11 Tips to Help Prevent Cyber Attacks against Your 3PL Warehouse

Implement pro-active IT solutions to help prevent ransomware from threatening your 3PL warehouse or supply chain operation

Can Your 3PL Business Withstand a Ransomware Attack?

Recent news about the WannaCry ransomware attack have raised awareness about the need for more stringent security solutions in 3PL and supply chain businesses.  Taking action now in your business can help to prevent service interruption, damaged brand reputations and impact to other companies across the supply chain network.  In this post, we examine the issue and provide an action list to help you secure your business from ransomware and other types of cyberattacks.
number of ransomware attacks per day
average ransomware demand
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransomware_and_Businesses.pdf

What is Ransomware?

Ransomware is malicious software that prevents you from accessing and using your computer system. The malware can encrypt files so that they cannot be used and stop applications such as web browsers from working.  Cybercriminals use ransomware in order to extort money to gain access to your computer system and files.

The FBI discourages payment of ransom to cybercriminals.  Paying a ransom provides no incentive to criminals to provide you with access and only encourages their dangerous behavior.  Once they know you will pay, you may be opening the door to future threats.

ransomware

What is the WannaCry Ransomware Attack?

ransomware
Also known as the WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry2, WannaCry2 and Wanna Decryptor2, this specific type of ransomware exploits a vulnerability in Windows.  The vulnerability lies in a flaw in the Microsoft network file sharing protocol which enables it to seek out other vulnerable computers on the network in order to infect them.  This flaw has enabled the ransomware to spread at an alarmingly fast rate.
If this has happened to you or your company, start by learning more about the attack from Microsoft.

What are the Repercussions of a Ransomware Attack on Your 3PL Operation?

Cyber criminals use ransomware to extort money from businesses such as 3PL service providers.  This can impact your business is a variety of ways and can damage your brand and reputation.

A ransomware attack puts valuable client and operational data at risk and can have a huge impact on your ability to service your customers.  A major cybersecurity breach such as a ransomware attack can compromise your customers’ trust in your ability to safeguard their data, operational capabilities and order fulfillment.  In addition, ransomware can result in costly production and operational shutdowns, affecting your ability to produce, handle and store goods as well as to fulfill customer orders.

effects of a ransomware attack

Why Are 3PL and Supply Chain Businesses at Greater Risk?

Supply chain businesses such as third party logistics providers rely on a rapid, continuous flow of data to operate properly.  3PLs and their clients also rely on daily access to enormous quantities of critical data, making them especially vulnerable and highly desirable targets.
ransomware target
There are additional reasons for why supply chain and third party logistics businesses are at higher risk.  By its very nature, the supply chain is a network of connected partners, often a vast array of businesses interconnected via shared information.  Supply chain businesses tend to rely heavily on connectivity for mission critical operations but many still rely on old systems and outdated technologies.  Up until recently, cybersecurity was often not considered to be a top priority issue. This makes supply chain and 3PL warehouses often more vulnerable to cyberattacks.
warehouse operations
Critical information such as buyer payment details, manufacturing specifications and processes, patent data and other data can be held for ransom or stolen.  Ignoring these risks can come at a steep price:  major manufacturers such as Renault have lost valuable production time, equating to significant losses.
ransomware attack on mobile devices in warehouse
Cyberattacks can occur at any place and at any time.  Supply chain businesses are considered to be especially at risk as they present an avenue to other business systems. By compromising the supply chain at any point, the entire chain can be put at risk.  Breaches often originate internally and come via PC workstations and laptops that are connected to the network.
layer of security protection against ransomware
Today, the interchange of data between mobility and wireless connections increases the risk of security problems.  Layers of security protection including but not limited to endpoint protection and encryption, firewall inspection and prevention, mobile device management, wireless intrusion prevention, anti-virus and anti-malware protection are key to preventing cyberattacks and safeguarding data in the supply chain.
3PLs and supply chain businesses are taking cybersecurity much more seriously these days and are investing in more tools to help prevent data breaches and safeguard systems.

How Can You Safeguard Against the Impact of a Ransomware Attack?

ransomware
According to a United States’ interagency technical guidance document, pro-active prevention is the best form of defense against ransomware.  By making changes now to your cybersecurity efforts, your 3PL can reduce your vulnerability to future attacks on both your business and potentially, your supply chain network.

Here are some suggestions to help you decrease your risk of a ransomware attack:

1. Keep Windows and all software up to date

  • Make sure that you include updates for mobile operating systems and apps
  • Don’t forget about updating third party plugs-ins such as Java and Flash
  • Using an automated patch management system can save time and money by providing your business with an organized means of discovering, evaluating and deploying software updates.
update your devices

2. Backup….Backup…Backup…

  • Evaluate and upgrade your backup tools to make sure you are using a solution with multiple-version roll-back capability.
  • Because some malware corrupts OS files, it is best for you to install a Server Recovery Solution that can capture a snapshot of the entire server image for rapid server recovery purposes.
  • Consider using a High Availability Solution to enable you to recover your business systems in minutes.
  • Ideally it is advisable to create a full image backup of your system for optimal results.
data backup
  • Back up databases regularly.  Validate the integrity of the backups and test the restoration process for full effectiveness.
  • It is essential that you monitor your backups.  Check back up emails consistently and regularly.  Make it a habit to start your day reviewing notification from your backup system.  If you receive an error message, be sure to take action immediately.  Forward error messages to the vendor immediately as they can help to identify file system problems caused by malware.
  • Do you have a schedule for regularly testing your backups?  If not, now is the perfect time to start.

