Top 7 Things You Can Do to Prepare
Ransomware attacks have gone from an annoyance that the IT team talks about to an issue that’s reached the Boardroom of agriculture companies. Attacks are on the rise – there’s been an increase of 93% year over year. They are also growing in their public awareness – it used to be that the information about leaks or attacks could be kept internal but since it has such an impact on your business, it’s very hard to hide if you’ve been hit.
Agriculture Cooperatives have been hit recently with New Cooperative in Iowa and Crystal Valley Coop in Minnesota being the most recent targets of attacks. Cooperatives are an easy target because they are generally running on older, on-premise software. These attacks can be devastating based on how well you are prepared to recover from them.
If you are an agriculture cooperative leader or IT Manager, you should stop what you are doing right now and develop strategies to limit your attack surface and build a ransomware recovery strategy if you are hit. I’ve been working with top security experts and have developed a list of the 7 most effective actions you can take to prevent and recover from a ransomware attack:
1. Invest in Cyber-Security Insurance with ransomware protection
Talk to your local insurance agent – most insurance companies now have Cyber Liability policies that can provide some protection and potentially kick in if you need to pay a ransom.
2. Back up all your data to the cloud and another offline location and make sure you have practiced restoring that data
This is critical to your ability to recover from a ransomware attack – if you don’t have your data backed up, you have very little choice but to pay the ransom. Most IT folks know it’s important to back up your data but many forget to test their backups to make sure they can be restored properly. Make sure you are restoring from a backup twice a year (or more) to make sure you can get back on your feet. You want to back up your critical data to 3 places – one cloud backup service, one server at your location and one offsite location. If you do 3 backups, you can feel confident that one will be able to be restored if a crisis hits.
3. Set up multi-factor authentication for your key applications
You may have read more about how passwords are “dead”. Microsoft is now promoting a password-less approach to authentication because it is more convenient and more secure. Ultimately multi-factor authentication is much more secure than having a password. Passwords are easy to guess and they are also something people can “phish” or trick you into entering on an insecure site. With multi-factor authentication, you have to have a physical device (phone is most common), fingerprint or image of you, to log into a site. That’s very hard to spoof from somewhere in Russia.
4. Install phishing prevention software for email
Because phishing is becoming so prevalent, you want to add a service to your email that prevents the high number of fake emails that come in that try to trick your team into entering their password into a fake site. Once they have your password (assuming no multi-factor authentication), they now have access to your network as that user. If that user has admin rights to your systems, your whole environment can be compromised.
5. Install and maintain a quality firewall with proper preventative services
One of the most common points of attack is to hack your firewall at your office location. Hackers will attack you if your password is weak or if you haven’t patched your firewall with the latest software and firmware updates. VPNs are another point of entry into your internal systems that should be protected.
6. Reduce admin privileges for users where possible including limiting the ability to install software on their desktops
If a hacker is able to gain control of one of your internal accounts, they can only do as much as that person’s permissions allow. If they compromise your AP clerk and he can’t access payroll data or install software anywhere in the environment, the damage can be minimal. If the hacker compromises the CEO’s account (the most common attack point), they could potentially get access to everything in the environment, especially if they have elevated IT credentials. Limit your access so you can limit the damage an attacker can do.
7. Train your team regularly on how to prevent attacks and identify phishing emails
Hackers are counting on their ability to enter your network through a person or a hardware/software vulnerability. The best thing you can do is to educate your team on what to watch for – many companies, like ours, will train our teams to avoid phishing attacks and then launch simulated phishing attacks to see how well the team does. The better the team does avoid phishing attacks, the more secure you are.
On the one hand, you can look at the above list as daunting because it contains multiple steps you have to do to protect yourself. I look at that list and believe that it can all be done in a reasonable amount of time. Build a task force of people within your organization (including IT or your outsourced vendor) to make sure you can work to make your environment more secure. You can’t afford the interruption that can come from a ransomware attack, so limit your attack vectors and be ready to recover quickly if need be.
If you are concerned about this and would like help building a plan, let us know and we can get your moving in the right direction.