Protecting Your Workforce Against an Active Shooter

Protecting Your Workforce Against an Active Shooter

Protecting Your Workforce Against an Active Shooter

According to the FBI, there was an active shooter event every 18 days in 2016. While workplace shootings have been historically rare, the Bureau of Labor Statistics notes that there was a sharp increase in 2016 in the number of office shootings, from 83 the previous year to 394. Shootings now account for the lion’s share of workplace homicides with 363 workplace shootings reported in 2019. Keeping your workforce safe against active shooters takes planning.

It’s your responsibility to provide a safe work environment, but what can you do when faced with the unthinkable? You can’t just rely on security guards and alarm systems. What you need is a solid plan that can be implemented during an active shooter situation to safeguard your employees.

Active Shooters

Monitor and React to an Active Shooter

Workplace violence and harassment policies provide a framework for addressing conflicts before they escalate. If these policies are well implemented, they will reduce the overall potential for violence by staff members.

It’s been proven that most active shooters display warning signs before resorting to guns. They will tend to isolate themselves, become increasingly despondent, forget to care for their hygiene, seem nervous, on the edge and impatient. They might seem harsh or quick to judge, prone to fits of anger or sadness, and often sick tired. In other words, their behavior changes in a way that should be noticeable to his or her colleagues.

Unfortunately, the Department of Homeland security reports that most active shooters had no ties with the place they targeted. Even if the active shooter isn’t a complete stranger, you may be powerless to pre-empt the situation if the shooter is a former employee, the spouse or partner of a staff member or a disgruntled customer who feels wronged by the company or its representatives.

Plan and Prepare

You’ll want to create a formal emergency response plan for dealing with an active shooter situation so that your staff knows clearly what to do when it happens. Having a policy in place is not enough to be well prepared. Train your employees, make it part of onboarding, and schedule drills. The FBI has active shooter resources on their website.

When confronted with a shooter, evacuation is always the first and best option. You’ll want to get as many people out of the building and to a safe location as possible, well away from the shooter. Your team needs to map out the fastest exit routes out of the building for each employee and provide alternate routes in case the planned escape route is blocked by the active shooters.

Employees will need to rehearse this often, much as they would a fire drill. Use a person dressed in orange to serve as the active shooter and block different routes. Monitor your staff’s progress and adapt the plan as needed. Employees should move quickly, though carefully, to their designated exit while doing their best not to be spotted by the shooter whose current location might elude them.

Active Shooters

Hide and Fight

Hiding comes next. If someone can’t leave the premises, they’ll want to find cover to shield them from any gunfire. That’s where preparedness on your part can make a big difference. Make sure each office door can be locked from the inside with deadbolts, door stops or other appropriate devices. Install blinds on windows. If the shooter cannot see inside the room, he will be less likely to enter.

Have your employees practice hiding by turning off the lights, locking the door, closing the curtains, shutting off computers and finding cover. During this exercise, pair employees so that one person acts as the “victim” and the other as an observer to evaluate their efficiency.

Finally, if the shooter is near and hiding is no longer an option, your employees must do what it takes to preserve their life. Some people believe they can do that by talking down an active shooter. That may be true for trained officials, but it is not a viable option for anyone on your team. Train your employees to avoid contact at all costs, stay hidden and quiet as long as possible, find a solid object, then attempt to disarm and render unconscious the perpetrator.

Train and Learn

Here are 8 tips to help you and your employees better prepare:

  1. Don’t forget to call 911, but only if it is safe to do so.
  2. Remind people to leave their belongings behind.
  3. Instruct your team to keep their hands visible as they leave the premises to show law
    enforcement they are not a threat.
  4. Tell your employees they can help others escape, as long as it doesn’t slow their own escape or
    put them in harm’s way. Leave the wounded where they are.
  5. Have your team warn people not to enter the area where the active shooter is thought to be
  6. If hiding, remind the person to remain quiet and silence their cell phone.
  7. If the active shooter is nearby, have the person call 911 to allow the dispatcher to listen in and
    locate the shooter.
  8. Finally, if action is required, tell the person to be as aggressive, threatening and decisive as they
    can be.

After an Active Shooter Incident

Seek professional help from trauma experts to promptly deal with the emotional and psychological impact of such an event. Most employees, even those who did not experience the incident first-hand, will need assistance dealing with the loss of close colleagues and the fear of returning to work.

You’ll also need to tally the physical property damage and business interruption expenses and provide assistance to your employees with their health-related claims.

