The enterprise IT security landscape saw a considerable uptick in the number of ransomware attacks throughout 2016. Although not a new type or style of hack by any means, ransomware has risen in popularity focusing on businesses of all sizes. Here are seven easy things you need to do NOW to minimize the risk and ensure your organization does not become the next victim...
Simply put, ransomware is a malware, or malicious software, that installs itself onto an unsuspecting victim’s computer. It then locks up the computer (and possibly the whole network), encrypting the data and making it unusable until a ransom is paid. Typically, the preferred payment for these criminals is in Bitcoin, an untraceable digital currency.
For hackers, ransomware is easy to spread and lucrative if you, your end users and business do not take necessary steps to protect itself -- and the situation is predicted to only get worse in 2017. According to a recent theguardian article,
“Ransomware is fast becoming a ubiquitous security threat, with nearly 40% of all businesses experiencing an attack in the past year…more than one-third of the ransomware victims lost revenue as a result of the attack.”
1. Have a Backup Solution in Place
The numbers are significant and there’s no excuse for leaving your business exposed. Here are seven easy things you need to do now for basic data breach prevention, minimize risk, and to keep you, your end users and business safe:
Access and storage of your data is mission-critical to your business, especially when dealing with a ransomware attack. If you backup your data routinely, ransom Trojans are easy to remove. Recover the files from a backup and hope the person at fault learns their lesson.
2. Keep Software up to Date
Some ransom Trojans target user carelessness (“click this link,” or “open this attachment”). Others exploit vulnerabilities in software. Keep all your software patched, especially the most common and popular off-the-shelf products – they are the first ones a hacker will target.
3. Filter Executables
Disguised as an invoice, an “urgent” document, or a notification that you’ve missed a delivery -- these are often hidden in ZIP archives. Make sure to filter those and executables in general.
4. Show File Extensions
By allowing Windows to show file extensions, it makes it difficult for hackers to keep thier intentions hidden. For example, if a file is really called “Invoice.doc.exe,” then you shouldn’t allow it to present itself to the user as “Invoice.doc.”
5. Restrict User Privileges
Keep incidents isolated by making sure one infected user does not bring down your entire network. By limiting machine access to only what it needs it can save your business significantly in downtime, allowing unaffected users/departments to continue working productively.
6. Disable Remote Desktop Protocol
Hackers love to use Windows’ native remote access feature and third-party software to get malicious code onto computers. Although the remote desktop protocol is very useful, it does not need to be switched on all the time.
7. Get a Security Audit from a Reputable IT Consultant
A credible and experienced IT Consultant, like Lantium, can assess your organization’s information systems, business processes, and overall cyber presence to help you identify methods to keep your business protected. By being proactive, you can ensure your business stays safe in 2017!
Interested in learning more about security audits, proactive monitoring, data backups, or how to make your business and its data more secure, please schedule a free call with one of our experienced security consultants today: