Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FTC Shares Ransomware Defense Tips for Small US Businesses

FTC Shares Ransomware Defense Tips for Small US Businesses

The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors’ attempts to exploit vulnerabilities using social engineering or exploits targeting technology.

The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA in this Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.

“One key protective step is to set up offline, off-site, encrypted backups of information essential to your business,” the FTC said. “This isn’t something to save for a slow day at the office. Your IT team should immerse themselves in the latest advice from CISA and other authoritative experts.”

The second step, addressing the employees’ exploitable human nature, is to train their staff to recognize the tricks ransomware operators use to infiltrate their target’s network, including phishing messages that deliver malware designed to deploy backdoors on infected systems.

Also Read: What You Should Know About The Data Protection Obligation Singapore

Attackers will also drop and install malware on victims’ devices via malicious online ads (also known as malvertising) or infected sites under their control designed to exploit browser vulnerabilities.

As such, employees should avoid potentially risky sites and, as much as possible, only visit websites vetted by their companies’ IT staff.

“In addition, educate your staff on the folly of using the same password on different platforms, and consider the many benefits of multi-factor authentication,” the US government agency added.

How to deal with the aftermath of a ransomware attack

Businesses hit by a ransomware attack should limit the damage by isolating compromised devices from the rest of the network, report the attack to the authorities (e.g., the local FBI office), and notify their customers if any data was stolen before the systems were encrypted.

The FTC also provides a detailed guide with all the steps businesses have to take to respond to a ransomware attack effectively.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

This guide also includes a template notification letter for notifying impacted people whose names and Social Security numbers were stolen in ransomware attacks.

The FTC has also shared a shortlist of commonsense steps in a previous advisory published last year which would help businesses reduce the risk posed by ransomware attacks:

  • Keep your network patched and make sure all your software is up to date.
  • Back up your systems regularly and keep those backups separate from your network. Use separate credentials for your backups so that even if your network is compromised, your storage remains secure.
  • Practice good cyber hygiene. For instance, know what devices are attached to your network so you can identify your exposure to malware. Implement technical measures that can mitigate risk, like endpoint security, email authentication, and intrusion prevention software.
  • Be prepared. Make sure you have an incident response and business continuity plan. Test it in advance so you’re ready if an attack occurs.
  • Train your employees on how to recognize phishing attacks and other forms of social engineering.

Last month, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has revealed the actual scale of financial losses suffered by ransomware targets lately by linking almost $5.2 billion in outgoing BTC transactions to ransomware payments.

FinCEN’s analysis is derived from Suspicious Activity Reports (SARs) linked to ransomware incidents and filed by US financial institutions this year, between January 2021 and June 2021, as required by the Bank Secrecy Act.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us