Home / Our Blogs / Blog 2/16

Since this is such a hot topic, it deserves a discussion in this space. The news has been full of Ransomware horror stories. Businesses having to pay exorbitant amounts to unseen data pirates, companies losing all of their data and spending thousands of hours re-entering customer records, and small businesses going bankrupt. This is one of the major concerns I hear from clients. "Can it happen to me and what would be the consequences?" The answers are as varied as the systems they are running.

It is not a question of if, but when and how this will impact your businesses. In a best case scenario, the system fends off the threat and nothing happens. The 2nd best case is that it only impacts a single user's account and the network is unaffected. The next possibility is that it takes out the user's workstation and any server drives that are mapped, requiring you to reload the workstation and restore the server from (hopefully recent) backups. From there, things start to deteriorate quickly. Where your business falls in the scope of possible outcomes depends on how prepared you are. Yes, there are many steps you can take to protect your business network from these types of attacks. Like all security issues, there is no "Silver Bullet" that you can simply install and walk away, it takes a layered approach. While fully protecting your business is beyond the scope of this post, quite frankly it has been well documented already by some very talented people in the industry, Third Tier being one of the better resources. But I will cover some of the basics.

Backup, and backup often. If your data is encrypted by malware, this may be your only alternative after an attack, so make it a good one.

Keep your anti virus software up to date and make sure all servers and workstations have the latest patches installed.

Group Policy Objects are your friend. GPO's can be written to stop these threats where they live, in the user space. The idea is to block the payload from executing in the first place. This is best handled by your IT personnel who manage domain policy or security consultants. If you are still running your network as peer-to-peer or as a workgroup, you have a lot less options and it's going to be time consuming, but you can adjust local policies and limit permissions on shared drives.

Control your endpoints. There are a host of great endpoint software companies with solid endpoint management. Most of the top ones already have articles in their support sites addressing this issue. If your endpoints are managed by your firewall's UTM, again, all of the major vendors have support documentation to help. Many companies utilize a small portion of what their security software and appliances can do.

Limit your user accounts. No one should have administrative access except the admin accounts. Remember, the virus or malware executes with the user's privileges. Users should operate with the lowest level of permissions that still allow them to run the software they need to do their job. This includes management AND IT personnel. Often these users believe they need to be part of the administrator's group to perform their work when in fact they are often the biggest risk, as they are usually tasked with downloading software and attachments.

Educate your staff. Let them know they are an integral part of your malware management. All it takes is one attachment or malicious web site. More importantly, the sooner they inform someone that something is amiss, the better chance you have of limiting damage.

As I stated before, it takes a layered approach and good preparation. Make your plan now and implement your strategies before disaster strikes, no one wants to be another news story.