Ramsomware is an unstoppable trend worldwide. And it affects all types of companies, not only the smaller, but also the larger ones. That’s why the question is not how to stop it, but what to do when it happens again and touch me. We will then see nine measures to improve the safety of your company before going on vacation.
Because it is at this time of year that many companies lower the level of work where we have time to rethink our security policy. And above all establish a plan to respond to an incident, stop it and remedy it as soon as possible.
1. Shut down your computers in case of any problems detected
It is the basic precaution that all employees must know how to recognize and identify. I have opened an email, downloaded a file and something is wrong that I do not have access to some files or programs that have stopped working. Shutting down the computer immediately, is essential to try to slow down the progress of the problem.
The sooner it gets better! Even if we have our own or subcontracted technical service, first turn off the equipment, then it is reviewed with more clamor. They will then be responsible for starting the computer disconnected from the network, isolated so that it can not do more damage, as well as review any problems that have caused the shared resources.
2. Lying does not help solve the problem, the damage is already done
There is an ancestral mechanism of defense when we have done something wrong that is the negation. I have not been, this was already so when I arrived . But the truth is that it does not help to find the focus of the problem and be able to solve it as soon as possible. It is not a matter of firing the person who has been deceived to execute the malicious file, but rather have all the information to be able to solve it as soon as possible.
3. Keep your computers updated
For many companies the updates have been a nuisance. It assumes that computers take longer to boot and in many cases also have unexpected problems with some programs. That’s why they stop or delay forever. And this is a security issue.
The truth is that some of the latest Ransomware attacks used known vulnerabilities of Windows that had already been corrected by Microsoft , so that with an upgraded computer we are less likely that such an attack is successful. Also on servers, which are often the big forgotten in this aspect.
4. Beware of remote connections
At other times the attack is done looking to connect remotely to a computer. So if we have connections through the Remote Desktop it is best to change the default port of this connection, 3389 by a different one. In this way the attacker to go to look for this port directly finds it closed.
Also do not keep open sessions on the server and above all, use strong users and passwords , since often the attack by this route is done by brute force, that is, test the most common users (Administrator, Administrator, Admin or similar ) With different passwords until it is accessed.
5. Always keep an updated and disconnected backup
But once the problem has occurred, the next step is to try to keep business continuity unaffected. For this it is essential to have an up-to-date backup that is not connected to any computer.
In many enterprises, backups are performed on a network hard disk or on a USB disk that is always connected to the server. This is useful if we have lost a file, but before an ransomware attack is ineffective, because these storage media can also be affected. Better to have a copy as new as possible that is not connected.
6. Do not copy everything, it separates the essential of the accessory
When you have to recover all your files from the backup you realize that it is not something immediate. It is very comfortable to say, it copies everything, that everything you have saved is imperative, but it is not true. And then it will take more time to re-copy all the information and to restore normality in the company.
The ideal is to establish a purge of the data that really are important. Always keep the copy clean, occupy as little space as possible. This way it is much faster to restart the whole company in the face of an incident.
7. Train your workers
If you do not know the problems that can arise and affect the safety of our equipment, we do not know how to react. It is essential to train employees so they know how to proceed in the face of a security incident. And it is not enough to warn them to be careful with the attachments in the mail.
8. Invest in more comprehensive security solutions
Security solutions are not infallible, but the truth is that they are a help. A more complete security solution, which helps detect unusual behaviors in a company’s pattern, blocking it and notifying you of a potential incident can be a great help. Of course it is not enough to have it, you have to be aware of these warnings and know how to administer this solution.
9. Name a security officer in the company
That is why it is imperative to appoint a security officer in the company. And it has to be someone internal, not an outside computer company. Someone in our organization has to be aware of all these circumstances, because otherwise no one will take care of it.
It is not known if the copy is running correctly, if the computers are or are not updated, if our antivirus is warning us of a problem and nobody is pending, etc. It does not have to be something that takes up too much in your day to day, but if there is someone designated who is clear how to react to an incident of this type.
Most of these measures do not have a direct economic cost, but rather are a matter of organization. The tools in many cases have them, but there is no awareness necessary to take action. We always think that these issues happen to others.
You may also like this blog.