If you can project knowledge and experience, you can probably talk unprepared users into doing whatever you tell them. Hackers will learn your organisation structure, names of key stakeholders and then contact staff pretending to be a senior manager and urging them to open an important file. Even if the employee realises they have been tricked, it is too late – the ransomware will have already set to work on your network.
We take a look at some practical tips to protect your business against ransomware infection but first we look two common ways hackers can gain access to your IT sytems.
Phishing
Phishing has evolved from stealing sensitive login details to encouraging users to install ransomware. Having received an official-looking email and clicked through to an official-looking website, the user is encouraged to download and install an official-looking app – which just happens to contain malware.
Malicious websites
Just general web surfing can be a recipe for disaster if your employees land on a compromised site. Click on the wrong pop-up or download the wrong file and malware can gain a foothold in the network.
You must teach your employees about these risks – and how to avoid them.
Prevention
Preventing ransomware infections is mostly common sense, applying IT security best practices to your infrastructure and operations, including:
- Regularly patching and updating software to address vulnerabilities and reduce opportunities for exploits.
- Ensuring endpoint anti-virus software is installed, configured and kept fully up-to-date at all times.
- Use policies to prevent end-users from installing software or running applications with elevated permissions.
- Maintain content filtering and firewall whitelists and blacklists to limit traffic to untrusted or compromised websites.
- Limit access to the physical computer ports to prevent ransomware ingress on removable drives etc.
- Audit your network regularly to identify gaps in your security systems – including testing your employees’ responses to social engineering attacks.
- Lockdown as many permissions and access rights as possible. Ensure that staff only have what they need to do their jobs.
Limiting access rights may occasionally cause issues – but they are nothing compared to the fall-out from a ransomware attack.
Recovery
Despite your best efforts, it is likely ransomware will eventually make it through your defences – the larger the network, the higher the probability. When it does, you need to be prepared to bring operations back online as quickly as possible.
Usually, backups take place once every 24 hours. If a ransomware outbreak shortly before the cycle restarts, you could lose a full day’s work – which could be catastrophic.
Your disaster recovery provisions need to reduce these gaps between cycles. Snapshots and smaller, targeted backups can create copies of key data more regularly speeding up the remediation process after infection.
There are many tools to help achieve these goals, but identifying, configuring and deploying the right ones for your business is not necessarily straightforward. WTL can cut through the confusion, our specialists will help your business build an effective, efficient disaster recovery solution that allows you to respond to ransomware quickly – without losing data.
To learn more about how we can help you protect your business against ransomware, please get in touch or take a look at the cyber security services we offer.