Top 5 Tips to protect against Ransomware
The Ransomware attacks that have hit the NHS recently have highlighted the vulnerability of organisations to such IT security risks. Here are some simple steps every organisation can take to help protect themselves from ransomware.
1. Train staff to make them aware of phishing emails
The most common route for malware to come onto computers is via links in emails. Because the email does not contain a virus, just a link, it often can get through traditional antivirus and spam email filters. Clicking on the links causes the malware to be downloaded and run on a users machine.
Make sure your staff are aware of the risks of clicking on links in phishing emails. If they see anything unusual or suspicious in an email, just delete it or report it to their IT team to check.
2. Patch your systems
The recent ransomware attack that hit the NHS relied on a security vulnerability that Microsoft fixed two months earlier. If the systems had been updated with this critical security patch then they probably would not have suffered
Ensure you have a patch management system in place to automatically deploy security patches to all your computers.
3. Use the off button
Quite often when ransomware is installed it will delay when it starts. You make click a link, see nothing happen, and then only hours later will the virus start to activate. If you leave your computer on overnight it may start working when you are not there, and by the time you see what has happened the damage is extensive. Make sure you turn your computer off when you finish at night.
4. Deploy application control
Most ransomware attacks are carried out by applications that are inadvertantly downloaded and run by the victim. Application control restricts the applications that can be run on any given computer, meaning any unknown applications cannot run until approved. For some technology companies this is difficult to deploy, as they develop and run many versions of their applications.
However for many organisations, particularly in the professional services sector, this is a significant tool to protect against ransomware and other malware attacks that puts data at risk.
5. Make sure you have offline backups
When ransomware strikes the chances of getting your files decrypted are very low, even if you pay the ransom. Therefore it is important that you can go to your backups and restore your files from here. Some ransomware attacks will also encrypt your backups, if your backup system is still connected to your computer or server. Therefore it is important that you also have “offline” backups, either on physical media (tapes or disks) that are not connected to the server or in an online cloud backup system.
These tips won’t guarantee that you will never suffer from a ransomware attack, but they will reduce your risk and minimise your exposure should you be targeted.
And if the worst does happen…..
Don’t panic. And don’t pay the ransom. Seek advice from IT professionals who can assess the situation and advise you on the best route to recover your files.
4Cambridge provide a range of IT security solutions, including ethical phishing campaigns to raise staff awareness, application control software, and a centralised patch management service. Call us on 01223 728 205 or email firstname.lastname@example.org to find out more.