We are noticing an unusually large number of sophisticated and phishing emails as well as malware, viruses, trojans, ransomware and zero-day attacks coming through email systems, websites and vulnerable internet enabled software. With email, some of these threats can even look like they are coming from co-workers or trusted contacts. Emails that look legitimate on the surface can actually carry malware that could damage our network, corrupt our data or compromise personal information.
How To Protect Yourself
Threat Protection Systems
Threat protection systems should be in place at every point of attack and should detect and eliminate threats at the gateway before they enter the network. Threat protection systems should be set up for both on- premise and cloud hosted email and file sharing systems. The combination of the following systems should be in place to protect your data from these threats.
- Best Practice Security Policies – Password policy should be in place to protect against threats that exploit weak or unchanged passwords. User rights policy should ensure users have no more that the appropriate rights needed to accomplish their work
- Antivirus Systems, Firewall’s, Web and Email Gateways should be capable of detecting zero-day exploits (unknown vulnerabilities in software) as well as inspect, filter and block Web URLs, attachments, and impersonation attempts before reaching end users. Cloud Sandboxing should be used to prevent potential threats before they enter the network. These technology systems should be configured correctly, monitored and regularly updated.
- Software Patching – Updates/patches for the operating system and applications should be implemented swiftly enough to minimize exposure of vulnerable systems. Be sure to regularly monitor for threats and vulnerable systems and be proactive about patching holes when gaps are exposed.
- Data Backup – Adequate Backup includes real-time/multiple daily backups with appropriate retention times, monitored to ensure high success rate, multiple copies of data (at least three) and a copy of the backup stored off-site
End user education
Because no security software is effective against all threats, users must exercise caution when opening emails or downloading files from the Internet. Users are the ultimate firewall for protecting systems and data from an attack.
- Users should not open unexpected or suspicious emails or attachments. Delete the email unless you are sure the source is known and trusted. If you receive a suspicious email from someone you know, double check not only the spelling of the sender’s name but also the email address and domain it came from to confirm that the sender is who you think they are.
- Be alert to password protected files, unsolicited documents with a call to action to open them, links that go to a different address than the text that displays when you hover over it and anything from foreign countries or with suspicious grammar.
- Never respond to an email requesting personal information. These requests should always be confirmed by phone or in person.
- Above all else, the single best thing you can do to keep ransomware at bay is to simply never clicking on any links or attachments in unsolicited emails.
Additionally, when required for specific compliance regulations such as PCI or HIPPA, the following should be put in place:
- Data/Hard Drive Encryption
- SSL Web Site Scanning
- Outbound Port Restriction
- Intrusion Prevention Systems (IPS)
- Vulnerability Scanning
- File Integrity Monitoring
- Log Analysis and Monitoring
Ultimately, knowledgeable IT security professionals, adequately implemented and monitored security systems and user awareness training are the best defense against these threats. A skillfully managed network and managed end-point strategy will include all of these protections.