It's October and fall is definitely here! The air is cooler, leaves are changing color, and Starbucks has its collection of pumpkin spiced drinks back on the menu.
October also means that its National Cyber Security Month. Now in its 17th year, as a matter of fact. And since the world is still in the midst of the global Covid-19 pandemic, with many employees continuing to work from home as well as many students homeschooling, cybersecurity may be more important than ever before.
I wrote a blog post back in February titled, "Top 5 Cyber Defense Tips to Stay Secure at Home & Work." Those tips are still very much relevant today. When it comes to online safety, it's important to remain vigilant, and periodic reminders can be very effective. National Cyber Security Month presents a great opportunity to review these tips as well as share them with employees. For example, a simple email with a few brief reminders, such as not to click on suspicious or unfamiliar links or to check an unknown sender's address, does not take much time and can go a long way in protecting sensitive and confidential company information.
In fact, earlier this month, the U.S. Treasury's Office of Foreign Assets Control (OFAC) issued an important advisory regarding ransomware attacks. Ransomware impacts all industries and results in potentially crippling consequences for many companies. Therefore, it has long been a concern for all types of organizations, both in the United States and abroad. Unfortunately, ransomeware attacks have also significantly increased in recent years. In its recent advisory, OFAC notes that this year’s new wave of ransomware attacks have been “more focused, sophisticated, costly, and numerous.”
Ransomware is a type of malicious software, or malware, whereby an attacker encrypts a victim's files and then threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. The result is that many companies are forced to pay the ransom.
OFAC seeks to disincentivize cybercriminals by targeting their revenue sources. In its advisory, OFAC makes clear its view that payment of a ransom encourages future ransomware attacks. The advisory also states that the payment of ransom requests provides criminal and terrorist organizations with funds which threaten the United States’ national security and foreign policy interests. As a result, OFAC is warning companies who have been or might be a victim of a ransomware attack that making a ransomware payment may be in violation of OFAC sanctions regulations, particularly if such payment is to any organization listed on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List), other blocked persons, or those subject to embargoes.
In conclusion, companies would be well advised to educate their employees on ransomware attacks as part of their overall cybersecurity training, as well as update any internal sanctions-related policies and procedures. So, although there's still time to grab that pumpkin-spiced latte, consider training employees and making any necessary updates before the leaves have all fallen, otherwise it may be too late.
For detailed information on this critical new development from OFAC, see the link to OFAC's five-page advisory here.
For more information on National Cyber Security Month, as well as additional tips and resources that can be shared with employees to reduce cybersecurity risks, see here.