Keeping your IT system secure is becoming a full-time job. Here’s some sound advice for all practice owners.
IT security is more challenging with each passing day. Evolving versions of ransomware, a malicious piece of software that encrypts all your data requiring you to pay a ransom fee to obtain the key to decrypt (www.us-cert.gov/ncas/alerts/TA16-091A), now is able to propagate itself across removable media, from USB flash drives, to writeable CDs and DVDs (https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/).
Ransomware is typically delivered one of two ways, firstly as legitimate looking emails from trusted sources like banks, government agencies and your friends. Secondly, through compromised websites that serve up the virus when you visit, or through the advertising space that the hackers have purchased.
Ransomware scans and encrypt all files it can find locally and on all remote computers and servers. Nothing is safe, as long as it is connected and accessible in some way, even backups, rendering a recovery impossible. There is no guarantee that paying the ransom fee gets the key to decrypt the files – instead, a second ransom demand may result. Therefore, the only way to recover is to ensure multiple backups are kept offline, going back far enough from the infection date to obtain a ‘clean’ restoration.
Here are some general security tips:
• When browsing websites, do not download or run any files you did not specifically request. Close all unwanted pop-ups by clicking the X at the top right hand corner of the window – many pop-ups feature fake buttons, which when clicked, provide consent to download and execute the virus.
• It is important that staff members are trained to not click on any links or open any attachments in emails that they have any inclination of being unauthentic. Some fake emails are easy to spot with obvious grammatical and spelling mistakes, others are meticulously crafted and even the sender’s details seem genuine (i.e. close to impossible to identify as fake). If in doubt, always verify the email or attachment by contacting the sender.
• If you suspect that your PC has been infected, stop using it and notify your practice manager immediately.
• Create a strong password policy in the practice to reduce the risk of becoming compromised: set a finite number of attempted logins to lock out the user for a set time; change passwords regularly; and incorporate upper case letters, a number and a symbol, and span a minimum 8 characters.
• Ensure that firewalls are enabled for all servers and PCs in your local network including the Internet modem router.
• Good PC ‘hygiene’ wards against infection. Keep fully up-to-date with the latest Windows patches and fixes through Windows Update. Ensure that you have a good antivirus and antimalware software running to stop the virus before it can load. Change default settings and security policies. US Government provides useful guidelines at www.us-cert.gov/ncas/tips/ST15-003.
• Consider investing in a unified threat management (UTM) device. This sits between your modem and network, acting as a gatekeeper, filtering all incoming Internet traffic, before forwarding to the PCs. It protects against viruses, malware, SPAM and mitigates hacking intrusion attempts by scanning for malicious activity.https://en.wikipedia.org/wiki/Intrusion_prevention_system
ED: Questions? Contact Jerome www.critical-it.com.au