Ransomware Prevention Tips to Thwart Cyber Attacks
As we close out week one of Cybersecurity Awareness Month, it’s important that we stay on our toes against cyber threats that are lurking out there. Firms must invest time and money if they are to keep up with new threats in the landscape and update defense practices accordingly. To prevent future cyber threats from causing harm, investment firms should employ security practices that include deep layers of protection. Here are a few suggestions to keep in mind:
Back up. Unfortunately, hackers initiating ransomware attacks aren’t exactly on the up-and-up. After they’ve stolen your files and demanded a ransom, they claim files will be decrypted and restored – but those promises are typically dishonest. Odds are, even if you pay a ransom (which you shouldn’t!), your files won’t be decrypted. That means backups are the only way to successfully recover your data. Ensure you leverage a secure and reliable backup and recovery tool that will de-duplicate, compress, encrypt and securely transfer your data to an offsite data center.
Scan. To construct appropriate defenses against external threats, including ransomware attacks, investment firms should conduct regular vulnerability assessments on their networks. These assessments are critical to detecting actual and likely vulnerabilities, including potentially outdated patches. Vulnerability assessments scan for malware, viruses, backdoors, hosts communicating with botnet-infected systems, known/unknown processes and web services linking to malicious content.
Patch. If you rely on a managed service provider (MSP) for cloud services, you may already have this covered. If not, consider leveraging a patch management service to stay ahead of the latest bug and security fixes and reduce the risk of malicious exploits. As widespread ransomware outbreaks have shown us, it’s critical for firms to continually patch Windows servers, workstations and third-party applications to limit the potential risks able to penetrate firm networks.
Phishing. Email wasn’t the culprit with the Petya or WannaCry ransomware variations a few years back, but it often is. Phishing attempts account for more than 80% of reported cyber incidents and depend on human error for their success. We strongly recommend financial and investment firms leverage a managed phishing simulation tool to test users’ knowledge and information security awareness on a regular basis. Phishing attacks have reached peak sophistication, and require equally sophisticated levels of awareness on the part of end users to prevent scams before they cause irreparable harm.