By Jon Thorpe
Managing Director
ACS
MY top ten pieces of advice for helping business protect themselves from cyber criminals:
1. Install business class anti-virus, web filtering and firewalls
Preventing malware entering the organisation in the first place is the best way to secure against cyber attack, and through the adoption of a layered approach to protection, implementing anti-virus, web filtering and firewalls. It’s essential that businesses ensure each component is accurately configured and always up to date. Scanning solutions today incorporate functionality to re-write links to verify safety when ‘clicked’, and to open suspicious attachments.
2. Keep IT up to date and patches applied
Malware can often infect an organisation, entering through bugs in software and applications. Businesses should ensure that software updates are implemented and patches applied as soon as they’re released. It’s believed that WannaCry exploits a Windows issue for which Microsoft issued a patch in March – but, which many organisations still today have not administered.
3. Backup – and regularly
Whereas organisations attacked by encryption ransomware will be unable to access their live data, their backup data should of been unaffected, and can be restored once infected devices have been cleared down. On the proviso that backup procedures have been performed regularly, the integrity of the data routinely checked, and well-defined and practiced restoration procedures created, an infected organisation will lose relatively little data – and, importantly, can be quickly back up and running. New ways of giving robust Disaster Recovery solutions with Azure and other platforms are also available to improve your Recovery Time Objective.
4. Keeping users trained
Email cybercrime is common, often sent by the cyber criminal as part of a mass random communication. Businesses should therefore consider investing in ongoing training to remind employees of potential hazards. Malicious links incorporated within emails create issues for many businesses. Giveaway signs to look for include:
* Emails claiming to be from well-known, reputable organisations, sent from a variant of the authentic email address – a 0 replacing O, for example;
* Communications from organisations or on topics that arrive out of the blue;
* Poor quality text (spelling and grammatical errors, for example) can often indicate a fraudulent email – although it’s worth pointing out that cyber criminals are increasingly addressing this.
Emails received from legitimate contacts, but where the originating account has been attacked, still pose problems for businesses. These are often characterised by containing a short – at times often nonsensical message – and (malicious) link.
Social media networks or instant messaging may also contain links to malware.
Advising users to go direct to an official website rather than click on embedded links can help businesses guard against malicious attack, but the main point of advice is that it’s essential to keep reminding employees of potential ransomware threats.
5. Is it really the CEO/MD emailing?
Spear-phishing is a second and growing form of cyber attack actioned through email, with the attacker posing as a company official requesting a specified action – such as a the CEO/MD of a company asking finance to transfer funds. These types of email can also claim to come from official organisations – a bank, government department, or even the police, for example. Companies should be aware of this potential risk, and define procedures to help employees identify phishing attacks.
6. Formalise security policies
Customers should be advised to create and record in writing a set of formal protection policies and processes in consultation with ACS or their IT partner who can apply these policy requirements to every device.
7. Instigate a robust password and multi-factor authentication policy
It goes without saying that the more robust a password requirements policy, the harder it is for cybercriminals to infiltrate a business. However, many companies still have not addressed password protocol, and allow users to set up ineffective and weak passwords. Requiring unique ‘strong’ passwords for individual accounts, or implementing single-sign on solutions, helps reduce risk, along with implementing multi-factor authentication whereby access is gained only after successful submission of various pieces of information as an additional layer on top of the password control – such as requiring input of a numerical code texted to a mobile device.
8. Personalise anti-spam settings
Malware can be activated via an attachment. However, webmail servers can be configured to block potentially suspicious attachments, identified by extension type – such as .exe, vbs, or scr. A show file extension function is also useful to help users avoid accessing malware via attachments. Talk to our team about Mimecast and other solutions used by over 70 per cent of law firms in the UK.
9. Block pop-ups, disable macros, disallow data transfer via USB
Increasingly, malware is spread through invitations to download macros incorporated within every-day type documents. A robust policy defining download privileges and regulating rights per employee can extend protection across the business.
10. Turn off immediately if suspicious activity is detected
And finally, if an attack is suspected, the advice is to disconnect from the web. At an early stage in the attack, this can prevent malware establishing itself, but may also prevent ransomware spreading to other areas of the business.
My view: ransomware is a growing problem that needs security at the top of the agenda to protect your business. Solutions are inexpensive to deploy and will still give the business and users a great, secure, IT experience. WannaCry is demonstrating the damage globally but much of the risk can be managed with a good partner. We have videos available for clients to help users adopt best practice to mitigate ransomware and other risks.
But there are ways businesses can protect themselves, with a people-process-technology approach to look at potential flaws in employee behaviour, business procedures and IT systems particularly effective. And it’s also worth remembering that when facing a ransomware attack, there’s a criminal gang behind it. Who’s to say that even on payment of a ransom demand, files will be un-encrypted… In addition, the National Crime Agency encourages businesses to not pay ransoms.
The National Crime Agency and the National Cyber Security Centre offer advice, and the Cyber Security Information Sharing Partnership is a national forum where businesses can discuss cyber issues.
At acs, security and helping businesses to do more with the new ways of working is one of our highest priorities. Call the acs team on 01604 704000 or email me directly for further advice on how we believe do things differently.
Visit www.acs365.co.uk/casestudies to see who we support.
PS. Has your IT partner made you aware of the General Data Protection Regulation? If not, talk to us immediately.
