Ericsson accelerates 5G for Enterprise with the acquisition of Cradlepoint Read More

Blog

Planning and best practices for network security in the workplace

Brandon Ashey

Planning and best practices for network security in the workplace

Planning & best practices for network security in the workplace

Ransomware, or malware, is one of the most profitable criminal business models in the history of malicious computer software. 2017 saw over 40,000 attacks per day, with ransomware hiding in over 40 percent of all email spam. In May of 2017, “WannaCry” Ransomware hit 150 countries by accessing employee’s computers. In just one day, it infected more than 230,000 computers with an estimated loss of $4 billion dollars. New strains of ransomware are hitting the cyber world on a continual basis, and Gartner predicts that by 2020, 60 percent of security budgets will be reserved for detection and response capabilities.

What is Ransomware?

Ransomware is malicious software that locks or encrypts computer files, according to the security awareness training company KnowBe4. With the files “stolen away,” the organization must pay ransom in electronic currency to get those files back or to have the device unlocked. These ransoms can range from $500 up to millions of dollars, sometimes with a looming one-week deadline at which time the price starts to rise. Once the fee is paid, the cybercriminal provides a key to unlock or decrypt the stolen computer files. Ransomware can even get past an employee’s personal workstation and work its way across a company’s entire network and encrypt all the files in its path. Unfortunatey, cybersecurity threats will see a substantial rise into 2018, according to Gartner. Organizations need to stand alert and be prepared for these potential threats. Here are a few strategies businesses can take to increase network security. 

Getting Employees to Know the Threat

Understanding potential ransomware threats and educating employees is a first step in fighting back against cybercriminals. Ransomware could infect employee’s computer files in a variety of ways including:

Phishing

91 percent of cyberattacks start with a phishing email, according to a report by PhishMe. The emails are designed to trick employees into clicking an infected link or opening an infected attachment. The email will usually look like it’s from an organization that the employee would recognize and assume was real.

Texting or SMS Phishing

This is a similar form of trying to trick people by appearing as a familiar or safe entity but through texting. These texts are trying to get employees to click on or enter personal information. Often Android and iOS-based phones and tablets are targeted in this method.

Voice Phishing

These are actual automated voicemails that trick people into calling a number or entering information through their smartphone, like a credit card number. The numbers coming in also could be electronically forged so they appear like they’re coming from a real source. Attackers will often pick an area code or phone number that seems familiar, for example from the person’s hometown or current town. When the person calls the number back, they may be given information on how they need to fix a problem with their phone. The caller then follows the directions to fix the problem; however, they are actually installing ransomware on their own device.

Social Media

Social media is used in many organizations today, from LinkedIn to Facebook to Twitter. Ransomware is creeping into social media by enticing people to click on a link or a thumbnail of an image. There is commonly a natural response to open image files, but once it’s been clicked, a file automatically downloads and the device is infected.

Ads & Images on Websites

Sometimes malicious software can be placed right into online ads or images on websites; it can even be an ad for an actual product.

Multifactor Authentication

With the increasing value of usernames and passwords on the black market, multifactor authentication is an underrated end-user security strategy. By requiring users to present two pieces of identification — ranging from tokens to security codes — at each login, multifactor authentication provides an added layer of safety.

As more and more enterprises move toward digital transformation, an inevitable process for successful business models, network security is becoming a top priority. From network architecture to end-user caution, it takes a variety of diligent efforts to keep an enterprise network secure.

Learn More in a Live Webinar

To learn more about best practices for network security, register for the upcoming webinar on March 21, 2018, at 9 a.m. PT.

 

Back to Blog

You might be interested in

Does your agency have a continuity plan?

Does your agency have a continuity plan?

How to keep public safety and election operations running when emergencies arise Public sector agencies provide critical services and perform essential functions that citizens depend on every day as well as during emergencies. Continuity plans ensure that the essential functions of agencies stay operational if a natural or manmade emergency should occur. While it’s difficult […]

Security at the network edge is a year-round endeavor

Security at the network edge is a year-round endeavor

Cradlepoint offers security features that help protect branch, mobile & IoT networks Our first Cradlepoint Security Week has come and gone. We had some great conversations, learned a lot, and enjoyed sharing what we know about security at the network’s edge with you. When we planned this weeklong conversation about network and data security, we didn’t know how […]

Context matters: turning data into threat intelligence

Context matters: turning data into threat intelligence

Guest Post Written By Webroot 1949, 1971, 1979, 1981, 1983 and 1991. Yes, these are numbers. You more than likely even recognize them as years. However, without context you wouldn’t immediately recognize them as years in which Sicily’s Mount Etna experienced major eruptions. Data matters, but only if it’s paired with enough context to create meaning. […]