In light of the ransomware and Trojan attacks currently favored by criminal hackers, the question now is: how can I protect my business from hacking? Here’s some tips for staying safe.
- Implement network segmentation. Spreading your data across smaller subnetworks reduces your exposure during an attack. This can help contain infections to only a few endpoints instead of your entire infrastructure.
- Enforce the principle of least privilege (PoLP). By only giving users the access level they need to do their jobs and nothing more you can minimize the potential damage from ransomware attacks.
- Backup all your data. This goes for all the endpoints on your network and network shares too. As long as your data is archived, you can always wipe an infected system and restore from a backup.
- Educate end users on how to spot malspam. Users should be wary of unsolicited emails and attachments from unknown senders. When handling attachments, your users should avoid executing executable files and avoid enabling macros on Office files. When in doubt, reach out. Train end users to inquire further if suspicious emails appear to be from a trusted source. One quick phone call or email goes a long way towards avoiding malware.
- Educate staff on creating strong passwords and implement some form of multi-factor authentication (MFA)—two-factor authentication at a bare minimum.
- Patch and update your software. Emotet and Trickbot rely on the Windows EternalBlue/DoublePulsar vulnerabilities to infect machines and spread across networks so keep your systems up-to-date.
- Get proactive about endpoint protection. Malwarebytes, for example, has multiple options for your business with Endpoint Protection and Endpoint Detection and Response.