Cybersecurity expert David Kennedy gained national notoriety in 2014 when he exposed major vulnerabilities in HealthCare.gov site in an incident that became known as the 4-minute hack. But these days Kennedy spends his time making sure that business clients are fully shielded from ransomware and other IT security threats.
I recently caught up with Kennedy, a former U.S. Marine and the founder of cybersecurity firms TrustedSEC and Binary Defense Systems, to record a podcast and get his take on why so many small and midsize businesses are falling victim to ransomware. Kennedy offered up some excellent, actionable advice for small businesses that want to protect themselves. Here are some excerpts from that conversation:
Does the unprecedented rise in ransomware attacks surprise you?
What surprises me is how many companies are really getting hit. It shows a lack of business continuity planning and an inability to do backup and disaster recovery. In fact, I had to pay the ransom for one of our customers who got nailed by it. They didn't have good backup strategies and didn't know how to pay the ransom in bitcoin. So we actually had to facilitate paying the ransom—which is horrible. But they didn't have a good backup strategy, they didn't have any way of getting access to that information. The only way to get the business up and running was to actually go and pay it.
You've worked closely lots of small and midsize businesses. What do you recommend they do to protect themselves from ransomware and other computer viruses?
David Kennedy: The first and foremost thing that we always recommend is having a good business continuity and disaster recovery plan within your organization so that, in the event that your entire file share gets encrypted, you'll have the ability to restore data from backups in a pretty easy fashion. I think having a good backup strategy is probably the number one that you should focus your efforts on because that ultimately is going to save you on the day of a disaster.
Click on the player below to listen to the entire David Kennedy interview now:
What's the next step small businesses should take to protect their data
Kennedy: The second thing involves technical controls that you can put in place. Ransomware and other viruses are often spread through executables that get downloaded into your temp directories or into other locations. You can actually block executables if you're a business by setting appropriate group policies. Microsoft released a new feature with Windows 10 called Device Guard that can help. People using older versions of Windows can set group policies by using what's called Software Restriction Policies. With those tools, you can actually block executables from running in temp directories and that will prohibit a lot of these viruses from actually running.
Do you have any tips related to managing access controls for individual employees?
Kennedy: Yes. On the technological controls side, you'll definitely want to audit the permissions on your file share. A regular user should not have permission to access any folder that is not owned explicitly by them. So go through your file shares and check your permissions. Do a file share permissions audit and make sure that you have locked down permissions so that you can prohibit these types of viruses from spreading rapidly. The last thing under technological controls to look out for is regular users running at administrative-level permissions. Most ransomware requires elevated permissions to actively go and operate. Now, that doesn't mean it can't run in a limited permissions scenario, but it's a much heavier impact to an organization when permissions are elevated. That's why removing administrative-level access from your regular users is a good idea.
What's else should small and midsize businesses do to mitigate the ransomware threat?
Kennedy: The last thing to focus on is education and awareness: Teach people what they shouldn't be clicking on and what they should be clicking on. In addition to technology controls, it all comes down to educating the user.
Norman Guadagno is Chief Evangelist and Senior Vice President of Marketing at Carbonite. Portions of this interview were edited slightly for clarity.