Nothing unsettles a computer technician’s stomach more than a call from a customer, letting us know that they have been infected by some form of malware. Today’s malware is much more advanced, and in many cases, much more damaging. In years gone by, malware usually resulted in aggravating popups, or pop unders, and was more an inconvenience than anything else. Well, the times have changed.
Ransomware is one particularly dangerous form of malware. If you’re not already familiar with ransomware, you should be. Like most malware, ransomware takes advantage of human engineering, and tricks the user into allowing its payload to be delivered. In most cases, ransomware is spread by way of an attachment in an email. Most of us are trusting souls, and our natural inclination is to open an attachment, especially when the email tells us that we have past due invoices or an applicant has applied for an open position. Don’t do it!
For those of you using a Mac, don't think that you're immune to this ransomware. Viruses on a Mac certainly occur much less often than on a PC, and for most home users, the Mac is an excellent platform. Having said this, most of you would not be able to run your businesses with Macs, so it's not worth the effort to have the discussion. For more information about a recent ransomware attack directed at Mac users, check out this link.
There are a few things that you can do to protect yourself from these types of attacks.
- Never open an attachment in ANY email from an unknown source.
- If you get an unexpected email from someone you know that contains an attachment, pick up the phone or email that person, and verify that the email is authentic before opening the attachment.
- If you have mail filters available, configure them to block all .zip and .exe attachments.
- Locky ransomware has been known to deliver its payload by way of Microsoft Word documents. If you receive an unsolicited email with a Word document attached, delete it! For those of you in human resources positions, consider having applicants upload their resumes in pdf or text formats only. Yes, this does create some inconvenience, but it’s better than having all of your company’s files on the server encrypted and spending the next several days recovering from backups.
- Keep your systems updated! Turn on automatic updates, and allow the updates to run regularly. If you turn your systems off at night, consider leaving them on two or three times each week so that they get their critical security updates. An unpatched system is like leaving the barn door wide open.
- Run quality antivirus products, and keep them updated!
Unfortunately, the bad guys always seem to be a step ahead. User education is a great start to preventing malware from impacting your business, but there is always the possibility that something will slip by your best defenses. When that happens, it’s critical that you have good backups that you know you can recover from. One backup isn’t enough, so consider implementing multiple layers of protection including local backups and online backups. For local backups, be sure to rotate your backup media daily. And finally, consider testing and documenting your ability to recover from your backups.
In addition to all of these things, there are other solutions that can be installed at the edge of your network to help protect your business from the bad guys. For example, Cisco has a new line of firewall appliances called Advanced Security Appliance – Next Generation. In addition to the normal firewall and VPN functions that you’ve come to expect from Cisco, these appliances have optional software services, including intrusion detection and advanced scanning capabilities, that can help protect your business from the human element.