Each week it seems there is news of more organisations falling victim to ransomware attacks, a popular form of malware. This week it’s a fertility clinic (or actually one of their processors that scans medical records for them) and a house conveyancing company. In both cases, there was significant disruption to people’s lives, as well as the possibility of personal information being published on the internet. In fact, an increasing trend is for attackers to not just demand money to unencrypt the data (which is never guaranteed) but that they threaten the publication of data on the internet as well.
So what can your organisation do to protect itself?
I attended a webinar from the National Cyber Security Centre recently and the key takeaway points for me were:
- Take the risk seriously, as it could happen to you
- By far the most popular entry points are incorrectly exposed RDP services, and email phishing
- Make sure you have complete, reliable offline backups as part of your backup strategy, so a ransomware attack can encrypt that too
- You should assume that some time, malware will infiltrate your organisation
The following recommendations are based on NCSC guidance and especially ‘Mitigating malware and ransomware attacks‘, but please check out the resources on the NCSC website, make an action plan and update it regularly. These are the highlights, but there is much more detail in the link above:
- Adopt a ‘defence in depth’ strategy – since there is no way to completely protect your organisation against malware infection, you should adopt the strategy of layers of mitigation
- Make regular backups (and test them) – The NCSC recommends a 3-2-1 approach – 3 copies, on 2 devices, and 1 off-site. Your off-site backup may well be to the cloud, as long as it’s offline to protect any malware from encrypting that too.
- Prevent malware from being delivered and spreading to other devices – Use Mail filtering, security gateways and safe browsing lists; disable or restrict RDP, enable MFA and use VPN’s; and of course ensure you implement the latest security patches; sign up to the NCSC’s early warning service.
- Regularly train your staff – perhaps using the NCSC’s free e-learning ‘Staying Safe Online: Top Tips for Staff‘
- Prepare for an incident – Plan for an attack with a robust incident management plan, which should include the scenario of losing 100% of your IT (so make sure you have a paper copy of your incident management plan!). Consider using the NCSC’s ‘Exercise in a box’
Please don’t ignore this, as your organisation will be affected one day, and we want you to stay safe and continue to deliver your impact. If this raises questions, then please do get in touch. You can contact us by email but it will probably be better to book a free 20-minute insight call.