Trust EVERYONE is ready for Christmas holidays!
This season is extremely lucrative for companies, and cybercriminals also look to collect a decent Christmas bonus. Since the last couple of years, there has been an exponential rise in cyberattacks during this period, mainly on December 25 and 31. During these cyberattacks, important files are encrypted, sensitive information is copied, or confidential business transactions are monitored. Ransomware, spyware, and viruses manipulate or damage operational and production processes, which can cause considerable financial and reputational damage to the companies targeted.
Again this year, Cybernetic Global Intelligence is alerting everyone and requesting that they prepare themselves to avoid cybercrimes.
Here are a few tips from our security experts for staying cyber-safe and secure this holiday season:
1. Full backup on tape drives (not on NAS):
Kindly have full backup on tape drives (and not NAS). If backup tapes are in the tape library, then those can be encrypted during ransomware attacks. Hence, disconnect the tape library from the network or remove the tapes from the tape library. If you have a full backup on NAS, then disconnect NAS from the network.
We always recommend that you have a full backup of critical systems on the tape drives and test the backup before going on vacation.
2. Disconnect the systems and applications that will not be in use during the holidays.
Before going on vacation, turn off all the systems and applications that are not required.
If a company has declared official holidays, then you can turn off the network switches or unplug the network cables. During ransomware attacks, it will restrict the spread of the ransomware.
3. Turn off the DR and Branch Offices Site Link:
If you have a DR site, then you can stop the replication during the holidays. You can unplug (not disable or shut down) the DR link to avoid viruses spreading and causing damage to the DR site. The same way you can think of isolating your branch offices.
Kindly monitor the antivirus dashboard to:
Ensure all systems (desktops, laptops, servers, etc.) have licensed antivirus solutions.
Ensure all systems have received the latest virus definitions.
Antivirus is not disabled on any system.
Check for alerts related to a virus infection.
Ensure all antivirus policies are deployed on all systems.
NOTE: Run a full system virus scan on all systems every alternate day.
5. Implement multifactor authentication to access the administrative console of all systems, like firewalls, security solutions, AD, applications, user management portals, VPNs, etc. Multifactor authentication is a must for all admin-privileged user accounts.
6. Force Everyone to Change the Password:
Create a strong password policy and force everyone to change their password before going on vacation.
The same thing applies to all admin privileged accounts created in Active Directory, servers, desktops and laptops, network devices, applications, databases, security solutions, etc.
Kindly change them before going on vacation.
7. Monitor the network activities:
Even on vacation, kindly ask your SOC team to monitor the logs for suspicious activities.
8. Do not allow personal computing devices to connect to or plug into your network. Use only secure, company-provided systems.
9. Do not allow access to personal emails on your systems.
10. Don’t use open Wi-Fi networks.
11. Be extra vigilant about phishing emails.
Festivals are the events that attract public attention. Cybercriminals lure us with discounts and promotions and appeal to our inner bargain hunters. It should come as no surprise that phishing emails in the name of major brands such as Amazon are particularly common. Last year, we observed an increase in phishing emails in the name of Amazon between November and December.
Malwares like LockBit 3.0, Rhysida, AvosLocker, Snach, Snake, Royal, Emotet, Trickbot, and Grandcrab are increasingly finding their way into the email inbox of organisations.
CEO fraud, forged invoices, and fake application emails are the most common methods used by cybercriminals to smuggle malware into corporate systems.
Kindly inform all your employees, including board and executive team members:
>Don’t click on unknown links or unwanted emails.
>Don’t click on pop-up ads from unknown sites.
>Don’t download attachments from unknown or suspicious emails.
Ask your accounts team to confirm the account details or invoice confirmation before processing any payment. In a few instances, the accounts team received phishing emails from their CEO to process the invoice immediately.
12. Inform your respective reporting managers and the cyber security team immediately about suspicious emails, suspicious activities, or compromised passwords. You can call 1300 292 376 to contact Cybernetic Global Intelligence’s cyber experts, or send an email to email@example.com.
Once again, I wish everyone a safe, happy, and prosperous Christmas and New Year ahead.