7 Tips for Keeping Your Business Safe from Ransomware
Ransomware is a cyberattack technique used with growing frequency to extort payments from businesses in exchange for the recovery of their information. Criminals have used this type of malware against countless organizations of every type -- including healthcare providers, media, and even police departments.
For large companies, the impact of ransomware attacks can be devastating. For smaller businesses, they can be fatal. But all businesses need to be prepared because the ransomware problem is growing worse in a hurry.
According to Troy Gill, Manager of Security Research for AppRiver malware volume skyrocketed in 2016, increasing by more than 800 percent from the previous year. Worse still, the attacks are becoming more sophisticated. Some cybercrime operations even employ graphic artists, call centers, and technical support to streamline payment and data recovery. As a result, ransomware profits have soared, reaching about $1 billion, according to FBI estimates.
Stopping this dangerous trend means understanding the many ways ransomware can infiltrate your business:
• Email spam continues to be the most popular way to spread ransomware via attachments, links, and with social engineering. These messages can be disguised as news alerts, invoices, social media notices, and other common email types.
• Web browsers permit users to download and execute code from any external web site. As with email, one click can put your business at risk. Since many businesses don’t pay proper attention to web security, this remains a highly successful point of entry for hackers.
• Security updates and software patches can be annoying, especially if they require restarting the computer or mobile device. As a result, many users postpone them, sometimes leaving an open door for attackers.
So, what can you do? Follow these seven best practices to keep your business clear of ransomware and malware.
- Multi-layer Security: Secure your network with multi-layer approach. Your business should protect all security gaps by combining email and web security solutions with an endpoint anti-virus (AV) protection layer. Web protection platforms complement email security and AV endpoints by blocking malware at the source, and by scanning networks in search of previously untraced malware.
- Ebrace the Cloud:A cloud-based security strategy will allow all your solutions to be continually updated thousands of times per day to ensure protection from the newest tricks and tactics. Cloud applications work across multiple platforms, using proprietary detection systems. Ransomware is capable of propagating to external backup solutions directly connected to a PC. Online backups are the safest form of recovery from an attack. If ransomware manages to execute and start encrypting files, an online backup solution can roll back all the information before infection, enabling you to undo any damage right away.
Modern total data protection solutions take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred.
When it comes to ransomware, the benefits of this are two-fold. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware cannot be triggered again. - Email Security: The best way to deal with ransomware is to eliminate the risk in the first place. This can be accomplished with advanced spam filters to ban emails from regions where you aren’t conducting business. Also adjust your security settings to block macro-embedded Word documents or Excel files – both are common entry points for ransomware.
- JavaScript and Macros:To keep potential malicious files in check, set JavaScript (.JS) file to open by default in Notepad and make sure Office 2016’s “protected view” is set up to automatically stop Office macros running when documents are received from the Internet. Also ensure that Microsoft Office viewers are active so business users can see what documents look like before opening.
- Audit and Monitor Your Network: Every business, including yours, has valuable IT assets such as computers and business assets such as data. Begin by creating a master list of all assets, including everything from PCs and smartphone to routers and printers. Next, protect these assets by conducting IT security audits to get a clear picture of security gaps and how to best reduce exposure to threats. Run a network audit, network usage and threat analysis to seek any present malware, then clean up the infected PC.'
- Patch Management and Added Control:Patch management is a critical step in ensuring device and network security. This includes operating systems and applications. Add physical accesses to your network to safeguard from unauthorized users, especially off-site where company laptops can become enticing targets.
- Employee Education: Conduct courses on security awareness and social engineering techniques to help your business users make better judgments about content they download from the Internet, receive through communications and on the web. While training by itself will not completely solve security-related problems, it will bolster your first line of defense.
Cyber extortionists and ransomware attempts are here to stay, and will continue to threaten businesses of all sizes. However, a little bit of education and the right tools go a long way. Hackers are constantly adapting and improving their weapons of choice, so you must be diligent. Make sure your users are well educated, initiate a multi-layer security approach and have a thorough backup plan in place.
Troy Gill is Manager of Security Research for AppRiver, a global provider of cybersecurity solutions for business. For more information about preventing ransomware, download AppRiver’s free guide at 411.appriver.com/ransomware.