To All Local Union Officers:
Due to the COVID-19 crisis most of our local unions have been forced into a remote working environment. The growing spread of malicious programs and computer viruses was already rampant before all of this and now it is increasing to an all-time high. At least one of our local unions has been attacked by ransomware and forced to negotiate a settlement in order to regain access to their information.
In light of this situation I have asked the International’s computer consultant to provide our Locals with suggested best practices and that memo is below for your reference.
James B. Wood
End-user email/web browsing best practices:
Email phishing attacks are getting more sophisticated and dealing more serious damage. Please keep in mind these important tips. Remember, these should apply even when email or links appear to originate from people you know.
1. Be suspicious of warning messages about account lockouts. These tend appear to be from a legitimate company like your bank or Microsoft, and demand action like clicking on a link.
2. Ransomware attacks are designed to get you to click on a link in an email or download an attachment that will start to encrypt the contents of your drive and any mapped network drives. Most versions will then automatically try to propagate to all computers on the network. If anything about an email looks suspicious, check with the sender using a new email message.
3. Don’t open attachments that you weren’t expecting or aren’t typical from the sender you received it from.
4. If you are unsure about a link, hover over it. If it is different from the link text in the email, or if you don’t recognize it, don’t click it. Check with the sender first using a new email.
5. Be skeptical of jokes, forwards, shortened URLs, and short messages like, “check this out” or “here is the link you asked for.” Check with the sender first using a new email.
6. When sending a message that contains a link or attachment, let the recipient know you intended to send it with an accurate subject and description in the body, and maybe a full sentence or two so they know it is legitimate.
In addition, please ensure that you:
- Keep regular backups of important files.
- Make sure your machine is downloading and updating windows updates regularly. Most Windows 10 systems are set to automatically check, but you have to reboot occasionally to get them to install.
- Make sure your antivirus is being updated regularly. Windows now has built-in antivirus (Microsoft Security Essentials) if you don’t have a third party tool. Macs should also have antivirus software installed.
- Limit web browsing to known, reputable sites. If you don’t know a site and can’t verify it with another user, don’t visit it with your work machine, even with an incognito browser.
- If you connect to servers via remote desktop to a server, do not casually browse the web from the server or from your local machine unnecessarily. You risk infecting yourself and the server
- Do not keep drives mapped to a server if you are not using them, since viruses can easily propagate across such mappings. (This is acceptable for OneDrive, Google Drive, DropBox, and similar services).
Administrative end user IT security controls:
- Implement a security awareness training program through a known security LMS vendor to ensure that users have the proper training for basic computer usage, email, and web browsing. If you don’t have a training system or don’t have budget to add one, then send out email security reminders. Get your end users accustomed to asking for help with suspicious emails or web sites and reporting possible issues to your security team.
- Enable Multi factor authentication on all systems that support it for at least administrative users, and all users if possible. This is especially important for email systems such as Office 365 or Gsuite.
- Ensure all end user machines have proper updated endpoint security. If they have DNS security such as Cisco Umbrella, make sure that is rolled out on the remote machines.
- If users have work-issued machines, require that they only do their work on the work-issued machines and leave all personal activity (shopping, Facebook, entertainment) for their personal machines.
- Make sure all machines used for work are set to automatically install the critical windows security updates or else have the IT admin push out these updates after they are validated by IT.
- If you are utilizing a VPN, ask users to not browse the web or use any non-work functions while connected to the VPN. Depending on company policy, this can be automated.
- Ensure users are not saving any files on their home machines and that all data is still being stored in approved locations, such as OneDrive or a corporate file share. If users are working on corporate equipment, consider encrypting the content of specific drives or folders if sensitive information is being stored.
IT systems controls:
- Limit all changes to internal systems to critical maintenance and updates. For servers, continue to perform monthly critical patching during planned maintenance windows.
- Monitor the internal network and systems to ensure functionality. When people are not in the office it makes it harder to tell if there is an issue. Look for redundant systems running in failover mode such as a firewall that fails over to a secondary line. Remediate these quickly to stay ahead of a second failure resulting in downtime.
- Verify all backups are running correctly on their proper schedules.
- If you are not using collaboration software services, this is a good time to consider them. For example, Microsoft Teams is secure software for collaboration and video conferencing within the Office 365 services suite. Google offers similar options.
- If you have remote access software to allow troubleshooting user machines remotely, make sure it is installed on issued equipment.