It’s that time of year again. The holiday season is in full swing-and so are the ransomware attacks. Threat actors don’t take time off during the holidays. You’re more likely to be the victim of phishing, ransomware attack, or a breach during the holiday season.
For 2021, Tego partner Darktrace observed that there was a 30 percent increase in the average number of ransomware attacks over the holiday period compared to the monthly average. The researchers also established a 70 percent average increase in attempted ransomware attacks in the months of November and December, compared to January and February.
The holidays are simply a perfect opportunity for an attack. Here are some things you can do to minimize your risk of having a not so jolly holiday season.
- Implement Multi-Factor Authentication (MFA). MFA is an authentication method requiring more than one way to confirm a user’s identity before logging in. MFA is one of the easiest ways to make it more difficult for hackers and adversaries to gain control of your users’ credentials. You should enable MFA so that if an adversary were to obtain a user’s password, they would need the additional authentication method to gain access. MFA can be deployed across several applications.
- Look before you click. Before you click the link in that Black Friday email, consider the source of the email. Is the email address of the sender a valid one? If you hover over the link is it sending you to a valid website? If the email seems “phishy,” don’t click the link. It could be an attempt to cipher your credentials or personal information.
- Test your backups. Having a good backup is critical should you be the victim of an attack or breach. After you have determined what data you need to back up and how often you should back it up, you’ll want to test your backup. There’s nothing worse than determining you don’t have a good backup when you need it most.
- Use strong passwords. Creating and utilizing strong passwords is another basic principle to utilize in your layered defense strategy. Passwords should be at least 16 characters long and should be a combination of numbers, letters, and special characters. Avoid using personal details in your passwords. Consider using a password vault application like Bitwarden or LastPass to house your passwords and generate secure passwords periodically.
- Identify key Incident Response staff and have them on-call. Incidents most likely occur after hours when you’re sound asleep. It’s important to have resources who are on-call and able to detect and respond to any adversaries attempting to infiltrate your environment. Utilizing a SIEM SOC solution is effective as they are available to provide 24/7 incident response at a fraction of the cost of hiring an entire team yourself.
- Review access to Administrator accounts privileges. When was the last time you reviewed your account privileges? Not everyone needs to have Admin access. Ensure that only those who truly need Admin access have it and those who are no longer with your organization are removed from all access when they off-board.
- Block and/or restrict Remote Desktop Protocol. Remote Desktop Protocol (RDP) allows you to connect to a device on your network from another device. While it may seem like a good idea in theory, if an adversary has access to your network and RDP is enabled, you’ve now given them access to any device in your network.
- Remind employees about their obligations to be secure. Creating a culture of security takes a village. Your users are your biggest threat, but they can also be your biggest ally too. Conduct annual security training with your users and encourage them to follow the policies and protocols in place to keep your environment and your data secure. When everyone is invested in security, it lowers your risk considerably.
Tego is here to help you create a strong, layered defense no matter what time of year it is. Contact us today to learn more.