We’ve looked in detail at what a ransomware attack is, the damage it can do to a business and how the cyber criminals gain access to your servers and data.
While investing in advanced antivirus software is a good start when it comes to protecting information, business owners have to acknowledge that sometimes breaches are caused by human error.
Here are 10 tips to help you keep you safe.
1. Educate users on what to look out for
Your staff can’t take responsibility for protecting their devices and reducing the chance of ransomware infecting the server if they don’t know what they need to look for.
Help them to spot anything that could be ransomware or other malware by encouraging them not to click on links from unknown sources, or download anything onto their machine that isn’t work-related.
Make it clear that help is always available from your IT team or external support partner. Include information about ransomware in the staff handbook and in the new employee induction process, and keep them updated on any changes or developments.
2. Remove users’ local admin rights
When a user has admin rights, they can add or remove software and programmes on their machine. More importantly, they can make adjustments to network settings and other computer settings.
While there are advantages to giving local admin rights, such as allowing staff to get on with things without asking for the admin password, doing so increases the chances of malware being installed.
If you’re concerned about being attacked, removing rights is an easy way to keep your systems safe.
3. Install all security patches and carry out regulatory scans for machines which are not in compliance
A ‘patch’ is a set of changes to a programme or piece of software to update or improve it. Security patches reduce vulnerabilities and therefore the possibility of ransomware appearing on machines.
Make sure that you install patches as soon as you are notified of them (you may want to introduce a policy that states the installation is done by the IT team only) and check that your software is up to date. For instance, Windows 7 end of life means that security patches won’t be provided after January 2020.
4. Have advanced email filtering
Advanced filtering checks all attachments and links sent via email for ransomware, and removes threats before they reach your mailbox.
5. Configure Office to block anything unwanted
Macros (small programmes to automate repetitive tasks in Office and saved within the file) can be written by hackers to access your system or bypass security measures. Likewise, any application, animation or video player which relies on Flash is also vulnerable to attacks. Block both of these on all user machines.
Object Linking and Embedding (OLE), to link documents, and Dynamic Data Exchange (DDE), where one programme can control an object in another, also pose risks. If you do need to use any of the tools mentioned, make sure they only come from authorised sources.
6. Use advanced antivirus
To really guarantee that your systems are protected, you need to go further than free or basic antivirus software. The advanced versions look for behaviours of ransomware and identify any patterns that are out of the ordinary.
7. Have a good back up
Sometimes, no matter how robust your security settings, something might get through. You need to have a proper backup and recovery system in place just in case it all goes wrong.
Make sure you have a system in place to back up files as regularly as possible, and that data can be restored quickly and with minimal disruption to day to day business activities.
Remember, your backup should be offsite and completely separate to your network.
ATG’s 5nines product is trusted by many of our clients, because we guarantee to get them back up and running as soon as possible.
8. Invest in a good firewall
A decent firewall will look for suspicious outbound traffic. If malware has got into your systems, it needs to ‘call home’. If it can't get to its server there's less chance of it working.
Outbound monitoring spots any unusual patterns, attempts to reach suspicious servers or ports, or anything that’s trying to go to an email address in the ‘dark net’ – currently unused internet space – and prevents it from getting out.
9. Implement DNS filtering
Domain Name System (DNS) filtering prevents or marks it harder for users to access certain domain addresses. It protects against bad websites and blocks spam and other potentially harmful data from anywhere malicious. Likewise, it will protect devices when they’re away from the network firewall.
10. Vet your IT provider
You might have all the protection in the world, but if your external IT provider is attacked or compromised in any way, the hackers will also have access to your systems.
It’s important to ask your provider about their own security systems, and we’ll be giving you a list of the sorts of questions you need to ask in our next blog.
We hope this post gives you the tools you need to put into place procedures that will help protect your business from a ransomware attack.