It is your job to provide a safe work environment for your employees. That includes creating a smart active shooter plan. While you may never need to use it, preparing for such an event may save lives. If you need more information on protecting your workforce or creating active shooter policies, speak to you insurance professional; they can give you the guidance you need.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive business insurance quote!

Landscaper Gas Safety Tips

Landscaper Gas Safety Tips

Landscaper Gas Safety Tips

A wide range of landscaping equipment (e.g., mowers, trimmers and leaf blowers) is powered by gasoline. That’s why it’s crucial for employees to know how to properly manage this toxic, flammable form of fuel. After all, failure to store, transport or handle gasoline correctly could result in serious safety ramifications. Breathing in gasoline fumes can cause dizziness, nausea and disorientation, while gasoline fires can lead to severe burns and blisters. In the most severe cases, gasoline incidents can even result in death. Nevertheless, these concerns can be addressed with proper safeguards. You can help keep yourself and others safe when working with these landscaper gas safety tips at the job site by following these precautions.

Landscaper Gas Safety Tips

Selecting and Filling Gasoline Cans

First, it’s important to ensure that gasoline is kept in an approved gasoline can. Keeping gasoline in the wrong container increases the risk of the gasoline leaking or exploding from pressure over time.

Be sure to select a gasoline can that is made out of metal, holds 5 gallons or less and has a flame arrestor—which helps prevent sparks from traveling up the gasoline can’s nozzle. In addition, the gasoline can should be properly labeled with its contents. Never place anything other than gasoline in a labeled gasoline can.

Keep in mind that while plastic gasoline cans are common, they aren’t as safe as metal cans. Plastic cans will melt in the event of a fire, allowing the gasoline inside the can to escape and contribute to the spread of the flames.

When it’s time to fill your gasoline can, follow these landscaper gas safety steps:

  • Fill the can outdoors, on level ground and away from any ignition sources. Never fill a gasoline can inside a vehicle, as doing so could create a buildup of static electricity and set the gasoline can on fire.
  • Touch the can to the gasoline dispenser nozzle before removing the can lid. This will help reduce the risk of a static spark occurring during filling, which could ignite the gasoline in the can.
  • Keep the gasoline dispenser nozzle in close contact with the can inlet during filling—this practice will also help lower the risk of a static spark taking place.
  • If you spill any gasoline while filling, clean it up immediately. Bring extra work clothing to the job site in case you spill gasoline on yourself and need to change.
  • Because gasoline expands, it’s important to never fill the gasoline can above its maximum fill line. An overly full gasoline can is at greater risk of leaking or exploding.
  • When you are finished filling, replace the gasoline can lid and tighten it securely.

Transporting Gasoline Cans

When transporting gasoline cans, make sure you do so in a way that limits the spread of toxic gasoline fumes throughout the vehicle. Both full and empty gasoline cans should be placed far away from any passengers and the driver. The safest areas to place gasoline cans are within the vehicle bed or on a roof rack, if applicable. In any scenario, be sure to keep the cans secured in an upright position to avoid spills during transport.

Landscaper Gasoline Safety Tips and The Refueling Process

When refueling equipment with gasoline, follow these precautions:

  • Refuel the equipment outdoors, on level ground and away from any ignition sources. Allow the equipment’s engine to cool before you refuel, and loosen the fuel cap slowly to relieve pressure in the tank.
  • Remember to touch the gasoline can’s nozzle to the tank before removing the fuel cap to avoid a static spark from igniting the gasoline.
  • Keep the gasoline can’s nozzle in close contact with the tank to prevent spills. If you spill any gasoline, clean it up immediately. If you spill gasoline on yourself, change into your spare work clothing.
  • Pay close attention when filling the fuel tank—avoid overfilling it. When you are finished filling the tank, replace the fuel cap and tighten it securely.

Storing Gasoline Cans

When you are finished using gasoline, it’s vital to store it safely. Even though landscaping tasks can often require you to move between job sites, be sure to establish a secure location for storing gasoline cans. Although it might be tempting, you should never store gasoline cans—full or empty—in a vehicle. The best place to store gasoline cans is in a flammable liquid storage cabinet. Such a cabinet should be made of nonreactive metal, be able to remain at room temperature and be clearly labeled as a safe gasoline storage area.

Never block a flammable liquid storage cabinet’s doors, and avoid storing any items on top of the cabinet. Keep any sources of ignition and electronics at a safe distance from the cabinet. If you are ever unsure of where to store gasoline cans at work, consult your supervisor.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive landscape contractor insurance quote!

