How can firms protect themselves from ransomware?

5 Oct

In a previous blog post I wrote about the rise of ransomware over the last year. In this post I will briefly outline what steps organisations should take to avoid becoming the next victim of ransomware.

At a business level, firms need to implement a basic set of cyber security controls. This would typically include:

  • Effective management of administrator, system and default accounts and passwords;
  • Maintaining a firewall between your systems and the Internet;
  • Uninstalling software that is no longer used on all devices, PCs and Laptops;
  • Using up-to-date anti-virus software on all devices, PCs and Laptops;
  • Applying all those updates – it might be a pain and take time, but it’s vital!

These points and more, are encompassed in a standard from the UK Government called Cyber Essentials, which will help prevent many of the common modes of attack.  Or putting this another way, unless your business has implemented these essential cyber security hygiene controls, you are highly likely to be hit by ransomware.

ransomware-image-crop-for-webThe common point of weakness in your organisation

The most common ransomware attack scenario for criminals is to enlist the unwitting help of a user. This is usually by getting the user to open an infected email attachment or download an infected file. Implementing Cyber Essentials will provide good protection against this, but is not fool-proof.

Training staff to recognise the danger of malware, the potential ransomware business impact, is essential to prevent criminals being able to open this access. All users need to be trained to be vigilant:

  • Avoid opening any email attachments you are not expecting;
  • Be very wary when downloading files and only use known and trustable sources;
  • Don’t plug a USB memory stick or CD into a computer unless you are certain you know where it has come from and that it does not contain malware.

Preparing for a ransomware attack

It is also essential to be prepared to fail. No matter how good corporate cyber defences are, the criminals are constantly evolving their modes of attack. Create a survival plan for if, or when, your defences are breached.

Questions to be asked should include:

  • Is there a backup and recovery strategy that puts recent copies of the unencrypted data beyond reach of the ransomware?
  • Is there a culture which would allow criminals to be paid to regain control of business assets?
  • What professional assistance might be called for and by whom?
  • Is cyber insurance in place to help with the clean-up costs?

The Future?

How big an impact ransomware could have on our lives in the future is something that can only be speculated upon. It’s not inconceivable that ransomware could evolve to infect:

  • Cars – “please pay one bitcoin to start the engine”;
  • Smart homes – “please pay one bitcoin to turn the heating on”;
  • Factories – “please pay 100 bitcoins to restart your production line”.

Whatever the impact of the crime, the protection mechanism will be the same… the implementation of good cyber hygiene.

If you want to find out more about ransomware, then I strongly recommend attending the next East Midlands Cyber Security Forum event. “How to avoid becoming the next victim of ransomware” takes place on the 13th of October at the University of Nottingham.

At the event I will be chairing a Q&A panel discussion featuring representatives from the Police, CERT-UK, cyber security consultancies and businesses who have experienced ransomware scenarios. I hope you can join us to find out more about protecting your organisation.

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: