.st0{fill:#FFFFFF;}

Podcast

9 Smart Cyber Habits – Ep 292 

 February 19, 2021

By  Donna Grindle

Share0
Tweet0
Share0

smart cyber habits

Smart cyber habits are part of a new initiative introduced by CISA they have titled Reduce the Risk of Ransomware Awareness Campaign that will be running for a new month now. The campaign includes a lot of great educational information and a toolkit among other things they have planned. Certainly worth us sharing with you guys because you can’t have too many chances to find something that will connect with leadership or your workforce.

A 5 star review is all we ask from our listeners.
1x
Apple PodcastsGoogle PodcastPlayer EmbedShare Review Us on Apple PodcastsListen in a New WindowDownloadSoundCloudStitcherSubscribe on AndroidSubscribe via RSSSpotify
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

9 Smart Cyber Habits – Ep 292

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

The HIPAA Boot Camp

Virtual Edition Feb 23-25, 2021

Great idea! Share Help Me With HIPAA with one person this week!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

HIPAA Say What!?!

[05:34] We have discussed the need to remove access for staff who has been terminated many times. One thing we should all take into consideration these days is that employees don’t elect to leave, they pass away. This may not happen often but it can be a shock when it does happen and that keeps us all from following our normal processes. A recent story brought this up in a big way.

Dead System Admin’s Credentials Used for Ransomware Attack

A ransomware gang installed crypto-locking malware in about 100 vulnerable systems during one attack with the stolen credentials of a deceased administrator. This gang targets organizations with unpatched or poorly secured Citrix remote access technology. Nothing new there since we have mentioned vulnerable remote access is a major attack vector from some time. What caught the eye of researchers was the activity by the attackers was using admin credentials of the system administrator who had died three months before but the account remained active.

Once the attackers gained access to the compromised admin account, the gang spent a month stealing credentials for other accounts and exfiltrating hundreds of gigabytes of data before installing the ransomware encrypting everything.

The work took place mostly in the middle of the night by a deceased admin for roughly a month. They gained additional to the organization’s network allowing them to create new users and add them to the AD. All of that took place but no one noticed. In fact the article quoted the company:

No alerts were set off so that new domain admin account went on to delete about 150 virtual servers and used Microsoft BitLocker to encrypt the server backups.

9 Smart Cyber Habits

[13:11] We’ve seen some good news about ransomware lately. The average payment reportedly is dropping to around 150k and a few gangs have been shut down by law enforcement. Apparently, another one claims it is closing up shop and sending out decryption codes to victims. All very good news in the ongoing battle.

Does that mean we can let our guard down even a tiny little bit? NO. Not. At. All. There is a reason ransomware is one of the top 5 threats in the 405d HICP guide. It comes and goes but it never goes away. It seems when it returns it is always worse than the last round.

That is why CISA is running a special awareness campaign that started in Feb and will run through May 3. The catchy title is Reduce the Risk of Ransomware. CISA has some sites loaded with information and resources for organizations and individuals. The campaign also includes nine “smart cyber habits” that we should all implement to avoid falling victim to ransomware. The whole idea of reducing the risk of ransomware is a good one. But, we need to spread the word and share the information they are publishing. Guess what! We want to help with this.

Of course, we have links to the ransomware resources published by CISA in our notes and encourage everyone to check them out. We will not be able to touch on everything in one episode so it is certainly worth it. They include everything from social media images to fact sheets and guides for managing ransomware protections.

SMART CYBER HABITS

[19:22] During this awareness campaign, CISA emphasizes nine key messages that promote smart cyber behaviors or actions that individuals and organizations should implement to help prevent and mitigate ransomware attacks.

  1. Keep Calm and Patch On – Patching is essential for preventive maintenance that keeps machines up-to-date, stable, safe, and secure against malware and other cyber threats.
  2. Backing Up Is Your Best Bet – It is critical to set up offline, encrypted backups of data and to regularly test your backups. The more you automate your backup system, the more frequently you can back up your data.
  3. Suspect Deceit? Hit Delete. – If an email looks suspicious, do not compromise your personal or professional information by responding or opening attachments. Delete junk email messages without opening them.
  4. Always Authenticate – Implement multi factor authentication (MFA) to prevent data breaches and cyber-attacks. This includes a strong password and at least one other method of authentication.
  5. Prepare and Practice Your Plan – Create, maintain, and exercise a basic cyber incident response plan and associated communications plan that includes response and notification procedures for a ransomware incident.
  6. Your Data Will Be Fine If It’s Stored Offline – Local backups, stored on hard drives or media, provide a sense of security in case any issues occur. Keep your backup media in a safe and physically remote environment.
  7. Secure Your Server Message Block (SMB) – SMB vulnerabilities allow their payloads to spread laterally through connected systems like a worm. CISA recommends all IT professionals disable their SMB protocols to prevent ransomware and other malware attacks.
  8. Paying Ransoms Doesn’t Pay Off – The U.S. government recommends against paying any ransom to cyber-crime organizations or malicious cyber actors. Paying a ransom only funds cybercriminals, and there is no guarantee that you will recover your data if you do pay.
  9. Ransomware Rebuild and Recovery Recommendations – Identify the systems and accounts involved in the initial data breach and conduct an examination of existing detection or prevention systems. Once the environment is fully cleaned and rebuilt, issue password resets for all affected systems and address any associated vulnerabilities and gaps in security or visibility.

Hot off the presses

[35:33] The National Cyber Investigative Joint Task Force (NCIJTF) has released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The Ransomware Factsheet was developed by an interagency group of subject matter experts from more than 15 government agencies to increase awareness of the ransomware threats to police and fire departments; state, local, tribal, and territorial governments; and critical infrastructure entities.

To reduce the risk of public and private sector organizations falling victim to common infection vectors like those outlined in the NCIJTF factsheet, CISA launched the Reduce the Risk of Ransomware Campaign in January to provide informational resources to support organizations’ cybersecurity and data protection posture against ransomware.

CISA encourages users and administrators to review the NCIJTF Ransomware Factsheet and CISA’s Ransomware webpage for additional resources to combat ransomware attacks.

CISA Ransomware Guide

[37:26] In Sept 2020 they published a really nice guide specifically addressing ransomware that we haven’t even had time to discuss. There are two parts.

Part 1: Ransomware Prevention Best Practices

Part 2: Ransomware Response Checklist

Big fan of their motto or tagline:

DEFEND TODAY, SECURE TOMORROW

Reduce the Risk of Ransomware Awareness Campaign Fact Sheet

Ransomware Campaign Toolkit

CISA MS-ISAC Ransomware Guide

Go to top

There are several cybersecurity frameworks that you can follow. Ones like the NIST Cybersecurity Framework and CIS20 are quite comprehensive and may seem overwhelming. But taking a smaller list like these 9 smart cyber habits or the 405d HICP 10 best practices are more manageable for most. There is tons of information out there. Ransomware is not going away. Put it in your plans to use some of these tools. Because, as David likes to say, if you fail to plan, you plan to fail.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Listener Survey

 

Special thanks to our sponsors Security First IT and Kardon.

Share 0
Tweet 0
Share 0

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: