Ransomware remains a vexing problem for organisations far and wide. In 2017, attackers developed countless new ransomware delivery techniques, leading to global outbreaks such as WannaCry, NotPetya and Bad Rabbit, wreaking havoc on the private and public sectors.
Not only are these new types of ransomware more capable of replicating and permanently destroying critical business data, their proliferation is also expected to continue into next year. For businesses, it’s important to be aware of the steps you can take to protect your data, both now and in the future – especially in light of the data breach notification laws hitting Australia in the coming weeks.
Backup! Backup! Backup!
When a computer becomes infected by ransomware, typically we think we have two options – pay or don’t pay. But there is another way to restore your business data and that is through backups. By performing regular backups and keeping them offline and off-site, organisations can better protect themselves against data loss and ransomware.
Enable File Extensions
The use of file extensions made to existing files, is another protective mechanism to ward off attack. File extensions help an operating system determine which program a particular file is associated with, calling to attention any suspicious file types, and ultimately preventing unwanted files from being opened.
Open JavaScript in Notepad
By copying JavaScript into Notepad before allowing it to run on a system, it is possible to identify potentially high-risk code before it has a chance to enter the network and cause damage. In practice, opening JavaScript in Notepad can work to more effectively block malicious scripts.
Don’t enable macros in document attachments received via email
Many computer infections rely on persuading users to turn macros on, enabling email attachments to automatically run and be opened. Microsoft deliberately turned off the auto-execution of macros many years ago. Don’t get tricked into turning them back on!
Be cautious about unsolicited attachments
The principle of “if in doubt, leave it out”, is critical to avoiding malicious ransomware. Hackers are reliant on the email attachment dilemma to open or not to open. The bottom line is that you shouldn’t open an attachment unless you are certain about its origin and content. The best course of action is simply not to open it if you are uncertain.
Don’t give yourself more login power than you need
Overuse of administrator rights can get any organisation into trouble if they are not careful. Don’t allow users to stay logged in as administrators any longer than is strictly necessary. In addition, admin users should avoid browsing, opening documents or other regular work activities while they have administrator rights.
Consider installing the Microsoft Office viewers
Viewer applications allow users to see what documents look like without opening them in Word or Excel. This helps files to be identified as malicious before they are opened. These applications don’t support macros either, which forms a robust security strategy whereby files cannot ever run on a network automatically.
Patch early, patch often
Malware often relies on security bugs in popular applications, including Microsoft Office, browsers, Flash and others. Organisations must patch early and often to avoid exposure to a huge number of threats. The fewer holes there are to be exploited, the greater an organisation’s chances of staying protected.
Stay up-to-date with new security features in your business applications
In addition to patching, keeping your applications updated is a sure way for organisations to stay clear of potential security issues. For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet”, which helps protect against external malicious content without stopping the use of macros internally – it’s these small updates that keep businesses protected.
Infections can occur for a number of reasons, including poor implementation of updates and patches, overly relaxed user rights, lack of user security training, incorrect use of security systems and conflicting business priorities, just to name a few. The fact is, ransomware can infiltrate a system through a range of avenues, so ensuring you minimise your business’ exposure as much as possible is the least you can do to prevent it. Taking notice of some of the above considerations is a great way to get started.
For more information, visit Sophos’ website.
Infections can occur for a number of reasons, including poor implementation of updates and patches, overly relaxed user rights, lack of user security training, incorrect use of security systems and conflicting business priorities, just to name a few.
The fact is, ransomware can infiltrate a system through a range of avenues, so ensuring you minimise your business’ exposure as much as possible is the least you can do to prevent it. Taking notice of some of the above considerations is a great way to get started.
For more information, visit Sophos’ website.