Mitigating & Preventing Ransomware (Post 3 of 4)

Computer programming code. Online safety, hacking and digital firewall background 3D illustrationIn this third article in our four-part series, we wanted to focus on what you can do to avoid a ransomware attack. (Previous posts include What is Ransomware and Preparing for Ransomware)

Install updates

It is easy to put off installing operating system, software and firmware updates for a more convenient time. But don’t do it. These updates often include patches for known system vulnerabilities that have been exploited before. By installing updates as soon as they are released, you are protecting your network in one of the most efficient ways for free. You should also consider automating the process by using a centralized patch management system, so you know all computers are updated at the same time.

Make MFA mandatory

Instead of just requiring a single password, multi-factor authentication (MFA) requires a user to enter two or more pieces of information, such as a cell phone number or email address, to access a website or application. It provides additional layers of security to protect users and their data, reducing the risk of account takeovers. Yes, it takes a few more seconds to get into your accounts, but the benefits far outweigh any inconvenience.

Limit the people who can install software

Often, ransomware masquerades as a legitimate software program or update. If everyone on your team can install new programs, it is easy for your company to get infected by someone falling prey to a scammer. By assigning only a couple of people the rights to install software you limit access to the system and help prevent mistakes. However, you must ensure that those who can install software are highly trained and regularly tested to recognize ransomware attempts.

Use antivirus and antimalware software

Antivirus and anti-malware products are an additional layer of protection against ransomware and are built to detect, quarantine and delete malicious code before it can damage your computer or network. Not all programs are alike, so it pays to do your research to find the ones that will work best with your system (or ask us to help). Much like all other software, it is important to regularly install all updates as they are released so it can better protect you from new viruses.

Require strong passwords

One of the most common ways that hackers gain access to computers is by guessing commonly used or overly simple passwords. To avoid this entry method, every user on your network should be required to use long (at least 10 characters) passwords that contain a variety of characters. It should also be something that the user can easily remember, so consider using a passphrase rather than a password, which are just as secure.

Purchase cybersecurity insurance

Much like every other insurance policy you have, the goal is to never use it. But if it is needed, it can be a lifesaver. Cybersecurity insurance helps reduce the financial risk associated with malware, ransomware and social engineering attacks. Policies cover network breaches, business interruption and privacy liability as well as other areas on a case-by-case basis.

Other protections to consider

  • Employ user training programs and phishing exercises to raise awareness among your users and identify those that may need additional instruction.
  • Avoid public Wi-Fi networks when possible and consider installing a VPN.
  • Disable hyperlinks in incoming emails.
  • Add a banner to the top of messages coming from outside of your organization.
  • Audit user accounts with administrative privileges.
  • Monitor and secure any remote desktop protocol (RDP) or other potentially risky services.

While every business must weigh the advantages of the additional security with the cost incurred, keep in mind the myriad ways a ransomware attack can negatively impact your business too. Read on for our post on responding to a ransomware attack. If you need help in this area, we are happy to help.

David Gracey Headshot

David Gracey: Since its founding in 1998, David has grown Network 1 into a top-notch IT services company dedicated to delivering the best solutions for Atlanta’s small and mid-size businesses. His responsibilities include creating the vision and strategy for its growth and establishing the culture of Network 1.

Network 1 designs, builds and supports the IT you need to run your business more securely, productively and successfully. Whether you want to outsource all of your IT needs to a reliable, responsive, service-oriented company, or need to supplement the work of your internal IT staff, we will carefully evaluate where you are now, discuss where you want to go and implement and support a plan to get you there with as little interruption as possible.

Leave a Comment

Related Posts