Recent Posts

Categories

See all

Archives

See all

NIST Releases Tips and Tactics For Dealing With Ransomware

Hijacking information and disabling networks have been standard strategies for cybercriminals for several years. However, this has become even more effective in the recent past as both businesses and even individual users have become more reliant on their digital devices. Smaller businesses are particularly susceptible to this strategy as they rarely have any security systems in place to protect their data and their infrastructure.

However, attackers have also used this strategy quite successfully against much larger organizations and charged exuberant sums of money to give back the data or control of their infrastructure.

The National Institute of Standards and Technology previously released data security frameworks for organizations to adhere to in order to improve the state of their digital security. However, as attacks are still on the rise and ransomware is becoming more of a problem they have recently released a list of suggested approaches to handle the matter if it happens to arise.

System Precautions

In terms of the actual devices and systems that a business uses these are a few things, they should ensure.

  1. Antivirus

Having a good quality antivirus installed on every computer is vital. Also, it’s important that it is kept up to date and is allowed to scan emails and removable media.

  1. Security updates

All systems should be running the latest versions of software and all security software should be regularly updated with the latest releases.

  1. Authorized Access

Security systems should be configured in such a way that they limit access to unauthorized and unknown sites. Similarly, software from unauthorized sources should also be eliminated. Similarly, devices that are for work should be dedicated for work use only and employees should not be using personal devices at work or for work.

User Precautions

On the other hand, NIST has also highlighted some best practices for users to abide by.

  1. Accounts

Businesses need to reconsider the kind of accounts that they allow employees to use. Ideally, all employees should be using standard accounts with no administrative rights. If their work required administrative control then they should be granted that specific right only.

  1. Usage

Work computers should be used for work alone. Employees should be strongly discouraged from logging in to social networks while at work or accessing any site that is not related to their work.

  1. Caution

Employees need to exercise extra caution when opening links, downloading attachments, or accessing any third-party links. If they need to perform any of these tasks or any task of which they are uncertain, they must scan it first through antivirus software.

However, even with all these security measures in place, it won't guarantee that an unfortunate incident will not arise. Whether it is due to system failure or human error, preventing a cyber-attack can never be guaranteed. Even large businesses with an extensive IT budget have to face these problems. Therefore it is important to have a recovery plan in place and systems ready to minimize the damage from a potential attack.

In order to do this, it's important that businesses have an incident response protocol in place so that they have something to fall back on if something does occur. Secondly, they should have an extensive backup and recovery protocol that makes multiple copies of data as frequently as possible.

In the case that the system goes corrupt they should also have a solution in place to restore data and files. These preventive measures will not eliminate the possibility of an attack but if it does happen to occur it will make it far less effective and far more likely for the business to bounce back from this unfortunate situation.


← Older Next →

Recent Posts

Categories

See all

Archives

See all