How can you prevent the Ransomware?

As you may have heard the latest news NHS was hit by a Ransomware Attack and at least 40 odd Trusts in the UK came to a halt. Cannot perform any actions that are to do with a computer which means most of the operations. Why do you care? Can this happen to you? Absolutely. Let’s look into it, shall we?

What is Ransomware? I am sure you know this. Somebody holding you for a Ransome. Somebody [bad guys] takes control of your important data on your PC/Server, encrypts them [creates a password that you don’t know] and asks you for money to give it back. That’s it. Most people might think hackers are interested in stealing your Data. Your data is worth nothing to anyone but you. Your money is important to everyone. Hence the bad guys make your stuff inaccessible and ask you for money to reveal the password and access the data. It is often not guaranteed that you will get your data back even if you pay. So how can protect? Here are few steps

  1. EDUCATE: This is the best. No matter how much investment you make on security if your employee clicks/opens on something they are not supposed to you’ll be in trouble. Educate your employees about these things. Tell them what not to click/open. Tell them how ransomware works.
  2. TOOLS: You can invest 100s of thousands and still be hit by a cyber attack and at the same time, you cannot afford not to invest. Hence invest in the right tools. Your Anti-Virus software is dead. Your AVG, Avast, Symantec, McAfee, Kaspersky, Webroot, TrendMicro, etc… are not going to protect you against Ransomware. Invest in next generation Endpoint Security products. Likes of Sophos Intercept X and Panda Adaptive Defence 360. Slightly biased towards Panda as we are a reseller. Also, scan your emails before they hit your servers. You are in good hands if you are already using Office 365 and if not, you can have cloud email scanners for as little as 50p per user per month and they will save a ton of hassle for you.
  3. INTERNAL SECURITY: More often in the SMEs every user can install software on their PCs. This is a bad idea. Users are not supposed to have installation permissions [Local admin rights] on their PCs. IF you find this is the case in your business you should be worried. Call your IT guys and ask them to sort it. Also, update & patch your systems. If the updates are available then update. If you are using windows XP for any reason, run far and fast.
  4. BACKUP: Backup, backup and backup. Did I say Backup? Do proper backups regularly. A backup that is not tested is not a backup. Hence test your backups frequently. If you are using tape backups you are working with wrong IT guys, in most cases. You can do all the three steps above and you can still be hit, no guarantees. Hence have a proper backup and Disaster Recovery plan in place.
  5. DISASTER RECOVERY: What would you do if your building suddenly disappears? or a cyber attack wipes your whole network? How quickly can you be back in business? Do you have backups offsite? Have you tested them? Did you ask your IT guys how quickly can they restore? Ask them if they are backing entire image of your server or just a few folders. If it is the later you should be worried. With the advent of the Cloud, you can have a true DR without too much investment. Shameless plug: We can help with this and we are bloody good.

Prevention is the key for any Cyber Attack. It’s not a nice feeling when you are hit. Often businesses are in a mindset of ‘Nobody interested in our data’ or ‘we are ok, we are not affected’ and this is often driven by cost. You don’t have to invest too much. Take small steps to protect your business.

Thanks for reading. If you like to talk to us we are on 01224 51 61 81 & 07580 51 61 81. Alternatively, drop in for a coffee at our amazing offices at Waterloo Quay Properties from next week, 22nd May.

We would love to hear your views on this...