Over the last few weeks, we’ve talked about ransomware: what it is, how attackers get in your systems, and the damage it can do. In all honesty, it’s been kind of bleak.
This week and next week will be much more encouraging if you’re concerned about ransomware and the security of your systems. Even though ransomware is threatening, you can protect yourself. Of course, we cannot guarantee 100% that if you do these things, you’ll never experience a ransomware attack; the technical world is ever-evolving and new threats present themselves every day. However, there are tried and true defensive measures that are built to protect you from threats like ransomware.
If you take a look at the CERTNZ graphic that we’ve been following for the past few weeks, you’ll see little colored hexagons scattered all over with a key at the bottom. These are the protections we’re looking at. The hexagons are strategically placed on the graphic where they would be utilized in the event of a ransomware attack. For instance, you see that a purple hexagon stands for Multifactor Authentication, and that a purple hexagon lies in between Username/Password and Internet-Exposed Systems. That means that even if a criminal gains access to username and password login credentials, multi-factor authentication would stand in the way of them gaining access to internet-exposed systems, effectively stopping the attacker in his tracks. For the sake of brevity, we won’t talk about every single protective measure, but we’ll look at most of them.
Let’s take a quick look at the first few protective measures.
1. Password Manager – A password manager is a system that allows you to securely store passwords, usernames, security questions, etc. I could talk for a long time about the importance of password managers, but the short version is that password managers allow you to do 3 things: a) stop writing passwords down on sticky notes where they can be seen/lost/stolen, b) use auto-generated passwords that are much stronger and safer than most passwords we think up in our heads, and c) eliminate the need for remembering long, intricate passwords.
2. Logging and Alerting – Logging and alerting refers to the standard of keeping records of all activity on a device/network and alerting you to any potential problems. For instance, it is standard practice to keep logs from your firewall so that you can go back and see every single piece of activity that the firewall allows and blocks which can give insight into unwarranted activity on your systems, misconfigurations in the firewall, and even attempted fraud that was blocked by your system. Now if you apply that concept to every aspect of your technical system, you can see why logging and alerting appears in almost every step of the ransomware-defense process. If an attacker is in your systems, preparing for a ransomware attack, you should have logs of exactly what they’ve done and alerts to tip you off to the unwarranted activity.
3. Multifactor Authentication – MFA is an extremely important—and sometimes underappreciated—security measure. We utilize MFA quite a bit here at Sterling Ideas, so Sterling and I wrote a blog series last year diving into all the details. Feel free to go read those when you get the chance, but for now, I’ll give you the short version. MFA is a security tool that adds an extra step of authentication (and protection) when you sign in to various accounts or apps. This extra layer of security can look like many different things. For instance, you may have to type in a code that is sent to your phone, answer a call and press a certain button, click Accept on an alert, or scan your fingerprint. Basically, if someone steals/phishes/guesses your username and password for a program, they won’t automatically get access because MFA will block it. A ransomware attacker in Russia might be able to guess your password, but he doesn’t have your fingerprint to authenticate the login.
4. Patching – I like how “patching” is termed because it segues into a good analogy. Imagine you’re walking into work and look down, and there’s a hole in your coat. Your coat is serving a very important purpose—clothing you, keeping you warm, presenting you professionally to colleagues and clients. The hole isn’t good, but the coat is. So you patch it. Maybe you put a temporary patch on your coat until you can take it to a professional, but nevertheless, as soon as you see a hole in your coat, you patch it. This is what we do with software. If we notice that software has a security gap in it, we patch it. We might have to put a temporary, not-so-pretty patch on it at first, but we never knowingly ignore a hole in security. Your software is serving an important purpose—storing data, providing functionality to your business, connecting you to other services. Patching helps us keep software up-to-date and secure so that you never lose functionality.
Therefore, if criminals are trying to infect your systems with ransomware through a software weakness, patching actively defends your systems by remedying those weaknesses.
I’m sure you can see how all of these protective measures help defend against ransomware, but these security controls also defend against phishing, other types of malware, hacking, etc. Next week, Todd will talk about a few more security measures that are imperative for your business’s protection.