The technology landscape changes rapidly. Because of that, your IT (Information Technology) Service Provider needs to change with it. In the light of the recent cyber-attacks and ransomware, IT provider tools are being used to attack the very clients they are trying to protect. Several recent cases of IT Service Providers with poor cyber hygiene practices (What is Cyber Hygiene?) have been breached - resulting in their customers being infected with ransomware encryption.
There have been many reports of companies with In-House IT staff have been victims of ransomware. These the management at these entities were asleep at the wheel and did not know their in-house IT department was not using the best practices to protect their data.
On March 22nd, 2018, the City of Atlanta was hit by ransomware encryption that asked for $52,000.00 in bitcoin for the decryption key. The city decided to scrap the whole thing and rebuild the entire data infrastructure at the tune of $2,000,000.00. Baltimore was another city hit with ransomware encryption and instead of paying the $76,000.00 in ransomware, they also decided to rebuild their infrastructure. This happened May 7th, 2019 and they estimate up to $10,000,000.00 in costs in addition to $8,000,000.0 in lost revenue,
Let’s take it closer to home, NEO Urology located in Boardman, Ohio was infected with ransomware June 10th, 2019 to the tune of $75,000.00. According to local channel 21 news, they paid the ransom with help from their service provider and also lost $25,000.00/day in revenue. It took them 3 days to recover from the attack.
So, whether you are happy with your IT service provider or internal IT staff - you must audit them to make sure they are using the latest tools and protection techniques to avoid these costly cyber-attacks. Here are the top 10 things you need to look for to have good cyber hygiene.
- Enforced antivirus program: Every PC on the network has an Up-To-Date professional-grade antivirus program and if it is removed or becomes out-of-date an alert is generated and acted upon. This is a traditional antivirus program which scans for malware against a database of pre-determined links.
- Next-generation firewall: Not just any firewall; it must be a next-generation firewall with up-to-date subscriptions and it must be set-up to NEW standards that include State Packet Inspection and Gateway Antivirus. Furthermore, the firewall needs its settings tweaked to the latest anti-ransomware settings. The each reputable firewall manufacturer has an outline on just how to adjust the default settings to provide the latest in ransomware protection.
- DNS filtering: DNS filtering helps to protect you by running links through a large database of sketchy websites and IP addresses of the internet. Also email links are another way cybercriminals are using to get you or your employees to click on.bad internet sites. These sites also contain drive-by ransomware. Some drive-by attacks are carefully worded websites with slightly misspelled common websites like yuotube.com or criagslist.org. If your employee accidentally misspells a website URL, it could pop up a fake infection notice and try to get them to click on buttons to remove the fake infection, but it's that button that actually installs the malware. DNS filtering prevents that by warning your employees or co-workers that the link or website is malicious and not to continue to the website. Read more about DNS filtering here.
- Next-generation antivirus: Next-generation antivirus is a program that gets installed and monitored like regular antivirus but does not use a database of predetermined "bad links". Instead, it looks for patterns, back door access or elevated user privileges that could allow an attack in, Next Generation Antivirus actually shuts down those processes. This is effective for Zero-Day viruses, which the traditional antivirus is ineffective against since Zero-Day viruses do not have a pre-determined pattern or link in the most antivirus's databases.
- Antispam and antivirus filtering for all email users: 95% of companies using Office 365 email think Microsoft is filtering their email. They have just basic filter but true spam filtering is another must be layered on top for added protection. Most business email services may not include an AntiSpam layer either, so make sure you check into what level of spam filtering you have.
- Email attachment/link scanning: Every email with an attachment should be checked for links to malware or drive-by virus sites. The term Sandboxing or Advanced Threat Protection is widely used when referring to protection from malware from links, email attachments and more. The best email encryption programs create a wrapper around the link and if the user clicks on it then it checks it with databases and DNS filters before letting anyone go to the URL in the email link.
- Close open RDP ports: Remote Desktop Protocol has been widely used in the past to allow users, workers, or IT Staff to access desktops or servers from home or away. Sometimes those ports have been forgotten and are just sitting there vulnerable to a brute force password attack that can go on for days, months, or years without anyone knowing. A best practice is to occasionally scan the external network to see if any RDP ports or other ports that may have been forgetting about are open and CLOSE them.
- Software patching: Software patching of both Microsoft software and third-party applications like Java and Chrome browsers needs to be managed and up to date. If a patch fails and is not addressed, it can cause vulnerability for that device and network.
- Disaster recovery server: A full protection suite is not complete unless you have local and cloud backups with full snapshots to allow going back in time before an attack to restore data. This is not the same as backup to disk or tape. This is a physical server device onsite that is constantly backing up the onsite server and creating snapshots or recovery points. It then sends that snapshot offsite to give you true disaster recoverability.
- Enable multi-factor authentications: MFA is a technique that sends you a second code to your device or email to ensure the person logging in is indeed you. Banks have employed this technique for some time and most programs used by informational workers have the ability to have this as a final step to prevent system breaches.
At Micro Doctor IT, we not only follow these guidelines internally but also work directly with companies or IT-departments as well as IT service providers to do a vulnerability audit. We also offer free network and security assessments for any organization.
In closing, if you can’t go to your IT Department or IT Service Provider and feel comfortable that these safeguards are in place, we are able to quickly provide a free network audit to give you the results in a report you can show your IT Provider. Get your network security compliant before you become the next victim of cybercrime. Call us to have a conversation about your business's cyber hygiene at 330-898-2100 or email us at firstname.lastname@example.org with any questions you have. We would love to talk to you!
Mark Richmond, President of Micro Doctor IT
Recognized Leader in Cyber Security
MSCE, Sonicwall CSSA, NIST, PCI and HIPAA