17 May 2017
Home » Big Idea Tech Blog » Blog » How a Defense-in-Depth Strategy Protects Businesses from Ransomware and other Cyberattacks

How a Defense-in-Depth Strategy Protects Businesses from Ransomware and other Cyberattacks

The WannaCrypt Scare – Part 2

The global WannaCrypt ransomware attack that started on Friday, May 12, 2017 was unprecedented in scale.  It infected more than 230,000 computers in at least 150 countries.  It also caused concern for many other businesses whose leadership questioned how they can best protect themselves and their data.

A proactive approach to security using a defense-in-depth strategy will protect your business from Ransomware and other cyberattacks.

Security for your Business

A proactive approach to security focuses on eliminating problems before they have a chance to appear.  Defense in depth is the coordinated use of multiple security measures to protect the integrity of the information assets in an organization.  Your IT provider should use a defense-in-depth strategy to protect your systems from ransomware including utilizing firewalls, anti-virus protection, updates (patches), spam filters, upgrades, monitoring, backups and user training.  These and additional measures, such as encryption and access management, should be taken to protect against breaches.  This is how these security measures work.

  • Next-Generation Firewalls with Next-Gen security services to protect all private networks –
    Next-Generation Firewalls combine a traditional firewall with other network device filtering functionalities. The security services provide a package of security software technologies that are designed to stop known threats.  Optional additional security services protect against new “0-day” threats.
  • Antivirus services on each desktop, laptop and server, with the latest antivirus definitions in place –
    Antivirus is software that is designed to protect computers against malicious malware.
  • Security updates for operating systems and hardware –
    Vendors release security updates and upgrades to patch known vulnerabilities. It is necessary to install them to keep your systems up to date.
  • Spam filters for email security
    A spam filter uses specific criteria to detect unsolicited and unwanted email, and prevent those messages from getting into a user’s inbox
  • Upgrades and replacement of hardware and warranties as necessary –
    When a hardware warranty expires, the manufacturer no longer provides replacement parts. In addition, the older hardware may no longer be able to support security improvements which is a security concern.
  • Monitoring –
    Your IT services provider may install agents on your computers to alert them if the antivirus detects any threats so that they can respond and remediate.
  • Local and offsite backups of data and systems
    Image based backups allow admins to roll back to a backup image from before the ransomware incident, thus restoring systems, settings, and data, and avoiding the ransom.
  • User Training –
    Cybercriminals use Social Engineering to trick users into clicking on a link or opening a malicious file. Train your users about cybersecurity!  Even the most secure infrastructure can be bypassed through user error.
Security at home

While your IT provider protects your computers at work, you are responsible for keeping your home computers secure.  The security of your home computer and devices are especially important for your business if you use them to access company data.  Here are the basics for proactive security at home.

  • Be sure to install the latest operating system updates on your home computer and mobile devices, and install updates to all software applications. You can enable automatic updates for your computer.  For Windows, go to your “Start” or “Windows” button and select “Windows Update Settings.”
  • Install anti-virus protection with automatic updates enabled.
  • Use a Firewall. Your router functions as a hardware firewall, and Windows includes a software firewall.
  • Secure your home WiFi. Ensure that you are using the best security method available on your wi-fi router or access point (for example WPA2-PSK), and choose a complex passphrase.
  • When using public WiFi for your mobile device, restrict your activity to web browsing.
  • Remember the training provided in Part 1 of this blog regarding email safety and cybersecurity.
  • When installing apps on your device, be sure to only install them from the official sites: iTunes (Apple App Store), Google Play (Android), and the Windows Store (Microsoft).
  • Do not “jailbreak” or “root” your device.
  • Backup important data (to an external hard drive, USB stick, or to the cloud).
Defense-in-Depth

Using multiple layers of security controls increases overall security for your business because if one mechanism fails, other mechanisms may still offer protection from the attack.  In the event that the ransomware succeeds in getting past your layers of defense and encrypts your files, having a recoverable backup is essential for recovery from the attack.  While a backup of data alone may be satisfactory for your home, a backup of operating systems, configurations and data is essential for your business.  An image-based backup takes a snapshot of your system at specific points in time.  This allows your IT provider to roll back to a backup image from before the ransomware incident, enabling your systems to be back up in hours, rather than days.  Your IT provider should test your backup before an incident to ensure that the backup is recoverable.

Your company may not have yet implemented all of our recommended protections or may not have planned an optimal backup strategy for your business.  If you would like more information about any of the protections above, please ask us.  If you are not already a client Big Idea Technology, we’ll be happy to make an appointment for an IT assessment.