Transporting Landscape Equipment

Transporting Landscape Equipment

Transporting Landscape Equipment

Many landscaping tasks require the transportation of equipment and tools between job sites. As such, it’s important to secure these loads before transporting them to prevent safety incidents. After all, failure to properly secure a load could cause the equipment to shift or even fall off of the vehicle and onto the road during transportation. This could result in damaged equipment, hefty traffic fines and severe injury (or even death) to employees, other motorists or pedestrians. Whether you’re transporting landscape equipment just down the street or for an extended distance, be sure to follow this load securement guidance to keep yourself, the equipment being transported and others safe on the road.

Transporting Equipment

Transporting Landscape Equipment: Use the Correct Equipment

First, it’s crucial that you have the correct vehicle, systems and equipment in place to effectively secure a load. This includes:

  • The right vehicle—Only use a vehicle that is capable of transporting landscaping equipment—such as a cargo van, pickup truck or trailer. If you are unsure whether a company vehicle can be used for transporting loads, ask your supervisor.
  • A securement system—Such a system consists of a group of individual parts that work together to support and secure a load. Common securement system parts include decks, headboards, bulkheads, stakes, posts and anchor points.
  • Securing devices—These devices are designed to help hold a load in place during transportation. Securing devices can include webbing, strapping, bracing, blocking, chains, ropes, binders, shackles, clamps, latches, hooks and friction mats.
  • Tie-downs—Such items are a combination of securing devices that form an assembly that attaches to anchor points to restrain loads during transportation.
Transporting Equipment

Conduct Thorough Inspections

Apart from having the correct equipment, it’s vital to inspect this equipment and the load itself to ensure that safe and effective securement is possible. Utilize the following inspection tips:

  • Make sure that the vehicle, securement system, securing devices, tie-downs and equipment in the load itself are fully cleaned and don’t contain any excess debris (e.g., dirt, rocks or grass).
  • Ensure that the vehicle is in good condition, paying special attention to the fluid levels, brakes, seat belts, steering wheels and tires. Never use a vehicle in poor condition.
  • Analyze the securement system, securing devices and tie-downs for missing components, weakened parts or sections, signs of distress (e.g., stretches, cracks or frays) or other potential damages. Never use damaged equipment.
  • Review the size, dimensions and weight of the equipment in your load. Ensure that these measurements don’t exceed the vehicle’s maximum capacity or any part of the securement system’s working load limit (WLL). Each component of the securement system should include a WLL from the manufacturer.
  • Ensure that you are using an adequate securement system, suitable securing devices and the required number of tie-downs to effectively restrain the load.
  • Keep in mind that some large equipment might require oversized or overweight transportation permits. The standards for these permits can vary between states. Consult your supervisor to determine whether any part of the load requires a specialized permit.

Transporting Landscape Equipment: Contain, Immobilize and Secure the Load

Once you have inspected your equipment and confirmed that the load is a suitable size and weight for the vehicle being used, it’s time to secure the load. Follow these steps:

  • Before loading begins, be sure that the vehicle being used for transportation has the parking brake engaged. This will keep the vehicle from rolling away during the loading process.
  • Utilize a securement system plan that suits the unique characteristics of the load. This plan should properly distribute the weight of the load throughout the vehicle and be able to withstand a minimum amount of force in each direction.
  • Make sure that the setup of the securement system, securing devices, tie-downs and equipment in the load itself won’t compromise the safety of the driver or any vehicle passengers. Specifically, ensure that the setup won’t block the driver’s view, prevent the driver from freely moving their legs or arms, restrict the driver from accessing emergency materials (e.g., a first-aid kit or toolbox) or keep the driver and any passengers from being able to safely exit the vehicle.
  • Take extra precaution when securing articulated landscaping equipment or any other form of equipment that is more likely to shift during transportation (e.g., equipment with wheels). Be sure to utilize extra securing devices (e.g., straps and wheel blocks) to further immobilize the equipment. This is especially important for equipment that has attached accessories.

Ensure Compliance Lastly, make sure that all load securement procedures are compliant with any applicable federal, state and local laws. Remember to review both the U.S. Department of Transportation (DOT) requirements and your specific state’s DOT regulations regarding load securement. Consult your supervisor with any compliance concerns.

In Conclusion

Keep in mind that this article is just a brief overview of load securement safety. Be sure to review additional resources and talk to your supervisor you have any further questions regarding load securement.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive landscape contractor insurance quote!

