Cyber Attack Awareness

Mainstay Computing is seeing an increase in cyber-attacks, particularly related to ransomware.  Ransomware is a serious cyber-attack on an organization where systems can be locked, files can be encrypted and even worse, sensitive data can be stolen.  As your organization can hold very sensitive personal and financial data, the worst thing that can happen is this data being sold on the dark web, or even published on public websites.  This would not only be a serious breach of privacy, but can impose significant reputational risk for your society, and cause substantial financial hardship.

 

Of course, the cyber-criminal can make these problems all go away for a ransom fee.  They promise that a they will provide passwords to unlock your systems, provide keys to decrypt data, and ensure the data that they stole will be deleted.  Would you trust what a cyber-criminal in delivering on what they promise?

We strongly recommend that your society takes steps to reduce your risk of exposure and practice good security hygiene:

Have a good data backup procedure, including daily, weekly and monthly backups.  Practice recovery on a regular basis.

  • Ensure your server, desktop and mobile device anti-virus/malware, along with operating system updates are always current.
  • Have good cybersecurity awareness within your organization.  If your organization requires training, please reach out to us.
  • System privileges are appropriate.  Not everyone needs to be an administrator. It just takes one person with administrative privileges to become the victim of a malware attack, and having it spread throughout the network because of these privileges.
  • Administrative passwords are locked away in a safe place and only used if necessary.
  • Implement password complexity and multi-factor authentication technology.
  • Ensure firewalls do not have any unnecessary access points open.  Prioritize safety over convenience.
  • Office WiFi is secure.  Utilize other methods of securing rather than just a simple WiFi password. Ensure Guest networks are secured from the office network.
  • In this time of increased remote working, ensure remote access technologies that have been put in place are architected and implemented in a very secure way.  We have seen some methods implemented very quickly without a thorough secure design.
  • If you haven’t already, consider a move to Microsoft Office 365 for your email and files.  We also recommend the Exchange Online Advanced Threat Protection service for an extra layer of email protection.

Please work with your IT Department or IT Service Provider to ensure you have taken all the steps to reduce your risk as much as possible.  We are also available for guidance, consultation and training.  At the end of the day, nothing is 100% but doing what you can to protect your organization, clients and employees goes a long way.

Stay safe and secure!

 

Credits to BC Housing