How to Protect your Business Against Ransomware
Ransomware is one of the most significant threats to company data right now and cases are becoming all too common for large and small businesses alike. You must protect your business against the financial and productivity impact of this online menace. The good news is, that following some simple and cost-effective steps will help you to minimise the risk of infection within your organisation.
What is Ransomware?
Ransomware is a particularly nasty computer virus that has one main goal, to encrypt your valuable data and demand that you pay an amount of money to get it unencrypted. You may have heard of some of the main types of ransomware, such as Cryptolocker and Maktub Locker. Once your computer, and any network it is attached to, becomes infected the virus will place a strong level of encryption on any of your files it finds. It will then display a message on your computer demanding that you visit a website to buy the 'key' that can be used to unencrypt your data and make it accessible and usable once again.
If your computer does become infected, there is no point in trying to unencrypt it yourself or running anti-malware software to try and reverse the process. So, what can you do to protect your business against ransomware? Here are a few golden rules to follow.
Use Anti-virus Software
Endpoint anti-virus software is the last line of defence against infection - and it is important to remember that no anti-virus software is 100%. Make sure that your anti-virus software is kept up-to-date for all users and that it covers files, downloads, emails and browsers.
Your users are one of the best protections against any type of malicious software. Their web browsing habits and how they deal with unsolicited emails are key to keeping your systems safe from ransomware. As part of induction to any company we would highly recommend explaining the do's and don'ts of your internal IT policy including; deleting unsolicited emails without opening them (especially those with attachments), not clicking links in emails or on websites when they don't know where they go, remaining vigilant to online threats, not downloading software from the internet and not visiting websites that they don't know to be safe. Remember, it is fairly easy for complacency to set in, so a refresher on these common-sense rules should be scheduled for all employees on at least a six-monthly basis.
Scan Emails for Threats
Of course, users may be prone a momentary lapse so real-time scanning and threat analysis for your emails can really help to reduce the threat of ransomware. Make sure that your emails route through a service where malicious attachments and links will be caught and quarantined.
Limit User's Ability to Execute Software
This can be achieved through a network policy or locally by ensuring users do not have administrator rights on their computers (or at least that their everyday work profile is non-admin). This means that any executable files that make it through your email management and anti-virus are not accidentally run and so starting the infection.
We would also recommend disabling AutoPlay/AutoRun, the mechanism that controls what actions the system takes when a CD is inserted into the optical drive or USB drive is mounted in your computer.
Limit Access to Shared Drives/Areas
Ransomware infections can spread from local drives into shared network areas so give access to files and folders on a need basis. For example, not all employees will need access to company financial data, so only allow those users who require the data to map that share. The fewer users have access, the less chance there is of a widespread infection.
Keep Software Up-to-date
Don't delay in making sure your software (including Operating System and web browsers) are up-to-date. Important security patches for all software should be installed as soon as they become available.
Take the Right Kind of Backups
Taking backups of your company data is a 'no brainer' right? Of course it is, but you must be aware of the types of backup you will need to protect against ransomware. Remember that ransomware can infect a whole network so just having a backup of your files and folders on a network connected server may not protect your business. In the same way, data backed up to 'the cloud' through services like Google Drive, OneDrive for Business or Dropbox will not protect you either. The reason being that files and folders will sync with those on your computer so, if not caught quickly, the cloud copy of your data will become encrypted as well and you are right back to square one.
To protect against ransomware, backups should be incremental, be stored off-site and we would recommend are taken at least three times a day. If you have opted for cloud storage (and many small businesses do nowadays) then there are services available that will take snapshots of your data and store them away from the risk of infection. If your local or cloud data becomes infected, then it can simply be deleted and then restored from a backup taken before the infection occurred. If you are running an on-site server then a hybrid backup solution will do the same thing.
If your business can tick all of the boxes against the measures presented here then it is highly unlikely that you will be the victim of a ransomware attack. And, if you do, you will have the backups to restore your data rather than submitting and paying the ransom. Of course this is all good practice for business IT anyway.
If you would like some further guidance on protecting your business against ransomware infections then contact us today.