11 Tips to Help Prevent Cyber Attacks against Your 3PL Warehouse

Can Your 3PL Business Withstand a Ransomware Attack?

What is Ransomware?

The FBI discourages payment of ransom to cybercriminals.  Paying a ransom provides no incentive to criminals to provide you with access and only encourages their dangerous behavior.  Once they know you will pay, you may be opening the door to future threats.

What is the WannaCry Ransomware Attack?

What are the Repercussions of a Ransomware Attack on Your 3PL Operation?

Why Are 3PL and Supply Chain Businesses at Greater Risk?

How Can You Safeguard Against the Impact of a Ransomware Attack?

Here are some suggestions to help you decrease your risk of a ransomware attack:

1. Keep Windows and all software up to date

• Make sure that you include updates for mobile operating systems and apps
• Don’t forget about updating third party plugs-ins such as Java and Flash
• Using an automated patch management system can save time and money by providing your business with an organized means of discovering, evaluating and deploying software updates.

2. Backup….Backup…Backup…

• Evaluate and upgrade your backup tools to make sure you are using a solution with multiple-version roll-back capability.
• Because some malware corrupts OS files, it is best for you to install a Server Recovery Solution that can capture a snapshot of the entire server image for rapid server recovery purposes.
• Consider using a High Availability Solution to enable you to recover your business systems in minutes.
• Ideally it is advisable to create a full image backup of your system for optimal results.

• Back up databases regularly.  Validate the integrity of the backups and test the restoration process for full effectiveness.
• It is essential that you monitor your backups.  Check back up emails consistently and regularly.  Make it a habit to start your day reviewing notification from your backup system.  If you receive an error message, be sure to take action immediately.  Forward error messages to the vendor immediately as they can help to identify file system problems caused by malware.
• Do you have a schedule for regularly testing your backups?  If not, now is the perfect time to start.

3. Use antivirus and anti-malware software

• Anti-virus programs scan files to see if they contain ransomware before they are downloaded and can help by blocking surreptitious installations from malicious ads. Using anti-virus and anti-malware solutions can protect you by searching and removing malware that may already be on a computing device.

4. Utilize off site backup storage

• Making sure that they are not permanently connected to the respective networks and computers they are backing up will provide more secure storage. Having multiple backups in different locations apart from systems can be instrumental in a crisis.

5. Use a latest-generation firewall.

• Before implementing firewalls, do your homework. The effectiveness of conventional firewalls is limited to the extensiveness of their cybersecurity signature libraries. The latest generation of firewalls provides protection from the inside out and further segments valuable IT assets.
• Make sure that all firewalls are properly configured to block access to known malicious IP addresses.

6. Use active, updated ransomware protection

• Get ready now.  Start using ransomware identification and prevention tools.  In case you need them, there are also tools available for ransomware simulation, testing and decryption.
• Before purchasing a dedicated ransomware blocker, do some research.  Some of the major vendors were not able to prevent the latest outbreaks.

7. Train your workforce

• Security awareness is everyone’s business, at work and at home. Can your staff recognize and properly deal with email spam that carries malicious attachments or hyperlinks?
• Train your staff to recognize and not react to “Malvertising”, the means of compromising advertisers’ networks by embedding malware in ads that are then delivered through websites that users recognize and trust.

• Make sure that your company has a simple, traceable way for security issues to be reported, evaluated, followed up on and archived. This information can not only be insightful in helping you protect your business but also in the aftermath of a cyberattack.

8. BYOD could put your company at risk.

• Consider locking out devices after an established period of idle activity and requiring a more complex password for access.
• Use transparent virtual private networks to enable access to network resources
• Implement Mobile Device Management to enable consistent application of security setting for personal devices

• Be careful about letting your employees use their personal devices on your corporate network.  Implement a policy to help prevent accidental infiltration by those with malicious intent.
• Establish a policy to govern how personal devices will connect to and use corporate systems.  Include how personal devices should be backed up and the security settings that should be in place.

9. Use ad blockers

• Block malicious ads and patch known browser security holes using ad blockers. Malvertising is a major trend these days and can be difficult to

10. Whitelist software applications

• Whitelisting can help resist attacks and change system settings to prevent your computer from installing software that is not approved and whitelisted.

1. • System administrators initially should scan the computer(s) in question and take note of all legitimate applications.  Next the system(s) should be configured to prevent any other executable files from installing or running.
   • System administrators can limit permissions on systems so that applications, including malicious software cannot be installed without the administrator’s password.
   • Use redundant servers to segment access to critical data.  By breaking your workforce into smaller groups and limited access to multiple servers, if one server is locked by ransomware, at least part of your workforce will not be affected.

11. Implement Software Restriction Policies

• Use controls to prevent programs from executing from common ransomware locations, including temporary folders that support Internet browsers or compression/decompression programs.
• Limit user access and privileges to the minimum level needed to do their jobs.

Conclusion

Although there is legislation under consideration, regulations will not be sufficient in removing this threat from supply chain networks.  One business, one user can be the weak link that enables malicious activity and helps it spread throughout the supply chain network.

Who should you rely on for help?  If your 3PL warehouse has an IT department, it is critical that they have the training and resources to provide the needed security solutions to protect your business.  They must also be able to train your workforce, conduct periodic reviews of your cyber hygiene efforts and have the time, resources and willingness to maintain a continual state of vigilance to protect your business. If your supply chain business outsources IT services or IT solutions, make sure that your outsourced resources are able to meet this challenge.  

Careful, thoughtful diligent effort is required to keep your business safe and to protect the data you use every day.  If you need help, reach out to an IT solutions company for advice.

Security solutions are a necessary investment in the future of your operation and essential to safeguarding your brand, customers and the supply chain network.

Does your WMS software vendor provide cyber security services to help safeguard your IT investment?  For information on IT services designed to help prevent ransomware and cyberattacks, contact Datex today.