How to implement effective Windows ransomware protection
(1 votes, average: 5.00 out of 5)
Loading...Windows Defender has now been around for nearly two decades and people are still questioning whether or not it is sufficient on its own. The short answer is that it may be sufficient for light users. If however, you use the internet regularly, have sensitive information on it, or are a business, then it is nowhere near enough and you need extra protection. With that in mind, here’s what you need to know about how to implement effective Windows ransomware protection.
You need a proper anti-malware program with an integrated firewall
Personal users can get these for free, although the paid options can have more functionality. Businesses will need to pay, but there are some excellent, reasonably-priced options that even the average SMB should be able to afford.
There are several reasons for choosing all-in-one products. First of all, their performance is now comfortably on par with individual products. Secondly, they tend to be considerably more economical. Thirdly, they are often much less hassle to install and configure, particularly if you go for cloud-based products.
Cloud-based products are also easier to maintain since all the updates are managed by the vendor and are deployed on the server rather than needing to be downloaded and installed locally. This also reduces the burden on the local devices, which is useful for older Windows machines.
To be fair to Windows, it has a lot of good points. Sadly, however, its update process has never been one of them. Windows updates have a long history of solving some problems while they create others and this tradition seems to be continuing with Windows 10. For this reason, it’s entirely understandable that some companies (and individuals) prefer to hold off applying Windows updates until they see the reaction from other people.
In all honesty, unless Microsoft actively flags an update as urgent, it can be reasonable enough to wait a few days to a week to see if Microsoft needs to update its update. This is, however, as long as you should ever wait. Remember that you are balancing caution about issues created by Microsoft with the willingness to risk a slight delay in improving your security.
To put this into context, when the WannaCry ransomware attack hit in May 2017, most of its victims were using Windows XP and Windows 7. This is because these operating systems had ceased to be supported by Microsoft and hence the exploited vulnerability had not been patched. There were, however, some victims on later operating systems who just hadn’t got around to installing the latest patch, even though it had been released about six weeks previously to the attack.
For completeness, if you are using an operating system that has ceased to be supported by Microsoft then the safest move by far is to keep it completely offline. If you absolutely must connect it to the internet, then restrict it to the absolute minimum of activity and keep the minimal amount of data on it for the shortest possible period. Even then there’s a risk since a cyber attacker could compromise the vulnerable computer and then use this to sneak past the defenses of other computers.
If you’re still using downloadable software, that needs to be updated too
One of the many attractions of cloud-based software is that it eliminates the need for IT departments (or managed IT services providers) to organize for updates to be downloaded and installed. If, however, you’re still using downloadable software, then you need to ensure that this is also updated promptly.
It’s vital to have an effective data backup strategy in place.
Although your Plan A should always be to stop ransomware getting a grip on your network, realistically you also need a Plan B in case it does. The harsh fact is that the lucrative nature of ransomware gives its developers a lot of motivation to keep updating it so it stays ahead of security programs and tools which can decrypt files.
Your Plan B is to have a whole, clean data backup from which you can restore. This may be a pain, but it’s a whole lot better than being faced with the choice of paying a ransom and hoping you get your files back (which is by no means guaranteed) or going without valuable data.
The key point to note is that local data backups are vulnerable to compromise if the production system is attacked. This is especially true if you use automated backups, which will just transfer the infected files to the local database, overwriting the healthy ones. That’s one of the many reasons why you also need an off-site data backup.
Please click now to start your free 30-day trial of Xcitium AEP.
Related Sources:
Endpoint Detection and Response
cyber security protection against ransomware