Our Thoughts

How to ensure your organization doesn’t become the victim of a ransomware attack

12 Nov 2017

Since the outbreak of the WannaCry ransomware earlier this year, businesses have become all the more worried about the threat that ransomware poses to their systems. Millions of systems around the world were compromised by WannaCry, and though the threat has now largely been contained, the general availability of more advanced encryption technologies means that ransomware is still a major threat.

As an IT security professional, it may be impossible to protect your business from the most targeted attacks, however there are best practices that should help you avoid being compromised by accident. Here are our top tips.

Backup, backup, backup

The reason why ransomware is so effective as a form of cyber-crime is that it locks victims out of their data and resources. If there’s no backup, the victim has no choice but to pay up. However, you can negate the effects of a ransomware attack if you simply have an up-to-date backup process and the ability to quarantine infected systems. Conduct regular backups of your system, and ensure that your files are stored offline so that they can’t be accessed through your network. And conduct regular restoration tests, too – you don’t want to find out that, upon trying to restore your systems after a ransomware attack, your backups are worthless.

Employee education

The majority of ransomware attacks still result from old-school social engineering tactics, meaning that the malicious software is often downloaded through an email attachment that an employee has thoughtlessly downloaded. Employee training on what to look out for is essential if you’re going to avoid ransomware attacks. I’s also worth restricting the ability of employees to open executable files on their devices, and restricting admin access.

Take action on email

Given that most malicious software is sent and downloaded through email, it makes sense to beef up your email security. If it isn’t prohibitive to employees being able to do their jobs, you could look at blocking attachments altogether, or at least blocking certain file types such as executables or zips. You should also deploy advanced spam-detection techniques to weed out any pieces of malware that are sent via spam.

Keep on updating

Keeping on top of software patches is a full-time job, but it’s worth hiring someone dedicated to it if you have a lot of distributed systems. More often than not, ransomware attacks succeed by exploiting weaknesses in older versions of software, meaning that those who are still running older versions are at a disadvantage. Sure, keeping on top of your software updates won’t protect you against zero-day attacks, but it’ll go a long way towards protecting yourself against the majority of ransomware out there.

Latest thoughts

SaaS versus PaaS versus IaaS – which is best for your business?

SaaS versus PaaS versus IaaS – which is best for your business?

You’ve decided Cloud Computing is the way forward for your organization but what kind of service do you want and what do all those abbreviations mean? Cloud computing services are now generally catego...

Know more
The lowdown on the Gulf’s first Tier IV data center

The lowdown on the Gulf’s first Tier IV data center

What if you could take advantage of the power of a state-of-the-art data center without actually having to build one yourself?...

Know more
How outsourcing parts of your infrastructure could save you time and money

How outsourcing parts of your infrastructure could save you time and money

Most businesses can’t afford to reinvent their IT systems every year. Perhaps that’s why managed services have become so popular among IT leaders in the Middle East....

Know more