Current Cyber Attacks
In recent weeks, reports of SMEs that have become victims of Ransomware attacks are piling up. One of the most prominent victims in June was Heise Verlag, the leading specialist publisher of IT topics. The Heise Verlag had a modern firewall and active virus scanners that also sounded the alarm. Nevertheless, the network was down for weeks due to the attack. Since it can not be ruled out that personal data was stolen during the attack, Heise Verlag has also informed the data protection authority.
This incident has cost Heise Verlag more than 50,000 EUR.
In this article, you will find the most important steps to protect against cyber attacks.
This problem is not limited to Europe. The US city of Baltimore has been the victim of a cyber attack for the third time in three years. The last attack caused $ 18 million in damage there.
What has changed?
The Ransomware Emotet introduced dynamite phishing. This confronted small companies with perfect phishing emails. Now, you receive emails that look like they came from a real recipient (one of your real customers, an applicant, a supplier, …) while containing dangerous malware. These e-mails repeatedly tempt employees to open documents that trigger the catastrophe.
Unlike before, data are no longer encrypted immediately, but systematically exploit vulnerabilities to infect the entire network.
Once the malicious software has been started on the local network, an upstream firewall can no longer prevent its dissemination. Even the standard virus scanners have no chance against the constantly changing software.
The negligence of updates increases the risk. A current attack exploits a two-year-old security leak in Microsoft Word.
The Attacks accumulate on RDP (the remote desktop protocol) also. Do not use RDP without a VPN ever. It is ok to use RDP, but only if the connection is properly secured.
Protection from cyber attacks
Due to the new threats, the security technology of 2018 is often no longer sufficient to ensure safe operation of your network.
Modern Ransomware does not damage your data immediately. It will try to sneak into all your network and contaminate your backup before a visible damage is caused.
Why should I act now?
The key question is: “What does it cost to completely re-install your entire network, to roll back your date to a month old backup, and to reenter all data since then ?”
If this scenario troubles you, you should take action now.
This does NOT require you to blindly swap your existing security system. But you should test your current system thoroughly and close any gaps immediately.
The most important technical measures to protect against cyber attacks
- Make sure all computers and servers (including MS Office) are up to date.
Windows 7 or older and non-updated Office software is a big Security Risk. - Make sure you use not only a virus scanner, but also software that detects ransomware activity
Heise used Avira and Windows Defender. The virus alarm went off, but the core of the attack was undetected by the virus scanner.
We use Sophos Intercept-X for our customers to detect the behaviour of Ransomware and thus prevent the destruction of documents. - Test Your Protection Software.
We can simulate Ransomware’s activities to see if your protection software would prevent the attack on your data.
Only a real test gives you the basis to decide whether the existing protection is sufficient or what changes are adviced. - Check the permissions.
Make sure regular users do not have local administration rights. Systems with logged-in users with Local Administrator privileges were mercilessly infested in the Heise attack.
Make sure that you never log in as a domain administrator when analyzing or resolving a security issue.
Make sure no one (even the administrator ) does everyday work with administrator privileges. - Test your backup
Make sure no one can modify backups.
Even older backups should still be available.
Make sure the old backups are not on the same medium as your current backups. - Make sure you’re using a secure connection for remote access
Make sure none of your computers can be reached directly from the Internet using RDP (Remote Desktop).
It’s OK to work with Remote Desktop, but only if the connection is secured through a VPN connection.
The most important organisational measures to protect from cyber attacks
- Do not send Word or Excel documents by e-mail.
Find other ways to distribute the documents.
Send your document as a PDF if the document no longer needs to be edited.
We use Dropbox and communication applications like Eko for secure distribution of documents. - Train your employees to recognize phishing emails.
Warn your employees that even legitimate senders and responses to real email can be phishing attempts. - A Ransomware Attack is a data protection incident and must be documented.
If there is a risk to personal data, the DPA must also be informed.
easyGDPR helps to document data protection incidents. - security Assessment
Make sure your system is up to date.
The easyGDPR Quick Check contains many questions about data security.
These steps minimize risk and reduce the potential for damage from Ransomware.
Support by Schindler IT-Solutions GmbH / easyGDPR
Our experts are ready to support you.
- We have been a Microsoft Partner for decades and can assist you in licensing and upgrading Windows and Office.
- We check your firewall and simulate the activities of Ransomware. This gives you a clear picture of the risk that exists at the moment.
If necessary, we can also bring your security infrastructure up to date. - We train your employees and help set up safety rules for handling e-mails, data transmission and the Internet.
- We help you to establish secure transmission paths and communication channels in the company.
For questions about IT security and for DSGVO consultations, please contact us by e-mail gdpr@schindler-it.com or call us on +43 2262/67240.