Blog
iTecs IT Outsourcing and Support Blog
Protecting Your Company Against Ransomware
Ransomware is becoming more common due to the success the creators are enjoying due to the improvement of their methods. What were once simple text-based phishing emails are becoming very realistic looking “corporate” fakes. The newer generation of malicious coders creates very realistic looking content that includes corporate logos and some real information from the company’s website to make their content more believable. At the same time, they are becoming more skilled at bypassing in-place security methods. Not every attack can be stopped, but the vast majority can be thwarted by following a few recommendations.
Make sure all your corporate computers are running the most current antivirus software
Start with an antivirus software on every computer and server on your network. Although different antivirus packages each have their strengths and weaknesses, most known threats are recognized by most antivirus software. Don’t let your company get infected by a well-known threat by having unprotected computers on your network.
Please don’t make your users administrators on their computers
Users having local admin rights on computers makes them more vulnerable to ransomware. A user lacking access to install the ransomware may be enough to stop malware from installing. Some malware may still be able to find a way around this, but for the most part, it is still a good habit to have computers secured against users installing any software, malicious or not.
NextGen Firewalls – Stop malware before it gets on your network
Block most known ransomware at the firewall. NextGen firewalls can identify malicious code as it attempts to travel thru the firewall.
Many attacks can be stopped right on the firewall and will never reach the LAN or the end-user.
Spam filtering
Many email services today offer some built-in spam/malware filtering. Additional pre-filtering does catch more spam and malware than the ‘built-in’ style filtering included in your email service/server. Several options such as SpamTitan exist for pre-filtering spam and malicious email content before it even reaches your email server or service.
Does your user know how to identify malicious emails? Do they know what to do when they receive them?
To say that user training is the most important part of your security arsenal is an understatement.
Although technology companies offer great solutions to protect your systems, new attacks that are unknown can bypass these systems. User behavior is still THE best way to stop a new attack. Have your users trained by professionals who can teach them some of the methods we use to identify malware.
Employee response testing – Test your users regularly to make sure they are able to identify threats and phishing schemes and know what to do when they receive a suspicious-looking email. ITecs offers test campaigns that send users test spam messages to see how they react. Reports are generated so that management can identify users who click on the links instead of reporting the spam so that they can receive further training.
Make sure you have good backups
Even with all the best tools in your security arsenal, infections happen every day. Having good offsite/offline backups is the best solution to protect against damage from ransomware. Having good backups means you not only get your data back on your own schedule, you also get it back for free. Just wipe the infected systems and restore from backups. Ransomware attacks work by encrypting the files. This means the files still have to be decrypted once the ransom is paid, and it can take hours or even days to get all your files back.
The worst part is not knowing how long this will take. Restoration from backups is usually faster, and if you’ve been testing restores, then you already know how long it will take to recover your files.
Have an overall plan
With all these precautions in place, your company can survive almost any malware attack. The more of them that can be put in place, even if not all, still improve the chance that your company will recover without paying a ransom.
Latest Posts
Leverage Someone Else’s Expertise And Keep Your Sanity
The thought of doing business solely on a cloud environment can sound overwhelming. From figuring out what it entails and what type of service or hardware will be needed to how to maintain and sustain that type of environment, the task seems daunting. Naturally, the first place to start is with a web search. How do I run my business virtually?
Read MoreIs it considered ‘spying’ if you own the equipment?
The new way of doing business is electronically. The way we communicate and transact is mostly through a device, and even more so now in the days of Zoom meetings and virtual tours. Most employees cannot be efficient without a computer and a mobile device, and it is the responsibility of the company to ensure that they have all the proper tools to perform their jobs efficiently.
Read MoreDoes It Make Sense To Own Your Own Server?
Two of the most common reasons for opting out of owning hardware are maintenance and life span. Technology is constantly evolving and servers can quickly need hardware updates or become obsolete. It is crucial to compare the cost of owning the equipment, maintenance, and upgrades versus the cost of operating in a virtually hosted environment.
Read More
