Unfortunately, we are seeing an uptick in opportunists using COVID-19 ransomware attacks across customers in many different industries.  Ransomware attacks encrypt all files on your network, leaving you with no recourse but to rebuild your system, and worst case, to start over.

How To Protect Your Business From Opportunists And COVID-19 Ransomware Attacks

There are some steps that you can take to protect yourselves that we wanted to share.  Encompass would be happy to assist you with any of these conversations, we have experience working with customers who have had to recover from critical system failures – up to and including rebuilding systems from scratch. We are happy to share our thoughts on how to harden your own systems to ensure this does not happen to you.

Backups.  Make sure you have a backup plan in place, that it is running, and that it has been tested.  Make sure your backups are not stored on your network – we have seen customers following good backup plans, but by leaving their backups on the network, have found that the backups have also been lost due to encryption.    Make sure you have recent backups, that they are stored off-network, and that you periodically run a trial restore, to ensure that the backups are indeed comprehensive – there may be critical components on other servers (custom reports, custom labels) that are not included in your backup plan.

Media and license keys. This is a great time to locate media to install business-critical applications, and that you have the appropriate license keys.  Often the software may have been purchased many years ago, and with role changes in your organization, it may not be apparent that they are not available, until they are needed.

Key reports.  Frequently generate and store copies of critical reports, ideally both on paper, and electronically that can be used to ensure your business can keep running should the system need to be rebuilt.  Things like Aging Reports, Production Schedules and other critical reports can be automatically generated and sent to an email address should they be needed during a system outage.

Business Continuity plans.  Make sure each department has ‘run on paper’ processes that can be used if needed – preprinted packing slip templates, inventory move templates, production data capture templates.  These can be used while a system is restored, and can be re-keyed once the system is online to ensure accuracy.

Be proactive.  There are things you can do to protect yourself from these kinds of attacks.  Evaluate true failover systems that allow a shadow installation to come online if needed.  Ensure you have multiple-factor authentication configured for your email systems to prevent unauthorized access.  Run anti-malware software on key servers that can detect mass file change and quarantine that program.

Recovery Documentation. Keep all documentation, receipts, expenses, emails, etc. for any legal or insurance needs in the future. Creating a folder within your email program and minimizing email subject threads are two tips for managing this process.

Quick Reference Guides. Have these created for your most critical servers and business applications. These might contain items like usernames and passwords, support contacts and other important information. Make sure to have these in printed format and kept in a secure location. Some companies put these in a fire-proof safe to protect from fire or flood damage.

Contact Financial Institutions. You will want to contact your financial institutions (credit cards, banks, retirement, etc.) to make sure they are aware of any suspicious-looking activity. The cyber crooks have your data and can easily unencrypt it to gain important information.

User Education. Educate users to bring awareness on ways to prevent future disruptions. Often times we hear of stories where an email came from a contact that looked legitimate but later found out it was a phishing scam to get a user to provide their username and password. Programs are available to help companies better prepare their user community.

Review Network Access. A regular audit of all network shares, user accounts, and security groups to close off any vulnerable access points.

Stop the Spread. Cryptoware and Ransomware spreads via network shares. Once this gets into your network, it can take over your entire business infrastructure. If you detect this is happening, immediately shut down all servers and/or pull the network cables. Doing so will increase your chances of recovering some of your data.

Contact Law Enforcement. This may not be the first thing on your mind, however, once you have neutralized the ransomware from spreading contacting your local FBI cyber criminal division is a necessary step.

Do Not Pay the Ransom. Whatever you do, if at all possible, do not send any money to them. Doing so only makes you vulnerable to future attacks. Exhaust all your resources, backups, data recovery options before paying any monies.

About Encompass Solutions

Encompass Solutions is a business and software consulting firm that specializes in ERP systems, EDI, and Managed Services support for Manufacturers and Distributors. Serving small and medium-sized businesses since 2001, Encompass modernizes operations and automates processes for hundreds of customers across the globe. Whether undertaking full-scale implementation, integration, and renovation of existing systems, Encompass provides a specialized approach to every client’s needs. By identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of Industry.

