The thing about the Cooke County, Texas, cyber attack is that it was a ransomware attack AND a data breach. In fact, these two things go hand in hand more often than not. Understanding that is key to creating the long term cyber security practices you need to keep your business safe.
In Case You Missed It: The Cooke County Cyber Attack
In July 2020, cyber criminals launched an attack against Cooke County Sheriff’s Office (CCSO). According to a report by the Gainesville Daily Register, the attackers used a ransomware program to access both current and archived CCSO cases. About 2,000 people were impacted by the breach.
The Access Before the Breach
It’s easy to think of a cyber attack like Cooke County’s as a single event: Hackers gained access, stole data and made a threat (that’s where the ransom comes in). In reality, criminals gain access to systems long before most attacks.
They will plant software that takes advantage of some vulnerability on the system. Then the software “phones home” to a server controlled by the bad guys. They will then crawl your network, taking any data they feel has value. Once they have pillaged your network of all they want, they will then send a command to encrypt all your data. Sometimes, if the stolen data is especially juicy, the bad guys will threaten to release the data to the public, if you don’t pay the ransom!
How Phishing Is Part of Most Cyber Attacks
With the data they’ve already gathered, cyber criminals craft realistic looking emails and send them to people in your business who have access to the more valuable information they need. Hackers don’t need to crack your 17-character password if they can trick you into clicking a link and letting their bot in the back door.
It’s not always an email. Increasingly, text messages or even phone calls are used by cyber criminals to trick people into taking actions that breach their systems. They make them convincing with the information they’ve gathered on your business and employees. They might pretend to be a vendor, or mimic email from software you use (and get emails from regularly). They can even spoof one of your company’s email addresses to trick one staffer into thinking they’re doing something at the request of another.
As anti-malware and antivirus software and other protection software has become more effective, it is increasingly people that unsuspectingly give cyber criminals access to the information they desire: personally identifiable information (PII).
Invest in Cyber Security: Don’t Be the Next Cooke County
When it comes to cyber security, many small business leaders are like a deer in the headlights — frozen by what they see (and hear) but unable to move. And when they do move, it’s not quite fast or far enough to avoid getting hit. Here are three things you can do TODAY to get moving toward better cyber security.
- Put cyber security on the agenda. Think you’re already covered? Great. Review your systems, get an independent audit and ask the hard questions. Starting from scratch? Your fastest route forward will be with a security focused MSP or an MSSP that can review your needs and set up a plan that meets both those needs and your budget.
- Rollout out an “ask first” policy. Talk to your team about phishing and make sure everyone knows that, when in doubt, ask before taking action. That means creating a culture that when the intern gets an email from the CEO telling him to buy Visa gift cards and email the codes on the back ASAP (an actual phishing ploy), the intern can resist the pressure to act and verify whether the email is real. HINT: There is no valid reason why anyone would need you to buy gift cards and send them the codes on the back.
- Change your password(s) now, and often. If you are like most people, you use the same password for multiple accounts and have been using it since you made your first online account. Change them. Now. Use different, strong passwords for your accounts and change them regularly. Worried about remembering them all? Use a secure password bank, like LastPass, that remembers them for you. Roll this out in your company too.
That’s not all it takes to be secure, but it’s a good start. Like any part of your business, your cyber security needs to have a plan that’s considered, documented, implemented and maintained over time.
Need help? Book a no-pressure consultation with our team to discuss your business.
2021 Ransomware Response Checklist
Know what to do if you are hit with a ransomware attack! Get this free, easy-to-follow checklist to post and share with your team.