We hope you enjoyed the first lesson in our five part series detailing business continuity and disaster recovery strategies in the wake of the Covid-19 pandemic. The second part of our series focuses on cyber security lessons learned during pandemic.

Ontech provides IT support for Milwaukee and surrounding area businesses. In the aftermath of 2020, organizations have a heightened concern when it comes to cyber security, particularly those in healthcare, insurance or finance due to HIPAA and PCI compliance concerns.

With ransomware in healthcare (and other sectors) at an all-time high, these 5 cyber security solutions should definitely be taken into consideration to maintain a secure network and avoid downtime.

Lesson 1) Remote Work Presents Security Challenges

As the number of remote workers rapidly grew in 2020, greater Milwaukee businesses found they had less control over their workforce at a time when more control was needed.

 

This lack of control created many headaches for a wide variety of organizations and telecommuters, but those who were prepared reacted quickly, implementing controls by:

• Setting strict security standards for remote workers, including the use of business grade software, virtual private networks, enhanced password controls and the use of monitoring software.
• Restricting data only to users who need it. This least access policy has always been important, but in a remote work environment it is absolutely critical. The recognition that different departments may require different levels of access was one of the most important cyber security lessons of the Covid-19 pandemic.

Lesson 2) Robust, Modern Email Security is Critical

In a remote work environment, email takes on a new significance, supporting project updates, keeping workers in the loop and creating ad-hoc meetings. In 2020, many businesses found that email was also the weak spot in their cyber security protocols, and in the aftermath, those organizations took steps to:

• Upgrade Spam Filters: Implemented modern spam filtering methods to stop phishing attacks in their tracks. This spam filter technology integrated artificial intelligence (AI) to identify problematic messages and keep them out of employee inboxes.
• Enable multi-factor authentication: The use of multi-factor authentication has always been important, but it took on a new significance in 2020, as Covid-19 lockdowns forced businesses to send their workers home. Both Gsuite and Office 365 offer multi-factor authentication as a simple setting that can offer added peace of mind.
• Implement security awareness training: Email remains the #1 target for remote workers, and email security is an integral part of any effective cyber security protocol. It’s no secret that employees are the greatest security threat. Phishing became an even bigger problem in the wake of the Covid-19 pandemic, cyber criminals took advantage of users who were unprepared to work from home. And since phishing is often a gateway to ransomware attacks, the stakes could not be higher. One great way to remediate this risk is by testing employee awareness of phishing techniques through security awareness training.

Lesson 3) Utilize the Swiss Cheese Analogy for Network Security

When you look at a single slice of Swiss cheese, it seems pretty permeable, with lots of holes for air to pass through. But when you stack a dozen slices of Swiss cheese one on top of the other, you get a slab you can no longer see through.

This is known as the Swiss cheese analogy, and it can be applied to everything from pandemic response and public health to IT security and managing a remote workforce.

A multi-layered response to cyber security challenges created by the pandemic is essential, and you can build your own nearly impenetrable stack of Swiss cheese by:

• Having a solid spam filter in place.
• Integrating security awareness training for both onsite and remote workers.
• Integrating managed security services to patch servers, maintain IT infrastructure and keep critical systems up to date.
• Deploying advanced technology, including real-time threat detection and response, backed by cutting edge technologies like artificial intelligence, machine learning and even a 24/7 network operations center (NOC). Identifying threats before they materialize will become increasingly important in the coming years.

Lesson 4) Strict Technology Use Policies Are Becoming Increasingly Important

As 2021 gets underway, businesses are finding their technology use policies need to be stricter than ever before. At the same time, those technology use policies must also be adaptive to the needs of the mobile user, including newly remote users.

In response to this lesson, businesses everywhere are:

• Updating remote access and bring-your-own-device (BYOD) policies to address a new wave of cyber threats and give newly remote workers the support they need.
• Reassessing their corporate IT security architectures, along with support needs for remote workers and remote access. In response to the challenges of the Covid-19 pandemic, businesses are increasingly adopting mass scale changes that incorporate risk/context-based mechanisms for security authentication.

Lesson 5) Secure All Tools and Credentials

The security of tools and user credentials has always been important, but just how vital it is will be an enduring lesson of the Covid-19 pandemic.