The article “7 Simple Ways to Keep Your Data Safe” was previously published by Epicor Chief Information Officer Rich Murr, here.

It’s challenging to understand how to keep your data safe and secure from hackers. Whether you’re moving your IT assets to the cloud, keeping them on-premises, or taking a hybrid approach, data security is a top concern.

Not everybody is an IT expert, so I’ve created a list of actions that even non-technologists can take to get started:

1) Simplify the Goal—Secure Your Data

Data security is like most other IT disciplines. It’s full of arcane acronyms, complex technologies, and thousands of vendors claiming they can help. All these factors can make it difficult to confidently assess risks and solutions.

Cut through the noise. Simplify your goal to:

  • Preventing  unauthorized users from accessing your data, or
  • If they do get access, being able to quickly detect and remove them

I’ve found that these two simple goals resonate with both technologists and business leaders. Filtering every security effort through this lens will get you off to a good start.

2) Find a Trusted Partner To Help Keep Your Data Safe

Wading through countless security risks and potential solutions is a daunting task. Find a trusted security partner to help. There are plenty of boutique firms ready to lend a hand. Some of the larger, enterprise-class security vendors also have credible resources you can tap.

Don’t hesitate to leverage your own network to help find experts—your peers likely face the very same challenges. Interview potential partners just as you would an employee—it’s a critical role and relationship.

So, how do you know if you’ve found a good match? If they can both explain your security risks in plain English and how potential solutions line up with the above goals, it’s a pretty good sign.

3) Don’t Install a Security Solution You Don’t Understand

The incentives to protect your data are extremely high. You may feel pressured to buy expensive solutions you don’t yet understand.

Spare yourself the headaches that come from ill-fitting and poorly implemented security solutions. Take the time to fully comprehend:

  • The problems they claim to resolve
  • How to successfully implement them
  • How to measure the solution’s efficacy once it’s in production

If you find a trusted partner, this task becomes a little easier.

4) Educate Your Employees on Their Role in Preventing Data Breaches

Employees are often the biggest security risk in an organization. Teach them how to spot phishing and other social engineering attacks. Education is one of the least expensive and most valuable data security measures you can take. Education is one of the least expensive and most valuable data security measures you can take.

Staying ahead of the hackers requires regularly refreshing employee security awareness training, making security awareness part of your staff training and development, and—ultimately—establishing clear, security-related goals for everyone.

5) Weave Security Into Your Daily Operations

Learn how to read the reports that your security vendors and systems generate. Make sure you know what actions to take based on the information they provide.

Walk around the office and ask your colleagues if they’ve received any suspicious emails. Ask your trusted partner (see #2 above) to teach your employees about some of the current top security threats and how to react to them.

Bottom line—do at least one very visible thing every single day to keep security top of mind in your organization.

6)   Identify Problems, Fix Them, and Confirm They’re Fixed

Once a security issue is brought to your attention, never leave it unexamined. Set a great example by taking each one seriously. Even simple issues like phishing emails can balloon into something very damaging if left unremedied. You should only check issues off your list of to-dos when you know for sure that the risk has been satisfactorily addressed.

7) Pin This Data Security Checklist in Your Office or Cube

It’s easy to lose sight of data security. You have a million things demanding your attention every day. Tie a string around your finger, put your watch on your other wrist, or better yet, print this list and tape it to your office or cube wall.

About Encompass Solutions

Encompass Solutions, Inc. is an ERP consulting firm, NetSuite Solution Provider, Suite Success Partner, and Epicor Gold Partner that offers professional services in business consulting, project management, and software implementation. Whether undertaking full-scale implementation, integration, and renovation of existing systems or addressing the emerging challenges in corporate and operational growth, Encompass provides a specialized approach to every client’s needs. As experts in identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of Industry.

