The best defense is a good offense: The importance of securing your endpoints

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmagazine.com/the-best-defense-is-a-good-offense-the-importance-of-securing-your-endpoints/article/404781/

It was a typical Tuesday morning at a professional firm for which I managed
IT services. Employees arrived at the office and turned on their computers
only to find that they were locked out of their corporate and customer
files. This was no IT snafu. It was a cyber attack in which criminals
managed to sneak malware onto the system via a phishing email. The malware
hidden in the email attachment infiltrated the system and encrypted
numerous types of Windows files. This not only exposed sensitive data —
from customer Social Security numbers and corporate business plans — to
outsiders, but blocked employees from all data, effectively preventing them
from working. They were essentially locked out of files on the network and
in Dropbox accounts.

Luckily, in my more than 15 years in IT — as an IT contractor before
Peterbilt hired me to head in-house and outsourced IT services — this
scenario has been rare. Unfortunately, 18 months ago this was a reality
when the ransomware dubbed “CryptoLocker” hit businesses around the globe,
including some of our customers in Reno, Nevada.

CryptoLocker is what is known as ransomware. The malware spreads via email
attachments and infects Windows machines. Once activated, it encrypts files
on local hard drives and mapped network files. At this point, there are two
things a victim can do: pay the ransom fee with Bitcoin to retrieve the
decryption keys and hope the criminals unlock the data, or erase the system
and restore from a secure backup.

Because the impacted professional firm relied on Dropbox to store files and
hadn't properly backed up its data, the company did the only thing they
could do — purchased Bitcoin and paid the fee. Even then, the company's
data was not restored.

Less than two percent of CryptoLocker-infected organizations go through the
hassle to get Bitcoin and pay the ransom fee; and most who pay don't ever
see their data again. That leaves endpoint backup as the only solution to
proactively protect against ransomware threats. Unfortunately for this
firm, CryptoLocker caused such huge financial losses and harm to its
reputation, it went out of business in less than a year. On the other hand,
another client hit by CryptoLocker was hardly affected because it used an
enterprise endpoint backup solution (in this case, CrashPlan from Code42)
to protect all endpoint data.

CryptoLocker and other ransomware and malware pose severe threats, and
they're exacerbated by the increased use of public clouds. Employees store
sensitive corporate data using services like Dropbox and regularly move
data from work accounts to their personal accounts for easy access from
home or a coffee shop. These services lack the security features that
enterprises need, such as strong encryption and forced strong passwords.

My motto has always been “a good offense is the best defense.” I encourage
IT to be proactive about data protection, rather than reactive. Here are
four basic things IT leaders can do to help keep endpoint data secure, no
matter where it resides:

- Protect data on laptops and desktops with an enterprise-grade endpoint
backup solution.
- Provide a secure alternative to consumer-grade sync/share tools.
- Create a carefully written BYOD policy and update as needed.
- Specify data security policy controls on personal cloud accounts—you may
even wish to restrict use of personal cloud accounts for work purposes.
- Enforce strong passwords.

The saying “better safe than sorry” rings true when it comes to data
security. Malware is getting more effective at sneaking into systems,
stealing data and now even locking employees out of their files forever. A
good backup and recovery system is more than just an emergency plan for the
usual outages and inadvertent employee data deletions. It's insurance
against the financial and other losses that hit a company when the
unexpected does happen.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!