Today in a networking meeting, I was asked “What is the best way to protect against these ransomware threats?”
As an I.T. guy, my immediate answer was … well, sarcastic. Something about air-gapped systems with no internet access and so on. In reality, not a practical, though accurate answer. Fortunately, Stephanie understood I was giving her a hard time. Then we started an earnest conversation about protecting his business from the costs of ransomware.
As we discussed his situation, Stephanie made it clear that he was not shopping for just a quick fix to protect against the WannaCry attack in the current news cycles. He was asking about a longer lasting and wider covering umbrella of protection. After several minutes of questions and answers from both of us, we had the beginnings of a plan for his business.
Her first step is to identify what data she has where. Once that is determined, we will work together to gather that data in well identified locations on her network, with various protections via logins, permissions and reasonable password. Then we will make sure it is covered and protected by a reasonable backup scheme that includes offsite storage and synchronization. Preferably the backup will be managed and automatic. A ‘Set it and Forget it’ answer to the issue of backups where someone else is verifying, daily, the backups occurred and fixing any problems so she and her staff can stay concentrated on her business.
While developing the backup solution and tuning the network access to the data, we will be positive that every machine is configured to install automatic updates from Microsoft. These will be restricted to updates about security or in the ‘Critical’ and ‘Important’ groupings. Third party application updates, such as for Java or Adobe will be handled on a machine by machine basis.
Next will be the implementation of a quality anti-virus solution. I suggested a managed install of Webroot, but Stephanie has had a positive experience with Vipre. We did agree, though, that the anti-virus/malware application needed to have a central dashboard so that viruses and staff actions could be monitored and managed. As she pointed out, she needed to know if one of her staffers were surfing unsafe sites and putting her network and business at risk.
Finally, Stephanie is going to start training her staff on identifying socially engineered e-mails and websites that may carry a nasty payload or may just be there to collect personal data.
Is Stephanie’s business data and network protected form 100% of all cyber assaults? No.
Then why take these steps?
The backup is to ensure that her data, the business’s most valuable asset is able to be restored, simply and quickly. This makes it a moot point if the ransomware authors will give up the decryption key, or not.
The network changes are to ensure that those who need access to that data have access to what they need, nothing more. This helps with some attacks that will attack network shares, looking for any data that can be accessed to encrypt and hold for ransom.
A valid anti-virus solution is just another layer in the protection of her data and business. Protecting her from human error and other potential threats.
The training helps her people be an active part of protecting their data. Educating her staff helps them be more responsible and attentive to risks.
If you are interested in the other steps not listed here, on how we will protect Stephanie’s network and business data, contact Indy’s I.T. Department, today for further details on how they can help you, too!