Stay Diligent Against Cyber-Attacks
Cyber threats continue to evolve and become more sophisticated every day; therefore, it’s important to create and maintain a comprehensive cybersecurity strategy, to stay diligent and remind your staff of the dangers and prepare your organization for an incident. Below are some popular types of cyber-attacks and tips to keep your property secure.
Ransomware is a type of malicious software that restricts access to infected data by systematically encrypting files, and then ransom is demanded in exchange for the decryption keys. This type of attack is primarily unleashed through infected emails with URL links or attachments as the primary source for execution. These attacks can completely debilitate your systems and cause catastrophic financial damage to your business.
Passwords are the most commonly used mechanism to authenticate users to an information system; obtaining passwords is a common and effective attack approach. Attackers gain access to a person’s password by looking around the person’s desk, ‘‘sniffing’’ the connection to the network to acquire unencrypted passwords, using social engineering, gaining access to a password database, or outright guessing. Brute-force or dictionary attacks are either made randomly or systematically:
- Brute-force password guessing means using a random approach by trying different passwords and hoping that one works. Some logic can be applied by trying passwords related to the person’s name, job title, hobbies, or similar items.
- In a dictionary attack, a dictionary of common passwords is used to attempt to gain access to a user’s computer and network. One approach is to copy an encrypted file that contains the passwords, apply the same encryption to a dictionary of commonly used passwords, and compare the results.
To protect yourself from dictionary or brute-force attacks, you need to implement an account lockout policy to lock the account after a few invalid password attempts. You can follow these account lockout best practices to set it up correctly.
Phishing attacks are when a malicious actor sends a user an email that appears to be from a legitimate, trusted source. These emails may look like they’re coming from your CEO, a coworker, or a client. Users should always check email names, domains and double-check with the person separately to confirm the legitimacy of an email. Phishing emails will most likely contain a link or attachment, which, when clicked, will download malware or give the attacker access to private information.
Malware is a general term for any malicious software that infects a computer or system and destroys data, spies on a user or network, or changes its functions. Malware can be used in any type of cyber-attack. Furthermore, the software must be installed on the targeted device, so like with other attacks, users must be cautious of strange emails, links, attachments and keep firewalls intact and up to date.
With the innovation and evolution of software and systems comes the parallel innovation and sophistication of cyber threats. The importance of a cybersecurity strategy is critical to any business operation. As it pertains to your Springer-Miller System applications, we wanted to take this opportunity to provide an important reminder about these threats and the importance of nightly backups of your SMS|Host, Teres, and SpaSoft Systems. Your team must perform a nightly, verified backup and store that backup offsite or in a secure location (not on your network.) Having a verified backup to rebuild from, if the situation arises, ensures your property can recover much quicker to a ransomware attack. Additionally, as part of your cybersecurity strategy, it is important to ensure staff and all system users are actively trained in cybersecurity to avoid engaging with suspicious communications.
If you have further questions for the Springer-Miller team, please do not hesitate to reach out to your Account Manager. We are here to help you as best we can.