IT Tips & Tricks
Published 20 December 2021
Ransomware Causes Payroll Havoc: Concerns for Final Pre-Christmas Payday
8 Tips to Help You Protect Your Organization (Not To Mention Your Career)
As national payroll giant, Kronos, scrambles to recover from a recent ransomware attack, employees around the US potentially face the second “Black Friday” of the season — only this one won’t make anyone happy. But what can IT professionals do to reduce the risk of a ransomware attack?
For employees who are paid bi-weekly, Friday, 17 December, is the last payday before Christmas. If their employers use Kronos (one of the largest workforce management companies in the US) as their payroll company, they’re going to need to figure it out — fast — to avoid a potentially bleak situation after a ransomware attack has left Kronos “offline for several weeks,” according to NPR.org. In the interim, we offer eight tips to help you avoid a ransomware attack.
You can’t relax and rely on traditional antivirus technology. So what can you do?
Who’s Affected by the Kronos Attack?
This attack, which has affected some 2,000 organizations across the country including the likes of New York’s Metropolitan Transportation Authority, the City of Cleveland, the University of Utah, Whole Foods and Game Stop (to name a few), may have also resulted in the exfiltration of personally identifiable information (PII). The amount of personal employee information stored with Kronos varies by employer. At this point, it is unknown how much personal information (if any) was exfiltrated by the ransomware hackers, but the City of Cleveland, for example, has warned employees that the last four digits of Social Security numbers could potentially be at risk.
Who and How?
How much of your personal information are you happy to share with hackers?
It is believed the attack took place on Saturday, 11 December, but by Tuesday, 14 December, it was still unclear exactly how the attackers had been able to knock the Kronos Private Cloud software offline, although, per SHRM.org, “the outage could last several weeks.” Kronos has declined to name the ransomware group responsible for the attack.
The Aftermath
Allan Liska, an intelligence analyst at Massachusetts-based cybersecurity firm, Recorded Future, stated that should Kronos agree to pay the ransom, it could take several days to reach a settlement and put together the funds. Additionally, malware could still be left behind for future ransom demands or other exploits. “The only safe course is a complete rebuild of the server network,” he said.
We’ve previously written articles on the subject of ransomware, here, here and here. We wish there was a way to definitively end these types of cyber-attacks, but that’s probably about as realistic as expecting every member of the family to win the lottery.
What is realistic, however, are the eight tips to address ransomware protection that we promised you.
Defense Against Ransomware Attacks
1. Guardian of the Gateway
Your company’s email accounts are like low-hanging fruit for hackers. A secure email gateway solution offers multilayered protection against a wide array of threats via email. For an added layer of protection, consider sandboxing. Any email that makes it through the email filter, yet still contains unknown links, file types or senders, can be tested before it hits your network or mail server.
2. Web Application Security & Firewall Technology
Protect your web apps by filtering and monitoring HTTP traffic to and from a web service with a web application firewall (WAF). It acts as a significant line of defense against cyberattacks. New web apps and application programming interfaces (APIs) may be dangerously exposed due to web server vulnerabilities, server plugins, or other issues. A WAF helps secure these apps and the content they access.
Do you know the best place to store your backups?
3. Protect Your Endpoint Devices
You can’t relax and rely on traditional antivirus technology. As malware evolves, it’s almost guaranteed that your antivirus tech can’t keep up. If you have a first-generation EDR solution (endpoint discovery and response), it’s not affording you as much protection as you need. Opt for next-generation EDR solutions that deliver advanced, real-time threat intelligence, visibility, analysis, management, and protection — both pre- and post-infection — to defend against ransomware.
4. Backups and Incident Response
We’ve said it before, and we’ll say it again: Backups of all your systems and data should be stored off the network. This is a crucial point. Additionally, your backups should be tested to ensure that they’ll actually work if you ever need them, Also, equally crucial: Have a disaster recovery plan in place just in case you’re hit with malware or ransomware. There's some helpful information on creating a disaster recovery plan in this article.
Don’t let antivirus software lull you into a false sense of security.
- “Don’t you trust me?”
When we’re talking cybersecurity, the first response to that question should always be a firm, “No.” A zero-trust security model assumes that everyone and everything attempting to connect to your network is a potential threat. One of the most effective means of implementing this is through multifactor authentication, which requires users to provide multiple credentials before being granted access. A zero-trust policy should also include Network Access Control (NAC) to prevent unauthorized users and devices from accessing a corporate or private network.
- Break It Up
Think of your network as a pack of cookies. If you leave a single cookie on the plate, all you’re going to lose is that one, single cookie. Leave the whole pack of cookies out and you may as well wave bye-bye to them because we all know that the whole lot will be gone in five … four … three …Boom. It’s the same with a network. Segment it, partition it, call it what you will. Just break it up so that anything that may be infiltrated is in isolation from the rest of your network. This has become even more vital as Cloud-adoption increases, particularly in multi-cloud and hybrid Cloud environments.
- Cleanliness is Next to Godliness
It may sound clichéd, but the truth is that practicing really good cyber hygiene can have a huge impact. Any update or patch that is put off until tomorrow or next week, creates a vulnerability. Do you know what hackers actively search for? Yup, you guessed it. That soft underbelly that is created by those vulnerabilities.
Additionally, make sure your employees are trained. According to a 2021 report on data breach investigations, 85 percent of data breaches involve human interaction. Make sure your employees are well-trained, with regular updates on security protocols, and do not overlook your remote employees. Your people are literally at the leading edge of your network and they’re either trained to help keep your resources secure, or they’re potentially unwitting agents of disaster. The choice is yours.
Employees either keep your resources secure, or they’re potentially unwitting agents of disaster. What dictates the difference?
- Fake It ’Til You Make It
Finally, although it’s not a primary defense mechanism, one of the smartest things you can do is to employ deception technology. And yes, it’s about as sneaky as it sounds, but in a good way. It’s not going to stop the bad guys from getting in, but what they’ll gain access to is not the real deal — it’s a fake, kind of like the house of mirrors at the fair. Per Fortinet.com, “With deception technology, decoys mimic the actual servers, applications, and data so that bad actors are tricked into believing they have infiltrated and gained access to the enterprise’s most important assets when, in reality, they haven’t. This approach can be used to minimize damage and protect an organization’s true assets. In addition, deception technology can accelerate the average time to discover and address threats.”
It is less inconvenient and costly for users to provide multiple credentials than it is for the organization to suffer a ransomware attack.
Prevention is Easier than Cure
Perhaps, as Mr. Liska states, the only solution for Kronos is a complete rebuild of their server network, which would, no doubt, include heightened security measures.
With massive amounts of data to migrate, plus the fact that over 80% of data migration fail, one must consider every contingency to make sure that the data arrives at its target location, safe and intact.
One of the most common problems encountered in the data migration arena is data loss. One of the most common causes of that missing data is all the file links that get broken during the migration. If you think, perhaps, that it’s unavoidable, we’ve got some good news. You can avoid data loss due to broken links with LinkFixer Advanced™. If you’d like to discuss your data migration with a knowledgeable consultant, please call 727-442-1822 for more information. Alternatively, visit LinkTek.com for peace of mind
Feel free to share this article on your social media: