Guest post by Cody Jaster, digital marketing manager, Netsurion.
The word “ransomware” has been in the headlines quite a bit this year. The Institute for Critical Infrastructure Technology (ICIT) has even called 2016 the year of ransomware.
Ransomware is a company’s worst nightmare. This malware infects computers and restricts the users from accessing any of their data until paying the ransom. Imagine a hospital unable to access patients’ data or a financial institution unable to manage their customers’ accounts? What would you do to get that data back? Victims of ransomware have been presented with the following choices: Restore their backups (if they had any and if they do, it takes quite a few days to retrieve it all) or pay the ransom to get the data back. Assuming they get the data back, at that point these businesses have had operations grind to a halt for days, spent money on retrieving this data and most of all, their reputations have taken a hit.
Take action before being the next victim. In addition to having remote-managed network security as your first line of defense against ransomware, here are a few things you can do yourself to protect your business.
Preventative and Proactive
- The number one preventative measure calls for regularly updated system backups (stored off-site or cloud-based)
- Keep software updated, including patches, antivirus, firmware, flash, etc. A large number of malware or ransomware access systems via security gaps posed by out-of-date software.
- If possible, filter incoming mail with .exe, .vbs, or .scr attachments to a quarantine folder if these types of files are normally contained in everyday business communications, otherwise, mark as spam or auto-delete
- Ensure your business locations have a properly configured and actively managed/monitored firewall
Staff Training and Education
- Build a culture of security by having employees and staff educated to identify and refrain from opening suspicious attachments in email
- Update computer system settings to show file extensions and train staff to recognize suspect files. This will help expose many executable files that have been disguised as .doc.exe or .pdf.exe to appear as legitimate and safe files when settings do not show the entire extension.
- Provide individual accounts for each user, with minimal privileges for only necessary system access. Educate staff to not share user accounts and passwords.
- Disable public-facing remote access for all critical systems
- For systems with remote access, enable two-factor authentication to prevent attacks
- Properly configured network segmentation prevents the spread of ransomware from compromised machines to other critical systems and devices on the network
- Quite a few ransomware programs require an encryption key from external Internet sites to encrypt your files. Enact strict firewall rules with web filtering to limit access to these sites
- Ensure your managed firewall is actively managing and monitoring all inbound and outbound traffic
Just how dangerous is ransomware? The following graphic by Netsurion provides some valuable perspective.