Preventing malware and ransomware attacks in your business

Cybercrime is one of the most dangerous things for private and public sector organisations to deal with in the 21st century, especially when it comes to malware and ransomware. It is absolutely essential that businesses take all the steps required to safeguard themselves with cyber security from these kinds of cyberattack, as in the modern world, there are a number of ways in which criminals seek to carry out these strikes on private and public sector organisations.

Luckily there are a number of things that we can do in order to mitigate the chances of infection, and also to curb the spread of malware through a business's computer systems. The following article will run you through the basics of malware, and also ways in which you can reduce the danger of malware infection, or at least minimise the spread.

An overview of malware and ransomware

Malware is one of those words that people can hear a thousand times and still not have a firm grasp of what it means, so let's just give a brief overview here. Malware is essentially malicious software that can be designed to do various things such as externally locking a device, stealing data, taking external control of a device, finding passwords and using paid services. It is essential that you do everything you can to inhibit malware from actually running on your computer, as it is only then that it can start wreaking havoc with your systems.

Ransomware is a type of malware that is focussed exclusively on shutting down your computer and making it impossible to unlock. Often ransomware can spread from computer to computer in a localised network, something that famously happened with the Wannacry malware that struck the NHS back in 2017. The idea behind ransomware is that you will then have to pay a ransom in order to unlock your device and retrieve any files, however, even then it is never a guarantee that you will get access back. Moreover, the NCA tends to recommend that victims do not pay the ransom, mainly because of the fact there is no certainty it will affect anything.

data backup engineer

Backup your SME cyber security systems regularly

One of the most important things to make sure that you and your business are regularly doing is simply to back up all important files in various ways. Although the plethora of cloud sync services such as DropBox, OneDrive and SharePoint are good for making regular backups, do not be fooled into thinking that this is enough to prevent a serious ransomware attack, because these platforms are still ultimately connected to the overall network.

Cloud sync services should never be your only backup, and it is essential that at least one of your backups is on an external device that is not part of the overall computer network. This is because malware can very easily jump from device to device on a localised network, so there is no point backing up data somewhere where it can still be reached.

How to prevent malware infecting your devices

There are several ways in which businesses can prevent malware from infecting their local networks, and they all revolve around simply being vigilant with websites and emails. For instance, filtering any received files to only allow the file types that your business regularly works with is one way of keeping on top of things. Moreover, blocking websites that are known to be malicious is another easy way of making your business network more secure.

Many businesses have also started using dedicated signatures to block known malicious codes, and it is always worth actively inspecting content from time to time to see if there is anything dodgy going on. There is also a range of network services that do things such as mail filtering, intercepting proxies, internet security gateways and creating safe browsing lists, all things that can be essential in the fight against malware.

ransomware code

How to stop malicious code running on your devices

Once malware has infected your network, it is crucial that you try and curb its reach, and the main way to do this is to stop it running wherever possible. The exact ways in which you can do this will vary from device to device, however, a general rule of thumb is to use device-level security features. These can include things like centrally managed enterprise devices that only permit applications from trust sources. Additionally, it is good practice to disable or constrain macros in productivity suites, which will protect your network from malicious Microsoft Office macros, for instance.

Malware attacks can often seek to exploit vulnerabilities in your computer software, and the best way to counter this is to make sure that all of your devices are as up-to-date as possible. This is especially important for security updates and firmware, and if you are able to, it is a good idea to enable automatic updates.

How to restrict an infection once it has taken place

Unfortunately, it isn't always going to be possible to stop a malware infection from taking place on your network, however, there are various things that businesses can do to restrict the infection once it has taken place. The NCSC has published vital guidance on how to prevent lateral movement, and this revolves around protecting user credentials so that attacks cannot move from computer to computer.

Following on from this, it is also extremely important that your business is constantly reviewing user permissions that are no longer needed, as unused user portals with access to higher parts of a local business network are often the easiest targets for malware attacks. System administrators should also never use their administrator accounts for email or web browsing to keep them safe from malware.

Things for organisations to do if they have already been infected

The first thing to do if you realise that your cybersecurity has been compromised is to disconnect all infected devices from the business network immediately, as this is vital to help stop the spread. In serious cases, you also might want to consider completely switching your business's wifi connection off.

After doing this, all user credentials should also be wiped and reset, with all operating software also being reinstalled after you have verified that the device is clean.