The internet has proven to be a powerful and useful tool for billions of people worldwide. However, in the same way that you shouldn’t leave you house unlocked, you shouldn’t venture online without taking some basic precautions.
So, where do you start? Let’s begin with some definitions of a few of threats out there:
Short for malicious software, this is a type of unwanted software that is installed without your consent. Viruses, worms and Trojan horses are examples of the malicious software referred to as malware.
Criminals, such as black hat hackers, who use malevolent programs on a computer and the internet to commit illegal activity. That can include breaking into computers and stealing personal or corporate data or disrupting operations.
A Trojan horse is a destructive computer program that masquerades as a benign file or application (such as .jpg or .doc). It opens a “backdoor” or access to your PC without your knowledge.
A botnet is a large network comprised of computers. A “bot” is a malicious software that enables cybercriminals to control your computer without your knowledge to execute illegal activities, such as sending out spam, spreading viruses, etc.
Harmful computer programs that are designed to spread from one computer to another and interfere with computer operations. A virus can corrupt or delete data on your computer and damage your hard drive.
This self-replicating malicious computer program uses a computer network to send copies of itself to other computers on the same network. Unlike a virus, it doesn’t need to attach itself to an existing program. Worms almost always cause some damage to a network.
Spyware, which can be legitimate software, monitors a user’s online activity and collects various kinds of personal information, such as internet surfing habits, etc. The presence of spyware is typically hidden from the user and can be difficult to detect.
Phishing is a type of online identity theft that uses email and fraudulent websites designed to steal your personal data or information, such as credit card numbers, passwords, account data or other information.
Ransomware is a serious security threat that has data-kidnapping capabilities. It limits access to files or system functions, or even render systems totally useless. Then it forces victims to pay ransom to regain access to their files or systems.
Three keys to protection
There are three vital keys to avoid losing money, your business or your job over ransomware. All three involve preparation long before an attack begins.
The first key is backup. A surprising number of ransomware reports include news that the victim organization didn’t have a working backup of their data.
So, to review: Back up using an established protocol (something like 3-2-1 is a good start if you don’t have a plan), and regularly test to make sure that you can reliably recover data from your backup.
If you’re unfamiliar, the 3-2-1 protocol means having at least three total copies of your data, two of which are local but on different mediums and at least one copy offsite.
Go farther than the perimeter
An intruder might camp in your network for weeks or months before he or she springs the trap. You must have intrusion prevention or similar security systems in operation so that you can recognize unusual or unauthorized traffic from within your network — not just attacks from the outside.
Lock it down
Companies must prevent workstations and user accounts from becoming attack vectors.
Windows 10 provides a vast array of identification, authentication and authorization features. Current-generation laptop and desktop workstations have the hardware components built in to take advantage of those features.
A thorough review of security measures to protect against ransomware must include a close look at workstations to see whether they provide the facilities necessary to protect the total network from attack.
Ransomware is a large and growing problem because it’s effective and profitable. The perpetrators are good at what they do, but you can be better by ensuring you have an uninfected backup at a secure location, you are doing everything possible to keep the attackers out of your workstations and your network, and you have systems in place to recognize intrusion when your defensive efforts fail.
Leave Security to the Professionals
Your networks security is of highest value to you. Security is not like installing a toilet yourself or some DIY project – this is serious business better left to an expert. You need to consult with a proven network security/IT company who knows what it’s doing.
Take these four major steps, and the odds are in your favor to avoid being labeled “victim” in news reports.
David Darmstandler is CEO of Datapath, an IT services company with headquarters in Modesto. You can reach him at [email protected].