We can’t stick our heads in the sand here in our region and think that ransomware only happens in big cities somewhere else. All of the security experts I follow agree that ransomware exploits are one of the most profitable malware ever to be developed. This type of malicious infection will become ever more prevalent and sophisticated moving forward. The ransomware threat will affect all facets of technology from individual computers through large enterprise networks.
Aptica has several defenses in place to combat not only ransomware but all malicious software. These components work together to prevent infections and to provide a quick recovery from infections. Here are a few of our major safeguards.
Backup management: we have copies of clients’ data in three locations on properly configured devices and they are image-based and time specific. This allows for easy full system restores to a specific point in time prior to the infection.
Webroot antivirus software: this software is more proactive in how it gauges perceived threats and changes to the endpoints it is installed on. If an abnormal event occurs, the software locks down the threat. It has also been successful in dealing with ransomware threats.
Email is filtered: we filter known indicators of malicious content prior to delivery into the exchange server. A great deal of malicious software is spread through email. Detecting and blocking known email threats before they even enter a network will reduce all threats substantially.
Web content is filtered: by default we set up web content filtering software that blocks websites known for spreading malicious software. We encourage our clients to block any website that is unnecessary to business operations. This helps to limit the attack surface and exposure a company can have to outside threats.
Firewall management: we make sure the firewall is scanning both incoming and outgoing packets for known threats.
Assigning user access: each domain user account will have access to shared directories they need to complete their assigned job tasks. Ransomware spreads through network shares. If a user account has “write permissions” to a network share, it encrypts the data within that share. Limiting user access to only the data required to perform their specific job functions limits vulnerability to potentially crippling attacks.
The above listed items are components deployed to combat ransomware and other malicious software infections. There are other steps that can be taken to further lower a company’s risk and exposure, however an assessment of the current security measures in place is always the first step. Aptica is happy to discuss any of this or to answer questions about cyber security in today’s world. Call me, Jason Newburg, owner at Aptica, 260.243.5100, ext. 2001.