Ransomware is of increasing concern to medium and large publishers.
Ransomware is a type of malware that restricts access to the infected computer system in some way; usually by encrypting your files, and demands that the user pay a ransom to remove the restriction. If you don’t have a backup you have to pay the hackers to gain access to your data.
Sony Pictures is one media company that was affected by a ransomware attack.
Often a system is infected by a phishing attack where a user inadvertently downloads malware or inadvertently provides a hacker with their user ID and password.
Information on Ransomware
Advice For Large Publishers
At Kensai we recommend that large publishers consult with internet security specialists from E&Y or PWC. Very large publishers should consider Accenture.
- Ernst & Young Cyber Security: http://www.ey.com/gl/en/services/advisory/ey-cybersecurity
- Price Waterhouse & Coopers: http://www.pwc.com/us/en/forensic-services/video/cyber-security.html
Protecting a book publishing software system against such intrusions requires multiple levels of protection.
Staff should receive instruction in best practices for internet security. Over 95% of security breaches are caused by an employee inadvertently providing their user name and password to a hacker.
Backup your data
Restoring a backup file can often negate the extent of a ransomware attack.
Internet Security Software
It starts with ensuring that every workstation that accesses your system has internet security software running. Internet security products can deny access to clients (local or remote) not running internet security software. For small and medium sized publishers with security concerns we recommend using Symantec Endpoint Protection Cloud. Enhance this by also using Malware Bytes Endpoint Security. Malware Bytes; like Sophos Intercept X, is designed to detect and stop ransomware attacks.
Medium and larger sized publishers should consider products such as Sophos Intercept X. Intercept X includes technology that detects spontaneous malicious data encryption to stop ransomware in its tracks. Even if trusted files or processes are abused or hijacked, this technology will stop and revert them without any interaction from users or IT support personnel. It works silently at the file system level, keeping track of remote computers and local processes that attempt to modify your documents and other files.
We recommend cloud managed hardware firewalls. Hardware firewalls are harder for hackers to breach. A cloud managed firewall includes hardware that needs to be connected to the network. The firewall is managed through the cloud by a service provider. Managed firewall services provide 24×7 firewall administration, monitoring, and quick responses to any malicious attacks.
Your company should enforce secure password specifications. This includes minimum character length, the exclusion of dictionary words, and a requirement that passwords be changed periodically.
Two Factor Authentication
We recommend two factor authentications for all email access logins and system logins. In addition to a user name, and password a third identifier such as a passcode sent to the user’s phone or a smart card is required for system access. Two factor authentications for system administrator logins should be required because these users have access to all systems.
Segment Your IT Systems
We recommend that large publishers segment their IT systems so that hacking one system does provide access to all segments of their IT infrastructure. Ransomware attacks are often successful because obtaining a single IT administrators password provides access to the entire system. Best practices call for software (i.e. folder access rights) and hardware (server access) based system segmentation.
An example of system segmentation is storing royalty contract documents on a separate physical server. The hard drive is encrypted. Access is limited to those with a need to know. Out of 400+ users, only 30 users; including the system administrator have access to this server and the royalty contract files stored there. The system administration has a separate username, password and utilizes 2nd factor authentication for accessing this server. Country-blocking is activated so the server cannot be directly accessed by users outside the home country. The server is backed up daily using two online backup services and monitored by Sophos Intercept X.
Employee laptops should have encrypted drives. This will prevent unauthorized users from accessing data stored on a lost or stolen laptop. We recommend services such as Absolute LoJack for Laptops that allow the IT administrator to remotely erase drives on misplaced laptops.
Locate servers in secure rooms with keyed access.