Ransomware has emerged as one of the preeminent tools utilized by malicious actors who target the data of businesses around the world. In 2018, ransomware attacks have been on the rise. Following these critical guidelines can help mitigate the impact a breach will have on your business.

First Things First: Educating Employees

You probably already know not to open suspicious emails or click on links that look less than legitimate. That said, human nature prevails and it never fails that curiosity or carelessness get the better of some people in the line of work. Human negligence is one of the largest, if not the top, contributor to such compromising positions as viruses, malware, and ransomware. However, there are ways to mitigate risk if you should ever find yourself on the wrong end of a malicious data breach. Educating your workforce about certain email and filesharing policies can reduce risk before you encounter a breach. Conducting in-house phishing and penetration tests are other useful avenues to explore if you have the resources available. These can open up opportunities to have candid conversations about security in the workplace as well as work to identify shortcomings in your own security efforts.

An image concept of how to protect your critical business systems from ransomware. incorporating protective barriers can secure sensitive data.

Disconnect, But Don’t Unplug

One critical mistake Ransomware victims make time and again is rushing to shut down their machine at the sight of a ransomware prompt. This is a terrible response because it will make data forensics a much more arduous process for in-house or external teams attempting to unravel the source, extent, and possible resolution to the breach. In this case, disconnect affected machines from the internet, but do not turn them off.

Don’t Panic

This is a critical time and your response will dictate the course of your recovery from this unfortunate event. As with many stressful situations that emerge in life, panic rarely results in a favorable outcome. Keep your composure, collect the personnel necessary to evaluate the situation, and prepare to enact your response plan.

The Recovery Plan

You’ve been breached. This is the moment you prepared for. Follow the steps of your carefully designed plan and follow through on every step as you work towards a resolution.

There is no rubric when it comes to data breach recovery plans. Each instance is unique to each business. Sit down with your in-house security personnel or consult with an external team to develop the ideal plan of action should you fall victim to ransomware or another malicious incident targeting your sensitive data.

Evaluating Backup Data

If at this point in the scenario you have not prepared a recovery plan or create backups for your sensitive data, chances are you’re feeling uneasy about the future of operations, potential legal action, and your company’s reputation. However, this is only a hypothetical situation and you now have the idea in your head that creating a sound recovery plan in the event of a breach and backing up important files can’t wait until after the fact. Don’t wait until it’s too late to prepare your organization for a breach. Take steps towards preparing a disaster recovery plan and begin backing up your files regularly.

Call Data Forensics

Now is the time to perform an assessment with your in-house team or enlist data forensics professionals to determine the incident’s root cause, what, if any, data has been extricated from your systems, and if the malicious actor remains inside your system with unlimited access.

Contacting the federal authorities is another option that should be taken into consideration. Some cybersecurity consultants will tell you it’s a waste of time as the three-letter organizations get hundreds of reported ransomware events a day. Others will tell you it is imperative you contact federal authorities in the event you fall victim to ransomware. Alerting the authorities likely won’t have a detrimental effect on your status if you already found yourself the victim of a breach. Their experience and advice could put you on the right course to a speedy resolution.

Ransomware And Cybersecurity Checklist

  • Commit an incident response plan to paper and practice it regularly, updating as necessary alongside new threats and security technologies as they emerge.
  • Carry out ongoing penetration testing and vulnerability scanning. These are both examples of controlled probing of your own systems for chinks in your hardened systems’ armor.
  • Keep your applications and operating systems up to date with the latest patches.
  • Train your workforce in the best practices as they apply to cybersecurity. The largest contributor to breaches is human vulnerability.
  • Continuously monitor your network integrity. This includes your anti-virus and malware protection software.
  • Conduct quarterly or annual data audits and mapping to know where your sensitive data is, how it’s stored, and how best to protect it.
  • Audit your external groups and accounts for vulnerabilities. Chances are good that a third-party you conduct business with can present a vulnerability if they are not following the same cybersecurity standards as you.
  • Backup your data regularly and test your data recovery plan often. Simulated brute force, phishing, and attack scenarios can keep your teams on their toes and continuously aware of security.
  • Understand your liability, the data protection requirements, and necessary compliance regulations in your jurisdiction.

