Back

Blogs

Gemserv develops Green Book Compliant business case for a £100m 'Able to Pay' Loan scheme in South West

View All

Case Studies

Cyber Threat Intelligence for Energy Theft Prevention

View All

Upcoming Events

FairHeat Annual Conference 2024

View All

Webinars

Thoughts

Tips to tackle Ransomware – Good Practice Guidelines

24th Apr, 2020

What you can do

In a previous blog I looked at the increase of ransomware cyber-attacks, especially in the public sector. This time I want to look at some of the ways you can tackle the problem.

Ransomware has become a profitable business with the use of franchised software and sophisticated support functions. With the targets moving from individuals to more profitable organisations it is clear that attacks on the public sector will continue to increase. There is a lot that companies and public sector bodies can do to reduce the possibility of a successful attack and mitigate the effect. A significant amount of this can be achieved through following good cyber security guidelines of the sort that colleagues have recommended, see Ian Hirst’s blog post ‘Welcome to your new cyber security team’. These are also laid out by the Irish National Cyber Security Centre document Cyber security 12 step guide

However, there are some parts of the good practice that are particularly relevant to ransomware prevention. The UK Government National Cyber Security Centre, undertaking a similar role and function to its Irish counterpart, has issued guidance on their pages ‘Protecting your organisation for ransomware’ and like so many things it comes down to doing the simple things right:

  1. Make sure all your staff know how to deal with email phishing, basically ignoring anything that looks suspicious. 39% of ransomware is introduced through email phishing.
  2. Keep your systems up to date, especially with security patches. Software vulnerability accounts for some 8% of attacks
  3. Configure your systems using best practice guidelines from the software and hardware makers. 50% of attacks are through vulnerable Remote Desktop Protocol (RDP) ports that allow remote access to systems. Once exposed details of addresses for these systems will frequently be sold to other attackers.

What we recommend

In addition to both NCSCs’ information there are also some best practice guidelines that we would recommend. These are based on our extensive work helping clients with cyber security and business continuity, even on some occasions when they are recovering from a ransomware cyber-attack. They may seem quite obvious but are easily missed since everyone assumes that someone else has it under control. Our top pointers are:

  1. Make sure that you have a planned back-up strategy for your services, including regularly isolating the back-up from the main network to prevent any virus spreading to your back-up. In this way you can recover to an unaffected set of data should it be necessary. This includes cloud-based Software as a Service, you still have shared responsibility, and the cloud vendor may not be making as many back-ups as you think.
  2. Have a business continuity plan (BCP) that identifies the priority of services and how you would recover them in the correct order. To do this you need to think about your systems and how much they are used. This needs to include office automation such as email and instant messaging as well as the line of business systems. Many organisations would struggle without services such as Microsoft Teams and email more than some of the Line of Business systems.
  3. Test the back-ups and BCP regularly. This will help identify changes in priority or systems that mean changes to the BCP as much as making sure everyone knows what to do and in what order.
  4. On the technical side then segregating networks so that any successful attack can be more easily contained needs to be part of the configuration management.

Our Expertise

Gemserv has specialists in all areas of cyber security and business continuity planning that can help design an approach to reduce the chances of an organisation falling victim to a ransomware attack as well as mitigate the overall impact of any attack.

  • Business Continuity

    Helping make sure you could cope in a crisis.

  • Cyber Security

    Proactive approach to protection.

  • Data Protection, Security & Risk

    We are an expert provider of professional services enabling the data revolution. We help businesses gain a competitive advantage through building trust with their consumers in handling data.

  • Digital Transformation

    We use the power of data and technology to create meaningful business change. For good.

  • nformation-Security_600-350

    Information Security

    We help businesses gain a competitive advantage through building trust with their consumers in handling data.