Ransomware: 4 steps for protection

From our Cybersecurity experts

Recent ransomware attacks, WannaCry and Petya, have hit hundreds of thousands of computers in over 100 countries. Ransomware is a malware tool used by hackers to infiltrate networks, encrypt files, and lock users out of their own systems; the hackers then hold this information for ransom, which is typically demanded in Bitcoin. While certain companies claim defenses are getting better, Microsoft estimates that roughly 500 million emails with ransomware downloaders are still being circulated every quarter.[1]

Beyond that staggering statistic it needs to be said, and repeated often: you need to protect your company, your employees and your customers. Regardless of the industry, taking certain steps to reinforce your defenses is key; there are four important things you must do (now!):

Your employees can be your best defense, or your weakest link.

Ransomware can enter a system via links in emails. All too often, it’s an innocent mistake by an employee opening up an attachment or link that can crash a system and cause a company serious dollars. To avoid this, make sure your employees:

  • are properly trained on how to identify suspicious emails, links, or files;
  • know who to notify if they come across such suspicious materials; and
  • back-up their information securely, and regularly, should a fellow employee not be so careful.

Be sure to have open conversations about such threats with your employees, so they know what to watch for. This is because hackers can disguise intrusions to make them look familiar, as we’ve seen with the CEO Scam that was circulating a few years ago, and the innocuous-looking USB dropping tactics that have been used before.

Back up your data and up-date your software

Reportedly, WannaCry was able to infiltrate the U.K.’s National Health Service because the system was not upgraded to the most recent Windows operating system.[2] Windows releases patches to protect such system vulnerabilities, but is evidenced, many companies haven’t adhered to the up-date requests, thus leaving them open to attack. It’s true, that these upgrades may not be able to protect against every threat, but at least you’ll be in fighting shape should an attack try to hit your systems. It’s also important to back up your data frequently, so that when your data is held ransom, you can recover.

Assess the security of your systems

A technical security assessment (vulnerability assessment) done by professional advisors can help provide an overview of your system and suggest ways to optimize your security efforts. A trusted third party is invaluable as they provide an objective eye to ensure your governance, security, and risk management processes are maximized.  These experts will most likely be up to date on the latest exploits used by hackers and can provide you with advice on how to minimize impacts to your organization.

Invest in advanced end-point protection

If you are doing all of the above and still want an added layer of protection, consider investing in advanced end-point protection. Traditional anti-virus software that is signature based is only as good as the updates that the anti-virus vendor can send.  Many organizations are turning to advanced end-point protection solutions aimed at detecting exploits that their anti-virus deployments cannot detect (i.e. “zero-day” exploits). These solutions use techniques such as deep learning and behavioral analysis to detect suspicious activity in real-time. Look for a solution that has demonstrably high detection rates of “zero-day” exploits and that also has a low false positive rate, otherwise your IT security staff will be inundated with sorting through good and bad alerts.

[1] https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx#what

[2] http://www.cnbc.com/2017/05/17/the-wannacry-ransomware-attack-what-businesses-need-to-know-commentary.html

About Richter : Founded in Montreal in 1926, Richter is a licensed public accounting firm that provides assurance, tax and wealth management services, as well as financial advisory services in the areas of organizational restructuring and insolvency, business valuation, corporate finance, litigation support, and forensic accounting. Our commitment to excellence, our in-depth understanding of financial issues and our practical problem-solving methods have positioned us as one of the most important independent accounting, organizational advisory and consulting firms in the country. Richter has offices in both Toronto and Montreal. Follow us on LinkedInFacebook, and Twitter.