The key to avoiding ransomware attacks, and cyber-extortion generally, lies in stronger network security and employee education.
Just as IT developers, designers and creative types get stronger in their fields, so do hackers and the malware they produce. For experts who’ve been following this threat for years, it’s no surprise that attacks and malware represent a major issue today and are becoming more common, or that the technology gets more sophisticated every time we see a new wave of attacks hit the headlines.
Even businesses with robust IT policies and trained employees have fallen victim to ransomware infections that attack compromised servers, spread through internal networks and turn everyday resources into tools that allow hackers to:
- Bring entire organisations to a standstill
- Extort huge sums of money and
- Cause untold brand damage
To help fight the good fight, here are our 5 Tips to help avoid ransomware attacks:
1. Plan for disaster
Test back-up systems regularly and take time to put a robust disaster recovery plan in place: it will prove invaluable if you ever need it.
Keeping on top of defence systems generally is a good idea, carrying out periodical reviews and IT security audits, identifying network weaknesses and keeping up to date with security updates and patching, will keep you vigilant and much less attractive for hackers looking for easy opportunities.
A good IT or Operations Manager will admit where they need support to secure networks or assets that can be compromised. Taking time to address vulnerabilities, using professional help from an IT consulting service where necessary and having a clear plan, if the worst should happen, are basic first steps and should be priorities for any business.
Technology is developing all the time – for the good guys and the bad guys - so it’s important that someone within the business has specific ownership when it comes to ensuring investment in the appropriate tools and that the right security measures are deployed at the right time.
Top Tips for keeping your business network safe
- Invest in gateway protection to help manage traffic in and out
- Use advanced malware protection that looks at non-signature/cloud based antivirus, whitelisting and network traffic monitoring or blocking technologies
- Keep business operating systems updated and patch regularly
- Back data up regularly and give servers the attention and protection they deserve
- Keep on top of machine management, so systems run quickly and smoothly
- Opt for machine parity across the business, for a unified approach to security
- Run regular vulnerability assessments to ensure security is always match-fit
There’s no one piece of software, hardware or firewall that will do everything on the cyber security front. It’s about building a multi-layered defense using smart technology and a common-sense approach.
3. Get buy-in from the business and employees
A bulletproof IT policy, business continuity plan and disaster recovery plan is of little use if:
- They don’t have the political and financial support of a business’s management team and
- Employees who can make a real difference day-to-day, don’t know how to identify and avoid typical threats such as dodgy emails
A plan for fighting ransomware and cyberattacks generally, needs more than just good technology. Indeed, a common misconception is that it’s the sole responsibility of the IT department to keep attacks at bay. Of course, they optimise network security, but employees are an important line of defence, as…
- Chain mail
- Personal correspondence
- Ads and
- Compromised websites
…are just a click away, and pose serious network security threats and threats to your business inbox.
Educating employees on watch outs, the consequences of poor decision making and how to sidestep the biggest dangers is something employers should build into welcome programmes and remind employees on a regular basis.
In doing so, you’ll not only strengthen your defences, but reinforce the fact that accountability for cyber security is shared across the entire business.
4. Be on guard
It sounds obvious, but having the best protection software on the market is pointless if no one is paying attention or responding to the flags it raises.
Policies around security should be rock solid, so teams know exactly what’s expected of them.
Monitoring, alert and response go hand-in-hand and processes should account for all three, ensuring reactions are swift and every measure is taken to prevent repeat incidents.
5. Use an agile approach
Tech-based solutions are rarely a one-off fix and IT security is no different. It can benefit from an iterative approach, small steps, strong measurement and making change based on learnings and results.
It requires more patience than a big bang approach, but it can save time and money in the long run and you’ll always be able to stand over IT investment, because it will have proven itself before it’s rolled out larger scale.
There’s no silver bullet when it comes to ransomware, but with a smart approach to security and a workforce that understands that everyone has a role to play, you can avoid looking like an easy target and reduce the risk of attack.
Ensure your business is protected against cyber attacks and ransomware by downloading our IT security checklist, so you can know what needs to be done to stay secure: