacks are probably one of the most common ways someone will fall for a scam. An example is an email informing one of your employees that their Facebook page will be disabled unless they click on an embedded link. Understanding which phishing scams are currently in circulation can really help to avoid falling for them.
Malware
Malware is typically installed when you are browsing a compromised website. Even a site you visit frequently can fall victim to a hack, leaving you vulnerable to attack when you visit. Training employees on how malware works, and the tricks they use to get you to install it, can go a long way to fight this type of vulnerability.
Lost or Stolen Devices
One overlooked area that opens your company up to malicious attacks is theft or loss of devices. Bringing your own device to work has become extremely commonplace, especially now that many people have started working from home on personal devices. If more companies enforce security measures on these devices, they can help protect the company in the event of loss or theft.
BUILDING THE HUMAN FIREWALL
A little bit of education can go a long way when building your human firewall. Get the employees at your company on board with protecting your company's network. Security is in their hands, and they should understand that fact.
Of course, security training can’t just be a one-time initiative that gets forgotten after a week. It needs to be ongoing and should test the employees’ ability to spot a scam. Many programs, like the one we utilize for our clients, will send regular phishing emails to test an employee’s skills at recognizing them. If the link in the email is clicked, they are brought to a training page to help them understand what their mistakes were.
As for security measures, you can support your human firewall with technology like Multi-Factor Authentication (MFA). MFA gives employees an extra layer of security for when they do fall for an attack. While having this in place will prevent most of the malicious attempts to login to the employees account, it is not foolproof. As MFA rises in popularity, attackers are now smart enough to ask for the code as soon as the employee is handing them their credentials so they can use the code that is sent right away to gain access.
As more and more people work from home now, using a personal device is becoming more prevalent. These devices could already have malware on them and might not have the proper security in place to access sensitive company data. Issuing devices to remote employees can really improve the entire security of your company.
With company-supplied devices, you can install the necessary security tools needed to keep the device secure and you will also be able to install other management and maintenance tools to make sure the devices remain up to date to prevent a malicious attack on your company data.
If you would like to learn more about cybersecurity education, training and technology for your workforce, contact the experts at Elevity.