Ransomware and the importance of cybersecurity were brought back to the attention of the technology and business world in mid-May. The attack, named WannaCry, infiltrated the computers and files of over 300,000 devices across the world. How?
Computers that were still running old and unsupported versions of Microsoft Windows, like Windows 7, XP and Windows Server 2003, were exploited and files encrypted. Even computers that were running the latest versions of software without the appropriate updates/patches applied were impacted. The ransom for decrypting these files ranged from $300-$600 bitcoin.
While the ransomware mostly affected those outside the United States, it brings up another lesson on cybersecurity: preventative maintenance in your information security is always the way to go.
Had these users patched, or updated, their operating systems, underwent routine open port scanning, and educated users not to click on suspicious links, they would have identified key vulnerabilities the ransomware leveraged to game their operating systems.
Steps to Reduce Your Ransomware Risk
So, what can you do to help reduce your risks of exposure?
Below are seven preventative measures you can take now to help reduce the risk of ransomware in your IT environment. The last thing you want is a cyberattack to occur, because you didn’t take the preventative steps to secure your data.
1) Upgrade your Out of Support Operating Systems
When new software gets released or an old operating system loses support, it’s vital to your cybersecurity efforts to update to the supported software. Not doing so will leave you at an increased risk of being a victim of cyber attacks.
Are you prepared for the Windows 7 End of Life?
2) Run Routine Open Port Scanning
Open ports on your network to the outside world can be a nice convenience but they provide doors into your network – which can include easy access for hackers to gain entry. Open port scanning allows you to know exactly which ports are open to your network from the outside. Routine Scanning allows you to put appropriate controls in place to control access to these critical openings.
3) Filter Your Internet Content
Firewalls and endpoint antivirus can help guard against malicious activity, but often at a delayed rate. To assist in decreasing the chances of malware or phishing attacks, by scanning your traffic before it reaches your network, malicious connections and content can be blocked. Thus providing you a more effective means of preventing cyber attacks.
4) Review who Has Access to Your Remote Network
If not properly controlled, your network’s remote access can become susceptible to potentially compromised PCs. This can serve as a gateway for cyber criminals to attack your entire network. Make sure you have a complete understanding of the users that have remote access to your network and how to strengthen this access.
A VPN can help you manage who see what when working out of the office.
5) Manage Your Password Policies
If your password is “password” or 1234, you might want to think about changing it.
Passwords with common words or phrases are easy to crack and without strong password management policies, they can be compromised by malicious users. Set up a stringent password policy your company will follow to fend off these hackers.
6) Monitor Accounts on Your System
Hackers have the ability to spread within organizations from the misuse of old accounts and infrequently used administrative or “system” accounts. Regularly review all accounts to determine if certain accounts are inactive and if so, should be deactivated.
7) Educate Your Employees
Educate employees on good cybersecurity practices with awareness training. Cyber criminals are constantly evolving their methods so having a recurring training program can be critical to preventing and alerting of cyber incidents on your network.
Partner with a Managed Service Provider
If you need help reducing your risk of exposure to malicious software, don’t worry. The information technology professionals at Access Systems offer an entire program, Information Security Essentials (ISE), devoted to easing the threat of ransomware and a cyberattack on your network.
To learn more about the Information Security Essentials program, click here or give us a call.