3. Use antivirus and anti-malware software

  • Anti-virus programs scan files to see if they contain ransomware before they are downloaded and can help by blocking surreptitious installations from malicious ads. Using anti-virus and anti-malware solutions can protect you by searching and removing malware that may already be on a computing device.
computer virus

4. Utilize off site backup storage

  • Making sure that they are not permanently connected to the respective networks and computers they are backing up will provide more secure storage. Having multiple backups in different locations apart from systems can be instrumental in a crisis.

5. Use a latest-generation firewall.

  • Before implementing firewalls, do your homework. The effectiveness of conventional firewalls is limited to the extensiveness of their cybersecurity signature libraries. The latest generation of firewalls provides protection from the inside out and further segments valuable IT assets.
  • Make sure that all firewalls are properly configured to block access to known malicious IP addresses.
firewall

6. Use active, updated ransomware protection

  • Get ready now.  Start using ransomware identification and prevention tools.  In case you need them, there are also tools available for ransomware simulation, testing and decryption.
  • Before purchasing a dedicated ransomware blocker, do some research.  Some of the major vendors were not able to prevent the latest outbreaks.

7. Train your workforce

spam blocker
  • Security awareness is everyone’s business, at work and at home. Can your staff recognize and properly deal with email spam that carries malicious attachments or hyperlinks?
  • Train your staff to recognize and not react to “Malvertising”, the means of compromising advertisers’ networks by embedding malware in ads that are then delivered through websites that users recognize and trust.
  • Make sure that your company has a simple, traceable way for security issues to be reported, evaluated, followed up on and archived. This information can not only be insightful in helping you protect your business but also in the aftermath of a cyberattack.

8. BYOD could put your company at risk.

  • Consider locking out devices after an established period of idle activity and requiring a more complex password for access.
  • Use transparent virtual private networks to enable access to network resources
  • Implement Mobile Device Management to enable consistent application of security setting for personal devices
mobile device
  • Be careful about letting your employees use their personal devices on your corporate network.  Implement a policy to help prevent accidental infiltration by those with malicious intent.
  • Establish a policy to govern how personal devices will connect to and use corporate systems.  Include how personal devices should be backed up and the security settings that should be in place.

9. Use ad blockers

  • Block malicious ads and patch known browser security holes using ad blockers. Malvertising is a major trend these days and can be difficult to
ad blocker

10. Whitelist software applications

  • Whitelisting can help resist attacks and change system settings to prevent your computer from installing software that is not approved and whitelisted.
    • System administrators initially should scan the computer(s) in question and take note of all legitimate applications.  Next the system(s) should be configured to prevent any other executable files from installing or running.
    • System administrators can limit permissions on systems so that applications, including malicious software cannot be installed without the administrator’s password.
    • Use redundant servers to segment access to critical data.  By breaking your workforce into smaller groups and limited access to multiple servers, if one server is locked by ransomware, at least part of your workforce will not be affected.

11. Implement Software Restriction Policies

ransomware all over the world
  • Use controls to prevent programs from executing from common ransomware locations, including temporary folders that support Internet browsers or compression/decompression programs.
  • Limit user access and privileges to the minimum level needed to do their jobs.

Conclusion

Here is a sobering thought.  Your company’s security solutions are as effective as those taken by each individual user.  Every 3PL warehouse and supply chain business needs to practice basic “cyber hygiene”.  Training your workforce about potential cyber threats, security solutions and to report issues is critical in preventing ransomware and cyberattacks.  Being able to spot and avoid phishing emails, social engineering-based attacks and other threats is key to preventing ransomware attacks.

Although there is legislation under consideration, regulations will not be sufficient in removing this threat from supply chain networks.  One business, one user can be the weak link that enables malicious activity and helps it spread throughout the supply chain network.

Who should you rely on for help?  If your 3PL warehouse has an IT department, it is critical that they have the training and resources to provide the needed security solutions to protect your business.  They must also be able to train your workforce, conduct periodic reviews of your cyber hygiene efforts and have the time, resources and willingness to maintain a continual state of vigilance to protect your business. If your supply chain business outsources IT services or IT solutions, make sure that your outsourced resources are able to meet this challenge.  

cyber security

Careful, thoughtful diligent effort is required to keep your business safe and to protect the data you use every day.  If you need help, reach out to an IT solutions company for advice.

Security solutions are a necessary investment in the future of your operation and essential to safeguarding your brand, customers and the supply chain network.

Does your WMS software vendor provide cyber security services to help safeguard your IT investment?  For information on IT services designed to help prevent ransomware and cyberattacks, contact Datex today.

Learn more about ransomware by reviewing our infographic. https://www.datexcorp.com/ransomware/

Featured Content

The Friday Report: October 11, 2019

The Friday Report: October 11, 2019

Bipartisan Effort by Senators to Share Info on Supply Chain Threats Out of concern for risks to national security, a bipartisan group of senators want all branches of government to share information on technology supply chain threats.  Leading members of the Senate...

The Friday Report: October 4, 2019

The Friday Report: October 4, 2019

U.S. Announces Tariffs on $7.5 Billion of EU Goods Following the recent decision by the World Trade Organization (WTO), the U.S. Trade Representative announced changes to tariff rates for EU goods.  Beginning on October 18th, the United States will begin charging a...

The Friday Report: September 27th, 2019

The Friday Report: September 27th, 2019

Another Reason to Eat at McDonald’s in Canada McDonald’s has announced a 12-week test of the Beyond Meat burger in 28 of its restaurant locations in Southwestern Ontario, including the largest city in Canada, Toronto.  Calling it a P.L.T. (plant, lettuce and tomato)...

© Copyright 2019 - Datex Corporation. All rights reserved.

Pin It on Pinterest

Share This
X