Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.
Issue link: http://sdi.epubxp.com/i/835749
24 Security Dealer & Integrator / www.SecurityInfoWatch.com June 2017 WannaCry. According to experts, a lack of patching explains why organizations in China – where pirated soware is more prevalent – were harder hit. Chinese state media said the ransomware struck nearly 40,000 institutions in that country, includ- ing government agencies, banks, schools and information technology firms. "Unfortunately, many companies and organizations are slow – and in many cases, negligent – on the update of patches that would prevent breaches," says Chuck Brooks, VP of Government Relations and Marketing for Sutherland Government Solutions and Chairman of CompTIA's New and Emerging Technology Committee. For systems integrators, patching may represent a further RMR opportunity, as most end-users do not monitor manufac- turer releases of device firmware updates or soware patches. Providing this as a man- aged RMR service ensures attack safeguards are in place for your customer. 7 Develop incident response plans. Open the conversation with your customer about ransom- ware and cyber threats to physical security systems. Start with suggesting an incident response plan for these types of events and offer guidance in developing the physical security portion of the plan. Be the trusted expert and show them what steps you both can take if such an incident occurs. 8 Add RMR opportunities. Managed services that include back- ups, updates and cloud solutions provide great value to the customer while also yielding tangible RMR. Properly devel- oped and executed, these service offerings will separate your firm from your competi- tion, and end up building a better valuation for your company. ■ » Rob Simopoulos is a Partner at Launch Security (www.launch-security.com), of Portland, Maine, a provider of cybersecurity thought leadership and comprehensive programs to SMB organizations. He has more than 20 years experience in the security industry. Reach him at RobS@Launch- Security.com or at 888-508-9221 x 101. P R O T E C T Y O U R S E L F Seven ransomware defense steps to communicate to end-users The WannaCry ransomware attack was, in fact, largely preventable – if only more Windows users had installed the critical security patch that Microsoft released for it two months ago. "Criminals took advantage of the fact that most people still don't do enough to protect their com- puters," Marty P. Kamden, CMO of NordVPN (Virtual Private Network), said in a statement. To raise public awareness about what end-users can do to protect themselves and the data held by organizations they work, NordVPN offers the following seven best practices for ransomware protection: Install latest security updates . Security updates often contain patches for latest vulnerabilities, which hackers are looking to exploit. Do not open anything suspicious in email. Delete dubious emails from banks, ISPs, credit card companies, etc. Never click on any links or attachments in emails that you were not expecting, and never give out personal details if asked via email. Back up all data. Use an alternate device and keep it unplugged and stored away. Backing up data regularly is the best form of ransomware protection, because only unique information is valuable. Use a VPN for additional safety. Using a VPN when browsing can protect against malware that targets online access points – which is especially relevant when using a public hotspot. Keep in mind that a VPN cannot protect someone from downloading malware. While a VPN encrypts online activity, users should be careful when downloading and opening certain files or links. Close pop-up windows safely. Ransomware devel- opers often use pop-up windows that warn of some kind of malware. Do not click on the window; instead, close it with a keyboard command or by clicking on the taskbar. Use strong passwords and a password manager program. Perhaps the most basic requirement for any online account setup is using a strong password, and choosing different passwords for different accounts. Weak passwords make it simple for hackers to break into an account. A strong password has a minimum of 12 characters, and includes a strong mix of letters, numbers and special characters. Since it is not easy for users to remember strong passwords for each site, use a password manager, such as truekey.com, LastPass or 1Password. Use anti-virus programs. Make sure one of the latest reputable anti-virus programs is installed. Cover Story 1 2 3 4 7 5 6