To implement this lesson, we encourage greater Milwaukee organizations to:

• Use secure communication tools like Microsoft Teams. Take steps to secure these tools through the use of multi-factor authentication.
• Keep software up to date, ensuring hackers cannot exploit easy to overlook technology tools like webcams and microphones.
• Use password managers along with best practices for password use including minimum length and complexity requirements, disallowing the reuse of credentials, denying bad passwords and prohibiting the sharing of passwords.

If your greater Milwaukee area business has questions about any of the topics discussed today, please feel free to call our support team at 262-522-8560 or send us a message online.

We hope you enjoyed this look at the five biggest cyber security lessons of 2020, and we encourage you to check out the next piece in our series. Part three of our five part series will be on the Availability of Data, a critical subject for anyone doing business in 2021 and beyond.

Unsurprisingly, the healthcare industry has been struggling under the weight of the COVID-19 pandemic. But this year, we saw another threat to the solvency of cash-strapped hospitals, medical clinics and other providers that could put their survival and the well-being of patients at risk.

This threat is none other than ransomware and it has now massively infiltrated the healthcare industry. In October earlier this year, the FBI issued  a warning about the impending threat that ransomware poses to the US healthcare system.

And while ransomware may not be life threatening the way COVID-19 is, the results of a ransomware attack can be truly devastating for hospitals, medical professionals and even patients themselves.

Why Target Healthcare Organizations?

The reasons behind this is simple. Hospitals and medical clinics are often viewed as “soft targets” by perpetrators of ransomware attacks. They know hospitals can’t afford to have their IT infrastructure compromised, and even a short-term outage could put the lives of patients at risk.

At the same time, hospitals are struggling with monetary shortages, especially in the wake of the COVID-19 pandemic and the cancellation of elective surgeries and other revenue-generating procedures.

With tight cash flow, few hospitals have the resources to field an entire IT team. The resulting lack of experts puts them at risk.

The statistics behind ransomware in the healthcare industry are startling enough to spur every healthcare administrator into action.

Healthcare Cybersecurity Statistics in 2020

• Over the past five years, ransomware attacks have cost the health care industry more than $160 million, a significant problem in a world of rising hospital and medical costs.
• Data breaches are far from isolated incidents. Nearly 9 in 10 healthcare organizations experienced a breach in their cyber defenses in the past two years alone.
• Hospitals depend on connected web applications to deliver critical patient care, but nearly all of those apps are vulnerable to ransomware and other forms of cyber-attacks.
• More than 80% of healthcare professionals surveyed said that cyber security was one of their biggest concerns.
• According to a recent survey, nearly one quarter of ransomware victims in the healthcare field admitted to paying a fee to get their data back.

The fact that so many healthcare organizations are willing to pay ransom is exacerbating an already bad situation and increasing the threats for everyone else.

The results of a ransomware attack can be dire, not only in terms of patient care and safety but in terms of fines and fees. Healthcare organizations that lack a vigorous cyber defense are leaving themselves open to millions of dollars in governmental and private sector penalties.

The Greatest Ransomware and Cyber Security Threats to Healthcare

Not content to merely disrupt an operation, the latest wave of ransomware attacks focus on taking networks down completely, putting patient care and hospital operations at risk.

Surprisingly, many of these threats are still coming by email, with phishing attacks, targeted spear phishing attacks and broad spectrum messages designed to capture the largest number of victims. These targeted emails are becoming increasingly sophisticated, allowing them to slip through even the most rigorous spam filters.

How to Stop and Reduce Cyber Threats

The dangers posed by ransomware is expected to quadruple over the next few years. But healthcare organizations are not helpless in the face of this onslaught; there are steps that hospitals, medical clinics and private doctor’s offices can take to protect themselves and reduce their risk of being victimized.

Reduce the Risk of Ransomware with Security Awareness Training

With users being the weakest link, security awareness training is the number one thing healthcare organizations can do to protect themselves.

With this innovative cyber security solution, healthcare organizations can schedule simulated phishing campaigns to test their own users on a quarterly basis, targeting various parts of their organization in a deliberate and highly effective manner.

Financial spoof emails can be sent to the hospital accounting department, while fake shipping and receiving invoices and UPS and FedEx updates can be sent to shipping and receiving to test their security awareness.

