How to protect against ransomware with an antivirus
If you had to grade malware in order of how much the average company hates and fears it, right now, there’s a good chance ransomware would come at the top of the list, even above the likes of spyware and cryptojackers. A good antivirus is your first line of defense against ransomware. Here is what you need to know.
You need an antivirus program which specifically protects against ransomware
This may sound like stating the obvious, but never assume that an antivirus program will protect against ransomware. Check the details of what it actually does. Then check the brand behind it to ensure that you can trust any claims it makes.
You need an antivirus which checks both websites and email
At present, all ransomware attacks involve some element of social engineering. A user has to be tricked into visiting a compromised website and/or downloading a malicious file, usually sent as an email attachment. You, therefore, need a security product which can check both. Ideally, it should also have an integrated firewall as this is also a vital part of your IT security defenses.
Cloud-based antivirus products are preferable
New forms of malware are emerging all the time. This is particularly true of ransomware as the cybercriminals behind it have a strong financial incentive to keep updating it so that it stays ahead of security tools. This means that antivirus products are constantly being updated in response to emerging threats.
With cloud-based products, the protection is effective from the moment it is deployed by the company behind the antivirus. With offline products, the user has to download and install the update. This may not seem like much but when you multiply this slight delay over numerous updates, you can see how it does add up to a major difference. Additionally, storing virus definitions offline consumes a lot of local resources, whereas using a cloud-based product significantly lightens the load on the local device.
Your antivirus product needs to be coupled with good security hygiene
The idea behind antivirus products is that they build on existing defenses. In particular, they assume that you have your operating system(s) and applications fully up-to-date. This is a major weak point at many companies and as such, it is regularly exploited by cybercriminals. If it’s a weakness at your organization then you either need to fix it internally or arrange for a managed IT services vendor to take care of it for you.
You may want to think about restricting internet use
Allowing people to use the company internet connection for non-work activities increases the company’s exposure to security threats and everything they imply. It particularly increases the company’s vulnerability to ransomware because this is updated so frequently that it may slip past even the best security software.
Because of this, it may be time to put a stop to the practice of allowing employees to use the company’s main internet connection for personal business as long as it does not interfere with their work. Given that just about everyone now has a smartphone and/or tablet, a possible compromise might be to set up a “social” WiFi network and allow them to connect to that.
Mobile users should always use VPNs or paid Wifi/mobile data
Free public WiFi may be one of life’s greatest conveniences, but it’s also one of IT’s greatest security hazards and people should never connect to the company network from it. If workers spend a lot of time on the move, then it may be worthwhile setting up a VPN so they can use public WiFi if necessary. In some cases, that may be by far the most practical option (for example at the average airport). For lighter users, however, VPNs may be more hassle than they’re worth in which case, they should stick to paid WiFi and/or mobile data.
It’s still important to implement a robust data backup policy
No antivirus product can ever guarantee 100% protection, especially not from a threat like ransomware. New forms of malware may slip past even the best defenses precisely because they are new and hence not recognized. This means that you absolutely must have a robust data backup policy in place. Ideally, you should have two data backups, one on-site and one off-site (or one in your main cloud and one in a secondary cloud).
It is very risky to rely purely on local backups, especially if they are automated, since malware that can infect your local system may also be transferred into your local backup. This is particularly likely with ransomware (it’s known as the ricochet effect).
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response