The Best Defense Against Ransomware and Spoofing
When it comes to cyber security, two of the biggest threats are ransomware and email spoofing.
What is Ransomware?
What makes ransomware so insidious is the way it manifests itself. A ransomware attack literally hijacks company files, encrypting them and making them inaccessible to the owner. In fact, the city of Baltimore recently fell victim to a ransomware attack. As a result, municipal files such as building permits and application forms were inaccessible for weeks while IT experts worked day and night to resolve the problem.
Email spoofing is another common and highly dangerous form of cybercrime. Although employees might be trained to view outside emails with suspicion, email spoofing is known to create communications that appear to be legitimate, essentially catching workers with their guard down.
So what can businesses do to safeguard their systems?
User Education and Training
As with so many things in the world of cyber security, the best defense against a ransomware attack is eternal vigilance. Safeguarding your company from ransomware begins with a robust user education and training program that focuses on actionable intelligence workers can follow.
A quality backup is another critical ransomware defense. Since ransomware works by encrypting files and holding them hostage, a full backup, stored in an offsite location disconnected from the internet, is your best defense. If duplicate files are readily available, attackers lose the upper hand and the threat they pose is greatly diminished.
The Best Defense Against Email Spoofing
Email spoofing is another cyber security risk to watch out for. With this cyber risk, communication that appears to be legitimate and internal is actually malicious and external.
Email spoofing could be used to trick executives or managers into revealing critical proprietary documents, or the finance team into sharing bank account information.
That compromised information could then be used in a variety of nefarious ways, from emptying the company bank accounts to selling information to competitors. Even so, there are steps you can take to reduce the risk of email spoofing.
Security measures to prevent this email spoofing can take a number of forms, including two-factor authentication that sends a code to a user’s smartphone or a backup email address. Since both the password and special code are required for access, two-factor authentication is far safer than its single-factor equivalent.
Other security measures used to prevent and detect email spoofing include backend processes like DMARC and DKIM – essentially maps that show precisely where a given email originated. With these mapping processes in place, employees can analyze incoming emails in real time and report suspected email spoofing right away. If your business is located in Wisconsin, supposed internal emails coming from China or India would be a major red flag.
Robust Protection is the Key
Whether you are defending against ransomware attacks or trying to prevent email spoofing, there are best practices you should be following.
- Respond quickly: Real-time threat detection and a rapid response time are necessities when defending your network against cyber threats.
- Install a firewall: Be sure your organization is using a business-class firewall, malware and anti-virus protection.
- Keep equipment updated: Stay on top of patches and updates for company equipment, including personal computers, laptops and servers.
- Consider Mobile device management: (MDM): All mobile devices should be promptly patched and protected.
- Update operating systems: Ensure that all equipment, including company servers, are running on fully supported operating systems. Be sure to update your equipment when it reaches the end of life. Hackers often target operating systems where support has officially ended, and businesses that continue to run such systems are at elevated risk of attack.
- Invest in managed security: Consider investing in managed security as part of your cyber defense strategy. Managed security is often the best way to detect problems before they turn into a crisis.
- Test your backup: While a solid backup solution was previously mentioned, it is important to note that a regularly tested, offsite backup can be the difference between the simple task of restoring a backup and your sensitive data being held hostage.
What to Do When Your Network is Compromised
Even the most robust defense strategy is not foolproof, and ransomware and email spoofing attacks are always a possibility. Hackers and other cyber criminals are constantly updating their modes of attack, seeking to overcome defenses and trick employees into revealing insider information and financial data.
So what should you do if you are victimized by a ransomware or email spoofing attempt?
Once you verify your backup is available and valid, determine whether the compromised machine is worth salvaging. In some cases, a simple cleaning could uncover the ransomware and remove it, but in other cases, the computer will be too compromised to recover. In those cases, a hardware replacement is the best course of action.
The final step in the recovery process is critical, and that involves the proactive protection of company equipment from future attacks. Ransomware attacks and email spoofing do not happen in isolation – they are ongoing dangers that pose real threats to businesses of all sizes.
If you need help developing, implementing or updating your cyber defense strategy, Ontech Systems is here to help. Our security experts can help you assess the quality of your current plan and the risks your company currently faces. Just give us a call at 262-522-8560 or contact us online for more information so you can keep your network – and your data – safe from harm.
Ready To Talk?
A quick 10-minute call is all it takes to see if we’re a good fit. If we aren’t for whatever reason, we’ll point you in the right direction.