This type of training is critical given the current situation and the growing dangers that healthcare organizations now face. Even today, a surprising number of employees continue to fall for phishing emails targeting widely used products like Office 365 and Google.

Good spam filters work by recognizing when the name and email address does not match, and this is a good first step for healthcare organizations that want to improve their safety. Spam filters can help by reducing the number of phishing emails and ransomware attempts that make it through, but a layered security approach is the ideal approach.

The reality is that one cyber security solution is not enough. Think of the Swiss cheese analogy where one layer is stacked on top of a second layer, on top of a third layer so that cyber threats would need to penetrate multiple layers before getting through to your network.

How to Spot Phishing Emails

Healthcare organizations can protect themselves from ransomware in the following ways:

• View your email inbox with skepticism. Take the time to read incoming messages and report suspicious emails to your IT department or managed IT provider.
• When it doubt, pick up the phone. Call the apparent sender of the email to verify authenticity. (i.e. If you receive an email from the bank, call the bank directly to make sure the message is real.)
• Educate yourself about the kinds of spoof emails that are out there. The threats you and your staff face will be key to an effective cyber defense.

A proactive cyber defense that includes security awareness training, the use of quality spam filters and reliance on experienced IT managed service providers will be key going forward.

If the healthcare industry is to survive not only the COVID-19 pandemic but also the ransomware epidemic, a smart, proactive layered security approach is necessary in 2020 and beyond.

Local government cyber security is facing a serious epidemic that threatens to drain funds, upend budgetary assumptions and leave communities without the services they have come to rely on. This epidemic is none other than cyber crime and the problem is growing worse with each passing year.

As the private industry beefs up its cyber defenses and employees become more cautious about clicking links and answering unsolicited phone calls, hackers have changed their tactics and targeted a new class of victims – local government.

The statistics speak for themselves.

Cyber Security Statistics for 2020

Unfortunately, government agencies are now the most frequently targeted organizations, suffering more than 15% of all cyber-attacks in 2020. Cyber criminals know that a successful cyber-attack on a local government will have an outsized impact, and that can increase the odds of a payout.

For example, when the city of Atlanta was targeted with a ransomware attack, millions of ordinary citizens were impacted for weeks while employees and IT experts struggled to bring their systems back online.

Ransomware in particular is an insidious problem and infections are spreading rapidly. In 2020 alone there has been a nearly 50% increase in the number of ransomware variants in the wild, making it difficult for non-IT experts to protect themselves and their systems.

In just the past year, cybercrime has affected a number of local communities including large cities, small towns and even unincorporated rural areas. No one, it seems, is immune from the dangers of cybercrime.

Aside from political upheaval and a global health crisis, 2020 also ushered in a new age of ransomware attacks aimed specifically at municipal governments already struggling under the weight of the COVID-19 pandemic.

Cyber Threats: Obstacles Local Government Organizations Face

Cyber criminals are well aware that local government organizations often lack the resources to fully protect themselves from known and emerging threats.

Some of the challenges municipal organizations face include:

• Limited budgets and lack of funding: Local governments often lack the resources for a robust cyber defense which leaves them vulnerable to hacking and ransomware attacks.
• Lack of IT expertise: Few local governments have dedicated IT staff in place to resolve vulnerabilities or offer security recommendations.
• Insufficient cyber awareness: Municipal staff are skilled at what they do, but similar to the private sector, employees lack the training, knowledge and awareness to distinguish legitimate emails from phishing attempts.

Maintaining Personally Identifiable Information (PII) Compliance

While it is important for local governments to prevent losses, PII compliance is also a consideration.

• Municipalities can be held liable when someone within their organization becomes aware of an issue and the organization fails to take action.
• For local governments that accept credit card payments, PCI compliance is vital. Many municipalities fail to comply because they are unaware of how this type of compliance works and why it is so important.
• Using a free email service like Hotmail or Gmail can put local governments at risk. If these email systems must be used, proper tracking technology is essential. Every piece of email that flows through the municipal system, no matter what the platform, must be carefully tracked and archived.
• Care must be taken when publishing agendas, meeting minutes, resolutions and other information online so this information is freely available and accessible to the public.

