It’s been in the news: the WannaCry ransomware attack that held companies across the hostage, affecting more than 150 countries and 200,000 computers (so far). This is not the first cyberattack of this type and unfortunately will not be the last. There are measures, however, that can be taken to mitigate ransomware vulnerabilities and other malware attacks.
The first step is to be educated. Take time to research (i.e. Google Search) what the latest attacks are and find out as much as you can about them. In the case of WannaCry, it targeted older versions of the Windows operating system. So if these older systems are in your environment, give attention to them first. Understand what an attack will look like and how it behaves. For example, understand if a “warning” pop-up takes place and how an invaded system reacts. Some ransomware is only a social engineering effort, and others are much more malicious. Avoiding getting caught in a scam is much easier than resolving a true infection.
After identifying any ‘at-risk’ operating systems, confirm that the latest security patches have been applied. With auto update turned on, there is a good chance you’re protected. If running Windows systems, their site will give a list of released patches based on operating system versions. Instructions for checking the current patch level can be found there as well. Other sources with helpful information include personal computing magazines, websites, your favorite virus detector, and hardware vendors.
Another important line of defense is to educate users of potential risks. Provide key information from your research so that the wrong step isn’t taken during an attack. Keep your employees on guard and help them recognize potential threats. Make sure they know who to contact if they suspect a problem.
Other best practices include backing up your system regularly and keeping multiple versions of the backups. Don’t just write over the previous day backup set. Malicious activity may not show up for a few days, requiring restoring to a date prior to an event. Review and enforce the policy of never opening an email, clicking on a link, or attachment from an unknown source. Emphasize the importance of not visiting unfamiliar websites where virus and malware can be downloaded unknowingly.
Finally, whether you have a large IT department or one personal computer at home, don’t put off securing your systems. Time invested now can prevent great losses in the future.