13 Mar 2020

It’s no coincidence that the maturity levels in the new Cybersecurity Maturity Model Certification (CMMC) are being referred to as levels of “cyber hygiene.”  The World Health Organization (WHO) has been advising us that the most efficient way to protect against the Coronavirus (COVID-19) is to wash our hands regularly for at least 20 seconds and stay out of public places; just like with the Cornoavirus, sometimes it’s those basic hygiene practices that are the most effective prophylactic when protecting against ransomware.

Think of your body as your computer and ransomware, like the Coronavirus, is trying to infect you.  How do you defend against it?

Most people will automatically think “face mask,” just like they think “antivirus software.”  They both seem like good ideas, but in all actuality, face masks are about as effective at protecting you from the Coronavirus as basic antivirus software is at protecting your computer from being infected with ransomware: not effective at all.  In fact, they can both hurt you by tricking you into believing you’re safe when you’re not.

Think about it; if you believe a face mask will protect you from the Coronavirus, you’re more likely to go places that might expose you to the virus.  Same thing with a computer; if you believe your antivirus software is protecting you, maybe you will be more likely to click on a suspicious link or open an attachment from an unknown sender because what harm can come from that if you paid for basic antiviral protection, right?


That is just asking for a hacker to come in, encrypt your data and hold it ransom in exchange for a significant amount of bitcoin.

Basic Hygiene

The best way to avoid getting infected with ransomware is NOT to rely on your antiviral software, just like you shouldn’t rely on a face mask to keep you from getting the Coronavirus.  The best way to avoid both ransomware and the Coronavirus are to practice basic hygiene regularly.

To practice basic cyber hygiene, you’ll want to use the CMMC maturity level 1 for inspiration:


Access Control (AC)

  • AC.1.001: Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
  • AC.1.002: Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
  • AC.1.003: Verify and control/limit connections to and use of external information systems.
  • AC.1.004: Control information posted or processed on publicly accessible information systems.

Identification and Authentication (IA)

  • IA.1.076: Identify information system users, processes acting on behalf of users, or devices.
  • IA.1.077: Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

Media Protection(MP)

  • MP.1.118: Sanitize or destroy information system media containing sensitive data or info before disposal or release for reuse.

Physical Protection (PE)

  • PE.1.131: Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
  • PE.1.132: Escort visitors and monitor visitor activity.
  • PE.1.133: Maintain audit logs of physical access.
  • PE.1.134: Control and manage physical access devices.

Systems and Communications Protection (SC)

  • SC.1.175: Monitor, control and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
  • SC.1.176: Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.

Systems and Information Integrity (SI)

  • SI.1.210:Identify, report, and correct information system flaws in a timely manner.
  • SI.1.211: Provide protection from malicious code at appropriate locations within organizational information systems.
  • SI.1.212: Update malicious code protection mechanisms when new releases are available.
  • SI.1.213: Perform periodic scans of information systems and real-time scans of files from external sources as files are downloaded, opened, or executed.

This may not seem as simple as washing your hands for 20 seconds, but I assure you, it is close!  Just like washing your hands may keep the Coronavirus from spreading, limiting access to your networks and sensitive data will keep ransomware from going any further than the initial contact point.


“They” say that proximity is the number one reason people fall in love; after all, if you never meet your potential mate, how are you supposed to fall in love with them?  The same is true for avoiding viruses… If you don’t come into contact with the Coronavirus or ransomware, how can they infect you?

Avoiding the Coronavirus is pretty simple (maybe not easy, but simple!) – don’t go out in public.  Additionally, you can avoid any suspicious people who come to visit; if you have a package, make sure you don’t answer the door but have them drop it off and don’t let any strangers inside.

The same concept with avoiding ransomware; if you stay off the internet, you’re unlikely to get infected, but that’s not exactly easy to do.  So, you need to be careful who you come into contact with. If you don’t know the person who sent you the email? Don’t open it! And certainly DO NOT open any attachments or give your username and password.   You can’t control what gets sent to you but you can certainly control what you open.


Ransomware may not have quite as high of a mortality rate as the Coronavirus, but you most certainly want to avoid it like the plague.  The best way to do both is to practice avoidance + basic hygiene.

If you are afraid that you are vulnerable to the Coronavirus, or may have caught it, who will you contact? A doctor, or maybe the WHO or CDC.  Well, you can think of Petronella Technology Group as your ransomware health care provider. If you are unsure if you or your business are safe from a potential ransomware attack, or if you fear you may have been infected, call us at 919-422-2607 or schedule a free consultation with Craig online by clicking here.  The Coronavirus is no joke, and neither is ransomware, especially if you own or operate a small business.  Don’t wait until it’s already too late. Proper preparation prevents poor performance.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews
    Jeremy Richards
    Jeremy Richards
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!