The 3 Most Common Ransomware Attacks

The details surrounding cyber-attacks vary greatly which makes prevention particularly difficult since the game is always changing. Three of the most common ransomware to watch out for are Ryuk, CryptoLocker and Cryptowall.

Should You Pay the Ransom?

With any luck, your municipality will never suffer a ransomware attack, but if you do, like so many others, you’ll find yourself with an important decision to make.

Should you pay the ransom, or should you refuse the extortion attempt and work to rebuild your systems from backups and other available resources?

At first, paying the ransom may seem to be the path of least resistance, but there is no guarantee that payment will end your problems, or even get your files back. You are dealing with criminals after all.

Some hackers will destroy your data just because they can, even if the ransom is paid. Even if you do pay and get the decryption key, the attackers might only give you 80% of your data back – or perhaps nothing at all.

 

But consider this: paying the ransom may actually harm you more in the long run.

When you pay the ransom and get the decryption key, that key could actually contain a beacon that leaves what hackers call ‘breadcrumbs’.

These breadcrumbs identify you as a ‘known payer’ and basically flag you as an organization that is likely to pay the ransom a second time. Before you know it, a few months down the road they send out another piece of malware that searches for the beacon and they target you all over again.

Does Cyber Liability Insurance Help?

Even if you have cyber liability insurance, paying the ransom and filing a claim will drive up your premiums and hurt your budget in the process.

If you want to protect yourself and your citizens, we encourage you to contact Ontech Systems to assess your vulnerabilities and take appropriate action.

The Average Financial Loss

The results of cyber-attacks can be devastating for local governments and the communities they serve. A single cyber-attack can disable systems for weeks on end, leaving those who rely on local government services scrambling for assistance in an already trying time.

For local municipalities, the losses can be devastating. In the last few years, the average ransomware payment has nearly doubled, and that trend is only accelerating. Hackers go where the money is, so naturally this has led to a significant increase in ransomware attacks on local governments.

How Local Governments Can Prevent Cyber Attacks

In short, prevention is the key. Recovery from a ransomware attack or cyber breach can take months and cost millions of dollars, and no local government wants to be put in that position.

If you want to protect your local government organization from the growing danger of cyber-attacks, consider these 8 steps to get started.

1) Data Backup: Become Ransomware Proof

One of the best ways to guard against data loss in the event of a ransomware or cyber-attack is by creating a robust data backup plan.

2) Managed Security Services

Consider managed security to reduce risk and uncover potential vulnerabilities before they become serious threats. Ontech Managed Security includes a ransomware guarantee as long the solution is running on your network.

3) Take a Proactive Approach

Take a proactive approach to antivirus protection and systems patching, either through a managed IT service or on a regular basis manually.

Be prepared for future compliance regulations. More compliance is expected to be coming down the pipeline, so taking steps toward securing your network now can ensure you’re protected and not vulnerable to fines or violations down the road.

4) Regular Risk Assessments

Conduct a third party network security assessment. Ontech recommends regular network risk assessments every 1-2 years to maintain a secure local government network.

5) Clear Separation between Network Components

Confirm there is a clear separation between servers, networks and environments. Separating the various aspects of operations can be critical to mitigating damage should a cyber-attack occur.

6) Cyber Security Basics

Don’t overlook low cost solutions and cyber security basics to avoid potential threats. Some actions, like requiring strong passwords, security awareness training or limiting employee access require little to no investment. Use this cyber security checklist as your guide to protection and compliance.

7) Cyber Liability Insurance

Purchase cyber liability insurance to protect your organization, your employees and the people you serve.

8) HIPAA Compliance (Where Applicable)

If your local organization has a health department, ensure they are HIPAA compliant. HIPAA compliance is a big deal for local governments with dedicated health departments.

More Than Just Monetary Damage

In a growing number of cases, the perpetrators of ransomware attacks are now corrupting databases, erasing critical files and wreaking havoc on municipal networks, all while they await their ransomware payments.

The result is often millions of dollars in financial losses, along with thousands of invaluable, confidential records.

By the time the ransomware payments are received, often in untraceable virtual currencies like Bitcoin, extensive damage has already been done, and some of that damage may be irreversible.

