Physical Security as Protection Against Ransomware
Ransomware is now the number one cybersecurity concern, and attacks against businesses are on the rise. These pieces of malware infect computer systems, locking out the users until they agree to pay a ransom, usually via Bitcoin or other untraceable currencies.
In many cases, the only way to resolve the issue is to either pay the ransom or purchase new equipment.
Nearly 50 percent of organizations were hit by a ransomware attack in 2015-2016, according to Osterman Research. It’s a truly alarming statistic that shows that the ransomware business is booming.
Even more concerning is a recent study by McAfee Labs showed that nearly 40% of data losses involved some sort of physical media, such as laptops or thumb drives that had been stolen or lost.
So it begs the question of how do you protect yourself against an attack? Is there an optimal way to ensure that you aren’t the victim of ransomware?
The best line of defense against any form of cyber attack is to have a robust physical security presence to deter would-be criminals from accessing your critical systems and potentially crippling your operations.
In this article, we’ll take a look at some of the physical security steps you can take to help protect your business from a ransomware attack.
Control Access To Your Critical Systems
CNN reports that $209 million in ransom was paid out in the first three months of 2016 alone. Once they gain access to your computer networks, it’s very easy for sophisticated hackers to infect your systems with ransomware.
It’s imperative organizations have a comprehensive security plan and regimen in place to protect their premises, employees, and vital data. You can ensure that only authorized personnel have access to your critical systems by taking the following steps.
Control access to your facility. Controlling access to your premises by a keycard or biometric system will help to ensure that only trusted employees are allowed onsite. Keycard access keeps out unauthorized personnel who may find it all too easy to slip inside the building unnoticed and unchallenged.
On-premise visual surveillance. Having a guard on duty in your building is an excellent way to ensure that unauthorized personnel doesn’t access sensitive areas. They are able to monitor CCTV feeds while simultaneously being able to challenge any suspicious activity.
CCTV system. A closed-circuit TV system not only allows for remote monitoring of all areas of your facility but it serves as a visual deterrent for would-be criminals to attempt to gain access to sensitive areas.
Lock server rooms and cabinets. By making sure that all of your server hardware is locked in secure enclosures you’ll restrict access to your critical systems to authorized IT personnel only. The rooms themselves should be configured with proper locking systems for a double dose of security.
Attend to portable devices. Portables such as laptops, tablets, and mobile devices are easy vectors for ransomware if left unattended. Ensure that these devices are either kept on the person at all times or locked in a drawer.
Restrict access to sensitive areas. You can increase your overall level of security by creating sensitive information areas where only certain personnel are authorized to be. Clearly mark such areas with proper signage so that others will know when an unauthorized person enters.
Implement Security Best Practices
In addition to having proper physical surveillance and access control systems in place, it’s important that all personnel at your facility follow best practices when it comes to security.
Some security best practices that should be followed by everyone include:
Proper password usage. For maximum security effectiveness passwords should have a mixture of upper- and lower-case letters numbers and special characters. Yet this crucial advice is rarely followed.
Norton reports on a user password analysis after a recent hack, saying “42 percent of people used passwords that only had lowercase letters and another 16 percent only used numbers, according to the analysis penned by Imperva. Both dramatically reduce the security of the person’s login. The analysis found that the top five secret phrases were ‘123456’, ‘12345’, ‘password’ and ‘iloveyou'”.
Experts suggest the best way to design a strong password is to think of a phrase, keep the first letter of every word including punctuation, and add in numbers.
Disconnect/remove unused terminals. Unused computer terminals can be a goldmine for unauthorized users attempting to access your network.
Even though they may not be unused for long, removing these terminals and securely storing them is a small step you can take to prevent security breaches.
Challenge unbadged visitors. Visitors to a company’s premises should always wear a badge indicating they are authorized to enter the facility. Unescorted and unbadged visitors should have their presence challenged by employees.
Conduct proper security training. Ensuring that employees understand that responsibility for physical security lies with everyone will help to increase vigilance and promote proper operating procedures that will help to prevent ransomware attacks.
While physical security measures go a long way toward protecting a facility’s integrity, making sure that everyone is aware of these best practices and regularly follows them can help to ensure the safety and security of everyone.
There are many steps a company can take to protect themselves from a dreaded ransomware attack, and it begins with having a proper physical security system in place.
Controlling access to your premises, having proper surveillance including CCTV systems, and locking servers away from public access can pay enormous dividends down the road.
You’ll not only help to prevent unwanted access to your networks, you’ll also ensure the physical safety of your employees and the integrity of your premises.
Veridin is a leading provider of security services to businesses across a wide variety of sectors. From financial, healthcare and institutions through to transportation and property management industries, we have the security solutions to fit your needs. Contact us to learn how we can help bring you peace of mind.