This is the third in our series of blogs on Ransomware, the scourge that has globalised the old-fashioned extortion rackets of the past. If you've read our first two blogs then, hopefully, you understand that ransomware is a real threat and probably the most likely cyber-attack that your business will experience. You must take this threat seriously and protect your business before your data is compromised. In this blog, we hope to arm you with the knowledge to protect yourself from this threat in our simple 12-step guide - Relax - It's only Ransomware.
Relax - It's only ransomware - A 12-Step Guide
In you IT Eco-system:
- Always have three backups of your applications & data between on-premise and cloud (Public or Private or hybrid).
- Ensure that your operating systems and all software that you use is up to date, including the latest security updates. Utilise automation for Patch Management.
- In everyday use, do not use administrator accounts on local PCs or on a domain assign users "local admin" status. Align users permissions to their specific requirements.
- Set your browser security setting to 'High' to increase you protection.
- Enable an ad-blocker and disable plugins such as Adobe Flash, Adobe Reader, Java and Silverlight. These can be activated for specific use as and when required. Outdated plugins should be deleted.
- Turn off the macros in the Microsoft Office suite - Word, Excel, PowerPoint, etc.
- Use a reliable, paid behavioral antivirus with automatic updates and real-time scanning - e.g. WebRoot. Consider a traffic filtering solution at the gateway for example Sonicwall.
- On a domain use specific "service" accounts for backup jobs restrict access to repository to the accounts
Behaviour (User training)
- Never open spam emails or emails from unknown senders.
- Never download attachments from spam emails or suspicious emails.
- Never click links in spam emails or suspicious emails.
- Contact your Managed IT Support provider if you are ever in doubt.
To summarise our series of blogs we now know the following:
- Ransomware is a business, just like yours, an the business development department is becoming ever more sophisticated and targeted.
- The idea of the lonesome geek hacker is outdated. RAAS is making this extortion model available to all levels of criminal.
- Cyber Criminals are focused and well-funded. They use sophisticated technologies to compromise computer systems and networks;
However, we also know that prevention is eminently possible and some relatively simple, properly enforced work practices can help to mitigate the risk of a ransomware attack. The success of an attack by a cyber-criminal is, in effect, dictated by how much access you decide to afford them. So you are not powerless. Remember Relax - It's only ransomware!
For more information on ransomware or any network security issues, get in touch with us at 01 -476 0030 or email firstname.lastname@example.org