Office Building Employers Information for COVID-19

Office Building Employers Information for COVID-19

Office Building Employers Information for COVID-19

Office building employers, owners and managers can take proactive measures to create a safe and healthy workplace for employees, clients and other guests. This article shares COVID-19 guidance from the Centers for Disease Control and Prevention (CDC) on COVID-19 Employer Information for Office Buildings.

How Office Building Employers Can Protect Employees

Employers should consider the following steps to protect their employees and other building visitors, while slowing the spread of COVID-19:

  • Create a COVID-19 workplace health and safety plan by reviewing the CDC Interim Guidance for Businesses and Employers.
  • Check the building for hazards associated with prolonged facility shutdown, ensure ventilation systems operate properly and increase air circulation as much as possible.
  • Identify where and how workers might be exposed to COVID-19 at work.
  • Develop hazard controls using the hierarchy of controls. Consider using a combination of engineering and administrative controls, explained further below.
Office Building Employers

Engineering Controls

Engineering controls isolate people from hazards. Consider the following example controls:

  • Modify seats, furniture and workstations.
  • Use methods to physically separate employees in the building, including work areas and common areas.
  • Improve building ventilation based on local environmental conditions (e.g., temperature and humidity).

Administrative Controls

Administrative controls change the way people work. Consider the following example controls:

  • Encourage employees who have symptoms of COVID-19 to notify their supervisor and stay home.
  • Stagger shifts, start times and break times to reduce the number of employees in common areas.
  • Post signs in parking areas and entrances that ask guests and visitors to wear cloth face coverings.
  • Post instructions and reminders at entrances and in other strategic places about hand hygiene, COVID-19 symptoms, and cough and sneeze etiquette.
  • Clean and disinfect high-touch surfaces.
Office Building Employers

Educate Employees

Employers should consider the following steps to educate employees and supervisors about how to protect themselves at work:

  • Develop communication and training that is easy to understand, in preferred languages spoken or read by the employees, and includes accurate and timely information. Suggested topics include signs and symptoms of infection, staying home when ill, social distancing, cloth face coverings, hand hygiene practices, and identifying and minimizing potential routes of transmission at work, at home and in the community.
  • Provide information and training on what actions employees should take when they are not feeling well (e.g., workplace leave policies, and local and state health department information).
  • Remind employees and clients that the CDC recommends wearing cloth face coverings in public settings where other social distancing measures are hard to maintain. However, wearing a cloth face covering does not replace the need to practice social distancing.

The CDC has posters available for employers to download and print, some of which are translated into different languages.

Develop Special Considerations for Elevators and Escalators

Employers should implement special considerations if their building has elevators or escalators. Consider the following proactive measures:

  • Encourage occupants to take stairs when possible, especially when elevator lobbies are crowded or when only going a few flights.
  • Designate certain stairwells or sides of stairwells as “up” and “down” to better promote social distancing.
  • Use floor markings in elevator lobbies and near escalator entrances to reinforce social distancing. Place decals inside the elevator to identify where passengers should stand if needed.
  • Use stanchions in lobbies to mark pathways to help people travel in one direction and stay 6 feet apart.
  • Consider limiting the number of people in an elevator and leaving steps empty between passengers on escalators.
  • Post signs reminding occupants to minimize surface touching. They should use an object (such as a pen cap) or their knuckle to push elevator buttons.
  • Consider adding supplemental air ventilation or local air treatment devices infrequently used elevator cars.

For More Information

Read the CDC’s Interim Guidance for Businesses and Employers for additional recommendations for creating new sick leave policies, and cleaning and developing employee communications to help protect employees and other building guests.

Contact us today for more COVID-19 guidance and resources to protect employees.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our clients know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive office insurance quote!

Source: CDC

CNA Financial’s “Sophisticated Cyber-Attack”

CNA Financial’s “Sophisticated Cyber-Attack”

CNA Financial’s “Sophisticated Cyber-Attack

Commercial insurance carrier CNA was hit by a “sophisticated cyber-attack” that caused major havoc for certain systems, including email. Out of an abundance of caution, they contained the attack by proactively disconnecting their systems leveraging a methodical and carefully organized process. CNA is one of the biggest insurance companies in the U.S., with over 6,000 employees.

GDI Insurance Agency had a $250k+ premium account that most likely would have gone to them, but due to the system outage/failure they couldn’t get final pricing to us and lost the opportunity.  Having happened leading into 4/1 (the start of a new quarter was the WORST timing for an insurance company).  It’s murphy’s law, what can go wrong will (and when it does it’ll be at the worst possible time). If this happened with our agency, think of the losses they experience with other agencies as well.

