Tech Talk News
From Your IT Professionals

October 22, 2019 - Volume 7, Issue 13
How To Prepare For A Potential Cyber Attack

Just a month ago, the news in the Philadelphia Area covered a ransomware attack on a local school district. The Souderton Area School District was forced to close the school for a couple of days and deal with the consequences. While a successful attack will almost certainly result in some down time, having proper preparations in place can help to save a lot of time and money.

What Is Ransomware?

Ransomware is a type of attack which locks up files and devices, forcing the user to pay the attacker big money to regain access to the files or devices. Then, for many, the user just has to hope that they will not be attacked again.

While all that sounds scary, there are ways to mitigate the risk of a successful attack and ways to minimize both the time and money that it takes to recover from such an attack.

The Case

At about the same time that Souderton suffered a ransomware attack, Flagstaff Unified School District in Arizona was dealt a similar blow. They too were the victim of a ransomware attack, and drew attention for how well planned they were and how smoothly the issue was dealt with. The district had a three-pronged plan to address it so well: network segmentation, backups and a plan of action in place ahead of time.

Network Segmentation

Segmenting a network means that not all devices on the network are able to communicate directly with each other. It would make it so that a smaller segment of the devices on the network that become infected would be unable to spread the issue to further devices. By segmenting their network, Flagstaff Unified was able to keep parts of their district running while the issue was being addressed.

In Volume 7, Issue 11 of Tech Talk News (which can also be found on the Newsletter page of the Ridge Support website), we discussed unified threat management (UTM) products offered by Sophos. By enabling both the endpoint antivirus and the XG series firewall from Sophos at your organization, the security on your network can learn about an infection and automatically segment the infected devices from the rest of the network, oftentimes even before the user realizes there is an issue.

Backups

With many types of issues, particularly Ransomware, the cheapest and most effective solution can be to clear and reset the device or even get an entirely new device. This is where the backups come in. Getting regular backups allows for the device to be restored to a state that it was in prior to suffering the infection, meaning that many files and settings can be brought back without the need to spend days recreating documents and/or customizing the device.

For further information on backups, please take a look at Volume 7, Issue 2 of Tech Talk News. This can be found on the Newsletter page of the Ridge Support website if it is not still in your inbox.

Plan of Action

The final piece of the puzzle is to have a contingency plan in place. This is not nearly as common as it should be. For many emergencies like fires or tornadoes, organizations create contingency plans and educate everyone on what they are expected to do in the event that such a situation occurs. Despite this, many organizations fail to implement a plan for their IT infrastructure. Wouldn't you consider it an emergency if your organization suddenly had no internet, access to files or ability to use their computers?

Flagstaff Unified had a plan of action in place. The staff of the district knew exactly how to respond and was able to minimize both the time and cost needed to overcome this emergency. In their case, the district had planned for a few extra "snow days" in the event of an issue like this, so their budget and schedule could be prepared.

If your organization lacks an emergency plan for a potentially major issue with your network or IT infrastructure, consider reaching out to your IT vendor to discuss developing such a plan.

We here at Ridge Support are happy to answer any questions you may have as well as assist with the implementation of a UTM like Sophos, the creation of backups and the development of an emergency plan. It is our goal to ensure that your organization is as well protected as possible.

Don't Forget
_
___ If you are engaging service or support with a software or third party vendor in which our services may be required, always make sure to give Ridge Support as much advanced notice as possible. These situations include but are not limited to:
  • Changing of an internet service provider
  • Changing phone service providers
  • Updating of websites
  • Software and hardware migrations, upgrades, and installations
  • Addition or deletion of user accounts
We ask this in an effort to be able to provide you with the steadfast and professional service that you have come to expect of us.
Ridge Support Technologies
610-323-3351  |   pbowman @ridgesupport.com   http://www.ridgesupport.com