Why Are Religious Organizations Under Cyber Attack? – Part 2
Can your organization effectively manage the following scenarios?
- Hackers take control of your networks and websites.
- Hackers encrypt your files and hold them for ransom.
- Hackers steal identity and financial data.
Part 2: Adopt These Cyber Security Best Practices:
As religious organizations worldwide implement – sometimes hastily – remote work/work-from-home protocols and practices, there are a handful of critical security issues that must be understood and addressed. Work of any type extends the reach and risk exposure of an organization’s IT. Thus, system intrusion and compromise can become more likely, whether it is by hacking, phishing, ransomeware, human error or a combination of all of these factors.
The following list of scenarios, terms and practices comes from a career advising the financial sector.
Malware/Hacking: Are terms to describe various ransom or spyware, viruses or worms used by hackers to illegally damage or gain access to computers, mobile devices or networks. Malware attacks or infections are motivated either by espionage, financial gain or ideology. For example, changing website content, using phony pop up messages or exploiting software vulnerabilities ( e.g. Microsoft Windows 7).
Phishing: Is the practice of sending emails ostensibly from a trusted source in order to induce targeted individuals (spear) or bulk recipients to respond and reveal protected data. Phishing emails instruct recipients to click on a link or download an attachment, such as familiar pseudo names suggesting your account is in arrears or requesting donations. These tactics are known as social engineering.
Ransomware/Doxware: Are terms to describe a cyber attack that encrypts computer data or files and then demands payment. Doxware copies confidential, personal, privileged or sensitive data, thereby allowing attacker’s to also publicly expose this information if payment is ignored.
Inventory all computers, mobile devices, routers and firewalls in order to:
- Ensure all firewalls are properly configured to monitor incoming and outgoing network traffic.
- Ensure updated spam filters reduce phishing attacks.
- Ensure anti-malware and anti-virus software is running 24/7 on every device and system.
- Deploy Back-Up and Continuity Management Services that back up and encrypt data to cloud-based services or external hard drives.
- To defend against ransom/doxware attacks to roll back data and files to a pre-attack state.
- To ensure critical data and files can be further isolated to add another layer of security.
- To allow for centralized IT management to regularly update all security patches, software and operating systems.
- Ensure a culture of cyber security exists.
- Quarterly train all staff and volunteers how to detect and avoid doxware, malware, phishing and ransomware threats.
- Revise cyber security practices, personnel and appropriate commercial risk insurance policies.
- Reduce Digital footprints. Personal data can be aggregated from many innocent sources and then weaponized.
- Update privacy settings for all apps and social media profiles to reduce data collection.
- Use VPNs that offer secure encrypted tunnels and data use logs.
- Consider privacy screening services to manage and remove personal data from online profiles and websites.
What Do You Think?
I am the author of this article and it expresses my own opinions. I have no vested interest in any of the products, firms or institutions mentioned in this post. Nor does the Analyst Syndicate. This is not a sponsored post.