We have taken time to compile the best ways of protecting you and your business from Ransomware, an ever-increasing online threat!
You may have heard in the news that Kaseya – an IT Security and Management company, was compromised last week. The attack resulted in over 7,000 companies falling victim to Ransomware (news article here). The demand is $70m for a universal decryptor!
This comes after the hack on SolarWinds (news article here), one of the worlds most popular security products. This particular attack hit over 18,000 companies, including Microsoft, Fortune 500 companies and government agencies.
So how do we stay safe?
The best way to stay safe is via a multi-layered approach, including advanced anti-virus and anti-ransomware software, email security, good quality off-site backup, regular system updates, patching and user due diligence.
- Ransomware Protection: Use Anti-Virus with in-built ransomware protection. Please note that traditional anti-virus DOES NOT normally include ransomware protection; this is usually an add-on service or a higher product tier. Eitex recommends the #1 rated Sophos Intercept-X Advanced. All users should have this product installed.
- Email Security: Microsoft Defender for 365 checks email for unsafe and malicious content. Dangerous content is stripped out before the user receives. Currently, email is the single biggest threat to online security.
- Server Backup: we strongly advise not to use local USB / NAS backups unless accompanied by cloud / offsite backups. This is because Ransomware is known to destroy backup data. Eitex recommends Altaro Server backup. Backups need to be checked daily.
- Computer / laptop Backup: Eitex recommends storing local user data in Microsoft 365 (SharePoint and / or OneDrive). Microsoft 365 should also be backed up (cloud-to-cloud backup)! Eitex recommends Datto backup for this.
- System Updates: Windows 10 is recommended for all users currently, and Windows Updates should be run when prompted by your computer.
- User Due Diligence: Have a zero-trust policy in your organisation. The Government Cyber Aware website has some great advice Cyber Aware – NCSC.GOV.UK. Also, Eitex holds a number of Cyber Security events with West Yorkshire Police throughout the year. Check www.eitex.co.uk/events for more information.
- Cyber Essentials: becoming accredited to Cyber Essentials is recommended. More information here.
- Password Management: DO NOT use the same password for multiple online services. If a service get compromised hackers will try your passwords with other common online services such as PayPal, Amazon, Microsoft, etc. Instead, use a Password Manager like LastPass.
- Insurance: Ensure your business has Business Continuity Insurance in place. Even with the best tools in the world, nobody can guarantee 100% protection and defence against today’s online threats. Covering your business for potential down-time might not be a bad idea!
If you get Ransomware:
What if you’re affected by ransomware? In this instance please ask your users to:
- IMMEDIATELY shut down ALL computers, laptops and servers. Disconnect Network Cables – this stops the Ransomware from spreading. Please note that speed is of the essence here, don’t delay!
- Phone Eitex helpdesk as quickly as you can.
Eitex is here to help you every step of the way. If you need to discuss any of the above or would like to arrange a free assessment, please don’t hesitate to get in touch.