Latest News

  • Home /
  • Latest News

Mitigo - Are you resilient to a ransomware attack?

28 June 2022
David Fleming, Chief Technology Officer, Mitigo Cybersecurity

We’ve seen too many business owners having to endure it. The awful realisation that digital criminals are inside your firm, stealing and encrypting confidential personal and business information and using it to blackmail you.

You know for sure that your business is going to be severely damaged, and you’re going to have to explain yourself to the FCA, ICO and your clients.

To help you avoid this, here are our top 10 areas firms need to address to stop ransomware.
  1. Anti-Virus (AV) software.
AV is the software application that is designed to stop malicious software getting a foot hold on your devices and to prevent bad actors (hackers) taking control of your systems.

In the end-to-end journey of a successful ransomware attack, AV will have several opportunities to halt progress. Cyber criminals will attempt to switch it off as early in the journey as they can. Make sure it is centrally controlled, configured by a security specialist, kept up to date and on every device as a minimum.
  1. Email security filters.
Email platforms have filters that check incoming emails for malicious software, dodgy links and if they came from an untrusted origin.

One of the attackers’ favourite ways into a business is via an email. Setting your platform up correctly can make sure that employees are protected from this route in.
  1. Web browsing controls.
These controls are designed to stop or warn users they are about to visit a dangerous or fraudulent website.

To get around the AV software, fraudsters will often take unwitting staff to fraudulent websites. This risk can be minimised by correctly setting the controls in the browser, the AV and the operating system.
  1. Security patching.
Software providers like Microsoft or Google (Chrome) issue regular software updates that patch (fix) known vulnerabilities.

Cyber criminals will use bugs in software to compromise your defences and this is often used in ransomware attacks to get control. The simple discipline of updating these patches is probably the most neglected.
  1. Least privilege.
Every user on your system is assigned privileges that define what they can control, run, and amend.
Ransomware attackers take-over users’ accounts and the more privileges that a user has, the more damage the attacker can do. So an approach of least privilege should be followed.
  1. Remote authentication.
When working at a non-work location (e.g. at home) how do you tell business systems who you are and how do they authenticate that?

Username and password are no longer good enough protection for remote connection. Adding another method of authentication would stop a significant proportion of ransomware attacks.
  1. Test and scan externally facing assets.
Tests and scans of firewalls, domain addresses, login pages and IP addresses will check for vulnerabilities and gaps in your security defences.

You may not be scanning these, but the criminals are! So you need to find the open ports and poor configuration before they do.
  1. Review access management.
This relates to the documents, files, and folders that your system allows individuals to access.

There is a generic setting of “Everyone” in many systems. This means that everyone connected to the system can get to the documents, you do not even have to be authenticated. Access to documents should be defined by role.
  1. Alerting and incident response.
The controls and administration of your IT systems have alerts that warn you something is not right.

An incident response plan is a rehearsed set of steps that ensure businesses respond effectively to a cyber incident.

If you prepare these two things correctly you will have a chance of stopping a ransom attack in its tracks.
  1. Back-up.
This is the process by which your business takes a copy of the systems, applications, and documents for use in an emergency.

This is rarely configured correctly, which means that scarily few back-ups survive a ransomware attack, with everything ending up encrypted. Get yourself confident that yours would survive.
There is of course more to do, but if you do this top 10 well, it will dramatically reduce your risk. If you do not understand any of the above, please contact us.

Paradigm has partnered with Mitigo to offer cybersecurity risk management services to our members. Take a look at their full service offer here.

For more information contact Mitigo on 0161 8833 626 or email [email protected] 


16 August 2022

Uncovering Emerging Market Debt: an M&G Investments webcast series

16 August 2022

Prudential: Consumer Duty - Support

5 August 2022

Prudential - PruFund Growth Investment Update

27 July 2022

Invesco - Digital payments: dethroning cash as king

19 July 2022

Invesco - 2022 mid-year investment outlook

14 July 2022

Invesco - Valuation Opportunities

11 July 2022

Invesco - Investment Intelligence Seminars

28 June 2022

Mitigo - Are you resilient to a ransomware attack?

10 June 2022

Aegon - Financial Wellbeing Week 13-16 June 2022

9 June 2022

Prudential - The 2022 Family Wealth Unlocked Report

19 May 2022

M&G - Introducing our new sustainable bond fund

17 May 2022

Aegon - Thinking Ahead: Duty calls for advisers

14 April 2022

Invesco - Could you be rewarded for exploring the untapped potential of fixed income?

24 March 2022

Prudential - Spring Statement Update

14 March 2022

Invesco - Making sense of UK ESG regulation

2 March 2022

Blackfinch - Russia-Ukraine Conflict

1 March 2022

Mitigo - Cybersecurity actions for 2022

18 February 2022

Invesco - Finding our perfect match in unloved stocks

17 February 2022

Prudential - Trust and Inheritance Tax (IHT) modeller launch

7 February 2022

Prudential - Smooth Operator: can smoothed funds support effective client outcomes within income drawdown?

28 January 2022

Prudential - Tax year end prep. We’re here to help.

25 January 2022

Blackfinch: Webinar: EIS and VCT Tax Year End Planning

20 January 2022

Don’t give up on earnings in 2022

20 January 2022

Prudential - Retirement planning: can smoothed funds offer a PROD in the right direction?

14 January 2022

Prudential - Everything you want to know about tax year end planning and weren't afraid to ask

16 December 2021

Invesco - Investment Intelligence Seminars 2021 - On demand

14 December 2021

Invesco - 2022 investment outlooks

10 December 2021

Prudential: Case study 3 - Funding for decumulation

8 December 2021

intelliflo - Uncovering the advice gap; the Advice Map of Britain

29 November 2021

Just WIN, WIN, WIN... Thank you

26 November 2021

Blackfinch Energy acquires largest solar farm to date

26 November 2021

ESG at Invesco

26 November 2021

Prudential - International Portfolio Bond – helping your clients help the planet

16 November 2021

Octopus On Film - Diversity and inclusion

3 November 2021

What investors want: Our research on client perceptions of ESG investing

3 November 2021

Mitigo - Why cyber risk management is not the same as IT support

28 October 2021

intelliflo - Why you shouldn’t discount technology for older clients

28 October 2021

Prudential - The year of 2.5 budgets

25 October 2021

Invesco - Small steps to a better future

15 October 2021

Prudential - ISA Case study 1 – Managing volatility with cash

14 October 2021

Prudential On Film - ESG

12 October 2021

intelliflo - How technology will impact the future of paraplanning and advice

11 October 2021

Just: Winners of Just Group vulnerable customer awards announced

11 October 2021

Prudential: ESG Policy for the Risk Managed Passive and Risk Managed Active fund ranges

7 October 2021

Aegon - Thinking ahead: Social care funding and intergenerational advice

13 September 2021

Invesco - Investment Intelligence Seminars 2021 – register now

8 September 2021

Blackfinch Renewable European Income Trust September 2021

7 September 2021

intelliflo - Five benefits of a client portal

7 September 2021

Prudential - Our 'Future-proofing Fridays' seminars are coming to you virtually

6 September 2021

Prudential - New PruFund Support

26 August 2021

PruFund range of funds - EGR and UPR announcement

26 August 2021

intelliflo - The power of deep integrations

25 August 2021

PruFund Planet - Support for your ESG client conversations

23 August 2021

Prudential - PruFund Planet - How are the funds managed?

20 August 2021

Prudential - Download the app for automatic daily valuations through intelliflo