Malware, especially ransomware (the act of encrypting files and demanding money for the decryption) attacks has been in news increasingly over the past few months.
Given this, EIS thought it timely to remind customers of some basic precautions and best practices that can help mitigate these attacks.
Recent attacks such as WannaCry and NotPetya have taken advantage of security vulnerabilities within Microsoft Windows. Microsoft regularly releases security patches every month for their products (such as Windows and Office. These are available via Windows Update and can be scheduled to be installed at a convenient time automatically.
Other companies such as Adobe, also regularly release updates to their software but how these updates are delivered to you can vary. For example, Adobe products tend to prompt when an update is available, providing an option to initiate the update. Other companies do not provide an update notification mechanism and will rely on you to check if an update is available. You may have contact them directly or visit their website to find out.
By promptly updating software, the chance of exploiting vulnerabilities is greatly diminished. In the case of WannaCry and NotPetya, the fix was available several months via Windows Update before the malware spread and a good patching regime would have prevented the spread of the malware.
Updating software can also incorporate retire older legacy software that is no longer maintained or approaching end of life. For example, Adobe has announced that Flash will no longer be supported by the end of 2020. Knowing this allows time to look at alternatives for software reliant on Flash as after 2020 they will become a target for malware creators.
Ensuring that devices have an anti-malware product installed is essential. After installation, it is important to regularly check it is working correctly. This includes checking the on-access scanner is enabled and configured and that is it updating at least daily.
Management of anti-malware software can be time consuming and most offer a central management solution. For McAfee this is EPO and for Sophos it is Enterprise Console. While these can help with ensuring the anti-malware is working correctly, they also bring additional requirements and are not suitable for all customers. Please contact our service desk if you wish to discuss these options further.
If malware does infect your network, the only option available may be to restore from backup. For this reason, it is vital that a working backup solution is in place that is checked daily. This could be a local/off site backup solution managed by your technician or the Remote Backup Service offered by EIS.
Not only does backup allow you to restore lost data in the event of a malware attack, it will also protect from other causes of data loss such as fire or flood.
Malware is often able to spread as users have more permissions or access rights than required. If you create new users on your network, if does not mean your day to day user account should be an administrator. Best practice in this scenario is to have a separate account with administrator privileges that is only used as required, your day to day account should be a standard user with the restrictions it entails.
It is also best practice to regularly review the files and folders user have access to. By limiting access as appropriate, should malware attempt to spread it could be restricted and constrained. However, it’s important to note that some malware can attempt to bypass these restrictions using vulnerabilities and this is where a good update regime can help.
Even with technical solutions in place and good practises it is still possible to get infected. A key defence is user awareness. For example, not using the same password for multiple sites, taking care not click to links in e-mails or pop-ups on websites that you are unsure about all help in protecting your system from malware.