Ransomware has been in the news lately due to a few widespread attacks. In most cases, ransomware spreads by spam – millions of sketchy emails get sent in the hopes that a few people will follow a link that downloads malware onto a networked computer, infecting the company.
Ransomware is plenty scary (and plenty expensive), but government agencies should be even more alert for a more sophisticated technique called "spear-phishing” that targets the owners of high-value data. Since the data being gathered by investigative agencies is extremely sensitive and could be used by enemies to sow mistrust of citizens in their own government, they fall squarely in the crosshairs of spear-phishing techniques.
Unlike traditional ransomware spam, spear-phishing emails are well researched. Senders pretend to be a supervisor or executive, making a request for information. The emails contain information that recipients think only an insider would know. Even the sentence structure and language is researched to sound like the supposed sender.
This type of attack takes much more time and research to plan. It’s also much more successful, especially for savvy cyber-criminals. Similar emails in the past few months have been used to glean information from White House officials and siphon millions of dollars from large corporations.
What can your office do to mitigate the damage of a spear phishing campaign?
Train Your Users – Most white-collar workers are used to seeing suspicious email spam. A well-designed spear-phishing campaign is rare, however. Make sure they understand what spear-phishing looks like, who should be notified if they suspect it, and what kind of damage can be done to the agency if a user falls prey to it.
Restrict Data Access by User Group – If a spear-phisher does gain login credentials, they’ll probably quickly grab whatever information they can. Making sure that each user only has access to the data they need to perform their job duties can prevent a single login from jeopardizing your entire data set, including your most sensitive cases. Make sure access to case data is restricted by user type or by investigative team – siloing data minimizes data leakages not only in spear-phishing campaigns, but also more generally.
Keep Audit Logs – If someone does manage to gain access, audit logs in your case management software should make it obvious what data they accessed. While it’s too late at this point to prevent the data leakage, knowing what was taken can help agencies defend against how it might be used. It can also let them notify relevant parties of a data breach.
To learn how CMTS can help you keep your data safe, call us at 919-600-5102 or email Team_CMTS@WingSwept.com.