7 Ways Your IT Services Provider Should Be Protecting You Against Ransomware

ransomwareRansomware is, without a doubt, the biggest threat to small businesses today.  One wrong click and a business could be locked out of their critical data and held hostage to hackers.

With the risks to business and the increased focus of international, federal and state lawmakers on data breaches, CEOs can’t afford to look the other way when it comes to cyber security any longer.

7 Ways Your IT Services Provider Should Be Protecting You Against Ransomware

There is no need to explain the risks business face from ransomware attacks.  But what you DO need to know is that lawmakers, at every level, are moving to protect their constituents data via various regulations like the Act To Strengthen Identity Theft Protections here in NC which, if passed, will classify Ransomware as a “breach” with serious reporting requirements.

How They Get In (Mostly)

Many people wrongly believe that anti-virus and a properly patched machine will protect against ransomware but this is far from the truth.  In fact, the vast majority of ransomware infections come as a result of a phishing email that a user clicks on.

I wrote last year about one of the most notorious ransomware attacks, called Locky, and guess how it spread?  You got it – as an email attachment.

Other Methods

Back last year, I wrote about a novel approach spotted in the wild – trying to get users to click on fake font update alert coming from Chrome and while the vast majority of attacks happen via email, I won’t be surprised by other methods used by hackers – the payoff is just too huge for them to not try different approaches.

Are You Covered?

There is a huge misconception about cybersecurity coverage and if a ransomware incident would be covered.  We discussed this topic in our webinar The Fundamentals of Cybersecurity and Risk Dissected with Stuart Powell.  If you haven’t reviewed your cyber liability coverage lately, this webinar is worth a look so you are armed with the right questions to ask.

The 7 Ways List

None of the 7 items below is a panacea and you should never assume that because you have one or to that, you are all set – only a layered approach will provide the necessary level of protection needed.

Software Updates

Patching your systems – no-brainer.  But we see most exploits aimed at third-party software like Adobe Flash and Reader.  In fact, attacks aimed at flash vulnerabilities have become so prevalent that Chrome now blocks flash to protect their users.

Be sure you have a process to update your well known third party apps.  A good tool for this is Ninite.

Anti-Spam

Anti-spam will prevent many of the most obvious emails from getting through to your users in the first place but understand that the hackers have access to the same tools as you and are carefully crafting messages to get around even the most current filters.

One common problem we see with improperly configured anti-spam systems is that businesses will whitelist their own domain, essentially poking a huge hole in their anti-spam system since many hackers use a from address that matches the recipients’ domain.

Anti-Virus

Anti-virus used to be signature (or pattern) based but there are far too many changes for this approach to be effective.  A heuristic scanner is best – one that can look at the activity of each program and based on common actions, can ‘guess’ that a program is a virus and block it.

Content Filtering

By filtering the requests a PC makes and comparing it against sites that are known to host malware, infections can be blocked before they take root.  As a bonus, content filtering can also prevent your staff from accidentally stumbling onto a website hosting malware.

CryptoPrevent

On top of the above three layers, we add a special piece of software aimed specifically at preventing Ransomware.  We’ve found this necessary even with a properly patched machine with anti-virus.

Backup and Disaster Recovery

Ensuring that a thorough, up-to-date backup system is in place and functioning as intended is the best backstop against a disaster. Careful planning, focus, and discipline are needed to ensure all these systems are deployed properly and functioning as designed.

Avoid using replications as a ‘backup’ since any ransomware infection will immediately be replicated to the backup image.  Use a process with quick on-site images and slower off-site replication to allow for mulitple versions of recovery if needed.

Education

I discussed this topic at length, along with ways to spot phishing emails and avoid ransomware in our webinar How To Avoid Falling Victim To An Email Phishing Scam.  Based on how hackers attack businesses today, user education is certainly the most important of the 7 layers.

 

As a business owner, you should have a level of confidence that these seven layers are in place, configured properly and working as expected.  Take a few minutes to call up your vendor and run through this list until you feel good about your setup.