Preventing Ransomware Events

There is no special magic bullet to prevent ransomware. A good Information Security Plan covers all the things you need, but which sadly are not being done by so many companies and agencies. Here are a few key things that come to mind: 1. Don’t allow any unencrypted services, like telnet, on your network 2. Don’t use RDP, at least not without VPN 3. Advocate for your company's hardened systems only connecting to your network; otherwise implement good mitigating controls 4. Offline backups to restore data if attacked and data encrypted 5. Regular and tested patch management process 6. Use threat intelligence to block known bad sites 7. Require admins to only use privileged accounts when doing privileged tasks 8. Security awareness: don’t click that link or open that attachment! 9. Test your incident response and backup/restore plans 10. Use MFA 11. Use DMARC, SPF, and DKIM with your email domain so cybercriminals cannot spoof your email accounts.

Trump DOJ Secretly Seized Phone Records of NYTimes Journalists Reporting on Comey’s Clinton Investigation

And THIS is why we must staunchly fight for privacy rights. Power corrupts. Encryption back-doors can also be abused by those in power who are unscrupulous. https://www.newsandguts.com/deja-vu-trump-doj-secretly-seized-phone-records-of-nytimes-journalists-reporting-on-comeys-clinton-investigation/

Supreme Court sides with police officer who improperly searched license plate database

Better think about updating your policies! Proving violations of the Computer Fraud and Abuse Act just got a lot tougher. https://www.cnn.com/2021/06/03/politics/supreme-court-cybercrime-law-case/index.html