Skip to main content

Why people are as big a cyberthreat as ransomware

Ransomware might be one of the most popular trending topics in cybersecurity news, but sadly it’s not the only cyberthreat you should be keeping an eye on. There’s another culprit that tends to slip under the radar: people.

People are responsible for making errors such as accessing an insecure web page, downloading infected software or clicking a phishing link in an email. In fact, ICO data reveals that of all the data breaches reported in the UK during Q1 2016, 62 per cent were caused by human error.

According to separate research by the University of Portsmouth, fraud and human error are costing UK organisations £98.6 billion a year. Unfortunately, the real-world figure is likely to be even larger, as of course the research doesn’t include undiscovered or unreported instances.

So how do you protect your data from not only malicious attackers wielding ransomware attacks but also people who press the delete key when they shouldn’t? Try these quick tips as a starting point:

Back up data

Backing up data is the first step in protecting it from sudden incidents, including ransomware. If despite your best efforts, an employee or malicious person deletes your data, you can restore the files and prevent a significant impact on business operations if you have current backups. If your systems are taken hostage by ransomware, rather than paying the ransom (which is never recommended, as it only encourages hackers), data backups are the key to being able to regain access to your files. However, not all backups are created equal – older setups may only back up data out of hours, so you may lose a day’s worth of data in this instance. The key to ensuring the minimum of business data loss is to use a reliable disaster recovery service that creates and updates a complete image of your system as frequently as you specify, sometimes even as often as every 15 minutes.

A good example is the BlackVault Managed Recovery Platform, an off-site data backup and disaster recovery as a service (DRaaS) offer based on provider ITS’ private cloud platform or a data vaulting appliance stored on-site at the customer’s location. There’s even a managed firewall service module called BlackVault Guardian, which provides considerable additional security against external threats, including intrusion detection and prevention (IDS/IPS), deep packet inspection and perimeter anti-virus and malware blocking. This level of external malware protection is certainly a desirable step in dealing with ransomware.

Whatever backup or DRaaS solution you choose, it’s worth checking that the vendor or your managed service provider’s service level agreements (SLAs) provide adequate recourse in the unfortunate event that data is lost.

SLAs ensure a certain level of protection that a vendor’s terms of service cannot, as these standardised terms can often change without your being aware. One man, a distinguished lecturer for a content network, found himself in this unfortunate scenario when he one day discovered that his cloud vendor had intentionally deleted more than five years of archives for 15 retired machines. Only after lengthy back-and-forth discussions with the vendor’s tech support did he discover that the corporation’s retention policy had changed. Fortunately, the backups were eventually restored, but without his persistence, they could have been permanently lost.

Particularly important in DRaaS selection is to ensure that the vendor can restore your data within your recovery time objectives (RTOs). For example, Lukas Hospital in Neuss, Germany, had complete backups of all systems in place, but when it was plagued with TeslaCrypt 2.0 ransomware, the hospital estimated that it would take up to 48 hours before its IT environment was fully functional again. As a result, 20 per cent of the hospital’s surgeries had to be rescheduled, and less critical care had to be temporarily shifted to other hospitals.

The moral of this story is that having adequate backups but insufficient RTOs to meet your business needs may be nearly as damaging to your business as no backup at all.

Beware of shadow IT

Shadow IT has become almost as much of a buzzword (or buzzphrase) as ransomware, and for good reason – research from Cisco reveals that CIOs estimate that their organisations each have 51 public cloud applications in use, but the actual number is more like 730. If your employees are uploading restricted data to an unauthorised cloud application without proper encryption and without the organisation’s knowledge, this increases your security risk.

Creating a strong security culture (this will be addressed more below) in which the IT department strives to address security issues while acting as a trusted adviser will encourage users to enlist IT’s help in selecting and implementing cloud solutions.

Educate employees about security best practices

In spite of widespread industry acknowledgement of the importance of employee awareness, studies show that it is still low. According to figures from Experian, only 46 per cent of companies enforce obligatory security training for all employees, and a whopping 60 per cent do not retrain staff after a breach has taken place. Among those that do offer employee security training, 43 per cent only provide basic training that omits many of the serious data breach risks their businesses face.

To protect against threats, employees need to be educated on:

How to prevent unauthorised access to data

In addition to verifying that they’re sending data to the appropriate recipient, they should consider who else might be able to view the information. When data is uploaded to the cloud or placed in a shared folder on a local area network, the files must be encrypted to deter unauthorised access to the data.

How to identify phishing emails

Educate employees on how to view emails with a critical eye. Warning signs include poor design, incorrect spelling and grammar, requests for personal details, suspicious attachments and URLs that don’t match the company’s primary domain (to view a URL without clicking a link, users can hover over the link with their cursor).

How to respond to a suspected ransomware attack

If employees encounter any suspicious activity, instruct them to notify IT as soon as it’s detected. If a device is affected by ransomware, employees should know to stop working on the affected device immediately.

Why it’s important to apply security patches

With new security threats continually surfacing, hardware and software developers are creating security patches that secure the application or device. Instruct employees to apply these updates promptly to ensure the company’s data and network are protected.

How to create secure logins

Employees need to create complex passwords that involve special characters, numbers and a mix of lower- and uppercase letters. Whenever possible, use two-factor authentication to increase security.

Having employees who are educated in security best practices reduces the chance of unauthorised access to data, as well as ransomware taking your data hostage.

Create clear security policies and enforce them

Your best defence against security breaches and data loss is creating a culture of security that begins from the top down and is supported by clear, enforceable policies.

When creating a data handling policy, start with classifying data according to how sensitive it is. Personally identifiable details and health information, for example, should only be accessible to those whose job duties require that information. Clear consequences should be set in place for employees who access or use data outside of their job duties.

Additionally, you need to put parameters on how users access data. Employees who have access to company files, databases and applications whenever they want using any device is one of the main threats to company data. Although most UK businesses (95 per cent, according to a BT study) permit bring-your-own-device (BYOD) practices, these practices lack security without some level of policy enforcement. BT’s research shows 41 per cent of organisations have suffered a mobile security breach over the last year, while 33 per cent grant users unfettered access to the internal network.

A good BYOD policy should address issues such as data security, remote management, data transfer, backups, data wipe and technical support (office or field based). If you work with a managed service provider for your IT support, ensure that the vendor can assist with developing and supporting your BYOD programme.

Although it’s crucial to be aware of the latest threats posed by malicious hackers, often the more immediate – and more easily managed – risks can be within the organisation rather than outside it. In addition, many of the steps to combat the latter will also mitigate attacks by the former to a certain extent. A solid DRaaS service, good employee education and strong internal policies to mitigate shadow IT are excellent starter strategies to prevent a data disaster.

Matt Kingswood, Head of Managed Services, IT Specialists (ITS)

Image source: Shutterstock/BeeBright