Here are the FBI’s Best Practices for Staying Safe Online
As we covered earlier in the blog, a recent spate of cyber attacks on hospitals has brought the FBI out of the woodwork to issue a statement on the rise in nefarious online activity. In their own words, in “the last few years, targeted ransomware attacks on businesses demanding big payouts have become one of the highest-profile cybersecurity issues in the country.”
“The time to invest in backups and other cyber defenses is before an attacker strikes, not afterward when it may be too late.”
In response to the FBI’s warnings, we’ve put together a list inspired by their advice on how to stay safe online and avoid the detriment of ransomware attacks; considering they’re one of the world’s leading investigatory bureaus- their advice should be taken with some serious weight behind it.
According to the statement, cyber defense best practices include:
-Regularly backing up data and verifying its integrity. Ensure backups are not connected to the computers and networks they are backing up For example, physically store them offline. Backups are critical in ransomware; if you are infected, backups may be the best way to recover your critical data.
-Focus on awareness and training. Since end users are targeted, employees should be made aware of the threat of ransomware and how it is delivered, and trained on information security principles and techniques.
-Patch the operating system, software and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.
-Ensure antivirus and anti-malware solutions are set to automatically update and that regular scans are conducted.
-Implement the least privilege for file, directory and network share permissions. If a user only needs to read specific files, they should not have write-access to those files, directories or shares. Configure access controls with least privilege in mind.
There’s a handful more pieces of advice offered up by the FBI in their statement; there is, however, quite a lot of jargon involved that you might want to pass on to someone well-versed in tech-centric language. The short story is that organisations need to take the threat seriously, and act accordingly with due diligence and training across the board for people that might need a helping hand when it comes to keeping vital information secure in the organisation.
How You Can Protect Yourself and Your Organisation from Ransomware
The guidelines offered up by the FBI reiterate the importance of having a robust system of offline backups available to your organisation. “Having a recent backup to restore from could prevent a ransomware attack from crippling your organization,” they say. “The time to invest in backups and other cyber defenses is before an attacker strikes, not afterward when it may be too late.”
“As ransomware techniques and malware continue to evolve and become more sophisticated, even the more robust prevention controls are no guarantee against exploitation. This makes contingency and remediation planning crucial to business recovery and continuity. Those plans should be tested regularly to ensure the integrity of sensitive data in the event of a compromise,” the agency said.