2017 saw 90% more ransomware attacks than 2016 – a harsh reality individuals, organizations and even government agencies have fallen prey to. What are we doing about it?
Ransomware attacks getting increasingly frequent. How vulnerable are you?
Businesses today can be breached from minor attack vectors ranging from email attachments, websites to remote desktops to unpatched operating system! Sites too are pirated, designed to carry out the attacks. And what’s worrysome is that these attacks are only going to get more innovative and frequent. Recently, researchers at Kaspersky Lab uncovered a new form of cryptojacking malware targeting corporate networks across the globe, with the largest concentration of infections in India, Brazil, Columbia, and Turkey along with parts of Europe and North America.
Thus, it is advisable that businesses take necessary steps to avoid such threats in the future.
How to avoid ransomware in 2018:
While there is no one ideal solution that can provide all-round protection from all known types of ransomware, take a look at Embee’s quick tips that can help you to lower the risk of these attacks:
1. Secure your IT infrastructure:
The importance of strengthening the security of your IT infrastructure cannot be overemphasized. You must have a robust intrusion prevention system (IPS) in place that includes a high-performance firewall and sandboxing support. It is important to adequately secure open ports. Reviewing port-forwarding rules is vital, as is making necessary changes along with finding alternative ways to access data. Your rules should be logical yet strict enough to manage the network traffic flawlessly. You can also avail Managed IT Services to ensure your IT infrastructure is monitored 24x7x365. This will help you to identify irregular and suspicious patterns and take necessary measures to stop an attack before it can enter your system.
2. Email security is the key:
Email is and will continue to be the primary target of ransomware and other types of cyber threats. Most ransomware attacks have been triggered by an email that carried an attachment, which started encrypting files upon download. To avoid such events, the thumb rule is to avoid opening emails from unknown senders and ensure all emails, even the ones from familiar senders, are scanned with an antivirus or antimalware software before downloading.
Organizations also have the option to password protect network shares according to username and password along with placing a limit on the data size that can be shared. They could also implement a data security software solution to check incoming emails before they are delivered from their mail server to the intended recipient.
3. Update and patch your systems
Updating your operating system regularly and applying the ‘fix’ that tech giants like Microsoft roll out at regular intervals, can take care of most vulnerabilities. Do ensure that the Windows Update on your systems is not broken in case you are using a supported operating system (such as Windows 7, 8 or 10).
4. Educate your employees:
It is important to train employees adequately for dealing with the possibility of or the event of a ransomware attack. Some of the basic but effective steps include disconnecting the infected system from the internet and internal network as soon as possible, shutting down the system immediately and informing the IT security and administrations departments. Apart from organizing regular workshops, the IT department must encourage all employees to stay updated about latest security incidents. If any loophole is spotted anywhere, the IT department should immediately be notified.
5. Make backups:
Once a file is encrypted, very little can be done about it. However, taking backups, to both cloud and physical disk drives, can considerably mitigate the risk of data loss. Ensure that your firewall is robust so that malware cannot target your backup files.
Preventing a situation is always more advisable than trying to fix a problem. In business, failing to be prepared for a security threat can prove to be very expensive, both because of the payoff fund and downtime. Thus, it is better to be proactive and take steps to strengthen protection against ransomware today. To get a security audit of your IT infrastructure and prepare for possible threats, connect with us today.