We take the highest precautions when it comes to OSHA and employee safety, but what about ransomware? Luckily, if you have an IT solution in place, your cybersecurity is already one step ahead.
We take the highest safety standards for our workforce when it comes to OSHA and employee safety, but what about our data? With a record number of adults owning mobile devices, our organizations have more assets coming and going from our networks each day. Cybersecurity is a growing concern for all of us, and recent attacks like WannaCry and Petya ransomware have made many refocus and reevaluate their security strategies. The good news is that there are some key ways that you can prevent such a data breach – and, in fact, many of you already have the tools at hand to do so.
So what is ransomware, and how can you protect yourself against it?
What is Ransomware?
Ransomware is exactly how it sounds: Hackers encrypt all of the data on your computer and hold it ransom until you pay them. Ransomware acts much like other computer viruses (it’s classified as a “cryptoworm”) as it attacks the software in both computers and mobile devices through seemingly harmless hyperlinks. Software security manufacturer McAfee states that these links are sent directly to victims as part of phishing scams. Fake sources, such as a false bank email address, will send out seemingly harmless links in emails or social media messages. When the user clicks on it, the ransomware downloads.
Unfortunately, not all ransomware is the same. WannaCry is unique in that it targets out of date desktops and enterprise servers using Windows, particularly Windows XP. These older operating systems have a vulnerable SMB port that, if left unpatched, allows WannaCry to enter the computers (see Figure 1). The latest Petya ransomware enters operating systems by hijacking a legitimate software update, posing as something harmless. In both cases, user data was held ransom – and so far, no one has received their data back.
Even if ransomware is not all the same, there are still some important steps you can take to prevent an attack.
So How Do I Keep My Data Safe?
The good news is that patches have been developed to protect against WannaCry. The United States Computer Emergency Readiness Team (US-CERT) also has a list of common indicators of a WannaCry attack so you can spot the ransomware before your data is compromised. In addition, there are other important ways to make sure that your data is safe that should become a part of your daily routine:
- Enable strong spam filters that prevent phishing emails from reaching end users
- Prevent email spoofing by scanning and authenticating all inbound emails. Consider purchasing a software solution that can automatically perform these scans
- Filter out any executable files. Some common file types end in .exe, .com, .bat and .bin.
- Disable macro scripts from Microsoft Office files in email. You may want to use an application like Office Viewer to keep any opened files away from your main data
Device Security & Testing
- Run annual (at least – we recommend multiple times a year) security penetration tests against your network and data backups
- Set your antivirus and antimalware solutions to automatically scan at regular intervals throughout the day
- Ensure that all devices and software have been updated
Who really needs access to important files? Limit the privileged accounts to only the users who really need them. You’ll also want to revise all users’ permissions and limit some to have “read only” access to files, limit editing privileges, etc.
In addition to the items listed above, you’ll also want a discovery tool that can help you monitor the software on your organization’s devices. An agentless tool, like Insight, not only ensures that all devices have been patched or are up to date, but they also track any IP-addressable asset that enters your network. This means that you don’t have to worry about employee devices that are unregistered, so if someone takes their laptop from home to work, you’ll still be able to make sure their antivirus software is up to date and check their patches. To read more about the benefits of agentless discovery tools, read our whitepaper.
Although we’d like to completely prevent a ransomware attack, it’s always good to have a backup option just in case the worst occurs. Consider installing a backup system on each employee device that backs up their data to a server, especially one that does this periodically throughout the day. In the event of a cyberattack, you’ll still be able to access your important and valuable information, reducing the loss of productivity.
The People Factor
You’ll notice that each of the common ways that ransomware enters a system involve the user interacting with something malicious. Although you can’t stand over the shoulder of your employees everyday (nor should you), you can help users become more aware of these attacks with training. Teaching your employees to be more wary of these methods is a good step toward increasing security. After all, an organization is only truly secure if everyone is on board and playing their role in data security. You can find more information about WannaCry and other data attacks on US-CERT’s website.