Ransomware has spent quite a bit of time in the spotlight as a major culprit of data breaches. There is however, another threat that while not as sensational as ransomware, can be just as risky. That threat is people. Of all the data breaches reported in the UK during Q1 2016, ICO data reveals that 62 percent were caused by human error. In fact, ransomware wouldn’t be as prevalent as it is if it weren’t for people like you and me making blunders such as accessing insecure web pages, downloading infected software or clicking a phishing link in an email.
[easy-tweet tweet=”People accessing insecure web pages are responsible for ransomware being prevalent.” hashtags=”cloud, tech”]
While some might think that storing data in the cloud keeps it from being vulnerable to ransomware, they’re wrong. Ransomware can encrypt files on hardware and cloud services alike. Of course, data in the cloud is always susceptible to human error. Minimising the risk your employees pose to cloud data begins with education. However, figures from Experian reveal that only 46 percent of companies enforce obligatory security training for all employees. Among those that do offer employee security training, 43 percent only provide basic training that omits many of the serious data breach risks their businesses face.
[easy-tweet tweet=”While some might think that storing data in the cloud keeps it from being vulnerable to ransomware, they’re wrong” hashtags=”tech, cloud”]
When educating your employees, focus on the following principles to help ensure your staff follow cybersecurity best practices.
Handle data with care.
The majority of incidents attributable to human error are associated with sheer carelessness or lack of knowledge about how to properly handle data. To prevent unauthorised access to data, employees should consider who else might be able to view the information they store in the cloud. They should avoid storing sensitive data on a shared drive or cloud network that’s accessible by people who aren’t authorised to access the data being uploaded. Any sensitive data files must always be encrypted, regardless of where they’re stored.
Quickly identify phishing emails.
[easy-tweet tweet=”Teach employees to look for these common characteristics of phishing emails” hashtags=”cloud, tech”]
An unsettling number of employees are falling victim to phishing attempts. According to research from Verizon
, people opened 30 percent of phishing messages, up from 23 percent last year. Of that 30 percent, 13 percent also opened the attachment, giving malware a clear path to the network. Teach employees to look for common characteristics of phishing emails
- Poor design
- Incorrect spelling and grammar
- Requests for personal details
- Suspicious attachments
- URLs that don’t match the company’s primary domain (to view a URL without clicking a link, users can hover over the link with their cursor)
Respond appropriately to a suspected ransomware attack.
If employees suspect a device they’re working on has been impacted by ransomware, it’s critical that they stop working on the device immediately and notify IT. Ransomware wipes files within a set amount of time, delaying action could result in data loss. Even if you have backups and are able to recover your systems, restoring the production environment can take as long as a few days, which could lead to costly downtime.
For example, Lukas Hospital in Neuss, Germany, had complete backups of all systems in place, but when it was plagued with TeslaCrypt 2.0 ransomware, the hospital estimated that it would take up to 48 hours before its IT environment was fully functional again. As a result, 20 per cent of the hospital’s surgeries had to be rescheduled, and less critical care had to be temporarily shifted to other hospitals.
Apply security patches.
New security threats are continually surfacing, exploiting vulnerabilities in hardware and software. To protect their systems against these threats, users need to apply system patches immediately when prompted. Even delaying the updates by a few days could increase the likelihood of the system and network falling victim to ransomware attacks and other cybersecurity risks.
Create secure logins.
Employees need to create sentence-based complex passwords that involve special characters, numbers and a mix of lower- and uppercase letters (e.g. “To be or not to be” becomes “2BorNot2B_ThatIsThe?”).
Whenever possible, use two-factor authentication to increase security.
Avoid shadow IT.
As if the risk posed by human error and ransomware alone weren’t enough, shadow IT only aggravates the threat. Research from Cisco reveals that CIOs estimate that their organisation has 51 public cloud applications in use, but the actual number is more like 730. If your employees are uploading restricted data to an unauthorised cloud application – such as Google Drive, Dropbox and Evernote – without proper encryption, this increases your security risk.
Encourage your employees to enlist IT’s help in selecting and implementing cloud solutions. The IT department should be empowered to act as a trusted adviser rather than merely a strict policy enforcer, which will minimise the likelihood of employees resorting to shadow IT.
Follow your organisation’s security policies.
Having clear, enforceable security policies in place helps your employees know what
data they have permission to view and handle and how
they’re allowed to view and handle that data. With most UK businesses (95 percent
, according to a BT study) using mobile devices for work purposes, a bring-your-own-device (BYOD) policy is a must.
Your BYOD policy should address issues such as data security, remote management, data transfer, backups, data wipe and technical support (office or field based). If you work with a managed services provider for your IT support, ensure that the vendor can assist with developing and supporting your BYOD program.
Retrain after a breach.
Having employees who are educated in security best practices reduces the chance of unauthorised access to data as well as ransomware compromising your data and network, but it’s not a fool-proof solution. Employees do still make mistakes. Unfortunately, Experian has discovered that a whopping 60 percent
of businesses that have experienced a breach make the error of not retraining staff after a breach has taken place. If a breach occurs, review what went wrong and have your employees go through security training again, with special emphasis on weak areas.
Employees ought to observe cybersecurity best practices, but you should do your part by ensuring your IT infrastructure is designed to protect against ransomware and other threats. To protect your perimeter, implement a network solution that includes intrusion detection and prevention (IDS/IPS), deep packet inspection and perimeter anti-virus, and malware blocking.
Also be sure to back up your systems. If ransomware takes your systems hostage, paying the ransom is never recommended, as it only encourages hackers, so the key to recovering your IT environment is a reliable disaster recovery as service (DRaaS) solution that creates and updates a complete image of your system as frequently as you specify, sometimes even as often as every 15 minutes.
[easy-tweet tweet=”Whatever backup or #DRaaS solution you choose, files should remain encrypted in transit and at rest.” hashtags=”cloud”]
Whatever backup or DRaaS solution you choose, files should remain encrypted in transit and at rest. Also verify that the vendor offers service level agreements (SLAs) that ensure that your data can be restored within your recovery time objectives (RTOs) and that provide adequate recourse in the unfortunate event that data is lost.
Although ransomware is a legitimate threat and is certainly deserving of the media’s attention, often the more immediate – and more easily managed – risks can be within the organisation rather than outside it. Educating your employees and doing your part to protect your network are excellent starting points for preventing a data disaster.