Mitigo - Are you resilient to a ransomware attack?David Fleming, Chief Technology Officer, Mitigo Cybersecurity
We’ve seen too many business owners having to endure it. The awful realisation that digital criminals are inside your firm, stealing and encrypting confidential personal and business information and using it to blackmail you.
You know for sure that your business is going to be severely damaged, and you’re going to have to explain yourself to the FCA, ICO and your clients.
To help you avoid this, here are our top 10 areas firms need to address to stop ransomware.
- Anti-Virus (AV) software.
In the end-to-end journey of a successful ransomware attack, AV will have several opportunities to halt progress. Cyber criminals will attempt to switch it off as early in the journey as they can. Make sure it is centrally controlled, configured by a security specialist, kept up to date and on every device as a minimum.
- Email security filters.
One of the attackers’ favourite ways into a business is via an email. Setting your platform up correctly can make sure that employees are protected from this route in.
- Web browsing controls.
To get around the AV software, fraudsters will often take unwitting staff to fraudulent websites. This risk can be minimised by correctly setting the controls in the browser, the AV and the operating system.
- Security patching.
Cyber criminals will use bugs in software to compromise your defences and this is often used in ransomware attacks to get control. The simple discipline of updating these patches is probably the most neglected.
- Least privilege.
Ransomware attackers take-over users’ accounts and the more privileges that a user has, the more damage the attacker can do. So an approach of least privilege should be followed.
- Remote authentication.
Username and password are no longer good enough protection for remote connection. Adding another method of authentication would stop a significant proportion of ransomware attacks.
- Test and scan externally facing assets.
You may not be scanning these, but the criminals are! So you need to find the open ports and poor configuration before they do.
- Review access management.
There is a generic setting of “Everyone” in many systems. This means that everyone connected to the system can get to the documents, you do not even have to be authenticated. Access to documents should be defined by role.
- Alerting and incident response.
An incident response plan is a rehearsed set of steps that ensure businesses respond effectively to a cyber incident.
If you prepare these two things correctly you will have a chance of stopping a ransom attack in its tracks.
This is rarely configured correctly, which means that scarily few back-ups survive a ransomware attack, with everything ending up encrypted. Get yourself confident that yours would survive.
There is of course more to do, but if you do this top 10 well, it will dramatically reduce your risk. If you do not understand any of the above, please contact us.
Paradigm has partnered with Mitigo to offer cybersecurity risk management services to our members. Take a look at their full service offer here.
For more information contact Mitigo on 0161 8833 626 or email [email protected]