How to prevent ransomware attacks
These days, sadly, there is a huge range of malware out in the wild. Obviously none of it is good news. If, however, the average IT department had to name one they hated above all others, there’s a good chance it would be ransomware.
The basics of ransomware
Ransomware is malware that aims to trick or force its victim into paying money to make it go away. It’s a growing threat to both consumers and businesses. In the consumer world, the main threats are scareware and lockware. The former is a straightforward trick (hence the name), the latter really does lock the screen and may be able to freeze a victim out of their computer. On the other hand it may not, since there is a good chance that either version can be removed with the sort of security software that could have prevented it in the first place.
In the business world, the major threat is encryption ransomware. As its name suggests, this encrypts files and then demands money for their release. If you fall victim to a ransomware attack, then the best way to deal with it is to restore from a backup. This is yet another argument for having a solid data backup process in place. What’s even better, however, is to avoid falling victim to one in the first place.
The mechanics of ransomware attacks
At present, all ransomware attacks involve some level of social engineering. Users have to be tricked into visiting a compromised website or opening a malicious attachment, generally sent via email. Therefore, the way to prevent ransomware attacks is to implement solid automated defenses, support them with robust processes, and enhance them with effective user education.
Implementing solid automated defenses
Your key defenses against ransomware are an anti-malware product with an email scanner and a firewall. To this may be added a VPN system if you need to support remote and/or mobile workers. Check that your anti-malware product is effective against ransomware.
Implementing robust processes
The processes which will protect you against ransomware are essentially the same processes that will protect you against malware in general.
Your most important line of defense by far is to make sure that your operating systems and apps are updated promptly. Updates can be a pain, especially Windows updates, but they really do make a huge difference to your security. For completeness, this is why it’s extremely risky to use operating systems and/or apps that are no longer supported by their publisher and hence have stopped receiving updates. If you absolutely must do it, try to keep the computer offline.
Block USB ports
There should be absolutely no reason for your staff to need to use unauthorized USB devices, but that won’t necessarily stop them from trying, quite possibly through a combination of ignorance and convenience. The likeliest culprit is almost certainly going to be cell phones and possibly tablets since desktop computers can make convenient charging stations. If, however, the devices can only access the power and not connect to the main computer, then your system should be safe.
Consider restricting internet usage
This can be a difficult line for companies to walk. Many employees have become used to the fact that they can use company internet for personal matters as long as it doesn’t interfere with their work. Many companies are, in principle, absolutely fine with this.
The problem is that the more people use the internet for non-work purposes, the more likely it is that they’re going to end up introducing something unwelcome into the company’s system. Even the best security software in the world cannot guarantee 100% protection 100% of the time if only because new threats are continually being developed. That’s exactly why companies need to adopt an all-round approach.
One potential compromise might be to stop staff accessing non-work internet sites from company devices but to implement a WiFi connection they can use from their own mobile devices.
implementing user education
There are two reasons for implementing effective user education. The first is that your users might be able to help improve security by being responsible network users and basically thinking before they click, or before they give out personal or company information. The second is so that users understand why you are implementing security measures which may inconvenience them.
The key to effective user training is to make it convenient and relevant. You might want to conduct an initial classroom-based or one-to-one session when users first start at a company, but you need to be realistic about the fact that this will be forgotten if it is not refreshed. It’s, therefore, a good idea to keep topping it up with bite-sized online training sessions.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response