About Encompass Solutions

Encompass Solutions, Inc. is an ERP consulting firm and Epicor Platinum Partner that offers professional services in business consulting, project management, and software implementation. Whether undertaking full-scale implementation, integration, and renovation of existing systems or addressing the emerging challenges in corporate and operational growth, Encompass provides a specialized approach to every client’s needs. As experts in identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of Industry.

With so much news and industry coverage concerning information security challenges, the topic is one that is never far from people’s minds. This is especially true when sensitive financial information is being exchanged between systems. Maintaining the latest version of security tools in conjunction with these actions is essential not only for your customers’ peace of mind, but your company’s ability to maintain their confidence. TLS is one of the defining security protocols that make secure data transfer, and by proxy internet commerce, possible. Here’s a bit more background on the subject and why you should be considering making the latest upgrades to your system in order to be in compliance.

Transport Layer Security (TLS)

Transport Layer Security and HTTPS both work in tandem to encrypt the data being sent back and forth between customers and payment service providers such as credit card companies and digital wallets like PayPal.

Experiencing issues with payment processing? Upgrade your POS/PMS solution today and ensure you meet today’s Payment Card Industry Data Security Standards (PCI DSS) using TLS, and are able to process credit card payment without interruption. Not sure how to go about it? Contact Encompass Solutions experts to get your system up-to-date.

Using PayPal as an example, the payment service provider made a service-wide upgrade to TLS 1.2 just last month. The upgrade made it mandatory for businesses using the service maintain the same version to enact payment transactions through their business. This means support for TLS 1.0 and 1.1 has been discontinued and businesses maintaining those versions will find their ability to use PayPal for payments and order processing no longer in effect.

On the client side, all it takes is a properly updated browser to ensure the latest TLS protocols are in place. Here is a breakdown of which browsers and their versions are following the latest TLS protocols:

On the provider-side things get trickier. Encompass works with many manufacturers utilizing Epicor ERP software, so we’ll use this as an example. However, any similar software or ERP platforms your business operates on will likely utilize the same protocols to protect electronic data exchanges. Therefore, the practical application remains the same. Businesses operating on legacy versions of the Epicor ERP platform, primarily those on 8.3 and prior, are most significantly impacted. With many of these businesses so far behind on technology, they’re quickly realizing the true cost of waiting until the problem is upon them, rather than staying ahead of the curve with regular updates. That’s why it’s so important to maintain a recent version of Epicor, and any other ERP product, for that very reason.

You may think that a current SSL certificate is enough, but this only addresses security when it comes to incoming web traffic to your server. You need an up-to-date protocol in place that addresses the connections your server is making to other services, such as credit card and other payment services providers.

Get Up To Speed And Avoid Downtime

To begin, take a good look at your Epicor ERP system. Is it version 10.X or above? That’s a tremendous step when it comes to ensuring you’re following alongside modern security standards. Maintaining the most up-to-date version of Epicor will ensure your operations are never compromised by changing industry standards. You’ll always be caught up with industry standards as long as you’ve got your business running on the latest version of Epicor.

If that’s not the case and you’re on an older version of Epicor, you may find your business quickly being outpaced by an industry in line with every effort to maintain the most modern standards of technology and security. Because industry and commerce are constantly at odds with malicious activity in a digital landscape, it’s important to maintain a framework that addresses those potential risks and places adequate security to obstruct their path.

About Encompass Solutions

Encompass Solutions, Inc. is an ERP consulting firm and Epicor Platinum Partner that offers professional services in business consulting, project management, and software implementation. Whether undertaking full-scale implementation, integration, and renovation of existing systems or addressing the emerging challenges in corporate and operational growth, Encompass provides a specialized approach to every client’s needs. As experts in identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of Industry.