IT Friday: Top 3 Reasons You Need to use a Phishing Simulators

Despite all your network protections, all it takes is one click from your end user to open your network.

Imagine, it is three o’clock on a Friday afternoon. Joe opened his email to check the responses from his clients. He sees an email from FedX saying his tracking number is available. Perplexed, Joe opens the e-mail to find what it is about. He wasn’t expecting something from a client. He opens the tracking PDF and sees a generic looking document that doesn’t appear like anything he is working on. Rolling his eyes, after confirming it has nothing to do with his job, he closes it and then deletes it.

After a relaxing weekend. Joe comes into the office and logs into his computer. He goes to open his sales document to be told that it is in an unrecognizable format. Document after document after document produces the same result.   After a 1/2 hour of frustration he finally reaches out to his IT.

His computer and shared drives were encrypted by CryptoLocker.

I would request a raise of hands if this has happened to your company but in this day and age, it probable that your company already has dealt with this horrible virus.

What can we do to protect ourselves?

Typically, a good firewall and anti-virus are recommended. These are the first line of defense against any intruders trying to brute force their way onto your network. Scammers are getting clever and going to old reliable tactics.  Spamming your inboxes with fake messages that launch viruses directly on your end user’s PC. Even a properly setup spam filter will miss a few of the items coming into your network. Which leads us to the last line of your networks defense.

Often the last line of defense against viruses are your users. Users can be tricky. Many end users are savvy and are able to keep up with technological advancements. Others don’t know the first thing about a computer except to turn them on and complete their daily work functions.  With various degrees of technological know-how, they are your last line of defense and it’s your responsibility to verify all of them are trained to not click on that one suspicious email.  If they do click on it, then to reach out to your IT ASAP to immediately start cleaning the PC.

How to provide effective training?

Knowing that it only takes one user, there is a better way to train all employees to reduce the risk of your company becoming a statistic. People learn best by doing. If you want to learn anything then active learning is best. You can send lists to your employees until you are blue in the face and all they will accomplish is a passive understanding. There are several options out there. The one that I have used in the past is knowbe4.   Knowbe4 is only one example of a phishing simulator.  Here are some more:

These types of services allow you to send test emails mimicking phishing emails.  They can be used in conjunction with training and a way to train how well your team is listening and applying what they learned.  If your team is struggling with one concept you can use the simulators to nudge them to remember.  The benefit is that you can train your users in a safe, secure method.  It also allows you to see the likelihood of someone in your network clicking on something they should not.  This is by providing proactive training instead of reactive training.

To summarize the article above:

1. Scammers are not going anywhere.
2. Firewalls, antivirus, and spam filters cannot catch everything and your users will be your last/first line of defense.
3. People learn best by doing.  Using the simulators will only allow your users to train in a safe way while expanding their security awareness knowledge.

Advertisements

Proactive Not Reactive: Top 10 ideas to Protect Yourself From CryptoLocker

1. User Training
This is probably the biggest item. The worst aspect of CryptoLocker is that they are not actively hacking your network. They are sending spam e-mail or having your user’s go to websites that are not for work purposes and download the installer without them seeing it. Train your users to be wary of emails from senders you don’t know and not to go to non-work sites.

2.  Apply a spam filter to your exchange that blocks executable files being attached
This will keep them from accidently activating an executable. They can still receive zip files and will have to know not to extract or unzip them.

3.  Consider Software Restriction Policies and Whitelisting
Locking down what your users can and cannot install will assist with prevention. Also, disable hidden file extensions in Windows to keep them from unintentionally installing something.

4.  Apply a Firewall
Restrict outbound traffic only on ports that you actually use. Apply content filters to keep people honest on the types of sites that they are going on at work. Clock known malware domains.

5.  Apply good antivirus.
I would recommend that any antivirus you do choose has heuristic scanning abilities as these seem to be the best at locating when Cryptolocker is active in a system. Heuristic scanning looks for typical patterns of behavior. Such antivirus includes Kaspersky, Eset, Webroot, etc. Please do your research and find the right antivirus for your organization.

6.  Apply correct security to everyone in your network
If everyone is a domain admin then this provides the keys to the kingdom to all your users. If one of them gets CryptoLocker, then you are essentially giving that virus full range to your network. Give limited domain access to users and restrict access to vital points on your network, such as your SQL server. Also, restrict who is a local admin on the computers.

7.  Strong passwords
Newer versions of CryptoLocker are able to guess at simple passwords. If you only have capitals and lowercase letters then this can be hacked within a short period of time. In 2013. Hackers were able to crack 16-character passwords in less than an hour, to view details of the article go here. It is recommended to make your passwords vary and have capital, lowercase, numbers and atypical symbols (Such as %, &, ^, }). Normally users select ! or @. These are common and more likely to be guessed. The more complicated you make your password, the better your network security will be.

8.  Regularly clean up old logins
Let’s say your users follow your password policy. What about an old login that has been sitting there for years before the password policy has been in place? This is a hacker’s dream and they will take full advantage. I recommend putting a practice into place that cleans up old logins every 3-6 months.

9.  Backup, backup, Backups!
Backups that are on their own backup device is best. You want to backup all of your critical files. Have shares for each user and train them to store their critical files on the server. I tell clients that if it will take more than a week to recreate (if they are able to recreate the file), then to place it on your personal share where it is backed up by the company. Clients that have had CryptoLocker and a backup system were back up and running with minimal downtime.

10.  Apply 3rd party programs that act as preventions
CryptoPrevent Malware Prevention or CryptoLocker Tripwire I have not personally used these two. However, have heard good reviews for the both. I would not rely solely on either and would add them as an additional layer in addition to your antivirus.

Please never pay the ransom. Every time these criminals receive a ransom it only encourages them to target another company or person and continues the cycle.