“We’ve been compromised.” Those three little words are sure to keep you tossing and turning at night. Maybe an unauthorized user has accessed your data. Perhaps you’ve discovered an end user’s screen being recorded. Maybe your critical business applications have been encrypted by ransomware.
It’s the stuff of nightmares.
So, how do you return to a restful night’s sleep? It starts with securing your endpoints.
The endpoint security best practices you need to implement now
In this day and age, your critical systems, applications, and data are under a constant state of threat.
Here’s how you can help ensure business continuity.
Implement robust endpoint security solutions
Your endpoint security infrastructure is your first line of defense against the growing cyber security threat.
So, as you assess your current solutions, make sure you have these capabilities in place:
- SMTP traffic scanning for email
- Robust spam filtering
- Frequent traffic monitoring
- Up-to-date antivirus software
- Behavior-based solutions
- White and black web browser lists
- Unauthorized mobile device access prevention
- Mobile device data recovery solutions
- Physical, removable device blocking (i.e. USB)
Update your password policy
While multifactor authentication and biometric security can help you fortify data security, there’s still value to requiring strong passwords from your end users.
And, best practices here have changed. The National Institute of Standards and Technology now recommends forgoing:
- Periodic password changes
- Arbitrarily complex format requirements, like upper and lower case, numbers, and symbols
These requirements ultimately result in weaker passwords, as they place too much cognitive load on end users.
Instead, you’d be wise to require longer passwords (with an eight character minimum) and screen those passwords against those that have been previously compromised or are commonly used (a.k.a. Password1, monkey, and opensesame).
Keep your systems up-to-date
Unpatched software and systems are akin to rolling out the ole’ malware welcome mat. That’s because many popular exploits, including the infamous WannaCry virus, infect systems through unpatched security flaws.
As such, we recommend you:
- Immediately install updates and patches
- Scan software and systems to identify unpatched security flaws
These important steps will enable you to resolve vulnerabilities before cybercriminals can exploit them.
Limit user access
Perhaps the most effective way to reduce the impact of malware is to give users only the permissions they require to do their job—otherwise know as the “Principle of Least Privilege.”
This way, if an end user’s workstation becomes infected, you can limit the damage lateral ransomware might otherwise do. This is particularly vital when it comes to backup access, since your backups represent your last, best hope for mitigating ransomware damage.
Disable scripts, autoruns, and macros
Scripts, autoruns, and macros are frequently exploited by malware distributors. That’s why we encourage organizations to disable autorun—and enable individual marcos only when necessary.
Remote Desktop Protocol is incredibly useful to systems administrators who want to access remote workstations. It’s also useful to hackers who want to exploit those same workstations.
That’s why we encourage you to:
- Block RDP from being able to scan from open ports
- Employ multifactor authentication and strong passwords
Implement regular end user training
The only people standing between your systems and a shady-looking “.exe” file are your end users. And, properly trained, they can help you reduce ransomware infections by up to 97 percent.
Of course, practice makes perfect. That’s why we recommend you not only provide regular in-person and online trainings—but that you run simulated phishing tests to identify those who might need a refresher, as well.
Keep redundant backups
No matter how secure your defense, malware will find a way.
That’s why investing in not only ransomware protection—but ransomware recovery, too, is so important.
We recommend you implement multiple backups, in case one is compromised. Consider keeping copies locally, off-site, and in the cloud so you’re empowered to recover no matter what the malware might throw at you.
The current ransomware landscape
Okay, we’ve covered the endpoint security best practices you need to know. Now, let’s take a peek at what exactly is coming for your data.
From spray-and-pray ransomware infections to targeted ransomware attacks, the threats to your data are mounting.
Here’s what you need to watch for…
Encrypting ransomware—well, it’s pretty self-explanatory, right? These strains encrypt your files and demand payment (often in Bitcoin) in exchange for the corresponding decryption key.
Of course, even if you pay—and we highly recommend that you don’t—there’s no guarantee you’ll get your data back. Cybercriminals aren’t exactly known for their customer service.
Keep in mind that this malware can affect all types of operating systems—not just Windows. While there’s a myth floating around that Linux systems are immune, that’s just not the case. Just ask Nayana, the South Korean company running on Linux that was held hostage by encrypting ransomware.
Consider lateral ransomware the more sophisticated, older brother of encrypting ransomware. While it has all the same features as encrypting ransomware, the self-propagating worm also has the ability to travel—infecting every single system on the infected network.
This ransomware threat involves enticing users into clicking on legitimate-looking online ads. Once clicked, the fake advertisements can compromise systems by downloading exploit kits.
And, because AdGholas can hide their malicious code within images, they are significantly more difficult to detect.
Ransomware made its entrance via large-scale spray and pray campaigns. Today, however, cyber attackers are investing the time and energy necessary to target a single organization in the hopes that it will net a larger payday.
And, these targeted attacks are on the rise.
In short, it’s ugly out there.
Foil cyber attackers with rock-solid endpoint security
Malware is looming large—and no one’s safe.
But when you keep apprised of new threats and implement endpoint security best practices, you’ll be empowered to deny cyber attackers their big payday and, more importantly, ensure your organization remains up-and-running.
The art of the scam is nothing new. While ransomware attacks now fuel a continuous stream of breaking news, we only have to think back to the many distraught Nigerian princes—all who suffered the loss of their uncles and were desperate to find safe places to stash their unexpected inheritances—to remember how long these “spray…
If the ransomware threat wasn’t already keeping you up at night, surely the attack on Atlanta has left you questioning the strength of your cyber defenses and disaster recovery. Now, it should be abundantly clear to all who work in local government that you are under attack. And, it’s up to you to ensure critical…
Once again, cyber attackers are proving no one is safe from a ransomware attack. This time, it’s the City of Atlanta that has fallen victim. So, what do we know? Experts suggest Atlanta may have been infected by a variant of SamSam ransomware; the same family deployed against governments and hospitals since 2015. In this…
Like a terrible foot fungus, and not nearly as pleasant, SamSam ransomware just won’t go away. This customized ransomware strain first entered the scene in 2016 and, today, it’s powering the types of targeted cyber attacks that should give all of us pause—especially those in the healthcare industry. Just consider this: In the past three…