Security recommendations to help prevent ransomware

Recently we have seen an increase in the activity of malware and ransomware throughout businesses. Ransomware usually comes in via infected emails and due to weak credentials. We advise to always keep vigilant whilst using your computer.
Ransomware encrypts files, making them unusable and they will then need restoring from backups. It is documented that small businesses can lose £100,000 due to repairs and downtime if they are affected by ransomware.
Below are recommendations that You Systems suggests to help keep your business secure.

Top Tips
• If you receive an email from an unknown sender do not open it.
• If you are not expecting an email with an attachment do not open it.
• If you have any suspicions that a website does not look genuine – close it.
• Do not allow anyone to access your computer remotely unless you trust the individual.
• Always have strong unique credentials.

Passwords and Accounts
• Make sure all passwords used are secure. Using numbers, uppercase and lowercase characters. Adding a symbol is also advised. Do not use common words, such as “password” or “welcome”. Use a minimum of 8 characters. Change every 3 months.
• Each user password should be completely different.
• We do not advise you keep passwords stored, but if required please make sure the method you use is secure.
• If a user leaves, make sure the accounts are disabled straight away to prevent unauthorised access.
To change your windows password press ctrl, alt and delete then select change password and follow instructions.
A password policy can be put in place to force the above if required.

Anti-Virus
All devices on your network require an anti-virus solution as a minimum precaution. Please check that an anti-virus software is installed on your device, if you are unsure please ask. If additional anti-virus licenses are required please get in touch.
We recommend not allowing unknown devices to access your network, this may include visitors or home devices.
On top of your anti-virus, we advise an anti-malware solution and a hardware firewall. These can be quoted on request for the number of devices required to be covered.

End of Life Dates

Workstation
Windows XP devices have not received security patches from Microsoft since April 2014.
Windows Vista devices have not received security patches from Microsoft since April 2017.
Windows 7 devices will stop receiving security patches from January 2020
Windows 8 devices are required to be upgraded to Windows 8.1.

Server
Windows SBS 2003 stopped receiving security patches in April 2014.
Windows SBS 2008 will stop receiving security patches January 2020. Exchange stopped receiving security patches in April 2017.
Windows Server 2008 will stop receiving security patches January 2020.
Windows SBS 2011 will stop receiving security patches January 2020.

If Microsoft no longer supports your device this is a vulnerability and means your whole network is unsecure. We advise to cease using these and contact us immediately.
Please bear in mind the end of life dates so that you can make allowances to replace these in plenty of time.

Backups
It is extremely important that you have a current backup solution onsite, be it to recover accidental deleted files, restore from a system failure or restore from a ransomware attack.
If you have a server onsite then documents should be saved onto this and not kept on the local machine.
We advise that you change the backup drive/tape every day, in the morning, unless we have stated otherwise. Ransomware can infect backup drives and we may need to go back to the previous drive. If this is a week old or longer, can your business afford to lose that much data?
You are responsible for all data and backups. Any data loss can be devastating for businesses, 75% of businesses that suffer from data loss fail within 1 year.
As one of our many services, we do offer onsite and online backup solutions. Please enquire for pricing.

If you need any more information regarding any of the above or have any concerns about your site security please contact us.

This entry was posted in Security and Malware, Uncategorized and tagged , . Bookmark the permalink.

Comments are closed.