The recent attack on the NHS and on organisations across the globe has highlighted the risks posed by ransomware – and it’s likely to happen again to companies and public agencies in the future.
How do you mitigate the risk of an attack? Once again, a key part of your protection should be educating staff. In essence, they’re the gatekeepers to your system, so they need to know the warning signs.
Employees should be encouraged to be suspicious about emails they receive and to take care about the attachments they open, though sometimes so-called phishing emails can look innocuous.
There are tell-tale signs, though. Hostile emails will probably come from an address or a person you don’t know and may have poor grammar, spelling and layout or an unfamiliar domain name which doesn’t bear any sign of a link with the organisation it’s purported to come from.
Beyond staff education, it’s important to protect your email and web gateway. Anti-virus software can scan for malware, risk assess files and block emails that have by-passed traditional filters. Most attacks come from an attachment in an email – a single click can cause chaos. Good, regularly updated protection can block the latest threats.
It’s also important to remember that every single device on a network is vulnerable and could allow an attacker a way in. Introduce measures such as behaviour monitoring, application control and browser protection and that will create another barrier.
Then there’s the network itself. Having visibility of this allows you to highlight unusual behaviour quickly and to deal with it. Use advanced network detection and sandbox analysis and you’ll see what’s going on with your data and hopefully halt suspect traffic in its tracks.
Also remember that everything has to be properly maintained and kept up to date. Unpatched vulnerabilities and unsupported systems can allow ransomware in through an open door.
That means keeping operating systems updated and applying patches quickly after testing them on your system.
What, though, if there is a successful attack? Despite all precautions, this can still happen, and it’s then time to use backup and disaster recovery. It’s critical that you have these in place as they should be an essential part of a ransomware protection strategy.
A recovery policy will mitigate the problem by allowing you to restore your valuable data from a specific point in time, depending on how often you do your backups.
This can be done in minutes – the very latest options use the cloud, which means you can have your IT systems back up and running almost instantaneously.
This gets you working again, avoids downtime and the temptation to pay any ransom – which, in any case, may deprive you of money without actually unlocking the data. There are no guarantees.
If you are hit, then remember that distributing ransomware is a crime. Attacks should be reported to the UK’s National Cyber Security Centre. The more incidents they know of, the better their future intelligence will be.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereComments are closed on this article