My 10 steps to avoid Ransomware...

My top ten pieces of advice for helping business protect from cybercriminals:

1. Install anti-virus, web filtering and firewalls

Preventing malware entering the organisation in the first place is the best way to secure against cyberattack, and through the adoption of a ‘layered approach’ to protection, implementing anti-virus, web filtering and firewalls. It’s essential that businesses ensure each component is accurately configured and always up-to-date. Scanning solutions today incorporate functionality to re-write links to verify safety when ‘clicked’, and to open suspicious attachments.

2. Keep IT up-to-date and patches applied

Malware can often infect an organisation, entering through bugs in software and applications. Businesses should ensure that software updates are implemented and patches applied as soon as they’re released. It’s believed that WannaCry exploits a Windows issue for which Microsoft issued a patch in March – but, which many organisations have not administered.

3. Backup – and regularly

Whereas organisations attacked by encryption ransomware will be unable to access their live data, their backup data will have been unaffected, and can be restored once infected devices have been cleared down. On the proviso that backup procedures have been performed regularly, the integrity of the data routinely checked, and well-defined and practised restoration procedures created, an infected organisation will lose relatively little data – and, importantly, can be quickly back up and running. New ways of giving robust Disaster Recovery solutions with Azure and other platforms are also available to improve your Recovery Time Objective ( RTO ).

4. Keeping users trained

Email cybercrime is common, often sent by the cybercriminal as part of a mass random communication. Businesses should therefore consider investing in ongoing training to remind employees of potential hazards. Malicious links incorporated within emails create issues for many businesses. Give-away signs to look for include:

• Emails claiming to be from well-known, reputable organisations, sent from a variant of the authentic email address – a 0 replacing O, for example;
• Communications from organisations or on topics that arrive out of the blue;
• Poor quality text (spelling and grammatical errors, for example) can often indicate a fraudulent email – although it’s worth pointing out that cybercriminals are increasingly addressing this.

Emails received from legitimate contacts, but where the originating account has been attacked, still pose problems for businesses. These are often characterised by containing a short – at times often nonsensical message – and (malicious) link.

Social media networks or instant messaging may also contain links to malware.

Advising users to go direct to an official website rather than click on embedded links can help businesses guard against malicious attack, but the main point of advice is that it’s essential to keep reminding employees of potential ransomware threats.

5. Is it really the CEO/MD emailing?

Spear-phishing is a second and growing form of cyberattack actioned through email, with the attacker posing as a company official requesting a specified action – such as a the ‘CEO/MD’ of a company asking Finance to transfer funds. These types of email can also claim to come from official organisations – a bank, government department, or even the police, for example. Companies should be aware of this potential risk, and define procedures to help employees identify phishing attacks.

6. Formalise security policies

Customers should be advised to create and record in writing a set of formal protection policies and processes in consultation with ACS or their IT partner who can apply these policy requirements to every device.

7. Instigate a robust password and multi-factor authentication policy

It goes without saying that the more robust a password requirements policy, the harder it is for cybercriminals to infiltrate a business. However, many companies still have not addressed password protocol, and allow users to set up ineffective and weak passwords. Requiring unique ‘strong’ passwords for individual accounts, or implementing single-sign on solutions, helps reduce risk, along with implementing multi-factor authentication whereby access is gained only after successful submission of various pieces of information as an additional layer on top of the password control – such as requiring input of a numerical code texted to a mobile device.  

8. Personalise anti-spam settings

Malware can be activated via an attachment. However, webmail servers can be configured to block potentially suspicious attachments, identified by extension type – such as .exe, vbs, or scr. A show file extension function is also useful to help users avoid accessing malware via attachments. Talk to our team about Mimecast and other solutions used by over 70% of Law firms in the UK.

9. Block pop-ups, disable macros, disallow data transfer via USB

Increasingly, malware is spread through invitations to download macros incorporated within every-day type documents. A robust policy defining download privileges and regulating rights per employee can extend protection across the business.

10. Turn off immediately if suspicious activity is detected

And finally, if an attack is suspected, advice is to disconnect from the web. At an early stage in the attack, this can prevent malware establishing itself, but may also prevent ransomware spreading to other areas of the business.

My view, “Ransomware is a growing problem that needs security at the top of the agenda to protect your business. Solutions are inexpensive to deploy and will still give the business and users a great, secure , IT experience. WannaCry is demonstrating the damage globally but much of the risk can be managed with a good partner. We have videos available for clients to help users adopt best practice to mitigate Ransomware and other risks"

“But there are ways businesses can protect themselves, with a people-process-technology approach to look at potential flaws in employee behaviour, business procedures and IT systems particularly effective. As it’s also worth remembering that when facing a ransomware attack, there’s a criminal gang behind it. Who’s to say that even on payment of a ransom demand, files will be un-encrypted… In addition, the National Crime Agency encourages businesses to NOT pay ransoms.”

The National Crime Agency (NCA) and the National Cyber Security Centre offer advice, and the Cyber Security Information Sharing Partnership (CiSP) is a national forum where businesses can discuss cyber issues.

At acs, we’ll also be publishing various articles on security and protecting businesses against malware in the forthcoming weeks – but in the meantime, why not speak to any of the acs Team by calling 01604 704000 or emailing me directly [email protected] and I will ensure your request is prioritised.

Jon Thorpe, Managing Director, email : [email protected] website : www.acs365.co.uk