Posts

Mitigating Risk For Cyber Threats, danger, dangerous, money, ransom, criminals, cyber threats, cyber criminals, clickbait, risk, mitigation,

Mitigating Risk For Cyber Threats

Mitigating Risk For Cyber Threats

In a recent dialogue with a subject matter expert in Cyber Security in a hospital setting, I asked Mike Meline, Principle Consultant and Owner of Cyber Self Defense and Director of Data Security at Kootenai Health, to share his thoughts on the best ways to address or mitigate risk in our present threat environment of ransomware. His recommendations are shared below:

“There are multiple ways, in my mind, to reasonably mitigate the risk without purchasing expensive products that may or may not work.

  1. Lock down your systems. By ensuring that your users have only the NECESSARY privileges to perform their duties, you limit the exposure to this danger. If all of your folders have the “everyone group” with read and write privileges, you will be dealing with a huge problem.
  2. Back-up all data that is important to you and keep the back-ups separated from the environment. This way, you can restore the data. You must also regularly test your back-ups and ensure they work. I also recommend backing up encryption keys separately; if you cannot open a back-up because the criminals encrypted your keys, you are still down.
  3. Train your staff. They should not be clicking on everything they receive; in fact, they should question everything. https://www.virustotal.com is a good place to help check an attachment or link. Your first line of defense MUST be your staff; if you train them well, they will help you to mitigate the risk.
  4. Risk Management; you MUST know and understand the risks your company is dealing with. Case in point; if I have 6 petabytes (a million gigabytes) of information, it can be difficult to manage a backup plan that includes everything. I need to determine what data is important to me and an acceptable cost for the management of a backup process and use that in my decision process. I also need to be careful of what I am backing up; a file share that allows access to most or all of my employees must be well vetted. If one or more of my employees add data to this location and it is infected, the act of restoring my data could reintroduce the malware. My risk assessment might help me to determine that I want to store backups from that part of the system to a different backup.
  5. If you are hit, have professionals come in and assist. Sometimes the ransomware has the key stored in RAM, other times it can be decrypted. A professional can, at a minimum, help you to appropriately respond and limit your exposure.
  6. NEVER pay the ransom; you are dealing with unscrupulous CRIMINALS. I have heard stories of people paying the ransom and never receiving the key, only more extortion. I have also heard of situations where users pay the ransom and receive the keys. a short time later, everything is encrypted again. While I would love to say that this is a one size fits all approach, I recognize that some companies have no other choice; they are in a place where they have to pay the ransom. Just remember that you are not dealing with people who think and act as you would.”

If you have any questions or your organization has dealt with this threat please feel free to share your story or message me on LinkedIn, I am happy to be a connection or resource.

Is Your Mine Being Data Mined?, data mining, cyber threats, lock, computer, guidelines, computer safety, technology,

Is Your Mine Being Data Mined?

Is Your Mine Being Data Mined?

Cybersecurity has been a buzzword across many industries over the last few years. As data is moved into the cloud, Operational (OT) and Information (IT) technologies merge creating an increase in the development of digital innovation along with the competitive nature of the global commodities market coupled with the fluctuation of geopolitical climates, this all contributes to an increase in destructive cyber-attacks and cyber espionage.

After spending 24 years in the Army watching technology develop and an increase of data and platforms that run every aspect of the military, we have all had to learn our place in keeping the personal, sensitive, and intelligence data stored on our computers and databases secure. Though the information and secrets that are on your computer may not jeopardize lives as it does in the military, it still jeopardizes your company’s bottom line, which affects your pay and job. Here are some security tips that you the end user can do to help your IT, IS personnel keep your systems secure.

Security tips everyone can follow

  1. Follow corporate specific guidance at all times.
  2. Proper password management, mix letters, numbers, and special characters. Do not use the same password for multiple things.
  3. Use caution when opening attachments or links.
  4. Never leave your computer unlocked or on when unattended.
  5. When your computer has updates (System or Anti-Virus) run the updates. Don’t let them pile up.
  6. Your social media says a lot about yourself, keep it secure and do not share information that could jeopardize you or your company. Do not share details of that project you are working on. A good corporate espionage expert can piece together information from multiple employees to find a ripe target to go after.
  7. Everyone is a target don’t be a victim!

With 2017 shaping up to be a huge year for the mining industry, there are a lot of companies that are integrating new technologies across all spectrums of their organizations. These technologies are becoming more and more interlocked with each other and becoming more complex. This has started a boom in IT and Information Security (IS) positions due to the mining industry being behind the power curve when it comes to cybersecurity. The question is what are you and your company doing to combat this data mining?