Basic IT Hygiene to Prevent Ransomware-10 Steps All Financial Firms Must Take

by | Mar 3, 2020 | Employee Productivity, Security, Strategy

Basic IT Hygiene to Prevent Ransomware

These are some thoughts from John Wooden, legendary coach of 10 UCLA Bruins NCAA Championship teams, which included notable NBA Hall of Fame players, Kareem Abdul-Jabbar, Bill Walton, and Gail Goodrich.

“I believe in the basics: attention to, and perfection of, tiny details that might be commonly overlooked. They may seem trivial, perhaps even laughable to those who don’t understand, but they aren’t. They are fundamental to your progress in basketball, business, and life. They are the difference between champions and near champions. For example, at the first squad meeting each season, held two weeks before our first actual practice, I personally demonstrated how I wanted players to put on their socks each and every time: Carefully roll the socks down over the toes, ball of the foot, arch and around the heel, then pull the sock up snug so there will be no wrinkles of any kind.”

Want to limit the chance of you ever getting hacked with a ransomware infection?  Then, it’s time to take a holistic approach to your cybersecurity and protect yourself from an outbreak. Increasing your security posture and protecting yourself is basic IT hygiene to prevent ransomware—just like putting your socks on properly.

The Top 10 1/2 Basic IT Hygiene Steps To Prevent a Ransomware Attack You Should Be Doing Right Now

 

Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication               

― James Scott

 

 

 1. Turn on Multi-Factor Authentication (MFA), like yesterday – Are you OK knowing that a hacker in Russia could be trying to login to your system by trying random passwords over and over again? It is not a secret that most user passwords are pretty poor so the chances of a hacker succeeding are fairly high. By turning on MFA, you make it 10x more difficult for the hackers so they move on to easier targets. Do it now and I mean RIGHT NOW. Make a list of all your applications and methodically turn MFA on in each one of them.

 

 2. Filter Email – Use a good 3rd-party platform to scan all emails before they ever make it to the users. The filtering platform scans for spam, spyware, viruses, ransomware, and any other rogue messages. Find one that also does sandboxing for extra protection.

 

 3. Use a Robust Anti-Virus/Anti-Spyware app – Use something better than the free Windows version. Leveraging an AI-based platform has been proven to give superior results with less impact on the computer (gone are the days of booting up and have an anti-virus app run for hours slowing down your machine).

 

 4. Run Regular Backups – Backup ALL your data locally and to the Cloud. Make sure the backup data is encrypted and the Cloud side is locked down so no one can delete those backups.  Most importantly, have a procedure in place to test the backups and report on everything.

 

 5. Educate, Educate, Educate – The more people know about cybersecurity and ransomware, the less likely they will do something that leads to a ransomware outbreak (e.g. falling prey to a phishing attack). A good education and training program can reduce the risk of getting hacked by user mistakes by as much as 80%.

 

 6. Develop an Incident Response Plan – Do yourself a favor and create one now before you need it. Not if, but when something bad happens, you should have a plan in place for how to communicate, who from your team will be involved, and steps to get past it. Just do a Google search and find yourself a template to use to start.

 

 7. Document Your Policies and Procedures – Write down all of your IT best practices, policies, and procedures. Review these, at least, annually to ensure they are up to date and still viable.

 

 8. Install Software Updates Regularly – Did you know that many of the hacks you read about in the news happen because a computer was not updated? This is easily avoided by just doing the updates and having reporting in place to make very sure you are in good shape.

 

 9. Limit User Rights – Not to impact their work, but to help with security. For example, does the user really need administrative access on their laptop? If they don’t, then don’t give them admin rights. This way rogue apps, like ransomware, cannot be installed in the first place. Same for rights of files and folders on your network/Cloud.

 

10. Buy Cyber Insurance – Make sure you have coverage for liability and business loss. Also, make sure that you are aware of the exclusionary “gotcha’s” so the insurance actually covers what you need it to cover when you need it. Don’t ignore all the recommended cybersecurity best practices and expect the insurance company to payout.

 

The 1/2  (OK so maybe more than a 1/2….)-  Do the basics! Use long complex passwords, Use a password manager so every system has its own password, Don’t use your corporate login for any 3rd party (IE: LinkedIn), Change your WIFI access point password(s), and Do not email out sensitive information unless it is encrypted.

 

Takeaway

I get it. Something “basic” for me may not be basic for you. Shoot me an email (jahlberg[at]waident.com) or give me a call (630-547-7011). I can help explain items in greater detail and give you good options for the different security platforms I mentioned above.  The socks part, not so much.

 

Dig Deeper on Basic IT Hygiene to Prevent Ransomware

 

 

John Ahlberg, CEO, Waident Technology Solutions

John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.

Subscribe

Related posts

9 Steps Manufacturers Can Take to Prevent a Ransomware Attack

9 Steps Manufacturers Can Take to Prevent a Ransomware Attack

Recent attacks on critical suppliers in the gas and food industries have illustrated how hackers attack easy targets, inflict serious pain, and extract easy money from pressured executives. Using what we've learned from recent attacks here are 10 steps manufacturers...

Choosing an MSP: No. 2. Strategic Alignment and POV on IT

Choosing an MSP: No. 2. Strategic Alignment and POV on IT

Does the MSP share our vision for IT and its purpose? Financial viability is critical for an MSP. Prudent financial management ensures that the proper investments are being made in the business and that the MSP can survive the booms and busts of technology trends....

Share This