The recent WannaCry virus cyberattack has left many businesses re-evaluating their security and privacy policies and procedures to avoid falling victim as the attack continues to spread and replicate.
First National Technology Solutions (FNTS), a highly compliant, highly secure, nationally recognized leader in managed IT services, has expertise in information security and risk mitigation.
Largely, the damage from the WannaCry ransomware attack could have been mitigated by frequently patching operating systems. A patch is piece of software used to upgrade or fix a problem or a bug within an operating system. Microsoft published the main patch in March. FNTS pushed clients through its patching program sooner than it normally would have, since there were more recent vulnerabilities that were threatening security. The threat to the FNTS hosting environment is minimal due to our scheduled patching process, as well as defense-in-depth protection posture.
Businesses looking to review their security should take the following steps:
- Make sure all software is up-to-date on a regular basis.
- Frequently patch operating systems as soon as updates are available.
- Educate employees about malicious content and how to identify and avoid it.
- Limit employee access to resources that aren’t necessary for daily workflow.
User education is also extremely important, since WannaCry is spreading largely through phishing e-mails, in which users must open an e-mail and click on a link or open a malicious attachment.
Giving employees less access to resources that aren’t necessary in their daily workflow could also limit the spread of malware. The malware encrypts and spreads with the permissions inherited from whomever runs the malware.
If your business’ information is compromised do not pay the ransom. Instead, we recommend immediately removing the device from the internet and network to prevent the malware from spreading to other devices. Then, contact your information security team. Infected devices will need to be restored from their last-known working back-up. After the devices are restored, employees should change their login credentials. Before devices are reconnected to the network and internet, they should be updated or patched as much as possible to prevent the virus from infecting it again. Businesses should also ensure that their anti-virus definitions, IPS signatures and other protection features are up-to-date.
Tips for Detecting and Avoiding a Security Incident
- Align your security controls with the risk and impact to your organization and prioritize your responses and resources.
- Rely on your security automation services. Manual investigation should be used to augment existing alerts.
- Join forces with trusted third parties, internal staff, law enforcement and security tools.
- PATCH! Keep systems up-to-date and replace assets that cannot be patched or updated.
- Watch and recognize patterns while monitoring for vulnerabilities and attacks; utilize behavior analytics and trust your instincts.
- Remember, security must move as fast as your technology adoption and integration. As technology changes (IoT, big data, digital initiatives) so must your security strategy. Security should be part of the process – not an add-on.
- Educate staff and regularly reinforce training.
Suspect an incident? Know what to do next.
- Report the incident immediately to your IT security staff to determine its validity.
- Do not destroy or tamper with any evidence. This could inhibit the investigation and put you at risk for becoming non-compliant.
- Focus on the entire attack, since hackers attempt to operate and remain off the radar.
- Dig deep, investigate and take a holistic approach.
- Monitor all systems during an incident. Attackers mask motives through varying attack points.
- Act quickly and diligently. Once an incident is confirmed, activate the incident response team.
- Identify how the incident occurred, determine what was affected and prevent it from occurring again.
FNTS is available to consult your business regarding security and privacy policies. You can email email@example.com or call 800.820.6924.
With over 20 years in the managed IT services industry, First National Technology Solutions (FNTS) is a leading provider of flexible, customized hosted and remote managed services. Specializing in best of breed cloud technology and data center services, FNTS is dedicated to quality personal service, guaranteed uptime, and custom-built solutions that fit individual enterprises today, and align with their future strategic growth plans.