Six tips to stop your network being hacked

Six simple tips to prevent cryptolocker attacks


CryptoLocker changed the threat landscape by monetising what had essentially been an amateur pursuit.  Professionals are now making serious money by hacking into businesses, encrypting their data their and holding them to ransom.  This is happening right now, right here in New Zealand.

There are a lot measures that can be taken to reduce the risk and the impact.  But here are six simple tips which have an astounding impact on reducing the likelihood of a successful attack.

1) Shut the door


Fifteen years ago it was common to give remote access using RDP (Remote desktop Protocol).  Then we got a bit smarter and set that up on an odd port.  Ten years ago, Kinetics introduced KARE and stopped using RDP.  But some suppliers may not have done this.

If that paragraph means nothing to you, you are not alone.  This is what you need to know and what can be done.

Third party suppliers often want remote access to help support you.  For some, the preference is a method called RDP, its advantage is that it’s easy for them to use.  It was common to open up that access though a disguised doorway.  Now that criminals can earn thousands to tens of thousands by finding those doorways, they have cracked the disguises and are using them to gain entry.

What should be done?

The best way to find these doorways is for us to review your firewall configuration. This could take from 30 minutes to several hours.  When found, these pathways must be shutdown.  Kinetics Total KARE clients can relax, we are already doing this for you.   For everyone else we need your permission to review the configurations.

You could find that someone (your Line of Business support for example) may complain if these changes mean that they lose access.  Don’t worry, better access solutions can be put in place.  What we know right now is that if these ports are open, it’s just a matter of time…

2) Bolt the door


Most homes have two locks on every external door, like a standard Yale type lock, plus a dead bolt.   In IT, that second bolt is called Two Factor Authentication (2FA).  If you have remote access to your network, adding 2FA of the right type significantly increases security.  This is no longer as expensive or complicated as it once was.  Gone are the eight digit RSA key codes.  Now you can use an app or get a simple text code.

What should be done?

Talk to your Account Manager or Client Technical Manager.  They can find the best solution for your remote access needs.

3) Know who’s got a key


The key to your network is ‘Administrative Rights’.  Without them, a bad guy can still cause damage.  But with them, he has free access and can disable protective measures, increasing his reach.

It’s not uncommon for third parties to be given admin rights, sometimes as a temporary measure.  But temporary becomes convenience.

What should be done?

Kinetics can quickly identify accounts with administrative access; for KARE clients we have script that can gather this info in moments.  Then it’s just a case of identifying who really needs what rights and where.   No one size will fit all, but a tailored fit is better than everyone having everything.

4) Put valuables out of sight


Small/Medium Companies often restrict access to only the most sensitive data.  Now it’s better to think: if they don’t use it, they should not see it.  Restricting access decreases the area of data that can be attacked.

What should be done?

Firstly, and with your help, we need to identify what data, which groups need to access too.  It might be that we need to re-organise your files with you although restructuring data can be time consuming.  But once done, the results have a long-lasting impact.

5) Don’t lose the keys


All mobile devices must have a password/pin.  That includes laptops, tablets and smart phones. They should also be encrypted in case of theft.

What should be done?

Kinetics KARE for Mobiles will force encryption and pass keys on all your smart phones.  For laptops/tablets that carry business data, there are a number of encryption solutions.  Talk to your Account Manager or Client Technical manager and they will seek out the best fit for your needs.

6) Turn on the alarm


Almost every network has an alarm system, but often it’s not enabled.   The reasoning is “it’s inconvenient”.  It was once common to disable certain protections because “some staff may not be able to cope with it”.  Those days are gone, everyone today can remember bank pin numbers, home alarm codes.  They are also capable of the working with basic security on a network.

  • Enforce lock out on all accounts. Lock an account for 10 minutes after 5 wrong password guesses in 3 minutes.  This reduces a brute force attack from guessing 100,000 plus passwords a day down to 144.  This is a vital road block to illicit access.
  • Force password minimum length to 8 characters.
  • Change passwords every 90 days and remember the last three passwords.
  • No one is to be exempt. You are only as safe as the weakest account.

 

With the above settings you will soon know if someone is trying to guess passwords.  A ten minute lock out is a small inconvenience compared to everyone losing days of access.   Everyone must change passwords every few months and do not use generic accounts (the warehouse using the password ‘warehouse’ is unfortunately common).

What should you do?

There will disruption turning on password polices and applying them to all accounts. All staff must change passwords once before applying this policy.  Afterwards we can install a free application that will email staff a password expiry alert.  For KARE clients we also have a script that can identify accounts with non-expiring passwords.

Summary


Right now, criminals are scanning the internet connections of Kiwi business looking for doorways.  This is a fact.  We have seen it and we have seen them be successful.  Those doorways need to be found and closed.  Then simple long standing accepted polices around passwords need to be put into place and applied to everyone on the network.

Everyone should start by shutting the door, turning on the alarm and knowing who’s got a key.  Then add another lock, secure the keys and put your valuables away.