Advice for Avoiding a Ransomware Attack
May 26, 2021
Advice for Avoiding a Ransomware Attack

Advice for Avoiding a Ransomware Attack


Earlier this month the country once again bore the consequences of a cyber security breach when Russian hackers, calling themselves DarkSide, coordinated an attack on the computer network of the Colonial Pipeline Co., a major gas pipeline that provides almost half of the gas supply to the East Coast of our country. The Colonial Pipeline Co. paid out a hefty ransom of $4.4 million to get control of their business network back from hackers who had taken over. The decision to pay the ransom did not come lightly and was not agreed upon by some experts, such as the FBI who maintain a policy of not paying ransom to terrorists, but the CEO felt obliged to get the gas supply up and running again for the millions of Americans who were being affected by the shortage of gas and millions more who would pay the price as supply could not keep up with demand.


Targeted attacks are no accident, there is a process that hackers follow that is somewhat predictable, but with awareness and security measures firmly in place are also preventable. Good security protocols that are followed and backed up by continuous monitoring of security are the only hope to prevent this from happening to you. Even with vigilant practices an organization weakest point is usually a human error, so training is imperative to prevention.


How ransomware works

The first step of a ransomware attack is reconnaissance. These bad actors research their targets in advance to determine the likelihood of ransom payment and they identify vulnerabilities and access points. Your business should stay vigilant in security measures and have access points monitored and checked regularly for flaws. Once access points are identified, the hackers use their skills exploiting these by obtaining credentials through phishing, using default passwords, or purchasing access to systems through the dark web. The best way to prevent this is to use secure passwords, double authentication, and train employees on staying vigilant against phishing. It’s also a good idea to have any terminated employees’ access completely cut off as early as possible in the separation process.


Once a hacker gains access to your network, the name of the game is to maintain an open door.  They do this by using malware to create back doors into the system that ensure maintained entry into your network. The next step is to encrypt or destroy your back ups and move through your network looking for additional systems and back-ups to control, encrypt or destroy. Once in control of your network these threat actors steal your data and use this as leverage to force the organization to pay a ransom by threatening to disclose the stolen data publicly and/or they encrypt as many files and systems as possible across the network to refuse you the ability to utilize your network.


Once your data and network are firmly in their handcuffs, a ransom will be requested to release the encrypted files and allow you access. If the victim organization chooses to pay the ransom, usually an experienced incident response firm is engaged to assist with the negotiation of the demand and facilitate the cryptocurrency payment. If the ransom is paid, a decryption key is provided by the hackers and data recovery can occur. If the ransom is not paid the organization must either recover the files from a clean back up or rebuild the files and system from scratch which could take several weeks or months to recover.  


What you can do to avoid ransomware attacks

The dark web is upon us and there are dark forces that work around the clock looking for large payouts and easy targets. Don’t be an easy target! Utilize your IT Security protocols vigilantly, consider a threat assessment by an expert and consider purchasing Cyber Security Insurance for breach response assistance. There are several products available to fit a variety of sizes and types of businesses that protect your business assets in the event of a breach of personally identifiable information, a hostile takeover of your network, interruption of your cloud or the introduction of malware to your system.


Talk to our licensed agent today about products available to protect your organization. In the underwriting process you may find additional tips on security measures that you hadn’t considered before and you can rely on a partner to help get your business through to the other side in case of a cyber security event.

 

The facts

In 2020 ransom and extortion claims accounted for 1 in every 5 cyber claims, up from 1 in every 10 cyber claims in 2018.

 

A ransomware attack on businesses is predicted every 11 seconds, and the global ransomware damage costs predicted to reach $20bn in 2021, up from $325m in 2015.


According to an AIG observation, network outages and business interruption from global ransom and extortion claims are lasting 7-10 days .


By 2025, global cybercrime costs is estimated to reach $10.5 trillion.

Sign up for our newsletter.

DOL Issues Guidance on AI-related Wage and Hour Risks

11 May, 2024
On April 29, 2024, the U.S. Department of Labor’s (DOL) Wage and Hour Division (WHD) published Field Assistance Bulletin (FAB) No. 2024-1 on the use of artificial intelligence (AI) in the workplace. The FAB follows a statement released by the White House announcing key AI-related actions following President Joe Biden’s executive order issued on Oct. 30, 2023, on establishing standards for AI safety and security. Guidance on AI-related Wage and Hour Risks Employers are increasingly using AI tools to generate timecards, set schedules, monitor performance, track employee hours and process payroll. As such, the FAB highlights certain compliance risks under the Fair Labor Standards Act (FLSA) for employers using these tools. These risks include: Tracking employee work time; Monitoring employee break and waiting time; Using location-based monitoring for individuals performing work at multiple geographic locations; Calculating employees’ regular rate of pay and overtime compensation; and Violating the FLSA’s antiretaliation provisions To aid employers in addressing these compliance risks, the WHD identifies recommended practices, including exercising proper human oversight, to help ensure that AI systems and tools do not violate the FLSA. Additional AI-related Guidance In addition to addressing FLSA compliance risks, the FAB also examines certain AI-related risks that may arise under other laws, including the Family and Medical Leave Act (FMLA), the Providing Urgent Protections for Nursing Mothers Act (PUMP Act) and the Employee Polygraph Protection Act (EPPA). For example, using AI tools to administer FMLA leave can create potential risks for violating the law’s certification requirements when determining whether an employee’s leave is FMLA-qualifying. Employer Action Items While FABs are not necessarily legally binding, they offer insight into how the DOL interprets laws it enforces and how agency officers will analyze workplace conditions and circumstances to enforce compliance.  Using AI systems for scheduling, timekeeping and calculating rates of pay and overtime may increase an employer’s risk under the FLSA. Therefore, employers should ensure that their AI systems and tools comply with all federal laws and regulations by examining potential legal and business risks associated with AI, implementing AI usage policies and establishing internal best practices.

