Creating a detailed disaster recovery plan (DRP) can be a daunting and complicated task. Begin forming your plan by including the following five essential steps.

The latest phishing campaign targeting the industry involves a convincing looking Evernote landing page.

Information rights management may become the last line of defense when a hacker tries to gain access to your document. Will your security hold up?

Trying to prevent ransomware at your organization? Having backups in place and an incident response plan are only part of it. Here are some tips on preventing and mitigating ransomware attacks. According to a report by RiskRecon, publicly destructive ransomware events grew over 5x from 2017 to 2021. Ransomware is a type of malware that will block your legitimate access to a system until you pay up a certain amount of ransom or circumvent the attack through other measures. It encrypts the victim’s files, making them inaccessible, and threatens to delete them if the ransom isn’t paid. A recent ransomware attack hit farming equipment-making giant AGCO after the FBI warned that ransomware attackers are planning more attacks. Such attacks can be even more detrimental to the public when they attack hospitals, financial institutions, defense organizations, etc. Ransomware is generally delivered to the victim’s system through phishing, making an unsuspecting user click on a malicious link. Once ransomware is installed on the device, it starts encrypting files and sends an extortion note to the victim. What makes ransomware even more worrisome is that in many cases, attackers don’t unlock the data even when the ransom is paid. Businesses of all sizes are increasingly targeted by ransomware attacks, including small to medium-sized enterprises (SMEs). To make sure your system doesn’t get infected with ransomware, follow these simple tips. 1. TAKE REGULAR BACKUPS Ransomware works by encrypting and blocking your access to important data. If you have a current backup of all important data, there is less reason to worry. If you are ever hit by a ransomware attack, you can revert to a previous unencrypted version to regain access to your systems and data. Your backups should be stored offline and at a location where they cannot be targeted by attackers. Test your backups regularly for efficiency. If you do face an attack, make sure the backup isn’t infected before you roll back. Having a backup is probably the most important line of defense against ransomware. 2. USE A RANSOMWARE PROTECTION SOLUTION Use a ransomware threat protection software solution that is designed to detect and block threats. For instance, Digital Guardian’s ransomware protection solution filters out noise and provides deep visibility into advanced threats. 3. BEWARE OF PHISHING ATTEMPTS Ransomware is most commonly spread through phishing. Make sure you or your team doesn’t click on untrusted links. Most phishing attempts are done through emails so it’s important to avoid suspicious emails. Phishing awareness training should be given not just to the IT security team but to all employees of the organization. 4. SANDBOXING Sandboxing all communication, especially emails, can add protection to the system. Since human errors cannot be completely avoided, having a secure email gateway solution can be helpful in keeping your system ransomware-free. There must be email filters in place that filter out emails that might contain suspicious links or unknown file types. 5. CREATE AN INCIDENT RESPONSE PLAN With an incident response plan in place, the IT security team will know what to do if they do encounter a ransomware attack. The plan should define the roles and responsibilities of personnel along with the steps that need to be taken. It should also define the communication that needs to take place and stakeholders that need to be informed about the attack. Some actions defined in the incident response plan could be: • Communicating the attack details to customers and/or other affected parties • Steps to restore the data that has been lost • Steps to rebuild the network and computer systems When there’s a carefully designed plan, there will be no panic in case of an attack and the situation can be managed more easily. 6. HAVE THE RIGHT WEB SECURITY/FIREWALL TECHNOLOGY With a firewall, you can monitor and filter HTTP traffic to a web service. A firewall is the first line of defense against cyber-attacks. When your company uses web applications and APIs, you might be exposed to malicious traffic. With a firewall, you can filter out potentially harmful traffic. Make sure your firewall protects some specific ports such as RDP port 3389 and SMB port 445 as many ransomware attackers use these ports. A properly configured firewall will not just protect you against ransomware but also against other kinds of malware and other cyber threats. 7. KEEP YOUR SOFTWARE UPDATED This is a general line of defense against all cyber-attacks. Since software developers keep coming up with patches and bug fixes, keeping your system updated will cover all loopholes before they could be exploited. Whether it’s the operating system or other software that you run on your network, keeping them on auto-update will reduce your chances of being infected by any malware, including ransomware. IF YOU STILL GET ATTACKED While we have discussed ways to avoid being attacked by ransomware, if you still get attacked, the question is: should you pay? If you have an incident response plan and regular backups, there is no reason you’d have to pay. However, if you don’t have an updated backup and are being asked to pay up, it’s best to discuss these matters with law enforcement agencies. The FBI has expertise and insights on these matters, and they can guide you on what should be done next. You might also want to try some decryption tools to see if they can unlock your data. Some experts warn against paying up to ransomware attackers because there is no guarantee that your files will return back to their original state after you pay the ransom. In such a scenario, try getting help from law enforcement agencies. Following the best practices mentioned here will help you stay safe from ransomware and avoid being targeted.

