Jon Thordarson / 3. May 2016

Ransomware & Data Protection

Since I wrote about Ransomware and backup a few weeks ago there has been some further development and increased risk for organisations of all sizes and shapes.

Over the past few weeks there has been a huge surge in Ransomware attacks in UK and according to ESET’s LiveGrid telemetry about 25% of all cyber-attacks in the UK were ransomware-based during the seven days from April 19 to 26.

Read more on techradar.

Is your business safe?

Data Protection is getting even more critical in the light of the Ransomware surge currently happening.
The extended Ransomware encryption technology reach to Mac users is also worth noting and a worrying thing.

It allows them to target an even bigger group than before with the first ever Mac Ransomware, KeRanger.

Due to the sensitivity of the subject, we don’t hear a lot about these infections but we can only assume that they are costing organisations quite a sum already and that cost will only increase. Don’t be one of the victims!

How to protect your business

The biggest focus for organisations should be on prevention and backup.
Prevention includes protecting users and networks from exposure points such as:

  • Email is commonly used to distribute ransomware.  Authenticating inbound email and protecting mail servers should be a priority
  • Websites and malicious ads are an area of concern. Having a proper ad blocker or simply blocking certain sites would go a long way.
  • AV Systems up-to-date file scanning and on-access/file changing is something to use and monitor

Backup your organisations critical data and make sure that:

  • Backup solution, make sure you have a proper cloud backup solution in place.  Something that transfers data from your site quickly, efficiently and above all securely.
  • Backup policy, make sure to have a proper backup policy in place.  The policy should aim to fulfill regulatory compliance, your organisation compliance and malicious intent scenarios, whether they are of intent or not.
  • Backup retention, the backup policy and retention work hand in hand but the retention is quite important to allow your organisation to retrieve data from a certain point in time.  This should be carefully considered, implemented and documented.
  • Backup policy testing, keep your backup policy documented and perform tests regularly. Aim to test both the smaller aspects of your network such as simple files or folders restores.  Also test the bigger aspects such as entire servers/systems and applications recovery.  Simulate DR scenarios for isolated parts of your network to allow your IT department to work through them.

 

Carefully select your cloud backup service provider and make sure that they have the reputation, capacity and professional service level to meet your organisations needs.

 

We are always happy to help and advice if you have any questions.  Feel free to chat with us on our Live Chat feature here on our website or email us at sales@datastring.com.

 

 

Facebook
GOOGLE
https://www.datastring.com/ransomware-data-protection/
Twitter
LinkedIn