Carnage is only a mouse-click away.
That’s an inescapable reality in the age of Internet-connected digital business. Deviously smart hackers are continually creating viruses that can do everything from cripple or take over computer systems to steal sensitive data, credit card information and cash. This spring, promotional products firms suffered an onslaught of malware attacks. The menacing viruses targeted both suppliers and distributors in the $23.6 billion industry, attacking companies big and small, including firms on Counselor’s list of the Top 40 largest suppliers in the industry. The attacks occurred amid warnings from government cyber security officials in the U.S. and U.K. that Russia-backed hackers have their sights set on western businesses and individuals, though whether or not the Kremlin has been behind the malware offensive on promo firms is unknown.
In the wake of the attacks, which in some instances temporarily paralyzed promo companies’ networks, Counselor spoke with executives and information technology experts in the ad specialty space to learn a few best practices businesses can use as bulwarks against cyber incursions. Here’s what we learned.
Keep the Bad Guys At Bay
Use A Secure Email Gateway Like Mimecast: “Email is often the Trojan Horse of malware getting into your network,” said Marc Sule, CIO at Top 40 supplier alphabroder (as/34063). “A secure gateway can lower your risk by monitoring and blocking users from opening malware attachments or clicking bad URLs.”
Utilize Malware-Scanning Software that manages anti-malware policies, routinely scans corporate systems and personal computers, and alerts your IT team when malware is detected. “These services can be configured to automatically quarantine or eradicate the malware before it can spread,” said Sule. He’s partial to Microsoft’s SCCM Endpoint Protection. “Endpoint protection helps prevent targeted attacks,” said Greg Muzzillo, founder of Top 40 distributor Proforma (asi/300094).
Build Sturdy Walls: Dale Denham, CIO at Top 40 distributor Geiger (asi/202900), said networks should have firewalls that are configured correctly, continually patched and constantly monitored. “It’s critical to have a properly configured next-generation firewall with unified threat management,” added Muzzillo.
All Computers Should Have Anti-Virus Protection that’s updated in real time and makes use of heuristics and behavior analysis, said Denham. Additionally, Armughan Rafat, CTO for ASI, noted that all systems, including third party software, must be up to date on patches and feature strong spam filters.
Scan Often: “Your entire network should be scanned for vulnerabilities on a weekly or monthly basis to identify any systems that are not current,” said Denham.
Have A Plan: “Develop a quick incident response plan in case of a breach,” said Rafat.
Have Good Back-Ups In Place: If victimized by an attack, this can prove essential to recovering as much data as possible from impacted databases/applications. “Always back up your critical systems on a separate VLAN away from the production system,” said Sule. “If your production systems and logical back-ups (or even DR environment) all exist on the same VLAN, ransomware may be able to spread and encrypt them all, leaving little option for recovery. The reason for backups is to add redundancy, and to allow for business continuity and disaster recovery.”
Quarantine Devices/Systems infected with malware/ransomware from the rest of your network. “Unplug, power down, do whatever it takes to isolate the infected machines,” said Sule. “This could include severing the network with a satellite office that has been infected to protect other locations. This certainly could result in impacted business operations, but that is far better than a malware attack spreading across your corporate network.” After being quarantined, an infected device should be wiped and restored, with the restore point being somewhere before the infection. “Trying to clean the infected machine can be very costly and often is unsuccessful,” said Denham.
Consider Getting Outside Assistance: Establish a master service agreement with a cyber forensic firm. It could prove helpful in the event of an attack. “These companies can guide you through the process of recovering your data and perform a root cause analysis to determine the core vulnerability so it can be addressed,” said Sule.
Of course, cyber security isn’t just the responsibility of the IT team. Every employee has a part to play. Industry IT experts said that promo companies should guide employee behavior with the below strategies to minimize the chance of an attack threat being successful.
Be Link & Attachment Savvy: “Never open an attachment or link from someone you do not know,” said Muzzillo. Furthermore, check links before clicking on them. By hovering over a link, you can see the actual web address you’re being directed to. Make sure the link is taking you to the website you expected. “Links in scam emails may direct you to web addresses that are long, unfamiliar and use random characters,” said Muzzillo.
Utilize the Principle of Least Privilege so that users only have access to files they must have access to, said Denham.
Be Savvy With Passwords: Employees should engage in safe password practices like two factor authentication, said Rafat. “Instruct employees to never use the same password for critical systems like email and login,” Denham added.
Analyze Email Address: Tell employees to pay attention to the “To” and “From” fields in their received emails, said Muzzillo. Were they part of a mass distribution list? Is the “From” email address long and/or not apparently linked to a recognizable/common address? Does it have spelling errors or in other ways seem suspicious? If “yes” to any of these questions, then “these are warning signs of a phishing scam,” Muzzillo said.
Encourage Communication: “Make sure employees know to report any suspicious emails to a supervisor in charge and the IT department,” said Les Dorfman, executive vice president of High Caliber Line.
Remind & Consider Training: Send periodic reminders to staff about cyber security best practices they should be following. Also, consider providing employees with cyber safety training. It could be money well spent given the growing sophistication of email and phone scams that can persuade even seasoned corporate employees and customer service personnel to give out passwords, account numbers or other sensitive data that can be used to access systems and/or perpetuate identity theft. (Sensitive or confidential information should never be sent via email or through unfamiliar websites). Alphabroder, for example, has recently contracted with a company that provides anti-phishing training and mock phishing campaigns to monitor, score and identify additional training needs within its corporate user base. “Good cyber security training should cover password best practices, ransomware, phishing awareness and training,” said Rafat.