The risk of malware attack may be inescapable, but this doesn’t mean that you sit with folded hands. You can take some measures to protect your Windows computers from attack. Here are few tips that will help minimize the risk of attack.
Computers have been around for more than a decade and have become an essential tool, both at work and in home. As our dependency on computing systems and internet is growing, so does the risk of cyber-attack. We are surrounded by malware and a small mistake could pave way for them to enter and infect your system. Anti-virus software’s are considered guard us from such threats but in reality, even they aren’t very effective at handling advanced strains of malware.
Their changing behavior makes it even more difficult to detect and protect systems from various attacks like spyware, ransomware, and adware etc.
See Also: Recent Ransomware Attacks 2017
The recent WannaCry ransomware infection has affected millions of users on an international scale. The institutes, companies and users who completely rely on technology for their work are ready to pay any cost to protect their data. It is true for critical systems like: hospitals, utilities, information systems and some secret agencies.
With the changing scenario the risk of malware attack is increasing, there is no single approach that can keep data completely secure. But multiple security applications can provide layered security and it will work as a comprehensive protection thus minimizing the threat of a potential outbreak.
Here are certain which can protect you from such attacks. However, even they do not assure 100% protection, but will keep data safe from loss during such invasions.
1: Regular windows patch update for clients and servers
There are several tools available to for OS users but patch management plays crucial role in system protection. First-party tools such as Windows Server Update Services, helps to manage patches. An updated version of Windows ensures that you, your clients and servers are covered against any known threats. Susceptibilities that comes in the form of zero-days cannot be covered, as it is not possible.
WannaCry infection succeeded to infect more than 150 countries at such a fast pace, despite of the fact that a patch was readily available, but users were not aware. Therefore, if one keeps the windows version updated with the patches they can stay protected.
2: Anti-virus and hardware devices update
Each organization has different needs and resources to secure and manage its network and data like firewalls and intrusion prevention systems (IPSes). These devices provide an additional layer of security by filtering traffic at the entry/exit level of the network. They should be updated time to time and their there should be active monitoring on health of these devices is a must. To match the network’s need firmware updates, signatures and manual configuration should be done. This enhances network’s security and enables the security appliance to break attacks.
These devices may not necessarily be Windows-based devices, but help in controlling unauthorized network intrusions and to ward off attacks.
3: Strengthening device security
Strengthening users and servers security is vital to limit the attack at surface. One should know what the devices will be used for, how to lock down the device for security purposes. Any application, service and connected devices that are not needed (such as the SMB1 protocol in case of WannaCry that allowed it to spread) should be considered a prospective attack vector. Such devices should be taken care off as they can be exploited and disabling them with immediate effect is a wise decision.
Microsoft offers the Microsoft Baseline Security Analyzer (MBSA) for clients and servers for vulnerability assessments for devices and the services that run over them. It also makes recommendations on how to keep check to get the utmost security without compromising services.
4: Data backup
We all save our important data on our computers, imagine what it would be like, when we try to access our data and find that it is being compromised or is corrupt. It is not accessible due to some ransomware attack and you are left helpless.
To avoid such situations the best practice one should follow is to have a good backup system. Having a backup of data allows us to deal such unforeseen situations. We should try to schedule an incremental backup, so that even if we forget to take manual backup, we always have backup of the latest data. You can even use cloud backup service so that the data is accessible from anywhere.
This will help you to deal with such situations and avoid being panic as we already have backup of all our important data.
5: Encrypted data
Encrypted data does not completely safeguards your computer from ransomware infections, nor it prevent a virus from encrypting the already encrypted data. But this practice can help you protect your data from being completely unreadable.
This stops external applications from accessing the data at least for sometime. Also sending / receiving encrypted data over VPN’s helps to stay protected from infections.
See Also: Ransomware Statistics 2017: At a Glance!
6: Secured network configuration
Sometimes while configuring and installing new hardware we leave the network open which makes it easily accessible. Networking equipment such as routers, switches, and wireless access points should always be properly configured with updated firmware to handle such situation where they can be compromised.
An optimized network should be set up for Virtual LANs (VLANs) and should be managed in a manner that data gets delivered in the most efficient manner. Another security benefit of VLANs is to logically quarantine malicious traffic to avoid spreading infection to other devices. This helps administrators to deal with compromised hosts without risk of spreading the infection.
7: Strict implementation of policies
Organizations use policies to enforce compliance with rules and regulations by their employees. However these policies are not just a document to dictate rules but they also serve as survival guide during and after an outbreak occurs.
Policies do not essentially stop malware but they can address known issues with respect to data security and give employees useful information to prevent an infection from spreading. They can even report an issue to IT for support before it becomes a bigger problem.
As technology changes due to its dynamic nature polices should also keep on changing.
8: Proper documentation
There is no documentation as to when patches should be applied, servers should configured/ updated, or firmware should be updated to prevent ransomware outrightly.
However, if changes are made to systems configurations, along with the other security measures the ability to respond to threats proactively will increase. Also adequate testing and after effects of the changes made to systems should be checked. Lastly, it should be checked that the changes made is not causing any issues or is possibly addressing any recurrence of critical situations in future.
9: User training
A proper training is must for all staff, not just IT, we should not underestimate it. Protecting organization against malware attack is not solely the responsibility of IT personnel. It’s everyone’s responsibility as it affects everyone and anyone can be the reason of network being infected.
Considering training as a preventative measure, it should be given on priority as it helps to identify possible malware attacks, such as phishing.
The training should not center just on recognizing malware attack attempts, but should also target to make user know how to preventive measures to slow down infection from spreading. Finally, no training is complete without support of users and reporting issues they spot something out of the normal.
10: Risk assessment
The purpose of a risk assessment (RA) and risk management (RM) method is to identify internal and external threats and their potential impact.
RA and RM help you pinpoint the trouble and helps to focus its efforts on arranging company’s resources with devices that pose the greatest threat if compromised.
This process enables users identify hazards and determine the corrective actions to be taken as risk changes over time.