CNA Insurance has been working around the clock for a week on the incident, and have just restored their enterprise email system, which is now safe. Adding additional security measures in place to protect their systems.

“The security of our data and that of our insureds’ and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly,” the company said.

a sophisticated cyber-attack

How CNA Dealt With A Sophisticated Cyber-Attack

“Out of an abundance of caution, we contained the attack we sustained by proactively disconnecting our systems from our network. We are now in the restoration stage and are bringing back our systems leveraging a methodical and carefully organized process. As highlighted here and as an example of this ongoing process, we have restored email access and you can communicate with CNA employees safely and in the normal course of business.”

Download Your Cyber Risk Exposure Scorecard Today!

sophisticated cyber-attack

10 Cyber Security Resolutions to Reduce Your Data Exposures

Sophisticated cyber-attack, threats and trends can change year over year as technology continues to advance at alarming speeds. As such, it’s critical for organizations to reassess their data protection practices at the start of each new year and make achievable cybersecurity resolutions to help protect themselves from costly breaches. The following are resolutions your company can implement to ensure you don’t become the victim of a sophisticated cyber-attack:

  1. Provide security training—Employees are your first line of defense when it comes to cyber threats. Even the most robust and expensive data protection solutions can be compromised should an employee click a malicious link or download fraudulent software. As such, it’s critical for organizations to thoroughly train personnel on common cyber threats and how to respond.

    Employees should understand the dangers of visiting harmful websites, leaving their devices unattended and oversharing personal information on social media. Your employees should also know your cybersecurity policies and know how to report suspicious activity.
  2. Install strong antivirus software and keep it updated—Outside of training your employees on the dangers of poor cybersecurity practices, strong antivirus software is one of the best ways to protect your data.
    Organizations should conduct thorough research to choose software that’s best for their needs. Once installed, antivirus programs should be kept up to date.
  3. Instill safe web browsing practices—Deceptive and malicious websites can easily infect your network, often leading to more serious cyber attacks. To protect your organization, employees should be trained on proper web usage and instructed to only interact with secured websites.

    For further protection, companies should consider blocking known threats and potentially malicious webpages outright.
  4. Create strong password policies—Ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization’s passwords.

    Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management. This policy should require employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in their password.
  5. Use multi-factor authentication—While complex passwords can help deter cybercriminals, they can still be cracked. To further prevent cybercriminals from gaining access to employee accounts, multi-factor authentication is key. Multi-factor authentication adds a layer of security that allows companies to protect against compromised credentials.

    Through this method, users must confirm their identity by providing extra information (e.g., a phone number, unique security code) when attempting to access corporate applications, networks and servers.
  6. Get vulnerability assessments—The best way to evaluate your company’s data exposures is through a vulnerability assessment. Using a system of simulated attacks and stress tests, vulnerability assessments can help you uncover entry points into your system.

    Following these tests, security experts compile their findings and provide recommendations for improving network and data safety.
  7. Patch systems regularly and keep them updated—A common way cybercriminals gain entry into your system is by exploiting software vulnerabilities. To prevent this, it’s critical that you update applications, operating systems, security software and firmware on a regular basis.
  8. Back up your data—In the event that your system is compromised, it’s important to keep backup files. Failing to do so can result in the loss of critical business or proprietary data.
  9. Understand phishing threats and how to respond—In broad terms, phishing is a method cybercriminals use to gather personal information. In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information.

    These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information.

    Phishing is becoming more sophisticated by the day, and it’s more important than ever to understand the different types of attacks, how to identify them and preventive measures you can implement to keep your organization safe.

    As such, it’s critical to train employees on common phishing scams and other cybersecurity concerns. Provide real-world examples during training to help them better understand what to look for.
  10. Create an incident response plan—Most organizations have some form of data protection in place. While these protections are critical for minimizing the damages caused by a breach, they don’t provide clear action steps following an attack.

    That’s where cyber incident response plans can help. While cybersecurity programs help secure an organization’s digital assets, cyber incident response plans provide clear steps for companies to follow when a cyber event occurs. Response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damages.

For additional cyber risk management guidance and insurance solutions, contact us today.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!

