One of the most widely quoted IT security predictions for 2016 was the increase in incidents of a type of malware called ‘ransomware’.
The predictions were not wrong.
According to research just released by Intel, incidents of malware increased by 25% in the first quarter of 2016 – which by anyone’s standards is alarming.
In case you haven’t come across it yet, ransomware is a virus-like infection of a computer that “locks” documents, files and folders by encrypting them so that they cannot be accessed by the user without a special key.
Locked out users – which in many cases are business organisations – are forced to pay to regain access (hence the ‘ransom’), but in many cases the criminals take the money and run without providing the key.
This leaves the business with one option: a factory reset and a time-consuming data retrieval and restore job for the IT team.
The perpetrators of these ransomware attacks are criminals whose sole aim is extorting cash from their victims. It works too. The ransoms (where known) range from a few hundred pounds for individuals to thousands for businesses.
The criminals are not just individuals. They are organised gangs with whole networks of infected computers creating a web of infected sites and email spam infrastructure, on the hunt to catch and exploit the next unwitting victim.
Could this happen to your business?
Most businesses use some form of antivirus software, both at a user or network level, or both.
Similarly, firewalls with intrusion detection and web filtering capabilities are also commonplace. Email filtering is also used by many organisations to stop suspect emails reaching users’ inboxes.
So how does malware get through? Doesn’t anti-virus software quarantine it and send it to a sandbox environment?
Two-faced malware, for example, is designed to appear benign when tested in a secure testing environment (known as a sandbox) but once it is passed as ‘safe’ it then goes on to execute and infect.
As the ‘two-faced’ example above shows, it is because the malware, and the media used to convey it, look so convincing. And if it looks convincing to your spam or web filtering software, it has a very good chance of looking convincing to the average network user.
What to include in your IT security policy
To protect your business from malware such as ransomware, you need a mix of preventative measures, which together should provide you with a stronger security solution.
1. Backup your systems
Having an efficient backup process is the key insurance element in your IT security, which should only be needed in unexpected circumstances. Don’t confine your backup processes to documents and files though. Consider how email archives and other sources of data can also be backed up.
Important to remember too that backing up data is one thing. Restoring it is another, and the speed with which you can get your data and systems back to normal may be critical to your business, even if it’s just one machine that is compromised.
2. Keep antivirus software up to date
It’s hard to imagine that any organisation would run without antivirus software. However it is an area where any shortcuts can be disastrous. For example, antivirus software definitions that are allowed to go for any period without being updated can lead to infection with malware.
In particular regular virus scanning is also very important, because computers may be harbouring a virus that cannot be detected by a user and which has no impact on performance.
For this reason, it should not be possible for computer users to disable regular scans and updates on their computers – so that virus definitions are always kept up to date.
3. Protect email with antispam systems
Everyone hates junk email, and having to deal with it all manually is a very time consuming process.
A good anti-spam system doesn’t just filter out spam. It will also remove emails that may be carrying infected file attachments or links before they even reach the user’s inbox. This removes the user decision-making process from clicking on links or opening attachments that could trigger a malware attack.
4. Apply web filtering to keep your network users on safe sites
Equally important to antispam solution is web filtering.
Seen in its early days as a productivity tool to prevent internet users visiting certain categories of website and allow visibility of browsing behaviour, your web filtering solution is now a key frontline defence against malicious websites that may be hosting Ransomware.
5. Keep software applications patched
Most malware is designed to exploit known security vulnerabilities in existing software systems and applications.
As software vendors become aware of the small vulnerabilities that could be targeted by hackers, they produce updates known as patches to close any loopholes. It is vitally important that you apply these patches in a planned and timely way to all your software systems, and that this process is not restricted to Windows-based systems alone.
The more machines and applications there are in your business, the more you’ll require an automated patching tool to help you keep your software versions bang up to date.
6. Develop a ‘what if’ scenario
A typical stance for many organisations, particularly with all the technical solutions described above in place, is that it ‘won’t happen’. But the relentless rise in malware and hacking – on an industrial scale – mean the odds shorten each month.
A data security breach could be a ‘disaster’ for many businesses, not just in terms of direct cost and mitigation, but in terms of lost productivity and downtime and of course PR.
To ensure business operations can continue in a way that’s as close to normal as possible, the development of a disaster recovery plan is therefore highly advisable.
7. Keep network users vigilant
Finally, it’s worth always bearing in mind that one of the key sources of security vulnerability in any organisation is its employees. There are always going to be some who will open innocent-looking email attachments or unthinkingly click on links to view a ‘special offer’.
To ensure your network users are alert to the existence, appearance and consequences of malware in general – but particularly ransomware – you need to make them aware of what to look out for.
A particularly worrying trend is the rise in ‘social engineering’, which aims to con users into believing that what they are seeing or reading is genuine, whilst actually being fake and containing or linking to malicious executable code.
Social engineering has at its heart the exploitation of human emotions, including:
- Trust: assumption that “the IT team” take care of all the security issues so there’s no need to worry
- Curiosity: an attachment or link looks interesting or tempting to them – e.g. “Your parcel has arrived”
- Fear: links and messages may be tagged as critical – e.g. “Overdue invoice – pay now”
- Habit: always (unthinkingly) taking the same action with links and attachments
- Familiarity: a malicious (phishing) email sender’s domain may be very similar to a familiar one and have a relevant subject line or topic
What should you do next?
To talk about any aspect of your IT security, or if you feel you can benefit from the services of an experienced outsourced IT support provider, contact Alliance Solutions on 0800 292 2100 or email us at firstname.lastname@example.org and ask us for a for a free IT Systems Audit.