The Art of Avoiding Ransomware

 
Ransomware - Computer Troubleshooters19 Mar 2021

Even today's sophisticated virus and malware protection can be thwarted by ransomware. This article explains the different facets of multi-layered security to help minimise the chances of being infected by ransomware, subsequently avoiding the catastophic effects Ransomware can have on your business operations.

Avoiding Ransomware with Multi-Layered Security



  1. Always Keep Backups. - With ransomware your data cannot be recovered unless it's backed up. A good backup strategy is required that covers every user, device and file, and is itself protected from being infected.

  2. Lock down administrative rights. - Don't give users administrative rights, even on their own machines.

  3. Keep your Devices and Apps up to date. - Keep systems and apps current with the latest patches and security updates.

  4. Protect your Internet Gateway with a decent firewall. - A decent firewall will help protect your network by blocking unauthorised intrusion, spam, viruses and phishing. It can also block "phone home" attempts made by malware.

  5. Have Endpoint protection on every device.Gateway Protection can't protect against a rogue USB stick or when a laptop is off the office network. Make sure very device has complete and current security (even phones).

  6. If an email looks supicious then it probably is.90% or more of Ransomware is distributed by email. Teach your users to delete emails that look like spam. Better still setup advanced email filtering on your email system, to reduce the number of malicious emails your users have the opportunity to open.

  7. Don't Open Attachments. Unless you are 100% positively, 100% absolutely sure that you recognise both the sender and the file then leave the attachment alone. If you do open an attachment then ensure macros and executables are disabled.

  8. User trainingUndoubtedly the weakest point in many organisations. Most breaches are caused by a user performing an inappropriate action with an email attachment or web link. Proper on-boarding of new employees and continuing "refreshment" about security hygiene is very important.

  9. Don't give away too much private information. - Cyber criminals will use "spear phishing" attacks against you or your staff in order to create an infection. Giving away private information on social media or on your website just makes the criminal's job easier.



Summary: The Ransomware trade is very lucrative for cyber criminals, so it won't be going away anytime soon. Computer Troubleshooters can assist your business or organisation with implementation of a comprehensive layered security solution to minimise your risk. Please contact your local office (listed below) for assistance in mastering "The Art of Avoiding Ransomware".




Explanation of terms used in this article

Backup Strategy. - Imagine if you turn up at work in the morning and all of your computers have been stolen (or ransomed). What is your immediate plan so that you can get back to work?
Administrative rights. - Admin rights enable users to install new software,viruses, add accounts, and change the way systems operate. If you have really old software applications that require admin rights just to run then it's time for a change as cybercrime has moved on since the 80's. In small businesses a computer can be setup with a separate "admin rights" user if needed for the purpose of installing new software, printers etc, but when being used for daily work purposes the account it uses only needs "user" priveledges. In large businesses it is usual for the IT support team to undrtake such installations.
Decent firewall - The router that comes free with your telco's internet connection is not classed as "decent". There are a myriad of decent firewalls available and they are not that expensive. Brands such as Sophos, Watchguard, Sonicwall, Mikrotik, Untangle are commonplace solutions and readily available priced to suit business's from small to big. Firewalls do however require specialised IT knowledge to setup correctly.
Endpoint Protection Previously known as Anti-virus software. It is important that every device in your network (including phones) has modern cloud based endpoint protection. These products are driven by AI and real-time machine learning thus minimising your exposure to evolving or zero-day threats.
Advanced email filtering.The majority of business email these days is either Microsoft 365 or Google G-suite. These systems provide a reasonable level of protection, however because of their sheer size Microsoft and Google are heavily targeted by cyber-criminals.Malicious email often slips past these defences. Independent 3rd party advanced filtering adds yet another level of security to your email and lowers your risk.

References:

https://nakedsecurity.sophos.com/2020/12/17/when-zombie-malware-leads-to-big-money-ransomware-attacks/
https://www.untangle.com/solutions/ransomware/
https://www.watchguard.com/wgrd-products/security-services/host-ransomware-prevention

https://www.knowbe4.com/spear-phishing/



Author: Dennis Jones from CT Business Solutions in Hamilton. Dennis has been a Computer Troubleshooter's franchisee since 1998.