How does Cassaday & Company protect against ransomware attacks?
Cassaday & Company, Inc., is acutely aware of the disruptive threat that ransomware poses and takes greater-than-necessary steps to protect our information and sensitive client data from this type of attack.
Cassaday’s protection and action plan is formulated in such a way as to represent a “Five-Function” hierarchy, which is defined by the National Institute of Standards and Technology.
What is Ransomware?
Ransomware is a type of virus, typically downloaded in the form of a malicious file, that is executed on a computer or server. Once the virus begins the attack, it works by encrypting, or locking, individual files, or in some cases, an entire hard drive, in a way that a user will not be able to access them. The only way to regain access to these files is to pay a “ransom,” either using cryptocurrency or another form of untraceable currency, which will then unlock the affected files if paid during a set amount of time. If that time window expires, the files may be locked forever.
Physical versus Cloud Server
Initially, ransomware attacks “physical” files or those that reside on, or are saved to, a computer. Cassaday avoids this potential breach by storing all client-related files on a cloud server, using Microsoft’s SharePoint product. (To read more about the uses and benefits of SharePoint, in user-friendly language, click here.)
The decision to save files to a cloud server is important for several reasons:
- We are able to detect an attack on an individual computer before it potentially makes its way to our network.
- Utilizing a cloud server affords us the ability to employ multiple layers of data backups, as well as previous versions of documents, automatically.
- Cassaday uses a triple-redundancy backup setup, by which our system automatically makes a backup of every file on our network several times a day. There is also a trailing 12 hour backup of THAT backup, that is run and then stored offline (using a term called air-gapping) at multiple data centers.
- In the highly unlikely scenario that our documents on the cloud are compromised, we can simply revert to the backups (or previous versions) of the affected files in a matter of minutes. In the even more unlikely event that our BACKUPS are compromised, we will put the offline files back online, and revert to those backups (once the ransomware virus is completely removed, of course).
- A worst-case scenario would result only in a few hours, maximum, of downtime, as opposed to an indefinite amount of time on an unprotected network.
Utilizing Protective Software and Security Vendors
Although an attack occurs in the background of a computer or server, we utilize anti-malware protections that detect a ransomware attack and take appropriate actions, such as alerting our managed service provider (MSP) or quarantining a malicious file, without any human intervention.
In addition to using the protection software we have in place, we contract with a local MSP. This MSP provides 24-hour/7-day monitoring of our systems and can pull our systems offline temporarily to contain a threat in the rare instance that a virus may make its way past the protection software. Our MSP also runs active threat simulations to test the security measures we have in place. Additionally, we have active security assessments performed by Microsoft, as part of our contract with them.
Protecting Against User Error
Because an attack most typically occurs as a result of a fault at the user level, we have measures in place to mitigate user error as well:
- All of our internal systems use multi-factor authentication (MFA), which adds another layer of log-in protection if a password is compromised. Recently in the news was the Colonial Pipeline ransomware attack. That attack was able to occur because a Colonial Pipeline employee’s password was stolen, and there was no MFA in place to stop a hacker from infiltrating the system and running a virus program once they had the appropriate password.
- The transmission of ransomware often occurs from malicious email attachments. Cassaday utilizes Exchange Online Protection, which quarantines and scans, in real-time, all email and email attachments, both entering and leaving the system, for viruses and other malware. If malware is detected, the message is deleted. We also do not allow, internally, the most popular file types for transmissions of viruses (such as .exe and .vbs files). Email detection rules are automatically updated in real-time to catch even the most recent virus-laden attachments.
- We require regular mandatory cybersecurity training for all employees, which includes, but is not limited to, training videos, surprise quizzes, and fake spam emails (created in-house) that test the user’s ability to identify dangerous malicious email trends.
At Cassaday, we take cybersecurity and data protection extremely seriously. Not all attacks can be completely prevented, however. We position ourselves in a way to combat these threats by consistently changing and adapting our security methods to safeguard our data.