If you ask the Authorities, they may very well tell you that you should just pay the ransom—this is hard to swallow. The answer to the problem, as with many things related to computer security, is to realise that prevention is better than cure.
1. Backup your data. Don’t just backup your data to a separate partition or an external drive (as ransom ware might attempt to corrupt it if it can be reached directly from your computer) but also consider cloud services. Of course, as with any cloud-based service, privacy and security remains a priority so ensure that you’re not just doing backups, but that the backups can be restored easily and that they are being stored securely.
2. Stop running as administrator. The vast majority of users do not require admin rights when going about their normal business online, but every minute they use the computer with administration-level permissions they are increasing the chance that ransom ware might manage to encrypt and corrupt essential databases and other files. When you are using your computer with admin rights, avoid browsing websites or opening email attachments.
3. Don’t run software from unapproved sites. Always be suspicious of unsolicited messages, links and attachments, especially if you were not expecting to be contacted in that way or if the wording seems out of character.
4. Keep your computer up-to-date with the latest security patches, as ransom ware will often use unpatched vulnerabilities as a vector for infection.
5. Consider running an ad blocker, as ransom ware attacks have frequently been launched via booby-trapped poisoned ads.
6. Reduce the attack surface by uninstalling unnecessary plugins where possible (for instance, Silverlight, Flash, Java, etc…)
7. Run endpoint protection on your desktop, laptop and smartphone if possible, and make sure that you are leveraging all of its features. Ensure it is kept up-to-date as tens of thousands of new malware variants are identified every day. In addition, run anti-virus protection at your web and email gateways to help block attacks.
8. Do not enable macros if you do click unsolicited Microsoft Office attachments (WORD documents, PowerPoint presentations, Excel spreadsheets), received via email unless you are confident it is safe to do so. It can be a good idea to install one of Microsoft’s free Office viewers to open such files by default.
9. Keep you and your colleagues clued up about computer security threats. The last line of defence is you – as you’re the one who clicks on a link, visits a website or opens an email attachment. Taking an active interest in infosecurity and sharing your knowledge with your fellow workers can go a long way to making the workplace safer.
If you have worries or just want advice, we encourage you to give us a call on 01708 547 000
