The best way to combat malware is to never let it infect you to begin with. I know this might be easier said than done, but having reliable endpoint security is important in making this possible. The key here is being proactive. A static blacklist is just not good enough. When it comes to phishing, for example, the life cycle is less than two days. In fact, according to a study conducted by Webroot, over 10 percent last less than 15 minutes and over 84 percent last less than 24 hours. Deploying endpoint security that can protect web browsing, control outbound traffic, protect system settings, proactively stop phishing attacks and continuously monitor individual endpoints will allow for a more robust and multi-layered approach to security.
If the first line of defense fails and clients do encounter a crypto-ransomware infection, your best choice is to recover data and minimize downtime. The best way to do this is by using a cloud-based backup and disaster recovery (BDR) solution. Let’s imagine that a client is hit with a cryptic ransomware. Suddenly, all of their files are encrypted and they won’t be able to access what they need to keep operations running normally. You need to be able to run a backup on the system from a date before the infection hit to get them back up and running.
When you leverage Continuity247®, our fully-managed BDR solution, the backed up data will be stored on a local appliance and can be replicated offsite to the cloud, so your clients can enjoy true peace of mind knowing that business continuity will be maintained should they get hit by ransomware.
This is a big one. Every single macro from a Microsoft® Office document can be prevented by turning them off completely in the Trust Center. There is almost always a workaround for any task that you would need to enable macros for. By disabling completely, you are eliminating the entire attack vector, which is what Locky used almost exclusively for some time.
Consider using Windows Policies to block certain paths and file extensions from running. When varying levels of access are required, you can set up these policies in groups. This will help you reduce the amount of variants that could be posing a threat. Windows creates local copies of files using the VSS copy service. By using Windows Policies, you can block access to the service and help stop ransomware like Cryptolocker from erasing local drive file backups. The best part is, you can do this for free!
The user is often the weakest link. As long as employees are unaware and uneducated on the risks of the Internet, malware will continue to thrive. Go above and beyond to educate clients on the dangers of malware and ransomware and how to recognize warning signs. Don’t just use the standard, generic slide show or security quiz that is rolled out once a year. There are services available that will simulate attacks by periodically sending employees fake phishing emails to see who is not following security best practices. If you don’t want to go that far, there are in-depth phishing tests available that do a great job of highlighting the subtle differences between phishing attempts and legitimate messages. Whichever you choose, it’s important that you not only provide clients with the technical support they need, but the educational support as well.
Small and medium-sized business are moving to SaaS solutions for email, collaboration and cloud file storage. As they move their most valuable data from on-premises, new challenges arise demanding more IT security. However, SaaS providers such as Microsoft Office 365, Google G Suite, and Salesforce.com don’t provide comprehensive backup, leaving end-clients exposed to valuable data loss from human error, inside threats and vulnerable to cyberattacks. Continuum Recover For SaaS makes it easy for MSPs, automating SaaS backup for popular SaaS providers, including Microsoft Office 365, Google G Suite and Salesforce.com, protecting the data and allowing quick restores if needed.