Recently, there have been some ransomware attacks on library systems – Seattle Public Library, Toronto Public Library, Hamilton Public Library, the British Library … and probably a few others. In addition, local governments are experiencing the same things, and this can also affect a city library.
Closer to home, Wichita and the Kansas Court System have both experienced ransomware attacks.
Ransomware attacks are pretty nasty, and it makes sense to do as much as you can to protect your organization against these types of attacks. What can you do to help prevent them? Quite a lot. Here are some ideas to help tighten up your cybersecurity:
Up-to-date software. After awhile, software companies no longer support older software. So it’s good to do those updates and upgrades. Some of those updates are security patches that help plug holes or inconsistencies that the software company discovered.
Awareness training. Unfortunately, staff are the weak link when it comes to ransomware attacks. So it’s a good thing to educate staff on simple things, like how to handle suspicious emails, etc. We use KnowBe4 to help with that. It provides online training, and also sends fake spammy emails, and keeps track of how staff respond to them. It’s a handy learning tool.
Vishing too. Vishing is similar to Phishing … but uses a phone call instead of an email – the caller convinces the staff person to enter a username and password at a phony website … and then they can use that username and password to access the network, etc. KnowBe4 includes this as part of our training.
Two-Factor Authentication. Turn that on whenever you can. Two-factor/multifactor authentication needs more than one thing for logging in – i.e., a username and password, but also something else, like a code sent as a text message, using an authenticator app, etc. We do this for Microsoft 365, and found out that some of our staff don’t have a cell phone – so they can’t necessarily use two-factor authentication. So we’re exploring other ways to help with this, like a separate USB dongle that acts as an authenticator key. Fingers crossed this works! Prince has a blog post about using two-factor authentication in Library Management Systems – might be worth exploring!
Strong passwords. Just a reminder here to not re-use the same password everywhere, to update passwords regularly, and to create strong, unique passwords.
Regular backups. If you can back everything up every day, that can help a lot with ransomware attacks – because you can just revert back to the last backup, and you won’t lose everything. But that means frequent backups, in multiple places – onsite, offsite, etc.
Set up good email spam filters. A lot of ransomware attacks start via spammy emails. So make sure you’re using good email spam filters.
Zero trust approach. “With zero trust, the system starts by assuming that the device or user requesting access is not authorized. It requires proof of authorization, such as using multifactor authentication.” (From https://www.proof.com/blog/how-to-protect-your-business-against-ransomware-attacks).
There are other things to do, as well. Will these steps ultimately protect your organization from ransomware and all other cyber attacks? While I can’t really predict that, I can say following these steps will definitely help!
Articles for more info:
- 11 Things you can do right now to protect your business from a ransomware attack
- How To Protect Your Business Against Ransomware Attacks
- 7 Steps to Help Prevent & Limit the Impact of Ransomware
- How Can I Protect Against Ransomware?
Image from pxhere.com