 |
In light of the rapid advancement and evolution of hacking methods, you may be surprised to learn that an estimated 95% of ransomware cases result from end-user error, which can often upend even the best security measures and antivirus protection. Most commonly, this occurs when someone unwittingly clicks on a link in a phishing email. With this in mind, the CNYRIC highly recommends the following measures for your staff and for your local workstations:
- Implement a staff training program such as KnowBe4.
- Review your workstation access controls and limit users to a rule of least privilege.
- Require two factor authentication where appropriate.
- Maintain a centrally managed and updated antivirus solution.
- Review your email server rules and ensure that any executable extensions are stripped.
- Implement other preventive security measures as set forth in the recent Department of Homeland Security and Emergency Services document that has been shared with all districts.
- Prepare an incident response plan for your district so you know how to respond should something happen.
The CNYRIC has made a concerted effort to mitigate the effectiveness of these attacks as well.
“We are actively instituting geo-blocking of all IP ranges from countries outside of the United States and Canada,” said CNYRIC Assistant Director Rick Pollard. “The reason for this is due in large part to the significant amount of malicious traffic that we see each day that originates from foreign countries. We strongly encourage districts to purchase the advanced security features for their firewall that provide malware/intrusion detection services.”
Regarding antivirus/malware end-point protection for laptops and PC's, the CNYRIC is recommending that districts have a robust antivirus/malware solution such as Symantec or CrowdStrike (not Windows Defender) in place, and that it is fully managed and regularly updated.
