Latest News

  • Home /
  • Latest News

Mitigo - Are you resilient to a ransomware attack?

28 June 2022
David Fleming, Chief Technology Officer, Mitigo Cybersecurity

We’ve seen too many business owners having to endure it. The awful realisation that digital criminals are inside your firm, stealing and encrypting confidential personal and business information and using it to blackmail you.

You know for sure that your business is going to be severely damaged, and you’re going to have to explain yourself to the FCA, ICO and your clients.

To help you avoid this, here are our top 10 areas firms need to address to stop ransomware.
 
  1. Anti-Virus (AV) software.
AV is the software application that is designed to stop malicious software getting a foot hold on your devices and to prevent bad actors (hackers) taking control of your systems.

In the end-to-end journey of a successful ransomware attack, AV will have several opportunities to halt progress. Cyber criminals will attempt to switch it off as early in the journey as they can. Make sure it is centrally controlled, configured by a security specialist, kept up to date and on every device as a minimum.
 
  1. Email security filters.
Email platforms have filters that check incoming emails for malicious software, dodgy links and if they came from an untrusted origin.

One of the attackers’ favourite ways into a business is via an email. Setting your platform up correctly can make sure that employees are protected from this route in.
 
  1. Web browsing controls.
These controls are designed to stop or warn users they are about to visit a dangerous or fraudulent website.

To get around the AV software, fraudsters will often take unwitting staff to fraudulent websites. This risk can be minimised by correctly setting the controls in the browser, the AV and the operating system.
 
  1. Security patching.
Software providers like Microsoft or Google (Chrome) issue regular software updates that patch (fix) known vulnerabilities.

Cyber criminals will use bugs in software to compromise your defences and this is often used in ransomware attacks to get control. The simple discipline of updating these patches is probably the most neglected.
 
  1. Least privilege.
Every user on your system is assigned privileges that define what they can control, run, and amend.
 
Ransomware attackers take-over users’ accounts and the more privileges that a user has, the more damage the attacker can do. So an approach of least privilege should be followed.
 
  1. Remote authentication.
When working at a non-work location (e.g. at home) how do you tell business systems who you are and how do they authenticate that?

Username and password are no longer good enough protection for remote connection. Adding another method of authentication would stop a significant proportion of ransomware attacks.
 
  1. Test and scan externally facing assets.
Tests and scans of firewalls, domain addresses, login pages and IP addresses will check for vulnerabilities and gaps in your security defences.

You may not be scanning these, but the criminals are! So you need to find the open ports and poor configuration before they do.
 
  1. Review access management.
This relates to the documents, files, and folders that your system allows individuals to access.

There is a generic setting of “Everyone” in many systems. This means that everyone connected to the system can get to the documents, you do not even have to be authenticated. Access to documents should be defined by role.
 
  1. Alerting and incident response.
The controls and administration of your IT systems have alerts that warn you something is not right.

An incident response plan is a rehearsed set of steps that ensure businesses respond effectively to a cyber incident.

If you prepare these two things correctly you will have a chance of stopping a ransom attack in its tracks.
 
  1. Back-up.
This is the process by which your business takes a copy of the systems, applications, and documents for use in an emergency.

This is rarely configured correctly, which means that scarily few back-ups survive a ransomware attack, with everything ending up encrypted. Get yourself confident that yours would survive.
There is of course more to do, but if you do this top 10 well, it will dramatically reduce your risk. If you do not understand any of the above, please contact us.

Paradigm has partnered with Mitigo to offer cybersecurity risk management services to our members. Take a look at their full service offer here.

For more information contact Mitigo on 0161 8833 626 or email [email protected] 

 

19 June 2024

Investing in the energy transition


18 June 2024

Triple Point is partnering with ESG Accord to host a webinar: "A Practical Guide to SDR and Investment Labels for Advisers."


17 June 2024

Latest PruFund monthly investment updates


13 June 2024

Defaqto MPS Comparator: the UK's only accurate MPS performance tool


12 June 2024

Hear about Triple Point Venture VCT - 18th June 2024


6 June 2024

The Nucleus Retirement Confidence Index


24 May 2024

Join us for our Breakfast Briefing with Foresight! June 4th at 9:30am


17 May 2024

Looking forward with optimism


8 May 2024

The retirement income advice red paper


8 May 2024

Liontrust Views: Why smaller can be beautiful for US equities


7 May 2024

CPD Horizon Series: Tax planning for life’s key events


18 April 2024

Liontrust: Opportunities from secular growth trends


15 April 2024

Defaqto Roadshow - The challenges and opportunities of pursuing Income


11 April 2024

Liontrust: US small caps are overlooked and undervalued


4 April 2024

Q1 2024 Rebalance – we think the backdrop is good for stocks


21 March 2024

25 years of ISAs: a quarter of a century of tax-efficient savings and investing


4 March 2024

Stepping out of cash needn’t be daunting


26 February 2024

Managing lifetime wealth – trends in the UK retirement advice industry


23 February 2024

Empowering advice for women in finance


14 February 2024

Tech Matters is here!


