My good friend Judy Greenwald reported at BusinessInsurance.com about the National Institute of Standards and Technology (NIST) “Tips and Tactics for Dealing With Ransomware” that “NIST also recommends restricting or prohibiting personally owned devices on organizations’ networks for telework or remote access unless extra steps are taken to assure security.” The May 13, 2021 report entitled “Federal agency offers ransomware protection tips” included these comments:
Organizations should use standard user accounts instead of those with administrative privileges whenever possible, NIST said, and personnel should avoid using personal applications and websites as well as opening files or clicking on links from unknown sources.
To prepare for the possibility of a ransomware attack, NIST recommends developing and implementing an incident recovery plan; implementing and testing a data backup and restoration strategy; and maintaining an up-to-date list of internal and external contacts that includes law enforcement.
Experts have said that small and medium-sized organizations that fail to take adequate security measures are particular targets of ransomware criminals.
Timely advice given the Colonial Pipeline ransomware payment of nearly $5M!