CYBERSECURITY CORNER Be Aware of Ransomware Ransomware is a form of malware that maliciously and silently locks or encrypts your files and makes them unusable. Then modern cyber-criminals demand a payment in exchange for giving you a decryption key that will unlock your priced files. However, only the ransom files are not guaranteed to be restored to their original state. One such very publicized ransomware attack took place this past May when "DarkSide" an organized cyber-criminal group known to operate from Russia, successfully shut down the Pipeline that supplies almost half the oil to America's east coast for five days. They demanded a $4.3m ransom payment from the owner, Colonial Pipeline Company. The frequency of these attacks is genuinely alarming; no organization or industry is immune to this new age of cyber-insecurity that impinges on everyone. From schools to hospitals to big corporations to tech firms to home users, we are all vulnerable. Is there something that we could do to either prevent, minimize its likelihood, or reduce its impact? The answer is yes. It all starts with practicing basic cyber hygiene at work and home. Build a shield around you and your computer and prevent ransomware from entering your system. Back up your computer. Perform frequent backups of your system and other essential files, verify your backups regularly, store your backups separately and use cloud storage if possible. Educate yourself and your organization. The County of Orange provides cybersecurity awareness training to all its personnel. Remain curious and vigilant and get informed about current cybersecurity threats and threat actor techniques. Update and patch your computer. Ensure to update your applications and operating systems with the latest patches. Unpatched vulnerable applications and operating systems are the targets of most ransomware attacks. Activate the ransomware protection option in Windows 10. Use and maintain preventative software programs. Install antivirus software, firewalls and email filters—and keep them updated—to reduce malicious network traffic. Use caution with links and when entering website addresses. Be careful when clicking directly on links in emails, even if the sender appears to be someone you know. Phishing emails are the number one port of entry into your computer. Distrust all email attachments and open them with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files. Keep your personal information safe. Check a website's security to ensure the information you submit is encrypted before you provide it. Verify email senders. If you are unsure whether or not an email is legitimate, try to verify the email's legitimacy by contacting the sender directly. Report any phishing attempt that you may suspect. Inform yourself. Keep yourself informed about recent cybersecurity threats and up-to-date on ransomware techniques. Visit the recently unveiled Whitehouse ransomware information initiative https://www.StopRansomware.gov/. Employees are the first line of cybersecurity defense within the County, and we thank you for your continued vigilance. If you have any questions, please contact: Enterprise Privacy & Cybersecurity team - securityadmin@ocit.ocgov.com Enterprise Privacy & Cybersecurity Portal - https://ocgov.sharepoint.com/Collab/SvcAreas/cyber Report Phishing E-mail - phishing@ocit.ocgov.com or Phishing Alert Button on your Outlook toolbar Report Spam E-mail - spam@ocit.ocgov.com Central IT Service Desk at 844-834-2449
20
Co unty Co n n e c t i on
