Our Thoughts

How to ensure your organization doesn’t become the victim of a ransomware attack

12 Nov 2017

Since the outbreak of the WannaCry ransomware earlier this year, businesses have become all the more worried about the threat that ransomware poses to their systems. Millions of systems around the world were compromised by WannaCry, and though the threat has now largely been contained, the general availability of more advanced encryption technologies means that ransomware is still a major threat.

As an IT security professional, it may be impossible to protect your business from the most targeted attacks, however there are best practices that should help you avoid being compromised by accident. Here are our top tips.

Backup, backup, backup

The reason why ransomware is so effective as a form of cyber-crime is that it locks victims out of their data and resources. If there’s no backup, the victim has no choice but to pay up. However, you can negate the effects of a ransomware attack if you simply have an up-to-date backup process and the ability to quarantine infected systems. Conduct regular backups of your system, and ensure that your files are stored offline so that they can’t be accessed through your network. And conduct regular restoration tests, too – you don’t want to find out that, upon trying to restore your systems after a ransomware attack, your backups are worthless.

Employee education

The majority of ransomware attacks still result from old-school social engineering tactics, meaning that the malicious software is often downloaded through an email attachment that an employee has thoughtlessly downloaded. Employee training on what to look out for is essential if you’re going to avoid ransomware attacks. I’s also worth restricting the ability of employees to open executable files on their devices, and restricting admin access.

Take action on email

Given that most malicious software is sent and downloaded through email, it makes sense to beef up your email security. If it isn’t prohibitive to employees being able to do their jobs, you could look at blocking attachments altogether, or at least blocking certain file types such as executables or zips. You should also deploy advanced spam-detection techniques to weed out any pieces of malware that are sent via spam.

Keep on updating

Keeping on top of software patches is a full-time job, but it’s worth hiring someone dedicated to it if you have a lot of distributed systems. More often than not, ransomware attacks succeed by exploiting weaknesses in older versions of software, meaning that those who are still running older versions are at a disadvantage. Sure, keeping on top of your software updates won’t protect you against zero-day attacks, but it’ll go a long way towards protecting yourself against the majority of ransomware out there.

Latest thoughts

Five practical steps towards Digital Transformation

Five practical steps towards Digital Transformation

As the CEO of Injazat, I am thrilled by the potential of Digital Transformation (DX) to enable adaptation to a rapidly changing world and underpin sustainable, profitable economic growth. But what doe...

Know more
Combatting Sophisticated Security Threats - Injazat launches Endpoint Security as a Service

Combatting Sophisticated Security Threats - Injazat launches Endpoint Security as a Service

During the last few years, we have seen an increasing number of sophisticated IT security threats that are more difficult to detect, such as zero-day attacks, grayware and ransomware. Disturbingly, a...

Know more
SaaS versus PaaS versus IaaS – which is best for your business?

SaaS versus PaaS versus IaaS – which is best for your business?

At Injazat we often interact with clients who are confused about which cloud solution best fits their business. Although there are benefits to each service, the right fit generally depends on the typ...

Know more