For this reason, we always encourage local governments to take a proactive approach to fighting cybercrime. It is not enough to wait until the demand has been sent; mounting a robust cyber defense now is more important than ever before.

Whether you need assistance evaluating your network or you have questions about local government IT services in general, please feel free to reach out to our support team online or by phone at 262-522-8560.

The way people work has changed dramatically in recent months. As the coronavirus crisis raged on and lock downs went into effect, employees everywhere were sent home in droves.

Armed with their laptops and some rudimentary training, that new army of telecommuters were left to their own devices, forced to set up home offices, act as their own tech support and somehow protect the intellectual property of their employers. Is it any wonder targeted phishing attacks and ransomware demands came rolling in?

The simple answer is no, and now businesses are seeing the results. Now that the dust has settled, it’s time to revisit the best practices that can make working from home safer and more secure. And since October is Cyber Security Awareness Month, now is the perfect time to introduce and reinforce those lessons.

Best Practices for Working Remotely

Here are six best practices all home-based workers can follow to secure their data while working from home.

1) A Secure Internet Connection

When you work from home, you are entirely reliant on your internet connection, and the safety of the data you work with is only as good as the security of your connection. If you want to work safely at home, you need a secure internet connection that is safe from prying eyes.

Work from home employees should ideally use a virtual private network (VPN) or a LogMeIn product to connect to the company network. These products create a secure tunnel through the internet, protecting intellectual property and proprietary data from unauthorized access.

2) Control Access to Company-Owned Devices

Access control is critical for all home-based workers, but maintaining that control can be difficult. In office-based environments access control is relatively easy, but at home there are roommates, spouses and children to worry about.

It is important for businesses to secure the devices home-based workers will be using. They can build in automatic screen locks, robust passwords and other safety measures. Encrypting hard drives and changing from default passwords and multi-factor authentication are additional steps businesses can take to protect work related devices – regardless of what environment they are used in.

3) Determine the Access Devices Have to the Business Network

The devices your home-based workers use will obviously need access to both the internet and the company network, but the level of access they are granted matters a great deal. Allowing those devices too much access or a higher level of access than is absolutely necessary is extremely risky.

It is best to follow the principle of least possible access when it comes to connected employee devices. Workers in the accounting department, for instance, do not need access to files created by the marketing team.

4) Consider the Endpoint

Security for home-based workers is a multifaceted issue, and it demands a multifaceted approach. If you want to keep your workers and data secure, you need to make sure the endpoint is properly protected.

If you have adopted a bring your own device (BYOD) strategy for your remote workforce, you will need a plan to secure those devices, including applying updates and running antivirus and anti-malware software. If workers are using company-provided devices, you will need a plan to keep those devices secure and up to date as well.

5) Backup Your Data – and Test Your Backups

No matter where your workforce is located, it is critical to back up your company data on a regular basis. If you do not have a solid backup plan in place, you are living on borrowed time, and sending your workers home will make an already bad situation that much worse.

It is vital that you have a backup plan in place that includes daily backups, real time backups for your most vital files and ongoing testing of the backups you create. It is not enough to have those backups; if you want to protect your business, you need to know those backups are working the way they should.

6) Keep Business and Personal Devices Separate

When employees are working from home, there is a strong temptation to simply use the devices they already have. Some companies have reinforced this, drawn by anticipated cost savings and other supposed benefits. Even so, there are real reasons to keep business and personal devices separate, including enhanced security and a reduced risk of outside intrusion.

If you are looking for an easy way to enforce that separation, Maas 360 could be the answer. Maas 360 is a product designed to handle mobile devices and laptops, and once the solution is implemented you will know what is happening with everything installed on that device.

Whether your kids installed software for their online classes or your spouse downloaded a sports betting app, Maas 360 will make the appropriate adjustments.

A remote, home-based workforce can have a number of benefits for your company, but there are risks as well. Hackers are already targeting telecommuters with phishing attacks, and the problem is only expected to get worse.

If you want to protect yourself and your remote workforce, utilize these six best practices and contact us if you need guidance or support.

Ontech’s support team is standing by to ensure your workforce and IT network can remain secure during this challenging time. Call 262-522-8560 with questions or to get remote workforce support today.