How Companies Can Ensure Ransomware Protection with a Return to Work Plan
While organizations are waiting in anticipation to resume business-as-usual, a need still exists to create safe workplaces before welcoming back employees who spent the last few months working remotely. Like other organizations, we at ThinkOn are implementing safe physical distancing safeguards and protocols as part of our return to work plan to protect our employees, but it doesn’t stop there. The threat of the pandemic continues to exist on the cyber front and is expected to magnify as employees return to work.
One of my colleagues recently wrote a thought-provoking piece on why cybersecurity matters in the age of remote work. With employees returning to the office in the coming months, I believe that data security requires another look as new threats are coming into the spotlight.
COVID-19 evolved quickly and fiercely, leaving many organizations without adequate time to respond and prepare for a remote workforce. Unforeseen gaps and deficiencies in remote work protocols may have been discovered after the fact, further overwhelming IT teams who were stretched thin accommodating to the abrupt shift in their responsibilities. An unfortunate by-product of this abrupt shift is insecure communication networks, as employees worked from personal devices, disconnected from secure VPNs, and connected to public or shared networks, opening the door for malware to infect their machines.
At ThinkOn, we recognize the fact that a work-from-anywhere model is going to be the new normal for us and many other organizations. While we are preparing for a safe and comprehensive return to work plan for staff that choose to work out of the office, we are also focusing on tightening our remote work policies for the long-term. Acknowledging this workplace shift, our team recently wrote a piece with 4 simple data protection tips to support a growing remote workforce.
The Implications of Ransomware Attacks in the Age of Remote Work
The instability and uncharted new territory brought around by COVID-19 created the perfect conditions for hackers and malicious agents to target organizations across a broad array of industries. Twitter’s recent data breach as a result of a social engineering scheme served as a reminder for myself that no organization, no matter how small or large, is truly safe. Ransomware technologies are becoming more modern and sophisticated, changing the likelihood of an attack on your business to when, not if. Imagine not being able to unlock the door to your own home – that’s how businesses compromised by ransomware feel about not being able to access their critical data.
Modern ransomware strains unfold in multistage attacks which allow hackers to perform a thorough reconnaissance on a system while flying under the radar before deciding to deploy a full-scale attack. That means that workers can be using their infected networks for weeks or even months, completely oblivious to the malware that is reading, scanning, and retrieving critical data and system information to evaluate the value of the endpoint.
With a predominantly remote workforce, many compromised endpoints are deemed unsuitable targets and ransomware is not deployed. However, the dormant malware that exists within the system may continue flying under the radar until workers return to the office and connect their compromised endpoints behind firewalls. Once embedded, the malware may continue lying dormant or call home to the C2 server and trigger the attack to deploy the ransomware.
Organizations need to be on a heightened alert when bringing employees back into the office, not just for their physical safety, but also for the safety of corporate networks and critical data. Here are a few tips our IT security team recommends to ensure your return to work plan protects your organization from ransomware.
Sanitize endpoints: Before admitting endpoints into the corporate network, ensure they are compliant with antivirus updates and scheduled scans, remove unapproved third-party applications and software, and check for unusual login patterns. Patching third-party SaaS and/or cloud applications to fix bugs will also improve data security and overall usability of the software.
Network segmentation: Similar to travellers crossing borders, endpoints need to be quarantined when returning to the office. Creating a sub-network specifically for endpoints that were used remotely prevents malware from contaminating the corporate network and allows your network administrator to isolate and control incidents.
Perform regular risk assessments: Often the most threatening risk is one that you do not know exists. Performing regular risk assessments minimizes the ability of data that can be breached or exposed. An unknown data risk presents an opportunity for a breach. Actively identifying important assets, threats, and vulnerabilities will give you a better picture of the strengths and weaknesses in your line of defence and assist you in analyzing the severity and likelihood of an event.
Keep an air-gapped backup off-site: Having an air-gapped copy of the backup files off-site that is isolated from your corporate network is a sure way to ensure that your critical data is accessible and uncompromised no matter what happens on your corporate network. When disaster strikes, ThinkOn is ready to help you put the pieces back together with RansomGuard powered by Veeam Cloud Connect.
Endpoint protection system: Endpoint protection is a solution that offers security and easy accessibility to end-user devices, including laptops and smartphones. Using endpoint protection, devices can be encrypted and protected from data breaches and malware while boosting productivity through secure and easy to search file-sharing portals. One of the most popular use cases we see of endpoint protection applies to Microsoft Office 365. Aside from the inherent risk factor of relying on SaaS applications to back up your data, there is a big misconception that all data is backed up through the application. In reality, relying on Microsoft for the responsibility of your Office 365 data can leave you vulnerable to major security risks.
Cybersecurity training: As employees return to the office, a refresher on cybersecurity and data protection protocols can help reduce malware infections and assist in ensuring compliance with security policies. While a shocking two-thirds of organizations do not conduct any cybersecurity training, at ThinkOn, this a no-brainer. We undergo quarterly cybersecurity training to protect our organization and our channel. It should not be your only safety net but training your employees to recognize malicious and suspicious attempts to access their data and credentials is a safeguard we highly recommend for your business to implement.
As work-life is starting to show some semblance of normalcy as workers return to the office, organizations must be diligent about preventing ransomware attacks. ThinkOn created the “Don’t Pay the Ransom – Your Organization’s Guide to True Data Protection” eBook to help companies identify risks, create response plans, and utilize best practices to protect critical data from ransomware attacks. Check it out today and ensure your return to work plan does not include any uninvited intruders.