Intellectual property protection requires more than filing a patent or submitting a copyright; you have to train your staff to be diligent in IP protection.

The OSI model includes seven layers that computer systems use to communicate over networks. Learn about the OSI Model layers and how they interact in this blog.

Learn about Security Information and Event Management or SIEM, how an organization can get the most out of its SIEM technology and best practices for implementing a solution in this blog.

Attackers continue to find clever new ways to disguise phishing emails. Here are 10 different ways you can identify a phishing email.

SIM swap scams are on the rise--here's everything you need to know about them and how you can prevent them from happening to you.

Combining data loss prevention, data classification and digital rights management is key to shaping the future of data protection.

What is intellectual property? We define the term and explain how IP negligence and infringement can harm your organization.

A new lawsuit alleges this consultant stole a library of data from his former employer - copying it from cloud storage to a USB drive - to start a competing firm.

Having a Digital Rights Management tool can help your team collaborate in the cloud while meeting compliance needs and adhering to your organization's data security policies.

Learn about VPNs, why organizations are using them so much more, and what IT leaders can do to help ensure their security.

No one wants to think they have an employee or third party that is an insider threat, but mitigating these risks before they turn into complete attacks is key. What Is an Insider Threat? An insider threat is a malicious or negligent individual that is a security risk because they have access to internal information and can misuse this access. External actors aren’t the only ones who pose risks to an organization’s cybersecurity. An insider threat is a peculiar security risk that originates from within the company, either deliberately or due to human error and carelessness. Hence, the insider threat poses the conundrum that an organization’s biggest assets can also be a source of risk. What makes insider threats dangerous is the fact it is perpetrated by someone who has a relatively intimate knowledge of the company’s operations and therefore knows the lay of the land. According to the 2022 Ponemon Cost of Insider Threats Global Report, insider threats have grown by 44% in the past two years alone. In addition, its cost per incident has ballooned up to $15.38 million, now a third of the previous amount. Who or What Is an Insider? As its name implies, insider threats arise from users who have legitimate access to an organization’s resources. This often includes information, equipment devices, personnel facilities, network, and system access. Most often than not, this person is usually an employee, but they can also be a third-party contractor or vendor. In short, anyone who works directly with an organization can pose the risk of being an insider threat. The following are some examples of insiders: An individual who has been provided with a badge or access device like a contractor, vendor, or partner. An individual in who an organization has placed an implicit amount of trust in, with privileged access to varying degrees of sensitive information. An individual a company has provided some sort of computer and/or network access to. Terminated or resigned employees who still have credentials or enabled profiles. High-privilege users like programmers and software developers with access to data through a staging area or development environment. A vendor or contractor who has some type of exclusive knowledge about an organization’s operations, fundamentals, business strategy, and goals either through providing products, services, or having privileged access to their secrets. A government official or someone working for the government who has access to classified information that has national security implications if compromised. Types of Insider Threats Insider threats can come from anyone and from any level of the organization. However, those who perpetrate it successfully often have high-privilege access to data. Insider threats can be divided into two categories based on the intent: those that pose a risk unwittingly and those intentionally being malicious. 1. The careless insider: This activity borders on negligence when the insider unwittingly exposes the organization to outsider threats. These are often the result of unintentional mistakes, the most common of which are falling for phishing attacks or scams that infect the system with malware.Others include leaving misconfigured databases, poor administrative credentials, and improperly disposing of sensitive company documents. The pawn: These are the unknowing group of insiders that have been manipulated and deceived to harm the organization. They are individuals who fall prey to social engineering or email spear-phishing attacks that make them give up their login credentials or click on harmful links that download malicious payloads. The goof: These are insiders who put companies at risk due to their frivolity born out of incompetence, ignorance, or carelessness. 