24 ways to protect against Ransomware / Cyber Attacks

How can a small/medium sized business protect against ransomware and Cyber-attacks? I believe that’s by reducing your exposure through limiting your IT ‘surface area’. Small adjustments to your IT infrastructure can make your systems significantly more secure. No system is completely safe though, so plan for the worst and hope for the best!

A few years ago, malware was usually just an inconvenience, but it now has the ability to cause serious data loss and major business down time

A brief outline of some security considerations:

1.      Have a formal business process in place should you receive any communications from a supplier asking you to change bank account details for making payments so that the request can be verified as legitimate

2.      Ensure you have a good quality monitored backup solution in place which covers all business data you wouldn’t want to lose

3.      Have a disaster recovery plan that has been tested and updated every 6 to 12 months, think business continuity. Ensure responsibilities are clear and that all aspects of your IT/Comms environment are covered

4.      Have a documented process in place so that when staff leave the business all their various accounts are disabled/deleted immediately

5.      Ask your employees to take extra care, and only use their computers for business usage. Create an internal IT policy which clearly defines acceptable use. Update this document as technology changes

6.      Staff opening suspect emails is still a prime route into your PCs. Train staff and consider using a free third-party service like https://www.knowbe4.com/phishing-security-test-offer to see how prone they are to phishing emails

7.      Ensure your IT systems are updated often with the latest security patches and firmware

8.      Spread your IT risk, use a mixture of cloud services and onsite IT solutions

9.      Change over to a firewall with integrated security services, have your existing firewall policies reviewed. Don’t use a normal ISP supplied router which has next to no protection

10.   Retire old vulnerable software and hardware from your business

11.   Ensure your staff are aware of the risk of inserting an unknown USB drive

12.   Implement Mobile Management policy for your company laptops, tablets and mobile devices

13.   Upgrade to latest wireless security protocols, get rid of WEP protocols, ensure you separate your wifi networks so that any guest’s devices are completely isolated on a separate network

14.   Look at 2 Factor authentication (2FA) for protecting access to critical parts of your IT systems

15.   Add additional layers of security to email, even if it already comes with security built in. Standard filtering is often not good enough

16.   Change your passwords every couple of months, ensure you use complex passwords and don’t recycle passwords or share them!

17.   Would your business benefit from DDoS protection for critical internet connections or websites?

18.   Is your data 100% safe in the cloud, think about backing up your cloud services such as Office 365, Dropbox, Google etc

19.   Allow only authorised devices on your network using network access controls solutions where appropriate

20.   Think about Encryption for laptops, tablets and removable storage devices, consider a Data Loss Protection solution

21.   Run Security audits or independent Vulnerability Scans against your computer systems

22.   Ensure you have a relationship with a professional IT Services Auckland company that can improve your IT security and help if the unfortunate happens

23.   Desktops and Laptops should be protected by anti-malware not just antivirus

24. Did I mention backups?