Incident response planning not only helps you mitigate risk but also helps you identify gaps in your cybersecurity to prevent attack.
Read More
An organization is only as secure as its weakest access point, and certain endpoints – smartphones, laptops, and other portable devices that are often connected to public WiFi hotspots or are apt to be lost – are a weak spot for most organizations.
Endpoints are an easy target. Endpoint security is designed to thwart the most common risks these devices present, by detecting and blocking malware, as well as reducing vulnerabilities while ensuring a sensible balance between protection and user access.
Does Your Organization Need Endpoint Security?
Does your company use mobile devices? Do your employees have the ability to take these devices offsite and off-network? Would a data breach cost you customers, downtime, or lost business? If you answer yes to any of these questions, then endpoint security is something your organization should consider.
Endpoint Security and Phishing Scams
Email security is a challenge for every organization. Your employees, whose split-second decision to click on a link or open a file puts you at risk – are part of the solution. But can endpoint security help you prevent phishing attacks? As part of an overall strategy to implement multiple layers of security designed to block as much malware as possible, endpoint security can work at the device level by:
- Requiring security and monitoring software that can detect rapid file encryption, even on employee-owned devices used for work
- Making sure all operating systems used on devices are fully patched and up to date
- Whitelisting apps
- Implementing analytics that rapidly detect and block threats
Threats from phishing emails and malware, such as ransomware, worms, and bots, are a constant threat. Proactive measures must be taken to prevent existing and emerging threats, not just on your network and servers but at every point of access as well as through employee training and consistent reinforcement.
As cybersecurity remains a top concern for business leaders in every industry, taking the necessary steps to protect your organization becomes a high priority. Minimizing your risk is easier when you partner with a trusted managed IT service provider who partners with your organization, understands your needs, and provides customized solutions to ensure that you have the protection you need. thinkCSC is committed to helping you find the most economical solutions to meet their needs. For more information, contact us today.
Recently, several of our clients have been exposed to a new variant of malware which is becoming known as Crypto Locker. Antivirus vendors are working diligently to combat the virus. However, it is still possible for the malware to infect the machine even if it has current, up-to-date antivirus protection.
Crypto Locker specifically targets Word, Excel, PDF and possibly other file types. It encrypts the files and makes them unusable. Typically, a single machine (or more) on a network becomes infected. The malware proceeds to modify all of the specific files on that machine, as well as any files that machine has access to on its network, including mapped drives to shared servers. One infected machine can quickly spread, making nearly all company files stored on the network unusable.
On the machine that is actually infected, you will likely see a pop-up called CryptoLocker stating that your files have been encrypted and try to ransom you to pay hundreds of dollars to have them unencrypted.
thinkCSC would advise you to not pay them any money or give them any information.
It is unlikely that paying them will result in fixing your issue and this will likely result in fraud and other problems. It is important that these issues be reported as quickly as possible. The infected machine should be shut down and removed from the network.
On machines that are uninfected but trying to access files that have been changed by Crypto Locker, you may receive errors like ‘File is not in a recognizable format,’ ‘<Filename> cannot be opened because it is an unsupported filetype or has been damaged,’ and other variations of those messages.
The fix? In most cases, there is not one. The only tried and true solution, until Antivirus vendors are able to adapt, is to restore from backups. If you have an antiquated or untested backup system, possibly including tape backups, this could become quite problematic and lead to extensive downtime.
There are several lessons to learn from this. First, it is important to have a strong, automated backup solution that runs on a regular basis. Second, that backup solution should have monitoring and be tested on a regular basis. Third, point in time and time to restore need to be taken very seriously. If you only backup once day, you will likely lose an entire day or more of data should you need to restore. Time to restore is another important consideration. If you have to bring in tapes from offsite and then perform a restore, it will take longer before you and your data will be on working terms again. Fourth, it is always important to have currently licensed, updated Antivirus. This is a first line of defense and not a perfect solution that will stop 100% of all threats, so it is also important to have a complete protection system including email security, strong firewall, antivirus, and a comprehensive automated backup solution and patch management.
If you have been infected by this malware or would like to discuss thinkCSC’s Managed Services Program, Backup & Disaster Recovery (BDR) Solution, or any other concerns, please contact your account executive or contact us today.
Recent Comments