Nurturing Your Mind: Embracing Mental Health Awareness Month

30 Apr, 2024
As we step into May, we're reminded of the importance of mental health and well-being. May marks Mental Health Awareness Month, offering us an opportunity to renew our commitment to nurturing our minds and fostering supportive environments, both in and out of the workplace. In this blog post, we'll explore practical strategies for enhancing mental health, including small tips that can refresh you mentally during the workday. Embracing Self-Care Amid life's hustle and bustle, it's crucial to carve out time for self-care. Whether it's practicing mindfulness, engaging in hobbies, or simply taking a moment to breathe deeply, prioritizing self-care nurtures mental resilience and fosters a sense of inner peace. Cultivating Work-Life Balance In today's fast-paced world, achieving a healthy work-life balance is essential for mental well-being. Set boundaries between work and personal life, establish a routine that includes breaks and leisure activities, and strive to unplug from technology during downtime. Remember, balance is key to sustaining productivity and happiness. Fostering a Supportive Workplace Culture Employers play a pivotal role in promoting mental health in the workplace. Encourage open dialogue about mental health, offer resources such as counseling services or mental health days, and prioritize flexibility to accommodate employees' well-being needs. By fostering a supportive culture, organizations cultivate environments where employees feel valued, understood, and empowered to prioritize their mental health. Supporting Loved Ones If someone you care about is struggling with mental health challenges, your support can make a significant difference. Listen without judgment, offer empathy and reassurance, and encourage them to seek professional help if needed. Remember, your presence and understanding can provide comfort and strength during difficult times. Practicing Gratitude Gratitude is a powerful tool for enhancing mental well-being. Take time each day to reflect on moments of gratitude, whether it's appreciating the beauty of nature, expressing gratitude for supportive relationships, or acknowledging personal achievements. Cultivating a mindset of gratitude fosters resilience and enhances overall happiness. Small Tips to Refresh Your Mind During the Workday  Take short breaks: Step away from your desk for a few minutes to stretch, walk around, or simply gaze out the window. These brief pauses can rejuvenate your mind and boost productivity. Practice deep breathing: Incorporate deep breathing exercises into your day to reduce stress and promote relaxation. Close your eyes, inhale deeply through your nose, hold for a few seconds, and exhale slowly through your mouth. Connect with nature: Spend time outdoors during your lunch break or coffee breaks. Even a brief stroll in a nearby park or green space can invigorate your senses and clear your mind. Listen to music: Create a playlist of soothing music or uplifting tunes to listen to during work breaks. Music has the power to uplift your mood, reduce anxiety, and enhance focus. Stay hydrated: Drink plenty of water throughout the day to stay hydrated and maintain mental alertness. Dehydration can impair cognitive function, so keep a water bottle handy and sip regularly. Practice mindfulness: Take a few moments to practice mindfulness or meditation exercises. Focus on your breath, observe your thoughts without judgment, and cultivate a sense of presence and calm. Declutter your workspace: A clutter-free workspace can promote mental clarity and productivity. Take a few minutes to tidy up your desk, organize files, and create a calming environment conducive to focus. Engage in positive self-talk: Replace negative self-talk with affirming and encouraging statements. Remind yourself of your strengths, accomplishments, and capabilities, and cultivate a mindset of self-compassion and resilience. Connect with colleagues: Build supportive relationships with coworkers by engaging in meaningful conversations, sharing experiences, and offering mutual support. A sense of camaraderie and connection can foster a positive work environment and bolster mental well-being. As Mental Health Awareness Month unfolds, let's commit to nurturing our minds and supporting those around us. By embracing self-care, fostering work-life balance, promoting workplace well-being, and offering compassionate support to loved ones, we contribute to a culture of mental health awareness and resilience. Remember, you are not alone. Reach out for support if you need it, and let's journey toward better mental health together.

DOL Announces Final Overtime Rule Increasing Salary Levels for White-collar Employees

30 Apr, 2024
On April 23, 2024, the U.S. Department of Labor (DOL) announced a final rule to amend current requirements employees in white-collar occupations must satisfy to qualify for an overtime exemption under the Fair Labor Standards Act (FLSA). The final rule will take effect on July 1, 2024. Increased Salary Level The FLSA white-collar exemptions apply to individuals in executive, administrative, professional, and some outside sales and computer-related occupations. Some highly compensated employees may also qualify for the FLSA white-collar overtime exemption. To qualify for this exemption, white-collar employees must satisfy the standard salary level test, among other criteria. This salary level is a wage threshold that white-collar employees must receive to qualify for the exemption. Starting July 1, 2024, the DOL’s final rule increases the standard salary level from: $684 to $844 per week ($35,568 to $43,888 per year); and $107,432 to $132,964 per year for highly compensated employees. On Jan. 1, 2025, the standard salary level will then increase from: $844 to $1,128 per week ($43,888 to $58,656 per year); and $132,964 to $151,164 per year for highly compensated employees. Automatic Updates The DOL’s final rule also includes mechanisms allowing the agency to automatically update the white-collar salary level thresholds without having to rely on the rulemaking process. Effective July 1, 2027, and every three years thereafter, the DOL will increase the standard salary level. The agency will apply up-to-date wage data to determine new salary levels. Impact on Employers The first salary level increase in July is expected to impact nearly 1 million workers, while the second increase in January is expected to affect approximately 3 million workers. Employers should become familiar with the final rule and evaluate what changes they may need to adopt to comply with the rule’s requirements. Legal challenges to the rule are anticipated, which may delay the final rule’s implementation.

Have a question? Get in touch.

Share by: