Protection against ransomware
Recently, cyber attacks, in which criminals used ransomware to extort money, have increasingly made headlines. Many companies and authorities in Germany are still not sufficiently protected against such extortion attempts.
Tanja Hofmann, Lead Security Engineer at McAfee Enterprise , gives five tips on how organizations can improve their IT security to avoid losing data or money to criminals.
Tanja Hofmann, Lead Security Engineer at McAfee Enterprise
Ransomware attacks on companies and government agencies have increased significantly, especially in recent months. Computers are infected with malware that encrypts data and systems using social engineering or security vulnerabilities. For release, affected organizations must pay ransom, often in crypto currency. In order to avoid getting into such a situation in the first place, companies can take various security measures:
Creation of regular backups
In the event of a ransomware attack, employees lose access to internal resources and data – either because they have been encrypted or because their computers have had to be disconnected from the network to prevent further spread. However, if there are backups of this data, companies can completely delete their computers and restore the data from the backup. For this purpose, the company data should be copied regularly and stored in the cloud or on external hard drives so that malicious programs cannot reach them and can also encrypt or even delete them. It is also important to test the backup strategy at regular intervals.
Blocking Ransomware using Security Software
To prevent a ransomware attack as directly as possible, companies should use comprehensive security software and keep it up to date – on clients and servers, but also on mobile devices, such as smartphones and tablets, security must not be ignored. The chosen solution should support features such as machine learning and behavior-based analysis to detect zero day exploits and prevent unknown malware from executing.
Provide secure access to internal resources from anywhere
More and more people no longer work (only) in the office. However, in order to continue their work, they often access internal resources via poorly secured home or public Wi – Fi networks. These networks are particularly vulnerable to vulnerabilities and cybercriminals know how to exploit them. A virtual private network can be used to prevent you from gaining access to potential vulnerabilities in these networks. In this case, the company network is expanded via a public one by creating an encrypted tunnel between two endpoints. This will transfer the data that third parties cannot access.
Raising employees ‘ awareness of the topic
Your own employees are still one of the biggest security vulnerabilities in a company – especially with ransomware, because it is often spread via e-mails. By means of deceptively real-looking e-mails, for example allegedly from colleagues or customers, links or attachments are sent, which install ransomware on the employee’s computer and spread it from there. That is why employees should be regularly warned about such dangers and confronted with appropriate fakes in training sessions in order to create awareness of this risk.
Preparation of a contingency plan
Despite all the security precautions, companies can still become victims of a ransomware attack. In this case, it is important to have an emergency plan in order to be able to react quickly and keep the damage as low as possible. This includes, among other things, immediately disconnecting all devices that behave suspiciously from the network, Internet and other devices, assessing the damage, identifying the ransomware used and turning on the competent authorities.