A recent ransomware attack against the German newspaper Heilbronn Stimme raises questions related to the security of their network and the role of IT people and users within that organization.
As the infection kept spreading across devices, the newspaper reported that other child companies of the German media group have been affected by the malware.
The German company targeted by hackers is not the only one victim of a digital blackmail but more organizations will continue to be hit as along as ransomware evolves and companies do not harden the security of their systems.
And the fact that it did not happen in Westchester, or New York, or New Jersey or Connecticut, it does not mean that this story does not deserve our attention.
According to the security company Spinbackup, the 2021 cost of data loss suffered by companies in 2021 was about 20 billions, a whopping 70% increase from the 11.5 billion reported in 2019.
A company is not only made by its executives and its employees, but also by the IT technicians working in it, no matter if IT is outsourced or not.
I consider the ransomware example that hit the European network as a moment to ask my self what action the company took to foster a safer digital environment. Or in more general terms, what is the role of network security in a medium sized company?
Let’s ask ourselves some questions so that we can try to find the right solution to the problem:
Hacking a network is a profitable business and hackers will rarely hack a home network where there are 2 or 3 computers connected to the Internet. Hackers go where money is: the most luring targets for them are the healthcare, the government and the financial sectors.
So, what a small business in Westchester should do to protect its network, its assets and its data?
Also, does it cost a lot of money to protect a network from ransomware? The answer is: it depends on its size, because licenses of software products go by users or batch of users.
In this article, I am not going to talk about giving tips regarding networks that have Windows 7 computers running, because I consider it silly. Don’t get me wrong: in my opinion, Windows 7 computers should only be used in a business network only if they satisfy the following 2 conditions:
A) They are disconnected from the main network and are basically just used as type writer with no chance of sharing resources with other machines.
B) They are placed in another network after that help desk has segmented the network via a firewall or a network switch that support VLANs.
If I were called to secure a small business network, I would begin first with educating users:
1- USERS’ EDUCATION: Tech experts working for the company should educate users about the risk involved in welcoming risky actors doing social engineering and acting as impersonators. Social engineering is a type of attack that attempts to obtain sensitive information by engaging the target until the victim is deceived and a foothold is gained by the perpetrator. Impersonators, on the other hand, are people who claim to be people known by the users. Impersonators attempt to gain access to a network by the deceiving familiarity and confidence that users have with the people or companies they already know or do business with.
2- USE FIREWALLS IN THE MAIN OFFICE NETWORK: If the main headquarters are physically established in a place where users report for work every day, the office network should have a firewall that analyzes what each device does and what each application does. More advanced firewalls can scrutinize app behaviors and exclude other apps from the main network.
3- DESKTOP COMPUTERS AND LAPTOPS: users should login in their devices via a standard account and admin accounts should only be reserved to administrators. If a user tries to download and install a non approved software, the standard account will not allow him/her to do that. Also, a particular attention should be devoted to the deployment and monitoring of antivirus products and the protection of the browser because, as I said many times, one of the main port of entries for an infection is the Internet, the second being an infected email.
4- ZERO TRUST FOR USERS AND ADMINS AS WELL: Users should not be able to run media that have not been previously authorized. For example, I would disable autorun and autoplay in the Windows control panel such as shown in this picture:
and flash drives should be blocked from accessing the operating system. This video shows how to block access to flash drives on Windows 10 pro (Windows 10 Home is not supported):
Admins, on the other hand, are not good admins if they use the username ADMIN to login as administrators and disregard the 2 factors authentication.
5- USE A VPN AS MUCH AS POSSIBLE: A virtual private network is a tunneling protocol that allows users to send the Internet traffic not through the main ISP but through a more secure connection that cannot be intercepted by prying eyes. Years ago one of the main drawbacks of the VPN was that it slowed down quite significantly your Internet traffic but nowadays many VPNs have solved this problem and offer decent speeds. A small disadvantage of a VPN, especially if corporate users are working from home is that they won’t be able to use their home printer if they are connected to the VPN. Just turn it off for a minute or two (if you are allowed to by your system administrator) and you can eventually print from your printer.
6- STORE LOCAL BACKUPS IN A SECURE PLACE: First of all, small business environments should have cloud backups. Local backups should be made frequently and when they are completed, they should be removed from the network and stored in a place that is not the main office. Local backups that are not plugged into the network are not at risk of getting infected because they are disconnected from the devices.
7- SECURE YOUR BUSINESS EMAIL: Never end ever use in a small business environment an email that is usually used by residential users. Gmail, outlook.com, hotmail and aol are not safe enough to withstand the the constant attack from hackers. Invest in serious business email platforms such as Microsoft Exchange or Google Workspace. These two products offer security features and anti phishing policies that can be configured and customize to meet the network needs.
The dangers of devices exposed to the Internet can only be mitigated by evolving our knowledge of malware and by tracking evildoers. Security is not a one time task, but it constantly needs to be upgraded to meet the challenges of the difficult times we are living in.