2. The mole: This individual is an imposter who nefariously gains insider status. This person might pose as a vendor, partner, or employee to gain privileged access to the company’s network or premises. 3. The malicious insider: Malicious insiders are the most dangerous category of insider threats. These are often employees, but they can also be contractors, vendors, or partners. They intentionally try to harm their organization by abusing their position either through malicious exploitation, stealing information, misusing data, abusing credentials, destroying data, and/or compromising networks. The collaborator: A subset of the malicious insider is the person who collaborates with outsiders to commit an insider crime. They can partner with their company’s competitors, organized crime groups, or even nation-states. The objective could be to steal customer information, personally identifiable information, trade secrets, business operations, and intellectual property. The lone wolf: These are independent actors who aren’t actively influenced, supported, or controlled by any external parties. These categories of malicious actors are usually dangerous because they are often highly motivated and singularly driven in the pursuit of their goal(s). Because they are confident they can pull off their nefarious acts alone; they are individuals who often have elevated privileges and high levels of access, such as systems administrators. Why Insider Threats Occur Most of the time, employees don’t join organizations with the intent to inflict harm on their company. Over time, greed and/or the accumulation of personal grievances, with the desire for revenge, eventually turn some individuals into malicious actors within an organization. The vendetta of intentional threats is manifested in various ways such as sabotage, espionage, corruption, and theft; and they are most often expressed in hostile cyber acts. Moreover, a combination of factors has equally heightened the propensity for insider threats to occur. Among these is the increased relevance of information-sharing and distribution of sensitive information, which provides disparate individuals with greater access to critical data. Insider threats are often surreptitious and not immediately detectable. They can even go on for years because they are notoriously difficult to uncover. For instance, the Canadian finance company, Desjardins Group had to settle a class-action lawsuit for $201 million. This was because a malicious insider capitalized on the seemingly benign but foolish company process of copying customer data to a shared drive so everyone could use it. The insider copied the data for over two years without detection until 9.7 million records were publicly disclosed. How Can I Detect Malicious Insiders? There are no foolproof ways to detect who has the potential of becoming an insider threat to your organization. But insider threat prevention requires marshaling resources to detect the elements that indicate an insider threat is likely imminent or possible. People as Sensors People are the first line of defense, especially in the identification and detection of potential insider threats in their fellow colleagues. Employees are more prone to carry out attacks against their employers when they are under a series of stressors. This pressure and stress can make them careless on the job and even grow to become disgruntled employees. Thus, they became prime targets and vulnerable to criminals and foreign agents. Therefore, it would behoove employers to be on the alert for employees or insiders who exhibit certain concerning behaviors. Detecting and addressing these concerning behaviors early, then providing help, can make the difference between a loyal employee and an insider that commits a harmful act. Monitoring Insider Activity In addition to human observation and sensors, technology can also be used to detect vulnerabilities in the system that indicate the potential presence of an insider threat. For instance, if an employee seeks access to documents that have nothing to do with their job function or roles, then the system should be able to flag such activity. Insider Steps Toward Malicious Activity Stress may be a contributing factor to an insider threat, but it’s disingenuous to blame it alone for destructive and disruptive acts of sabotage. Those who study insider threats emphasize that its rarely spontaneous, but rather an evolution that moves through several critical pathways:

HelpSystems' new Director of Product Management, Data Protection, Wade Barisoff, gives his first impressions of RSA Conference 2022.

Learn about the CIA Triad and why it can be a helpful model to guide policies for information security within an organization.

Data analyzed this week highlights the percentage of data breaches carried out by insiders at law firms in the U.K.

A new cybersecurity alert is encouraging organizations to strengthen weak security controls commonly used by attackers to gain access to systems.