What GeoCerts is doing to combat ransomware
What is Ransomware?
Ransomware is malware that employs encryption to hold a victim's information at ransom. A user or organization's critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.
What makes a company vulnerable to an attack?
All companies, both big and small, can be vulnerable to attack via ransomware. Attacks are often traced back to the digital security practices of an individual or gap in an organization's security program. Experts recently confirmed the Colonial Pipeline ransomware attack began with a compromised password, which provided access to Colonial's networks via an account not currently in use and not secured by an extra protection mechanism known as multi-factor (or two-factor) authentication.
Please refresh your account passwords regularly and use Multi-factor Authentication
Please direct all users of your GeoCerts' Cert Command account to regularly refresh their passwords. All passwords must be at least 8 characters in length including one of each: Upper Case Letter, Lower Case Letter, Number, and Special Character.
GeoCerts offers our customers the ability to add Multi-factor Authentication. Each user has the option to enable this extra step in security. To do so, please click on your account name in the upper right corner of the page while logged into your account and choose “My Profile”. Select the Multi-factor Authentication tab and enter your mobile phone number. After your phone number is verified, each time you log into your account you will be sent a 6-digit random code as a text message to your phone number that must be entered before you can access your account.
Account Owners - Please manage your users
Account Owners can click on the “Users” option under the Account heading in the Left menu to see the status of all current users for their account. Please manage the users from this location by marking any ineligible users as “Inactive” by using the edit button for each user. You will also see if each user has enabled Multi-factor Authentication in your Users screen.
Information we store regarding your Company
GeoCerts stores the minimum amount of information regarding your Company necessary to transact and process your orders. The vast majority of this information is publicly available and of no value to others.
Additionally, all certificate information that is downloadable from our site is publicly available. The sites you secure with certificate available from our site freely broadcast the certificates that we store on our site. We will never request or accept the private key for any of the certificates ordered through our site. You hold all private information regarding your certificates and nothing stored in our databases or available on our site could be used in any way to compromise your Company or your sites.