By now, we would be amazed if you haven’t heard about WannaCry, the May 12th ransomware attack that affected organizations across the world with devastating results. This, along with some other high-profile ransomware attacks around the same time, has made the business community stand up and take notice of the ransomware threat. Now, we are seeing lots of business owners asking us what measures they could take to protect their business against attack from similar viruses. So naturally, we have created a short guide showcasing some simple measures your business could take to prevent ransomware attacks.
Install anti-virus, web filtering and firewalls
Preventing any form of malware, including ransomware from entering your business in the first place is undoubtedly the best way to guard against attack. The best way to do this is to adopt what is called a “layered” approach to security – in other words, lots of layers of protection. We recommend implementing anti-virus software on every machine and all servers, putting web filters in place company-wide and installing firewalls. It’s essential that you ensure each component of this layered approach is accurately configured and kept up to date in order to work effectively.
Keep your IT up-to-date and apply all patches
Some of the most high profile data breaches this year have been cause by the smallest things – like someone forgetting to install a security patch. The cyber criminals who develop ransomware and other forms of malware spend a lot of time probing and searching for weaknesses within certain commonly used programs, finding out what holes they can exploit to gain access to your data. The companies who produce the genuine software are also constantly working to fill these holes, and they fix them before they can be attacked by issuing security patches. Without these patches and other IT updates, your systems will be vulnerable to attack, no matter how much protection you have in place.
Train your employees
When it comes to malware, a lot of infections happen due to human error or employees opening very convincing looking scam emails. Business should therefore be thinking about education and ongoing training for all employees, regardless of level or contact with technology. Doors for ransomware can be opened through email attachments, nefarious links, infected websites, social media or even email attachments from legitimate contacts whose business has been infected. Your anti-virus, web filtering and firewalls should be able to filter a lot of this out, but it is essential to keep reminding employees of potential ransomware threats and what they can do to prevent it.
Back up regularly
Of course, something completely out of your control could happen, and it’s at that time that you need your final layer of protection – your back up. As a business you should be doing regular backups of your full systems – and by regular we mean at least once a day, usually overnight. Not only is this just good practice, but it also protects you against data loss if the rest of your precautions should fail. Users who find themselves the target of a ransomware attack will be unable to access any live data, but if their back up data is stored off site and siloed (as it should be), it should be untouched. So if we take the worst-case scenario and a ransomware attack hits at 4:30 in the afternoon, the business will only lose data generated that day, as opposed to everything. This means that you don’t have to panic – you can focus on getting rid of the ransomware infection and restore your data quickly once the systems are clear, so you’re back up and running.
Cyber security is a key concern for organisations of all sizes. Protecting devices, networks, data and apps is an essential component of doing business. Vodafone provides security products and services to businesses of all sizes, helping you secure your business anywhere because we are everywhere. We are trusted by organisations globally, including utilities, financial institutions and government agencies. For more cyber security insights, you can find us on Twitter and LinkedIn.