In the wake of last week’s massive global ransomware attack, a lot of people are asking similar questions: how can I protect myself from such an incident? And how I can enhance the security of my data and my digital identity? No question is more critical, especially with more than 200,000 computers infected by the WannaCry malware variant in 150 countries.
The answer is both more straightforward and more complex than expected. First, the hard truth: no single security practice or strategy can provide comprehensive protection. That’s why a multi-tiered approach to security is necessary, with different IT solutions like proactive maintenance and monitoring, password management, data encryption, automatic backup, and online common sense working together to weave a tapestry of components that, taken together, can provide strong security.
Below, CMIT Solutions has collected 6 of our top strategies for protecting your data and your digital identity. Some can be implemented immediately, and some are best deployed with strategic help from a trusted IT provider. But all can work together to keep you a little safer today than you were yesterday, which is so important in the ever-changing Internet-driven world.
1. Make sure a trusted IT advisor handles software updates and security patches automatically and regularly.
Countless terabytes of unprotected data was lost in the WannaCry ransomware attack, while hundreds of thousands of dollars was extorted by the cybercriminals behind most. Another disheartening result of the cyberattack? A potential fix for it was available before the ransomware was deployed. Two months ago, Microsoft released a Windows patch meant to fix the vulnerability, but many users simply hadn’t installed the update yet (many more legacy operating systems that are unsupported by Microsoft were attacked, too).
2. Construct a protective barrier of anti-spam, anti-malware, anti-virus, and network security solutions around all of your devices and all of your data.
No single layer of preventative measures alone could have stopped the WannaCry spread. But the right suite of products working harmoniously together with the support of a trusted tech team could have constructed enough roadblocks and barriers to keep data protected and systems free from infection. In today’s digital work world, that’s more difficult than ever, especially with so many employees working remotely. If you allow computers or devices to connect to your company’s network from remote locations, those machines require the same level of management and protection as computers inside your office.
3. Be careful with suspicious emails, annoying pop-ups, and “too good to be true” ads or offers.
With a large majority of Americans connected in some way to the Internet and social media, everyone needs to know the basics of security awareness. If you receive strange-looking emails, examine the email address of the sender carefully to see if it’s coming from a legitimate domain name. If you see sloppy typos or grammatical errors in the body copy, mark it as spam or delete it immediately. Hover over web addresses without clicking on them to see whether they direct you to suspicious web pages (beware of long strings of unconnected letters and numbers instead of real web addresses). If an email has arrived from your financial institution, credit card issuer, or utilities provider, remember that they are instructed to never ask for sensitive information like passwords or Social Security numbers. If an annoying pop-up appears on your screen, don’t click any viral-looking headlines or flashy ads — just safely close the window by clicking the X in the corner.
4. Back up ALL of your data on a regular basis.
Every time a new ransomware attack occurs, victims realize they could have protected themselves beforehand simply by creating automatic backups of all data. That way, if a hacker did gain access to your computer or network, you could easily wipe machines clean and then restore them from a backup. In the event of natural disasters and other business catastrophes, on-site backups aren’t sufficient either. For comprehensive protection, data should be backed up, encrypted, and stored by a trusted IT provider who can ensure that your critical information is stored safely in different data centers to minimize any potential disruptions.
5. Use strong passwords, employ two-factor authentication, and consider an all-in-one password manager.
Creating strong passwords and never using the same password across multiple sites is one of the most important things you can do to protect your online identity. But no matter how strong you and your employees think your passwords are, remember this: hacking software can test up to 10 billion password combinations in seconds. That’s why two-factor authentication, which requires you to enter your password and then verify your identity by entering a unique code you receive via text message or email, is equally important. And the secure password generators included in many all-in-one password management solutions can randomly create long, complicated passwords you’d never remember (and then remember them for you), sidestepping the old “password123” dilemma.
6. Develop and implement employee security practices.
You can’t just assume that your employees will know how to spot phishing or ransomware emails — or that they will never click on an illicit web link or download a malicious attachment. That’s why specific policies and strong security practices need to be in place — and why employees need regular and recurring training about the nature of today’s cyber threats. Yes, cautious online behavior could have helped to minimize the extent of the WannaCry infection, which spread in days across more than 150 countries and 200,000 computers.
Last week’s massive WannaCry infection has produced one silver living: an enhanced interest in digital security coupled with increased awareness of the many cyber threats that face computer users around the world each day. If you want to protect your business from ransomware attempts and protect your data, your digital identity, and your devices from infection, contact CMIT Solutions today. We worry about IT security so that you don’t have to.