Preventing Ransomware Exposures from Remote Desk Protocol

Preventing Ransomware Exposures from Remote Desk Protocol

Preventing Ransomware Exposures from Remote Desk Protocol

Remote desk protocol (RDP)—which is a network communications protocol developed by Microsoft—consists of a digital interface that allows users to connect remotely to other servers or devices. Through RDP ports, users can easily access and operate these servers or devices from any location. RDP has become an increasingly useful business tool—permitting employees to retrieve files and applications stored on their organization’s network while working from home, as well as giving IT departments the ability to identify and fix employees’ technical problems remotely. This guidance for preventing ransomware exposures is especially important with remote workers.

Unfortunately, RDP ports are also frequently being leveraged as a vector for launching ransomware attacks, which entail a cybercriminal deploying malicious software to compromise a device (or multiple devices) and demand a large payment be made before restoring the technology for the victim. In fact, a recent report from Kaspersky found that nearly 1.3 million RDP-based cyberattacks occur each day, with RDP reigning as the top attack vector for ransomware incidents.

Don’t let RDP contribute to a costly ransomware incident for your organization. Review the following guidance to learn more about how ransomware attacks can occur via RDP and best practices for minimizing the likelihood of such an incident.

Preventing ransomware exposures

Preventing Ransomware Exposures via RDP

RDP-based ransomware attacks usually stem from organizations leaving their RDP ports exposed to the internet. Although doing so can seem more convenient for employers in the scope of remote work operations, internet-exposed RDP ports are easy for cybercriminals to identify and offer a clear access point for deploying harmful attacks.

The typical process of an RDP-based ransomware attack is as follows:

  1. Scanning—First, a cybercriminal utilizes a port-scanning tool to search the internet for any exposed RDP ports. These scanning tools are often free and relatively simple to operate for attackers of varying skill levels.
  2. Gaining access—After identifying an exposed RDP port, the cybercriminal then gains access to the targeted server or device by using stolen credentials. Attackers can secure these credentials by either purchasing them on the dark web or implementing a brute-force tool that can rapidly input a series of usernames and passwords until the correct combination is found.
  3. Disabling security features—Once the cybercriminal has accessed the targeted server or device, they attempt to make it as defenseless against an attack as possible by disabling any existing security features (e.g., antivirus software, data encryption tools and system backup capabilities).
  4. Executing the attack—From there, the cybercriminal is able to steal sensitive data and deploy a ransomware attack on a vulnerable server or device. Some attackers even install backdoors during this step to allow for easy access during future attacks.  

Like other ransomware incidents, RDP-based attacks can result in devastating ramifications for the impacted organization—including business interruption issues, reputational damages and large-scale financial loss.

Download our Case Study Today!

Preventing ransomware exposures

Strengthening RDP Against Ransomware

Although RDP-based ransomware attacks have become increasingly common, there are several ways for you to bolster your organization’s RDP security and lessen the risk of such an incident impacting your operations. Consider the following best practices:

  • Close your RDP connection. First and foremost, ensure that your RDP connection is not open to the internet.
  • Establish a virtual private network (VPN). To keep your RDP port from being exposed to the internet, be sure to establish a VPN. This will allow remote employees to securely access your organization’s RDP port, while also making the port far more difficult for cybercriminals to locate online.
  • Elevate authentication protocols. Because cybercriminals require login credentials to properly execute an RDP-based ransomware attack, make sure you have effective user authentication protocols in place. Specifically, encourage employees to develop unique passwords for all of their devices and accounts. These passwords should be an appropriate length, refrain from using common words or phrases, and contain several special characters. In addition to strong passwords, consider requiring multifactor authentication for RDP port access as an extra layer of protection.
  • Implement login attempt limits. To stop cybercriminals from being able to deploy brute-force tools to secure login credentials during an attack, update RDP port protection features to detect when multiple failed login attempts have occurred in a short period of time. Establish a limit on how many incorrect logins can occur before the user is blocked from further attempts—therefore halting an attack.
  • Utilize adequate security software. Ensure all workplace technology is equipped with top-rated security software—including antivirus programs, a firewall, data encryption features and a gateway server—to deter attempted attacks. Update this software on a regular basis.
  • Restrict employee access. Be sure to uphold the principle of least privilege by only providing employees with RDP access if they absolutely need it to conduct their work tasks. These employees should be trusted and trained in appropriate RDP usage. After all, granting extra employees unnecessary RDP permissions simply creates additional security gaps.
  • Have a plan. Lastly, make sure your organization has an effective cyber incident response plan in place that addresses RDP-based ransomware attack scenarios. This plan should promote the backup storage of any critical data in multiple secure locations (both on-site and off-site) to minimize potential losses. Practice this plan regularly with staff and make updates as needed.

For additional risk management guidance and insurance solutions, contact us today.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!