IT Blog

hackers ransomware
Quick Tips

Your IT checklist to keep safe from Ransomware and other threats

Two great lists from two great sources in two days, so thought I would compile a list of my own to try and make it a bit more understandable for smaller business, but thanks to US Cert and SentinelOne for the inspiration. We all love lists and no better thing to have a list of them making sure IT systems in your home or business are safe.

1. Passwords
The worst invention of the last 100 years. There are ways to eradicate the needs for passwords using technology like FIDO (using a Yubikey) , which is commonly available today but not widely adopted. So in the meantime please do not re-use the same password on different websites or apps and pick a strong password, 12 characters or more long …. most likely a combination of phrases and numbers and possibly some special characters. Don’t write them on a piece of paper that you stick to your monitor, hide them well or better yet use a password manager like Keeper, 1Password or Lastpass.

2. Enable Multifactor Authentication (MFA or 2FA)
Google Authenticator or a Yubikey are likely the most secure forms of MFA. Do not use any text/SMS or email based 2FA method. Use MFA for your Office365 and other email accounts and any other websites you use that offer it.

3. Filter Email
Use a good email filter that can filter out all the spam, phishing and other malware. Third-party hosted systems are best, the ones built into some desktop Antivirus software are not the best way to do it.

4. Training your staff
Conduct Internet Security Traning for your staff, so they know what good password practises are and so they know how to spot phishing and other attacks.

5. Do your updates
Ensure Windows update is working, when it asks you to reboot please do so. Keep up-to-date with all other software updates. Better yet get a patch management system to ensure ALL the software on your computer is being updated.

6. Everything else on your network is a threat
Guests connecting to your Wifi, your broadband router, the printer, the access control system … every single device on your network has weaknesses that can be exploited. Where possible put them on separate networks and make sure they are up-to-date with any patches. So this means look at Wifi guest networks and Vlans.

7. Does Bob need admin rights?
One of the best ways to protect a system is not to give everyone unnecessary access to everything. Users should not need Admin rights on PCs and only a very select few should have admin access.

8. Immutable Backups
I know you think you have a backup. I also know the chances are that nothing has been written to that backup disk in the last 2 years is 70% and that there is a 100% chance you have never tested that you can restore the data. You need to have a physical backup and a cloud backup, both need to be run regularly and tested every few months. The cloud backup should be from a provider that can provide immutable backups and it needs to be enabled! Immutable backups are read only and can not be deleted by anyone, not you, not an administrator or any bad guys and not by ransomware

9. Browser plugins
When installing plugins in Chrome, Firefox etc, take care what they are and consider if you really need them. Apart from being a security risk, they can slow down your browser.

10. Get rid of old computers properly
If you have old computers in your office that are hardly used, are they up-to date with their patches? Do they have any form of Anti-Virus even active on them? Are they running Windows 7? Get rid off them, but ensure you wipe all your data first.

11. Get a good firewall
Some people will debate if firewalls are needed since your basic fibre modem has a “firewall” built in. Sadly is like trying to stop a forest fire with a single bucket of water. Proper Next Generation hardware firewalls are powerful and have an array of technology that inspect all traffic coming into and going out of your organisation. They are the first line of defence and are a critical part of the combination of tools that should be deployed to keep threats away.

12 Anti-Virus
Traditional Anti-virus is all but useless. Common household names for AV products spend big money selling you, but they are becoming part of the problem. Not only do they lul uses into complacency, but they also have far from a 100% detection rate and their brand names are frequently used in phishing campaigns. Our advice is to use a trusted local IT company to sort this out for you and don’t purchase online. Business needs to be using Next Generation Anti-Virus that uses AI and Active EDR, this allows the detection of yet unknown viruses and other threats.

13. Secure and Renew your domain!
Ensure your annual domain registration for your domain is renewed on time, it can expire and take your email and website down with it. Make sure you have a good password and 2FA enabled on this one. Make sure the domain is locked.

14. Protect your email accounts and web hosting
I mentioned in point #1 to ensure you have 2FA enabled on your Office365 account, which 70% of business in New Zealand seem to use. If your email is with a hosting provider and you have access to that billing and/or control panel, ensure you have a good password and 2FA turned on.

15. If you have an allow list, white list or anywhere access to things is regulated (such as on your firewall or an access control list on your server, mail server or filter) REVIEW the list. Remove any IP addresses you don’t recognise or don’t absolutley need to be there. This includes removing any 3rd party support organisations.

16. Conduct an external network scan to ensure there is nothing open to the outside world that should not be.

17. Depending on your size add a Honeypot, essentially a computer on your network that looks enticing to hackers and will generate an alert if anyone tries anything. A good way to know someone has got in somehow even if they are not yet on your well-protected workstations.

18. Ensure backup recovery keys and response plans are kept offline. Most likely on a USB drive locked in a safe off-premises at 2 separate locations.

Need help to make sure you’re safe? Call Anthony on 07 222 0091

With thanks to:

US Cert – Best Practices for Preventing Business Disruption from Ransomware Attacks

SentinelOne – 11 Bad Habits That Destroy Your Cybersecurity Efforts

Leave a Reply

Your email address will not be published.