I Am the Shield that Guards: Tips on How to Protect your Association from Ransomware
Ransomware poses serious risks to associations and its members. These attacks come from malware, infect the system, and encrypt an association’s data, blocking anyone without the encryption key from accessing their information. The perpetrators of these attacks then demand a ransom of some kind, usually a sum of money, in return for the key. Caught up in these attacks, associations stand to lose a significant amount. The threats can pose serious challenges to an association’s finances, privacy, and reputation.
However, there is good news. Associations are not helpless victims in the face of ransomware attacks. There are steps that can be taken to dramatically improve your association’s defenses against attacks and increase the chances of protecting your data and the privacy of your members. Read on to learn what your association can do to minimize the risk of ransomware.
The most effective protection plans involve a total buy-in from everyone in the organization. Associations can help create an entire culture of security by providing staff with ransomware training and basic protective measures. Employees should understand the risks of ransomware and how everyone can do their part to limit vulnerabilities. Education is key, so Inform them of the major threats, like crypto-malware, lockers, doxware, scareware, and Ransomware as a Service (RaaS).
Cybersecurity training is not a one-and-done process either. Training and education needs to be reinforced and continued on a regular basis. As ransomware and other forms of malware get more advanced, so too must the defenses. Users need to be instructed about opening emails from unknown addresses or those that ask to enable macros. Ensure all staff pay attention to the tell-tale signs, and stay vigilant in the search for suspicious activity.
Create a Plan
As part of the new security culture, associations should devise a cyber incident response plan. This is a thoughtful and well laid-out plan of what to do to prevent and respond to an attack. This plan should include all procedures relating to system protection. Ensure that every system has cybersecurity applications installed and maintained, backups are scheduled regularly to ensure data is stored in more than one place, and systems are scrubbed at regular intervals. This last step verifies that unused applications and plugins are not at risk.
Limit Your Access
It may be tempting to increase network accessibility for all staff members, but limiting access can be one of the most effective ways to reduce threats, both internal and external. While internal threats represent a smaller portion of attacks, external threats require open system access to be most effective. If systems are only able to access the applications and the network services that they require, they offer a less attractive target for perpetrators and can be contained much easier if affected.
In addition to segmenting the network, associations can restrict a user’s ability to access the network from multiple locations. This not only helps protect against threats, it makes it easier to identify suspicious behavior. Furthermore, associations can limit admin access. This power should only be given on a temporary basis if and when needed and monitored closely. In the wrong hands, admin access can prove to be very detrimental. Finally, get in the habit of shutting down file-sharing services and various applications when not in use to limit the number of places attackers can access your data.
Test the Network
Once you have a plan and system in place, be sure to test and monitor the system regularly. Associations should keep an up-to-date asset and user inventory to know what they have and who has access to it. Associations might also consider monitoring traffic on the system to try to spot any suspicious behavior before anything happens. Different varieties of member management software can scan for and flag suspicious activity to make that process easier and more effective.
Associations also need to perform a vulnerability assessment. This can be done internally or via consultants that are hired to determine any at-risk segments of the network. Files should also be evaluated frequently to spot any changes. Again, different software can be added to monitor file integrity automatically. These applications can send alerts when unknown activities or changes occur in files, which allows associations to act on attacks right away.
Perhaps the most important part of an effective incident management plan is not to panic and act quickly. Under no circumstances should an association ever pay the ransom. There is no guarantee that paying up will even allow the association to regain access to their information, plus the data or the system may be compromised and paying ransoms only increase the chances that the perpetrators will continue this harmful behavior.
If a computer system gets infected, remove it immediately from the network. Report the attack to the proper authorities and begin working on finding a decryptor if possible. Online services like No More Ransom may be able to help. Then get to work on restoring the files. If your association has an external hard drive for the backed-up data, start there. Many cloud computing services allow for systems and files to be rolled back to an earlier version which may also help get back files to an unaffected state.