Ransomware is basically a malicious file that is designed to encrypt your data, preventing you from accessing it. Hackers will then demand a ransom fee, to decrypt your data. Over the years, the computer industry has witnessed the evolution of ransomware, as it has grown and spread very rapidly, becoming more sophisticated, as efforts are devised to combat it.
In the past couple of years, there have been a number of really big ransomware attacks – as part of this spreading phenomenon. In 2017, there was a 350% increase in the number of ransomware attacks, according to NTT Security report. Any security professional that has the sole responsibility of safeguarding a company’s data, must have ransomware attacks right at the top of their radar, as it’s a real threat, with real ramifications.
Of course, you want to prevent these attacks, as prevention is always the better option for repairing. But all systems have their flaws, so it makes sense for you to have some kind of recovery plan in place, in the event that the worst comes to pass. Below are 7 best practices that you should consider adopting if you want to prevent your system from falling victim to a ransomware attack.
1. Keep Things Updated
When it comes to preventing ransomware, having all the correct security measures in place, is very important. Hackers are always on the lookout, for misconfigurations and vulnerabilities that they can exploit, in order to unlawfully access your system. So you want to do your utmost, to make it difficult for them. Make sure your systems are all up-to-date, with all the latest security fixes and patches. You may also want to consider configuring your security measures. Disable anything that you feel is unnecessary, and enable those things you feel can help.
2. Back-Up Your Files
If you want to keep your files secure, then make sure they are being backed up, on a regular basis. It’s best practice that you use some kind of external storage device to back up your data, as you want something that is at least, separate or disconnected from any local network. This way, if ransomware was to infiltrate your computer, via the network, it would not be able to corrupt or encrypt the data on your external backup server or storage device. This way, you can quickly and easily recover your data.
3. Keep Up To Speed on New Threats
Cybercriminals make a career out of looking at new ways of exploiting your system. Even if you take the time to monitor and analyze everything that goes to and from your network, there’s still a possibility that you can fall prey to these people. Additionally, it can be fairly difficult to quickly adapt to the new methods deployed by these cybercriminals. For these reasons, it’s important that AI, for example, is used, to enhance the preventative process.
4. Traffic Monitoring In Real-Time
Security professionals make the mistake of focusing solely on filtering inbound connections. But a lot of attention should also be given to outbound connections. A ransomware attack typically entails, infiltrating your system, then establishing a connection from your system to the hacker’s computer. If you are able to block this initial outbound connection attempt, then you may just be able to stop the ransomware attack, right in its tracks. You want to monitor and flag any suspicious traffic, whether inbound or outbound. If done correctly, this can be fully automated, to ensure maximum efficiency.
5. Standard User Accounts
One best practice entails creating standard user accounts for every employee, which they can use for their daily work tasks. This means, when logged in for work, the accounts used, should have nothing above standard privileges. Thus, in the event that such a system is infected, the ransomware virus can or may be restricted to the files on that particular user. The user accounts for low privileges, prohibiting it from expanding to other accounts. The administrator account should be restricted to a select few individuals, and only be used, when absolutely necessary.
6. Keep Asset Inventory Up-To-Date
If you’re unaware of the various devices that are connected to either your private or public cloud, then it makes it impossible for you to properly halt or recognize an attack. You need a full overview of all the different devices operating on your network and in real-time. You also want data on their permission level, based on the user. You don’t want to have any unmanaged devices hooked up to your network, as attacks on IoT, is big business nowadays.
7. Train Your Staff
Training your staff on the various ways that malicious files can infiltrate and effect your system, is very important. If people were aware of the risks, when opening an attachment in an email, for example, that would greatly reduce the threat posed by ransomware viruses.
So to start things off, you definitely don’t want to open any attachments, from unsolicited emails. You also want to stay away from unprofessional-looking websites, and only download programs from the official website of the program maker. It’s possible to mask the sender of an email, so as to give the recipient the false impression that it was sent by a friend. So it’s important for staff to be able to spot the difference. To properly determine who’s sent an email. Cybercriminals are working around the clock on their various attacks, sometimes it can take months for them to properly plan and execute their attacks.
This is why it’s so important you prepare not just yourself, but the employees that work for your organization.
Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website https://www.compuchenna.co.uk.