How can a small business protect against Ransomware and CyberAttacks?

We believe that reducing your exposure or IT surface area. Dealing with the weakest point in your IT setup. Small tweaks across your IT infrastructure can help to keep your head below the parapet. But remember, no system is bulletproof, plan for the worst and hope for the best!

The tail end of last week saw reports of a major outbreak of ransomware that affected NHS and many other companies around the world. Even these large organisation struggled to cope, often just resorting to backups.

NHS services across England and Scotland have been hit by a large-scale cyber-attack that has disrupted hospital and GP appointments.

The prime minister said the incident was part of an untargeted wider attack affecting organisations globally.

Some hospitals and GPs have been unable to access patient data, after their computers were locked by a ransomware program demanding a payment worth £230.

NHS cyber-attack: GPs and hospitals hit by ransomware

Before 2014, ransomware viruses would typically just be an inconvenience for you and your IT company to clean up. Then CryptoLock appeared. The virus would encrypt your company files with an unknown password. Once infected you either have to recover from backups, pay the ransom or just lose the data.

Protecting against Ransomware

A brief outline of security consideration for your business

1. Get your business a decent backup and recovery solution
2. Desktops and laptops should be protected by Anti-Malware Solution not just Antivirus
3. Ask your employees to take extra care, only use the business computers for business usage, create an internal IT policy
4. Ensure your IT systems are updated often with the latest security patches and firmware
5. Spread your IT risk, use a mixture of cloud services and onsite IT solutions
6. Change over to a firewall with integrated security services, review your existing firewall policies
7. Retire old vulnerable software and hardware from your business
8. Check software before installing or inserting an unknown hard drive or thumb drives
9. Implement Mobile Management policy for your company laptops, tablets and mobile devices
10. Upgrade to latest wireless security protocols, get rid of WEP protocols, ensure you separate your wifi networks
11. Look at Two-Factor Authentication (2FA) for protecting access to your IT systems
12. Add additional layers of security to email, even if it already comes with security built in
13. Have a disaster recovery plan that has been tested and updated every 6 to 12 months, think Business Continuity
14. Change your passwords every couple of months, ensure you use complex passwords and don’t recycle passwords
15. Would your business benefit from DDoS protection for critical internet connections or websites?
16. Is your data 100% safe in the cloud, think about backing up your cloud services such as Office 365, Dropbox, Google etc
17. Allow only authorised devices on your network using network access controls solutions
18. Think about Encryption for laptops, tablets and removable storage devices, consider a Data Loss Protection solution
19. Run Security Audits or independent Vulnerability Scans against your computer systems
20. Having your company certified in government-backed security programs such as Cyber Essentials
21. Ensure you have a relationship with a professional IT support company that can improve your IT security and help if the unfortunate happens
22. Did we mention backups?

If you like to find out more about Security solutions for your business, please contact David or Jamie on 0131 225 2215 or info@dunedinit.co.u