Plan to Resolve the Ransomware Attack in Our Organization Paper Example

Data collected in the healthcare sector are always very critical as they are guarded by the HIPPA Act. The HIPPA Act outlines the privacy rules which requires appropriate safeguards to be put in place to protect the privacy of the personal information as well as set limits and conditions on which the data can be used or disclosed (Kharraz et la., 2015; Kruse et al., 2017). Thus, in this case, the HIPPA Act has been breached, and the appropriate measures must be taken as per the HIPPA standards to inform the victims of the breach. Nonetheless, as the network administrator, I will follow the below steps to resolve the malware attack.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Reboot windows 10 to safe mode. This is achieved by holding the shift button and clicking Restart. The computer will restart giving three options: continue, troubleshoot, and turn off. To reboot in safe mode, select troubleshoot which brings the advanced options from where we select the startup settings then restart. The computer will boot out of BIOS and display a list where we press F4 to start the PC in safe mode (Sittig & Singh, 2016).

Install anti-malware software. After loading safe mode, an anti-malware program such as Malwarebytes or HitManPro is installed on the affected PC's to find and remove the ransomware.

Scan the system to find the ransomware program. The passive scan with Malwarebytes will detect and remove the ransomware. After this operation, the system will require a reboot. Rebooting the system will return the affected computers to the normal desktop. Thus, step one must be repeated to reboot the PC back to safe mode. Malwarebytes and HitManPro programs are executed again to check for the ransomware (Sittig & Singh, 2016).

Restore the PC back to the previous state. After running the anti-malware programs, the windows is restored back to its previous state before the attack by going to the system, system protection, and then system restore.

Recommendation

On the event that the restoration process is not successful. It would not be advisable for the management to pay the attackers for the decryption key. The attackers always demand that the payment should be made through the blockchain technologies such are bitcoin which are non-traceable and non-reversible. In most cases, they often fail to provide the keys even after the payment has been made. Thus, the institution may end up losing data and money.

References

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015). Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer, Cham.

Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), 1-10.

Sittig, D. F., & Singh, H. (2016). A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Applied clinical informatics, 7(2), 624.

Cyber Security Policy for CyberLeet

Cybersecurity is key to the protection of the endpoint devices as well as systems and data accessed over the internet from the cybercriminals (Safa, Von Solms & Furnell, 2016). Cybersecurity operates on the three core tenets which are confidentiality, integrity, and availability (de Bruijn & Janssen, 2017). These three tenets must be taken into consideration while dealing with matters concerning security. Thus, in line with the tenets, CyberLeet employees must follow the below criteria to create strong passwords.

• The passwords must be at least eight characters long.
• The passwords must not contain the personal information of an individual such as their real names, usernames, or the company name.
• The password must be unique consisting of easy to remember phrases.
• The passwords created must not contain words spelled out correctly.
• The passwords must also contain at least one character from the three primary categories which include alphabets, numeric, and special symbols.

Acceptable Use Policies.

The use of the company devices will also be by the principles outlined below which are key to the creation of the appropriate, acceptable use policies in the organization.

The use policies must spell out the activities that are prohibited on the company devices such as visiting gambling sites with the web browsers installed in the company devices.

The use policy can use blanket statements to address activities that are not specifically named such as engaging in activities that may result in law suites.

The implementation of the policies will be foreseen by the chief information officer.

User Training Policies

The development of the user training policies will be based on the following principles:

• Problem-Centered: The training will always be based on real-world problems to enable the employees to acquire new skills. Thus, will be done monthly for every member of the organization.
• Activation: The employee training will be on the topics that activate the existing skills and knowledge to develop new ones.
• Demonstration: The training in CyberLeet will be based on practical demonstrations to help the employees learn faster.
• Application: The employees will be required to apply their newly acquired knowledge to provide solutions to the real world problems.
• Integration: The organization's training sessions will be interactive to allow learners to reflect on and discuss their newly acquired skills.

Basic User Policies

The basic user policies for employees of CyberLeet will be based on the following principles:

• The display of identification during the training sessions.
• Every employee must use their employee IDs to access the company premises.
• Not all employees will be granted access to all the areas of the company. Access to will be based on the position and the department of the employee.
• In cases of strict deadlines and inability to report to work, the employees will be allowed to work from home.
• Visitors will only be restricted to the visitors' bay.

References

de Bruijn, H., & Janssen, M. (2017). Building cybersecurity awareness: The need for evidence-based framing strategies. Government Information Quarterly, 34(1), 1-7.

Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82.

Case Study Analysis: Preventing Fraud, The Home Depot Data Breach.

The breach of Home Depot Data, violated the confidentiality and integrity of cybersecurity as the card information got their way into the hands of the third parties (Hawkins, 2015).

The attacks to the Home Depot was facilitated by the memory scrapping malware which was used in stealing the payment card information. The malware operated from the POS terminal. The malware was designed to read the contents of the Random Access Memory of the POS terminal and return the payment card data in a clear text format. The malware used regular expressions thus could easily deceive the network defence to grab the information of the payment card. The captured data was then sent to the servers of the attacker by the malware.

The Home Depot could have applied the point to point encryption to prevent the breach. Point to point encryptions is vital in securing the debit and credit cards at the point of swipe. The point to point encryption often encrypts the transaction as well as the 4-digit PIN code entered during the process. The encryption injects the device for swiping with a unique key for every transaction. The encryption places the data inside a tamper-resistant security module that could have prevented the attack by the malware.

The key elements of the data defence such as privacy, security, integrity, regulatory compliance, quality, and governance would have been vital in preventing the breach (Betz, 2017).

To better secure the organization, Home Depot needs to implement the point to point encryption in the POS terminal, segregate their network, and improve their management of the third party vendor credentials. Home Depot must ensure they implement the core tenets which are confidentiality, integrity, and availability while handling the third party vendor credentials.

References

Betz, D. J. (2017). Cyberspace and the State: Towards a Strategy for Cyber-power. Routledge.

Hawkins, B. (2015). Case study: The home depot data breach. Retrieved September, 28, 2018.