9 steps to protect against Ransomware

Security Best Practices

Ransomware attacks start in two main ways. A booby-trapped email with a malicious attachment or via a compromised website; which then work their way down to your endpoints and servers. To stop these attacks, it’s critical that you have advanced protection technology in place at each stage of the attack and combine this protection with good user security practices.

Nine best security practices to apply now

Good IT security practices including regular training for employees are essential components of every single security setup. Make sure you’re following these nine best practices:

Patch early, patch often

The sooner you patch the fewer holes there are for ransomware to exploit.

Backup regularly and keep a recent backup copy off-line and off-site

Offline and off-site means ransomware can’t get to it. With recent back-ups, data loss can be minimised.

Enable file extensions

Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript.

Open JavaScript (.JS) files in Notepad

Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

Don’t enable macros in document attachments received via email

A lot of infections rely on persuading you to turn macros on, so don’t do it!

Be cautious about unsolicited attachments

If you aren’t sure – don’t open it. Check with the sender if possible.

Don’t have more login power than you need

Admin rights could mean a local infection becomes a network disaster. Stay up-to-date with new security features in your business

Stay up-to-date with new security features in your business applications

For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet”.

Patch early, patch often!

Staying on top of patching is so important that we’ve called it out twice. Don’t let ransomware exploit a patched vulnerability.

 

If you’d like to learn more about how to protect your business against ransomware or any other malware, phishing or cyber-threat, get in touch with us today.