For most business owners, cybersecurity may seem daunting, mysterious, and scary.
With all the examples of ransomware in the news nowadays, it seems that no one is safe.
That isn’t true, however.
There are easy tips and tools you can use to protect your business from ransomware.
Here are three easy ones you can implement today (and one you hopefully never have to use!)
Newer Windows versions come with a handful of great features for securing your computers.
One of these features is Windows AppLocker.
You can use Windows AppLocker to define which applications should be allowed to run on your machines (AKA application whitelisting). If your IT environment is well-managed, you should already have a detailed overview of what software runs on your clients.
With AppLocker, you can easily allow users to use the software they need for their daily business, but deny them access to any other software that hasn’t been approved by the administrator. By using Windows AppLocker, you will likely prevent the vast majority of infections these days.
AppLocker is fully integrated into Group Policy and System Center Configuration Manager.
EMET is a tool that helps you to prevent the exploitation of unpatched vulnerabilities in the Windows operating system or any other software installed on the computer.
This way, EMET provides you with some sort of “0day protection” against known and unknown software vulnerabilities that you have not yet patched on your clients yet or for which no patch exists at the moment (0day exploits).
Using EMET, you can mitigate the vast majority of the attacks from exploit kits that are threatening and infecting your users every day.
EMET is fully integrated into Group Policy and System Center Configuration Manager.
As an enterprise, you should block any dangerous attachments entering your network, by either blocking them at your network border or sending them into the users quarantine.
The following file types/extensions should be considered dangerous for your environment unless you are expecting an attachment of that type:
Be sure that you filter out such attachments, regardless of whether they are:
In addition to the file extensions above, you should also block any email attachment that include Macros (e.g. Word, Excel or PowerPoint attachments that come with Macros). You can either block them at your email gateway or by Group Policy, e.g. by denying Macros or by only allowing signed Macro to run.
Macros are a very famous infection vector these days to spread Trojans, including Ransomware.
If you are reaching this page and it is already too late (meaning you have already become a victim of ransomware), you may want to take a look at the following websites. In some cases, it is possible to decrypt files that have already been encrypted by ransomware without paying the ransom.
This will depend on the Ransomware family and the encryption used by it.
The recommendations made above can be considered a starting point when it comes to defending against ransomware. However, there are many other things you can do to prevent you from becoming a victim.
The following links will provide you with further reading on potential mitigation strategies:
If you found this post helpful, please be sure to share it with your peers. Online security benefits us all and will only become more critical as technology’s presence grows in our community.
Get informed. Stay safe.