Ransomware: 7 Tips on How to Protect Your Business
As you have already heard from various media sources, there is a massive ransomware attack on the web affecting hundreds of thousands of computers. This ransomware is called “WannaCry”. If you are lucky and were not affected this time, you should act quickly and protect yourself against future attacks, because going forward these attacks are not going to slow down.
We are all connected to the web, regardless of your business or occupation. It is important that you understand what are the IT security threats and how you can protect yourself. Today it is the same as understanding what a door, a wall, a fence, a gate or a lock is for, in the physical world, otherwise you’ll leave your business exposed to financial loss and your reputation could be damaged. This article will go through basics in IT security for a small business using ordinary language and with easy to understand examples from the physical world.
Ransomware: which are the weak points?
• Network Perimeter:
This is your network border where your private network connects to the public web. The web is very public, anyone from anywhere in the globe can reach your network, get in and cause harm. You have some protection against these in your devices. These are your “walls”, “the fence” and “the gate” in the physical world. The most common threats here are:
o Opened ports – In the IT world, normally all “gates” and “doors” can be opened only from inside, like they don’t have a “door handle” from the outside. When you’re opening a port on the router, you are allowing a “door” to be opened from outside, even if you put a lock on that door, you still leave it exposed to be “key picked”.
These vulnerable ports are usually opened for various services like CCTV, IP Cameras, Remote connection to the server… This is a bad practice in general, even though it is necessary sometimes
Solution: When opening ports, limit them to an IP from which the connection is allowed, or even better try to use a VPN which is the most secure solution there is.
o ISP stock modem – No matter how good you think your Internet service provider (ISP) is, they will always try to cut the cost of the free modem they provide; because they are in a very competitive market and margins are small. The problem with this is, the same cheap modem is provided to thousands of clients and if a vulnerability is found in one, then it’s easy for the attacker to exploit all clients that have the same modem. And to make matters worse, most ISPs do not have release security updates to their modems even when they know about the security issues.
Solution: Replace the ISP stock modem with a business grade firewall which has the latest security updates.
o WiFi – This makes it easy to the attacker to get in, avoiding even the best firewalls, since the attack does not come through the Internet, but through the WiFi extension of your private network instead.
Solution: Make sure you use strong authentication algorithms like WPA2 and a “hard to guess” key. Periodically check the WiFi around your perimeter and make sure no new WiFi devices were installed without your knowledge. If you have on-premises customers, we highly recommend providing them a public WiFi service, not the same internet connection used by your employees. For public WiFi service information, please read more on CleverWiFi website.
• End User Devices:
This is by far the most common attack vector, it is commonly used to attack PCs, Servers, mobile phones, printers or any IP connected devices. And the following are the most common threats here:
o Old operating system – If you are still using Windows XP, then this is a big “NO”. Microsoft, the vendor of Windows has stopped supporting this version and is not releasing the security updates for this system. Which leaves it open to all new kinds of attacks. It is like someone broke your “fence” and no one will fix it anymore so anyone can get inside without any problems.
Solution: Always use the latest version of Windows and have the security updates on.
o Email – The most common way to infect PCs are with viruses. The attackers became very good at hiding the virus and impersonating valid entities. Sometimes ever the most advanced user can be tricked to click on a link or open an attached file.
Solution: Use an email service that has a good filter, instead of using your own in-house mail server, go for the reliable online mail services like Gmail or Office 365. Use an antivirus which has email scanning feature, it will filter emails before you see them. They are very good at filtering the spam and viruses. Train all your staff not to click on links or open attachments from sources they don’t know.
o Un-protected Operating System – The operating system, like “Microsoft Windows”, is the main underlaying software on every machine, while it’s trying to make the PC a more secure environment, it does not have threat detection build in, so every PC should have an antivirus installed. There are many antiviruses and they are not all are the same and they vary in the level of protection that they can offer.
Solution: I would not suggest using the free antiviruses, instead go for the commercial vendors like Eset or Kaspersky, the license fee will pay off in the long term. The best practice is always to conduct a fresh operating system re-installation just before installing the antivirus, this way you’ll prevent the PC being compromised before the antivirus is installed. If you don’t do this it may be too late and your system could already be infected.
o Mobile Devices – Mobiles devices are now very common in business. Often employees bring their own devices to work and the business has the decision to make of choosing between the convenience and productivity that the mobile gives and the security threats they expose to the business.
Solution: Get a separate WiFi network for your mobiles, which does not have access to the private network, similar to what you would have in a Public WiFi. Prevent or restrict the use of personal mobiles for work or supply employees with work devices which have restrictions, such as what apps are installed on them.
We are sure there are a lot of other aspects of cyber security not covered here, you can always research for more information online. We hope this article has given you some general information on what to look at as you try and make your business safe from cyber threats.
Don’t forget to share this article. It can prevent your partners and associates from being attacked and even transmitting malware to you.
Author: Igor Toma.
Contributor: Edward Whelan.
May 10, 2018
April 20, 2018
November 18, 2016