Protecting against ransomware and other scams

Why protecting against ransomware is important, how to fine-tune your processes, and do’s and don’ts for the best results.

Why this is a Key Area during COVID-19:

Your organization is far more vulnerable to ransomware during this crisis — scammers are out in full force. Reports put phishing attack increases at 350% and 667%, and Google recently reported having detected 18 million COVID-19 malware and phishing Gmail messages per day. Often the email content seems compelling and urgent to get your attention.

All employees should be on the highest alert. Ransomware can be hidden in compromised websites, USB drives, and unsecured wireless networks and routers in addition to phishing emails. When most everyone is working at the office, it’s easier for employees to follow best practices and for your IT department to notice anomalies. But with everyone working from home, normal routines are disrupted, stress is high, and spotting unusual activity or anomalies is harder. Everyone needs to be extra careful and eagle-eyed.

Fine-tuning once you’ve transitioned to remote working:

By now you have likely covered the basics of securing your network from bad actors while teleworking (see below for do’s and don’ts) — now it’s time to refine your strategy and catch up with compliance issues if needed. Look for any security gaps and assess how what you’re currently doing positions you to manage new threats. You can ask:

What’s working and not working with our ability to secure our team’s personal devices and verify everyone is following our security protocols? Ex: Patching employee devices, managing device configurations, backing up (only) company data, battery backups ups (UPS), security awareness training.
Are we continually reminding our team to be on the lookout for phishing and other scams and asking them to share any suspicious activity with IT?
Are we complying with all of the regulatory agency requirements that apply to us and, if we’re not, do we have a plan to get up to speed?
What improvements can we make now, over the next few months, and in the long-term to fortify our newly distributed network?

Managing the basics during COVID-19:

For a real-life example, see below.

Do’s

Warn employees about the massive increase in phishing. They need to know that the company (and themselves personally) are at increased risk for ransomware. Remind them not to open emails from unknown sources, click links or open attachments.

Double-down on your security awareness training. Have your employees bone up on their training and do internal phishing tests to see who’s vulnerable. If you’re not currently enrolled in security awareness training, look at KnowBe4, PhishLabs, Cofence, and Proofpoint.

Invest in a next-gen email protection platform. Spam filters aren’t enough anymore. You need a platform that uses baselines and machine learning.

Be aware of social engineering scams unrelated to email. Be extra skeptical of anyone reaching out about personal or financial information — these are red flags. Research any solutions you’re shopping for on your own.

Make sure your backups are air-gapped. Disconnect backups from your network — ransomware can encrypt backups.

Tell employees what to do if they believe they’ve been hacked, ransomed or targeted for fraud. Share the relevant portions of your security playbook (or Incident Response Plan, IRP) with all employees.

Dont’s

Don’t relax your vigilance on backups. Even if your IT team is busy, they should not put backups on the back burner. The ability to quickly restore quickly from backups is critical if you get attacked.

Don’t fall for coronavirus-related scams regardless of how official or harmless they seem. It’s easier to fall for a ransomware ploy when you’re worried or curious. Scams include everything from stimulus check payments to coronavirus cures.

Don’t trust unknown individuals or companies pitching services. Stick to companies with whom you already have a relationship or have a reputation you can verify.

Don’t send wire transfers without personal verification. Thwart man-in-the-middle attacks by calling to get routing and account information by voice, then ask the recipient to check the account to make sure the money arrived.

Don’t try to do too many things at once. Mistakes are easy to make when multitasking. Take the time to be vigilant.

Don’t keep concerns to yourself — even little ones. If something doesn’t seem right, let your IT department know right away. This is the IT version of “See something, say something.”

An example of how to manage this key area

A fundraising consultancy had moved a lot of IT services to the cloud and was in the process of completely integrating its IT environment. When COVID-19 struck and everyone had to work from home, it changed the way employees were accustomed to working — theirs is a collaborative, in-person culture. To stick as closely as possible to the way employees preferred to work while also protecting sensitive financial data, the consultancy needed to quickly add secure remote access for more than 80 employees. Leapfrog set up and integrated a collaboration platform and a cloud file system that can only be accessed through invitation-only, token-based Multifactor Authentication (MFA). Ransomware is not a threat because stolen credentials alone won’t grant access to the unified system.

Additional information from our blog and partners

Phishing Scams Are Skyrocketing — What To Do
Is Your Organization Ransomware-Ready?
IT Leaders: 9 Things To Expect When Recovering From Ransomware
Kaspersky: Coronavirus as a hook (new phishing scams)
Varonis: A Queen’s Ransom: Varonis Uncovers Fast-Spreading “SaveTheQueen” Ransomware