In a previous blog, Ransomware: The top security concern for businesses, we highlighted the rise in sophisticated ransomware attacks. Whilst justifiably a growing concern for businesses, the threat of ransomware is not insurmountable and there are measures you can put in place to protect your business.
Protecting against ransomware is not only about investing in the latest security software. It requires good security practices, regular employee training and a solid backup strategy.
We offer our top 10 practical recommendations below:
- Tip 1: Backup regularly and keep a recent backup copy off-site – this may be the only way to retrieve your data without paying the ransom.
- Tip 2: Be careful about opening unfamiliar attachments – most Windows ransomware attacks are embedded in documents distributed as email attachments so err on the side of caution. If in doubt, ask your IT support.
- Tip 3: Limit administrator rights – don’t give employees more access than necessary and avoid browsing, opening documents or working whilst logged in as an administrator.
- Tip 4: Update patches regularly – install patch updates as regularly as possible to reduce the risk of cybercriminals exploiting identified vulnerabilities in your software.
- Tip 5: Increase employee awareness – educate your users on how to detect spear-phishing, social engineering and other suspicious websites so as to avoid them becoming the weak link in your systems.
- Tip 6: Invest in layered security software – ensure you have up-to-date anti-malware and firewall software, and add additional layers of email and web protection as required.
- Tip 7: Enable file extensions – this may require a change to your default Windows settings and will make it easier to identify less common file types.
- Tip 8: Don’t enable macros – ransomware is often distributed via Office documents that trick users into enabling macros so don’t do this!
- Tip 9: Segment the company network – separate functional areas with a firewall so that only required systems and services can be accessed.
- Tip 10: Disconnect from Wi-Fi or unplug from the network immediately – If you run a file that you suspect may be ransomware, but you have not yet seen the characteristic ransomware screen, if you act very quickly you might be able to stop communication with the C&C server before it finishes encrypting your files. Disconnect yourself from the network immediately and you might mitigate the damage as it takes some time to encrypt all your files. This technique is definitely not fool-proof, and you might not be sufficiently lucky or able to move more quickly than the malware, but disconnecting from the network may be better than doing nothing.
A multi-layered approach is key to protecting against ransomware. Whilst security software is important, equally important is employee education and a solid backup strategy to mitigate the damage of infection.
It is also worth noting that it is illegal to pay a ransom used to fund or support terrorists. Whilst ransom payments in other scenarios are less clear, the recommended action is to consult with the police or other relevant law enforcement body, specifically ActionFraud in the UK.
For more information on ransomware and how to protect your business, please get in touch.