How to Build Protection from Ransomware

Posted on Wednesday, February 28, 2018

Your business deserves to be protected against intrusions by hackers. Ransomware is a particularly malicious form of hacking, whereby a file is downloaded onto a company computer, which in turn denies all access to the data therein. Hackers hold the data to ransom, offering only to unlock it once a sum of money is paid. As this style of hacking becomes more popular, the methods of inserting the ransomware files are becoming sneakier. It pays to take a proactive, layered approach to protecting your business against ransomware.

 

Your defenses should come under two categories:

 

  • How your staff act and how they experience company devices, and
  • Automating processes to reduce human error.

 

Taking a proactive approach is critical. While you can accept that you will not stop every attack, you still must do everything you can to prevent one from happening. Protective actions will reduce the amount of success casual and opportunistic hackers will have to access your data. It’s also good practice to have demonstrable efforts to protect client data efforts in light of the rapidly approaching implementation of the GDPR.

 

Here are our suggestions on how to build protection from ransomware.

 

How your staff act and how they experience company devices

 

It’s widely accepted that most ransomware attacks gain access through simple human error rather than dedicated hacking attempts. Training your staff and making changes to their digital environments will reduce a large percentage of your risk.

 

Educate your staff about the risks of phishing emails. People remain the weakest link the cyber security line of defence. Engender a culture of vigilance when it comes to email attachments and the like. One misled click is all it takes for ransomware to take hold.

 

Restrict end user system authorisations. This may be received with little enthusiasm, but it has little to do with trust and more to do with creating secure walls that viruses cannot cross. Limit staff ability to download executable files (like games or software) and access configuration settings on company devices.

 

Consider ad blocking software. In 2015, the cryptolocker ransomware attack was spread in part through falsely branded internet advertising (‘malvertising’). It was a very successful strategy. Ad blocking software will change end user’s online experiences, so use this with care.

 

Promote a culture of data security among staff. Dedicated hackers will spend time researching your company and gathering data to tailor-make phishing campaigns. Social media activity can be watched, press releases inspected and clues gathered about the digital environment to craft the most specific ransomware to be effective quickly.

Foster a reporting-friendly environment. Encourage staff to report any suspicious activity. This includes strange emails or unidentified files. This must be conducted alongside staff awareness training. Incentivise reporting that leads to positive outcomes.

 

Enforce strict policies on public Wi-Fi use for company devices. This is a glaringly weak spot for many companies (particularly those with a more mobile workforce). Do not use public Wi-Fi unless your company has created and maintains a virtual private network (VPN), or there is encryption software in use.

 

Two factor authentication can reduce malicious installs. It is highly unlikely that a hacker will have access to a specific smart device or token that is tethered to a password enabled account. If a password and token is required to permit installation of software or downloads of particular file types, it will greatly reduce the number of inappropriate files gaining access to your systems.

 

Automating processes to reduce human error

 

The fewer decisions that need to be remembered, scheduled and acted upon, the better. Allow automatic updates, write rules for programs to follow and make any other necessary changes to reduce workload and increase protection.

 

Back up your data to the cloud. This give you the option to access data if you’re locked out of a device or even your whole network. Make sure your back up system is disconnected unless you’re actively transmitting data to avoid ransomware reaching your secure back up repository.

 

Create strict rules for your email client. Block or filter .exe files from attachments and emails to prevent any executable files being clicked on by mistake. You can also arrange for files to display hidden file extensions (a common deceptive manoeuvre). Document macros are a common vulnerability, so consider blocking those, too.

 

Immediately patch third party software. Create an unyielding policy of installing updates and patches as soon as they go live. If you can automate this process it will reduce even more risk. Identified security holes are a gift to hackers. Patch those holes, particularly with ubiquitous software like Adobe, Flash and Java.

 

Ensure you have antivirus software installed. It must be up to date at all user-facing portals and end points. It won’t catch every virus or malware file that comes through, but it will go a long way toward blocking the majority of cases. Make sure to have well-rounded applications like firewalls and behaviour-based threat detection, too.

 

Deploy penetration testing. This method of enquiry tests every potential entry point for security threats into your business (both digital and physical in some cases). It’s a great way to test both employee security awareness and behaviour, alongside system maintenance procedures.

 

Create a blacklist and a whitelist. Blacklisting blocks a nominated list of programs from installation on company devices. This works but can only prevent known problems from occurring. Consider using a whitelist instead or in addition, where only nominated programs are permitted and all others cannot be installed (without specific higher-level permissions).

 

Routinely inspect permissions lists. Ensure all former employees and contractors have had their digital privileges revoked. Data can leak from within an organisation. Keep an analytical eye on any unusual outbound data traffic, for example.

 

About Mustard IT, your cyber security partner

Mustard IT provide the design, build, and installation of secure IT servers and networks, and can help you build a ransomware protection strategy. Our trusted team are experienced and able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.