5 February 2024

Defaqto upcoming event – Engage webinar 22nd February


1 February 2024

The gender divide in retirement confidence


30 January 2024

SDGs in focus: climate and nature


26 January 2024

Tax year end prep. We’re here to help.


8 December 2023

2023: Another momentous year for markets


8 December 2023

2024 investment outlook


7 December 2023

The 2023 Nucleus UK Retirement Confidence Index


4 December 2023

Paradigm's brand new Technology hub is here


4 December 2023

New service for advisers - Do you have UK clients with overseas assets/liabilities?


30 November 2023

Defaqto Upcoming events - Engage virtual


28 November 2023

Deepbridge Celebrate 2023 Growth Investor Awards Success


22 November 2023

5 reasons why EIS deployment timescales are so important


21 November 2023

November 2023 Asset Allocation Changes: Bonds looking better


20 November 2023

Blackfinch portfolio company Tended named ‘one of the best inventions of 2023’ by Time Magazine


10 November 2023

Value tracker: Where are the cheapest/most expensive stock markets?


9 November 2023

The Asia opportunity – looking for smarter growth


3 November 2023

The big headlines of quarter 3 2023


1 November 2023

Just launched: Octopus Titan VCT


24 October 2023

Understanding Portfolio Management


17 October 2023

It is fair to say that 2023 to date has been a slow year across the Venture Capital (VC) sector


11 October 2023

VCT’s evolving client profile: take another look at your client bank


6 October 2023

Death Benefits


5 October 2023

intelliflo - Building stronger client relationships through technology


4 October 2023

Puma Investments opens £50m fundraise for Puma VCT 13


3 October 2023

Family wealth planning - connected through you


29 September 2023

How well do you know your clients? (Survey + Amazon voucher offer)


25 September 2023

NOW OPEN – Octopus AIM VCTs are open to new investment


14 September 2023

Defaqto ‘Asset allocation – stick or twist’ roadshow


1 September 2023

New maternity law – are you ready?


17 August 2023

Artificial Intelligence: Jobs created or jobs destroyed?


10 August 2023

The big headlines of the second quarter 2023


7 August 2023

Cashflow modelling integral to the advice process


2 August 2023

Asian and emerging markets


28 July 2023

Investment Intelligence Seminars


25 July 2023

Embrace technology to focus on the value of advice


25 July 2023

Emerging-market debt: a potential source of protection and diversification?


21 July 2023

2023 Mid-year Investment Outlook


18 July 2023

25 years of the £2 coin - worth half its value to UK consumers since circulation


5 July 2023

Product and Platform Switching and The Consumer Duty


28 June 2023

How do we invest in the ESG themes range


16 June 2023

eAdviser Index proves the transformative power of technology


8 June 2023

10 tips for the countdown to Consumer Duty


1 June 2023

The easiest financial product to promote


31 May 2023

Invesco's flexible approach for navigating market uncertainty


15 May 2023

Our platform, your way


26 April 2023

Defaqto Spring Roadshow


24 April 2023

Adding value for your clients – Cash flow planning


21 April 2023

PruFund Growth and PruFund Cautious Client Facing Reports


19 April 2023

Puma VCT 13 hits £50 million fundraising target


17 April 2023

Book your free office lunch today


13 April 2023

What next for Open Banking?


22 March 2023

The future of adviser technology


14 March 2023

Property Insight: Commercial Real Estate is always late!


28 February 2023

Technology and the advice journey


23 February 2023

Get ready for tax year end


21 February 2023

Capability, low-cost and choice -retirement planning made easier


3 February 2023

Tax Year End Prep – PRU are here to help


1 February 2023

NOW OPEN – Octopus Ventures Knowledge Intensive EIS Fund


18 January 2023

Listed infrastructure… to the rescue


17 January 2023

Defaqto Engage – CIC Compare