Best Practices Weekly Summary for Week of July 29, 2016

Cyber Security Best Practices to Prevent Data Exfiltration in Wake of DNC Email Hack

Recently 19,252 internal emails from the Democratic National Committee were released to the public.  This is known as data exfiltration, the unauthorized copying or transferring of sensitive data from a server or network to another location.  The effects of this type of event can be extremely damaging to governments, businesses and individuals, so it is important to implement prevention techniques.

Here are a few of the tips Trendmicro offered for protecting systems from a Business / Enterprise level:

• Keep everything patched and updated.  Vendors send out patches to address vulnerabilities, so it’s important to keep systems up to date.
• Social Engineering is often used to gain entry into a system.  Employees should be trained to be aware of social engineering techniques.
• Implement strict security measures and continuously update them as necessary.  

Consumers should also be take some measures to prevent their data as well:

• Keep track of banking and credit transactions for any unauthorized charges.  
• It’s important to use security software, such as antivirus, and to keep it updated.
• Make sure to use different username and passwords for accounts.  This will protect against multiple accounts be compromised instead of just one.

Sources: Anatomy of a Data Breach (TrendMicro), Data Exfiltration in Targeted Attacks (TrendMicro), Grand Theft Data (McAfee) (SHA1 – 89DF98A0FB394939CC5C5D4CD9394F14)

NoMoreRansom! Site Launched to Combat Ransomware

A joint private and public sector initiative was launched to address the growing issue of ransomware.  The site, www.nomoreransom.org, is supported by the Dutch National Police, Europol, Intel Security and Kaspersky Lab.  It currently gives users access to 4 decryption tools that might help recover data that has been locked.  

Prevention is the most effective method to combat ransomware.  No More Ransom! contains a section with advice and best practices users can follow to protect their systems.  If a person is a victim of ransomware, the website also provides information on they can report the crime.

Sources: No More Ransom!, Public, Private Sector Team to Fight Ransomware (ThreatPost), Law enforcement and IT security companies join forces to fight ransomware (HelpNetSecurity), Europol Declares War on Ransomware (Security Week)

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu