Ransomware Refresher: 5 Best Practices for Fighting Today’s Biggest Cyber-Threat

GettyImages_459434713
  • October 17, 2017
  • Print This Post

Ransomware, a piece of malware that blocks access to data and/or systems until a sum of money is paid, is the number one cyber-threat facing business organizations today, per the “2017 SANS Data Protection Survey” released last month. Nearly half of the frontline cybersecurity professionals polled by the SANS Institute, a cooperative research and education organization, reported one or more ransomware incidents occurred in their companies during the last year.

Ranking close on the heels of ransomware in the SANS study was “Insider Threat.” This finding isn’t surprising, given another recent report covered by TechRepublic discovered that 100% of government IT workers see employees as the biggest threat to cybersecurity. Regular readers should be familiar with the “human error” issue, as we have been covering human frailty as a security factor for years.

Unlike DDoS attacks (the third highest ranking cyber-threat on the SANS list) that rely on the technical acumen of cybercrooks to succeed, ransomware preys on the weaknesses of technology users. People unlock the virtual gate for ransomware by succumbing to social engineering techniques such as phishing. Businesses paid more than $300 million to ransomware attackers last year, per research by the security firm Datto. But that expense wasn’t the greatest extent of the cost, Datto’s CTO told Information Management. The operational impact of downtime poses the more menacing financial threat, he said.

So, with today’s wave of ransomware showing no signs of weakening, how can companies cope? Information Management editors compiled a list of “15 best practices for fighting ransomware.” We cherry-picked a set we believe will deliver the greatest results because they are not purely technical. These five anti-ransomware techniques aim to enhance the human element in cybersecurity:

  1. Increase Cybersecurity Awareness and Education Programs
    Here are a few of the tips users need to learn:

    • Never open email attachments from unknown senders or sources
    • Avoid enabling macros from any email attachments
    • Never click on web links embedded in unsolicited emails
    • Keep pace with the latest social engineering “phishing lures” that use brand names and other common language
  2. Implement a “White List”
    Don’t just blacklist websites known to carry malicious programs. Develop a “white list,” too. White lists point users to websites known to be secure. This approach not only limits risk, but offers convenience to employees and perhaps will boost productivity, too.
  3. Manage Permissions
    Should every employee have the authority to download software applications through company networks on company-owned and/or managed devices? Probably not. Restricting permission levels can prevent malware like ransomware from running or spreading quickly. Will some employees bristle at curbed privileges? No doubt they will. But at least they may ask “Why?” which increases individual cyber-savvy. See bullet #1.
  4. Deceive the Deceivers
    There’s a new class of security technology emerging called “deception tools.” These systems bait ransomware attackers with false data on decoy networks. Malware goes to work encrypting bogus information, keeping it away from real devices and data and giving cyber-monitors the chance to detect intrusions before damage is done.
  5. Leave the Technical Aspects to the Experts
    More and more IT Managed Services Providers (MSPs) are specializing in cybersecurity. Not only can they install and implement measures such as firewalls, they can monitor for intrusions and support recovery from incidents.

Need Help With
Your IT?

Find a Location

0 Comments

Need Help with your IT?

Find a Location
Near You.

Gain
weekly
insight

into the evolving world of IT for business.
Subscribe now.

Follow Us
Friend me on FacebookFollow me on TwitterFollow my company on LinkedInRSS Feed

Follow us on Twitter

About

ITinflections is a blog that covers a wide range of technology-based articles IT in the workplace, focusing on small- to medium-sized businesses.

If you’re looking to improve your company’s productivity through the effective use of technology, enjoy ITinflections, the blog about technology for business.