Protecting Your Network During the Holidays – Reminders to Stay Vigilant

plugging usb to computer

As the holidays approach, employees will be traveling more. Receiving surprise gifts from vendors and colleagues will be the norm. While these are all highlights of the season, they can also pose a cybersecurity risk to your business. Here are a few ways that your employees may inadvertently expose your network to threats.

Using public Wi-Fi

With more frequent visits to out-of-town family, employees may be bringing their computers with them to keep up with work (or to have a nice escape from their relatives). Remind them that Wi-Fi networks in public places such as airports and hotels, even the local coffee shop, are often unencrypted and unprotected, making them easy targets for hackers. Hackers can easily access data being transmitted over the network. If an employee logs into your company’s network using an unsecured Wi-Fi connection, their data could be intercepted by a third party. To avoid this, make sure that employees only connect to your network using a VPN (virtual private network).

Juice Jacking

Juice jacking is a threat found in airports, shopping malls, as well as other public places where free charging stations are available for mobile devices. As a literal combination of “juice” (electrical power) and “jacking” (stealing), TechTarget defines the term as “a security exploit in which an infected USB charging station is used to compromise connected devices.”

The “jacker” uses a USB connector to load a computer virus directly onto the charging station or leaves an infected cable plugged in. Juice jacking relies on the smartphone charging port that shares the same cable as its in- and outbound data transfer.

TechTarget considers the risk of juice jacking low, however, “the attack vector is real and is often compared to ATM card skimming exploits…” So, juice jacking and card skimming rely on a false feeling of safety on the part of the victim who trusts that the compromised connectors are actually safe.

The Federal Communications Commission advisory on the dangers of public USB charging stations recommends avoiding public USB charging stations and using AC power instead. Other precautions include bringing your own charging equipment. 

When using a public charging station is the only choice, use an inexpensive USB Data Blocker (available from Amazon and other retailers). The inexpensive connector allows charging but blocks data exchange. It is a safeguard against man-in-the-middle (MITM) attacks that could infect your device with crippling malware.

Beware of “free” USB drives

Speaking of malware dangers, a cousin to the juice jacking scam is malware-laden USB drives.

USB drives and other external storage devices are common holiday gifts, but they can also be used to smuggle malware onto your network. Malicious actors can infect an external drive with malware and then give it to an unsuspecting employee as a gift. The employee may then plug the drive into their work computer, unknowingly exposing the network to attack.

There have been cases where hackers have left USB drives near the entrance of targeted businesses. In an effort to return the USB to its owner, unwary victims have plugged those drives into company computer networks and loaded malware into the system.

The best advice is never to plug in a USB drive from an unknown source, even when innocently sharing a USB at FedEx to print.  Even if you trust the source, disable the autoload in Windows, a perform a virus scan.  

Phishing threats increase during the holidays

Holiday shopping sees a huge uptick in email promotions, and unfortunately, email attachments are one of the most common ways that malware is spread. In phishing scams, the unwary victim clicks on an email link or an attached file from what appears to be a legit sender. The message can lead them to the dreaded and uncrackable ransomware. 

If an employee receives an attachment from an unknown sender or maybe it looks remarkably like their favorite online retailer, there’s a big risk that they will click it and deploy malware. Encourage your employees to exercise caution when opening email attachments and only open attachments from trusted sources.

These network threats have two things in common:

  1. They rely on user trust and the expectation that the hardware is safe.
  2. They serve as vectors for trojans, spyware, and the most dangerous of all: ransomware.

The first step in IT disaster preparedness is educating employees about the tools cybercrooks use and encouraging them to take reasonable precautions. The next step is to have a detailed plan of action when the threat becomes reality. 

What happens when you’re infected with ransomware

Realizing you are infected with ransomware isn’t always like it is in the movies. You may experience difficulties logging into certain applications, maybe you can’t access the internet, maybe your files are weirdly missing. While those alone may not confirm your suspicions, the next clue may be that the computer screen changes with a notification message that your system has been taken over by ransomware. A timer begins a count-down indicating how long you have to pay the ransom to free up your system before either a) the price increases or b) your system is wiped clean. 

Paying the ransom is a bad idea. While the understanding is that paying the money earns you the encryption key that frees up your data, this is a terrible plan of action. The FBI discourages paying ransom money in response to a ransomware attack. In fact, a 2020 ruling by the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) states most cases of paying a ransom are illegal. The payment only encourages perpetrators to go after more victims, and there is no guarantee that you will get any data back.

What you should do is wipe your system clean and restore it through backups—ideally with the disaster recovery assistance of a DRaaS (data recovery as a service) provider like Global Data Vault.

How a DRaaS provider can be instrumental in recovering from a ransomware attack

Say one of these very real threats does cripple your system? If you are utilizing a DRaaS (Disaster Recovery as a Service) provider, your DRaaS team is ready to mitigate any loss and recover your data quickly.  A DRaaS cloud solution is an essential element of both threat mitigation and enabling the organization to resume operations post-attack. 

However, spinning your systems up in a virtual environment is just one step of the process. With up-to-date backups stored off-site, DRaaS can speed up the recovery because it reduces the time to retrieve the data. Your backup strategy will include considerations like your recovery point and recovery time objectives, but your IT team still has forensic work to do on the infected system and applications to remediate the attack and prevent future attacks. DRaaS allows automatic system recovery in an isolated cloud environment so the IT team can attend to the infection. You’ll then need to restore the environment locally. 

Our DRaaS solution will leverage the backup and data replication of Veeam software to:

  • restore failed mission-essential applications 
  • minimize downtime of the infected system
  • bring efficiency to data recovery

Everyday security management

Recovering from a ransomware event is possible but doesn’t solve all the issues related to ransomware and malware threats. Managed cyber security services and managed detection and response services can provide your business with the peace of mind that comes with knowing your IT infrastructure is being monitored 24×7 by a team of certified intrusion analysts.

Dataprise’s managed security service utilizes our state-of-the-art Security Operations Center (SOC)  to provide real-time analysis and verification of log and network traffic. In the event of an incident, our IT security management team can help businesses validate alarms and follow the appropriate response procedures immediately. With Dataprise Cyber’s managed security services, you can focus on running your business, safe in the knowledge that our team is continuously monitoring your IT infrastructure.

Let’s recap

  • The holidays are a cyber criminal’s playground. The increased exposure due to travel and shopping heightens your risk of infection.
  • Juice jacking can unknowingly infect your device and steal your data. Avoid public device charging stations.
  • USB drives given by strangers or left lying around can inject malware into your computer and spread to your network.  USB drives are ideal vectors for malware infection.
  • Knowledge of the hardware tools data hijackers use is important, but we need to be wary of social engineering and scams.
  • Infected hardware and email traps are entryways for ransomware.
  • It is possible to restore your systems without paying the ransom.
  • Our DRaaS solution helps protect your business from cyber threats to your network environment.
  • Everyday network security can be a reality when using a managed cyber security service from Dataprise.

 

Conclusion

Keeping your business safe from cybersecurity threats this holiday season starts with educating your employees, runs with security monitoring, and ends with a solid DRaaS solution when ransomware or malware do sneak through. A DRaaS solution that leverages an efficient off-site data backup service can help you recover from a ransomware attack and upgrade your overall cyber security preparedness.

0 Comments

Submit a Comment

Your email address will not be published.