Although it is the last item on the Legal Tech News Nine Steps to Fight Crypto Locker, this rapidly changing exploit needs more attention…Cryptolocker Malware prevention requires awareness. Training everybody you know and work with is the answer.
“Security Awareness Training – No matter how secure a system is, It is time to take action. End users are the first and last line of defense. Without the proper knowledge and training systems can, are and will be compromised. Specifically regarding CryptoLocker, users should be trained on how to spot phishing emails. We had a client that had been taught not to open URL links or attachments from email solicitations. But this came from a known vendor and Mark was expecting it. His vigilance prevented the Crypto threat from getting deployed. He noted that the email address was spoofed.
To test systems, firms perform random phishing tests to verify if users open the emails, click on links/attachments or simply delete them. Those who fail will need a little more training. Posters focusing on security tips and tricks should be hung in high traffic areas. Those posters should be updated monthly to keep things fresh, as users could ignore them after a few weeks.
Cybercriminals instill fear and panic into their victims. causing them to click on a link or pay a ransom. It’s never recommended to pay the ransom, as additional malware can be installed. If a system happens to be exploited, immediately remove it from the network and restore your files from backup. Hopefully, though, if you follow the tips from this article, you can avoid being infected in the first place.”
Malware crypto locker prevention begins and ends with users. End users are not just the last line of defense we are the first level that thwarts malicious attacks.
- Backups – Due to the adaptive nature of malware, nothing is more important than having known, good backups. This means that backups need to be tested and secured from unauthorized deletion. You should also have multiple points in time to restore from, in case the malware has been unnoticed in your systems for some time. As a general practice, backups should also be encrypted and stored locally and offsite.
- Anti-Virus – All workstations, laptops and servers need to be running a good quality anti-virus program with current updates. Though a good, updated anti-virus program might not catch everything, it can certainly catch the latest versions of CryptoLocker. It is always a good idea to actively monitor (or receive alerts from) your systems on a daily basis regarding any outbreaks and remediate the issues immediately.
- Software Restriction Policies – Prevents the execution of programs through the use of group policies. Cybercriminals have full knowledge of how operating systems run applications, and they will use that to their advantage in writing newer variants of CryptoLocker. Ransomware runs within specific areas of a system, and group policies can prevent CryptoLocker from running in the first place.
- Update Management – Keeping systems up to date, in terms of installing the latest security updates on your operating system, is essential to remediating known vulnerabilities before they can be ex
While all critical too, they do little or no go in stopping ever changing exploits. We must take responsibility for our own system. Malware crypto locker prevention requires training first, then system monitoring and regular management.
Read more from Legal Tech News here: http://www.legaltechnews.com/id=1202719710810/9-Tips-for-Protecting-Your-Firm-Against-the-CryptoLocker-Virus#ixzz3TY5I6XmU. The 9 tips are all needed. Most importantly user awareness.