In the midst of political tensions between the United States and Iran, the threat of cyber attacks on businesses and government agencies remain strong. Homeland Security has warned U.S. companies to “consider and assess” the possibilities and potential impact of cyberattack on their businesses.
Ransomware Incidents in 2019
Cyberattacks can have devastating impact on both government agencies and businesses. Right before the 2019 holidays, an Arkansas-based telemarketing firm suspended their operations and left 300 employees jobless due to a ransomware attack. Their servers were attacked by malicious software and kept their information systems locked from them for ransom. They lost hundreds of thousands of dollars due to the incident.
Additionally, the state of Louisiana declared a state of emergency in November 2019 following a cyberattack on state government servers. A new ransomware called Ryuk struck a facility belonging to the U.S. Coast Guard, affecting facility’s access to critical files.
An Alabama hospital system called DCH Health Systems quit accepting new patients after a ransomware attack on its computer systems. They paid an undisclosed sum to the attackers. After the attack was resolved, patients of the DCH Health System filed federal class-action lawsuits accusing the three hospitals of negligence, invasion of privacy, breach of contract, and breach of fiduciary duty.
Cybersecurity Best Practices
Preventing a cyber breach requires more than just the IT Department; it is an organization wide endeavor. Here are some best practices for cyber-security
- Multi-Factor Authentication
Strong passwords with keys, numbers, and avoiding obvious information like birthdays or names; are still a recommended route for security measures. However, this may not always be reliably implemented. Whether employees are using strong passwords or not, multi-factor authentication can provide an added layer of security in the scenario of stolen passwords. This added layer can be the user’s fingerprint or a text message to their phone. - Update your software and computer systems
All software applications and computer systems periodically require updates. Software and system updates can seem like a time-consuming hassle but can be a life-saver. Updates not only improve the overall function of the software/system; but oftentimes there are new bugs, and types of viruses that emerge. Updates on general software, computer systems and virus detection software can add a layer of protection against emerging cyber-threats. - Back Up Your Files
Cyberthreats often take aim at your data. That’s why it is best to secure and back up files in case a data breach or a malware attack takes place. Data can be backed up offline, external hard drive, or in the cloud. In the scenario of an attack, you will not lose your information. - Avoid strange links and emails
Phishing has been a large culprit in ransomware attacks in recent years. Phishers try to trick you into clicking on a link that may result in a security breach. Phishing comes in the form of malicious links that have viruses and malware embedded in them or in email attachments. Be cautious of links and attachments in emails from senders you don’t recognize. In the blink of an eye, your attachment download can enable an infiltration into your organization’s computer network that can prove to be devastating. - Invest in security systems
The cost of a security solution may seem intimidating to smaller businesses. A security system solution can include antivirus, malware detection, network firewall, and other products. While security solutions come at a cost, they are cost-effective in the long term because they are a preventive measure against the financial/legal costs of a cyber-breach. - Secure your print environment
All endpoint devices of the IT environment are an opening for attack, and this includes the print environment as well. Printers are connected to the network, meaning that if a printer is infected with ransomware, the entire network can be at risk of a cyber breach. When evaluating your security environment, do not forget to include print security in your security strategy. - Staff Training
Cyber-security does not end with the purchase of a strong security solution. Even with a strong security solution, bad cybersecurity practices such as opening a phishing email can leave a company vulnerable. In the aforementioned incident of the United States Coast Guard, an employee opened a phishing email which led way to a facility belonging to the Untied States military to be infected with ransomware. It is important to give your staff training, or if you are an employee; to ask for training.
The political conflicts between United States and Iran are not the only ones of the 21st century; there are and will continue to be more similar political situations. With 21st century conflicts comes cyber attacks as a weaponized tactic. Regardless of what your political views and leanings are, it is crucial that you keep in mind cyber-security best practices and solutions for your team.