Ransomware: a guide to staying safe online
The internet is one of the 20th century’s great creations: an endless, open-skied cathedral, hosting every conceivable consumer audience — turning brick and mortar storefronts into 24/7 non-stop businesses — with ceaseless shopping opportunities for customers. But naturally, with great commercial opportunity, also comes great risk.
It has been said that crime is defined by its era. In the 1950’s and 60’s, crooks targeted banks, and looted cargo-trains. Now, in the 21st century, organised crime has found its home in cyberspace.
Indeed, cybercrime is the modern criminal’s occupation of choice; robbing banks is no longer viable, but stealing personal data, very much is.
It’s no secret that the regulatory forces of cyberspace move incredibly slowly, often only serving as a reactionary force to major events. When a nation’s critical infrastructure is attacked by cyber-criminals, then governments react. When sensitive customer data is stolen from banks and broadband providers then, and only then, do market forces push for greater regulation. This needs to change.
Fundamentally, the safety, security, and prosperity of businesses should not be reliant on the whimsical, hip shooting reforms of government. Instead, it’s down to companies like CyberCX – true market authorities with extensive experience and skill – to safeguard global, forward thinking companies. Our online safety is paramount, and our economies rely heavily on such security.
So, with security in mind, and of course, in honour of Global Computer Security Day, our specialist team have compiled a considered list of essential actions to take, when it comes to protecting your business from Ransomware.
Plan ahead to recover from a disruptive attack
There are two main components of planning ahead for a disruptive attack; business continuity planning, and incident response planning.
For the former, organisations should identify systems and data sources that are required to maintain critical operations, develop plans so that these operations can be maintained even if systems become unavailable and plan for how to restore critical systems, including a priority scale.
This also means having regularly updated backups that are protected from destruction. For the incident response, a clear understanding of key stakeholders, overall methodology and a high level work stream is required. To be better prepared, attack simulation exercises should be carried out and incident playbooks created and tested.
Defuse phishing emails
Phishing emails are the most common and effective form of attack used by cyber criminals, organisations should use a number of methods to prevent themselves from being damaged by them. First of all, automated filtering systems on email platforms are an effective first start. Secondly, proactive education of staff to enable them to identify, report and delete phishing emails can protect your team from harm to themselves and your company. In order to ensure a good grasp of both the dangers and solutions to phishing is a simulation service that can be used for improving awareness and training. Additionally, after correctly identifying the phishing emails, an investigation can be carried out to understand the malicious capabilities and impact to the receiving users to define the potential success rate of the malware.
Identify and address software vulnerabilities
It is integral that you understand your technological shortcomings before an attacker does. Vulnerabilities are common across networks and applications. Organisations should regularly scan their networks remediate any identified issues and ensure that they have a formal patching process that is adhered to. The team must implement mitigating controls and diligently monitor systems for suspicious activity. There are many instances in which breaches happen due to delays in patching smaller issues, so this should become a priority for your company. In particular, the focus points should be areas that are known to be under active exploitation and outdated versions of software that are overdue for maintenance.
Fortify access points
A significant number of incidents occur because organisations neglect to properly secure access points into their systems; both online and in person. Companies need to identify all access points for anyone involved in the business; staff, customers, contractors and any third parties. They should scan the network perimeter to identify potential unknown access points and implement IP address filtering as much as possible. For higher risk areas and systems that require more security, source IP addresses should be locked down as far as possible. If the established systems detect unusual activity or failed login attempts, this should be looked into and monitored further.
Prevent malware from executing inside your network
Anti-malware technologies can be very useful in preventing or restricting ransomware execution. Every system in your organisations should have sufficient anti-malware technologies installed and configured to actively block malicious activity. This should also be regularly updated. The best method is to use an endpoint detection and response system, as they include more capabilities and allow for varying degrees of investigation and response. However, these systems should continue to be monitored and maintained. The best option for companies that are looking to fortify their cybersecurity is internal network segmentation, or even micro segmentation. Separating production, non production and operational technology networks can prevent the malware in one section to affect the other sections, essentially containing the issue.
Clean up your organisation’s data
With the increased statistics for data theft extortion attacks, organisations should take steps to minimise the availability of confidential data on systems, especially those that are more available. Companies should identify the most sensitive data, locate all copies of it and then place it somewhere with a “least needs” restricted basis. Monitoring access to this data as well as archiving and deleting old copies should also aid in protecting your information. Personal information in use should be a priority to consider, so it is essential to understand where it’s stored, collect it only if necessary and permanently destroy it if the legal basis for having it has expired.
Manage privileged access
Privileged access accounts are at the forefront of cyber attacker’s goals as they are the most valuable.
The steps that organisations need to take are:
- Allocate separate privileged access accounts to users and not allow them to be shared, provision privileged accounts with the minimum level of permissions required.
- Ensure that privileged access accounts are not used for daily activities, prohibit them from accessing the network remotely, ensure that they all require strong authentication and MFA to access, closely monitor use of these accounts, alert and investigate anything suspicious, harden systems (especially Active Directory), and review access controls regularly.
In conclusion, it is absolutely necessary for organisations to take cyber security extremely seriously. In the modern world, attacks on digital systems may have graver consequences than even those on physical premises, and there is a plethora of resources available for you to prevent that from happening. With so much personal information stored online, any breach can have long term effects. Investment into preparation for disruptive attacks, whether it’s time or money, will help you feel secure against the threats of hackers and have confidence in the fact that your data is safe.
The key steps to follow are accessible, and easy to follow for everyone, and you should allocate time to educate your team. If you‘re unsure about where to begin, start by speaking to one of our experts, who can direct you to the correct software or solutions for your business.