“The Enemy from Within”

By Ryan King, CIO of Power Solutions International

Ryan King, CIO of Power Solutions International I had an experience not too long ago where a user came to the IT department and said he went to a supplier website from Japan and when he clicked on a link from the website, his whole machine started to do strange things. It was changing the items on his desktop to different extensions. What he had contracted was ransomware and it was encrypting his entire machine and would have spread to the entire network, however; his quick thinking said “remove it from the network” he unplugged his network cable. He was somewhat computer savvy and knew that he needed to do something and fast. We were able to redo his laptop and get him back running rather quickly. Damage very minimal.

 

Let me give you scenario number two: Just the other day had another company user where he submitted a helpdesk ticket and asked that a zipped file he had received from another country be opened and scanned and he said he placed it on the network. Our jaws dropped because we thought he was doing the right thing somewhat. His wrong was that he already placed it on the network. Users try to do the right thing and they want to do the right thing. We just need to take the time to train and train and train them again.

 

We have all had as IT departments those horror stories where our network is down for days or a production server is destroyed and data lost. If you have not had it, it will happen and you will experience that feeling in your gut when you have to report to your management team of what went wrong. It STINKS!

 

We have taken many steps to protect the network anti-virus, firewalls, crypto blockers, malware detectors and cleaners, scan the email before it comes to our clients email software, block and do more blocking. However; we need to train the enemy from within our “end users”. We have taken many steps however; always overlooking the obvious. Here are a few steps that we have taken and still undertake at my organization because no amount of protection that we place at our companies do more good then educating our work force to make good decisions and then after that we have educated our end users then these protective measures like the anti-viruses and other scanners can do their part and pick up where we cannot even began to know what “we do not know”.

 

  1. Debrief with your staff when you have an outbreak. Sometimes the best lessons are learned when we use the “School of Hard Knocks” as our teacher. Walk through what went wrong and what to do next time. Even the smallest outbreak can teach you from avoiding a “BIG” outbreak!

  2. Review your disaster recovery especially your backups. Nothing is better than good old fashion mock backups and restores to test your systems. We do this quarterly. We also have a person review with their own eyes each server daily and check certain log files and not have an automated system tell us what it thinks. You can even take the most crucial systems and do a daily review. Like I tell my folks the one thing that will get you fired as an IT person is bad backups and telling your superiors you really did check them. FIRED!

  3. Get with your management and request a 30 minute mandatory training with all of your end users with sign offs and educate them about the following: Do this at least once a year and make this a yearly mandatory occurrence, even if the end user has been through it before, those end users who resist are usually the ones who will get hit and then we do not want to say “I told you so”. Refresher courses are always good! You can even piggie back on the onboarding from when they are hired at the company!

    1. Opening emails period that you do not know where they came from.
    2. Good old email file attachments. Are you expecting them or know what they are before opening them
    3. Clicking on website links within an email.
    4. What to do when you see strange things – turn off your machine and contact IT. Goes as far as telling them to unplug the machine power and all cables from the back of the computer.
    5. Do not go to websites on your company computer that you are really unsure about or click on those famous advertisements.
    6. The end user needs to be aware that if they see strange things on their computer to talk to someone in IT to take a minute to review with them.

Education of our work force is what is going to be the first line of defense. IT departments overlook this most obvious defense and that is their end users!

 

Go Team!