Ransomware Is Indiscriminate -- Secure Your Systems Now
In this Ask the Admin, I explain how your business might become a target and why bedroom hackers are a thing of the past.
As an IT consultant, persuading companies to invest in security has always been an uphill battle. WannaCry indiscriminately infected more than 200,000 Windows devices. Even if you think your company has nothing worth stealing, losing access to all your data is no longer an unlikely event. There are steps you can take to secure your company’s data assets.
Should I Avoid Using Windows?
No. All operating systems (OS) have vulnerabilities and bugs. It is true that Windows is often targeted because it is more widely deployed. If updated regularly and best practices followed, you can benefit from what made Windows the leader in desktop OS. The reasons are ease of use, enterprise manageability, and the widest selection of available software. Microsoft is steadily working toward making security a key differentiator in Windows 10, Office 365, and Azure.
Isn’t Antivirus Enough to Protect Me?
Antivirus software is not as effective as it once was but it still has a role to play.
Hackers Will Not Bother Targeting My Business
That is not how it works. The idea of a bedroom hacker, a spotty teenager locked away in a room for hours that spends time trying to hack a specific resource, went away many years ago. The malware and ransomware business is sophisticated and automated. In many cases, ransomware strikes indiscriminately to grab what it can. If an attack results in even a few thousand users paying $300 each, that is a good profit.
I Sync My Files to Dropbox — So I Do Not Need a Backup
Synchronization and backup are not the same thing. Cloud storage, like Dropbox and OneDrive, use synchronization to provide up-to-date access to your files in the cloud and when your device is offline. If you delete a file from your device, it also gets deleted in the cloud.
Backup creates a permanent copy of all your files. This allows you to roll back to a given point in time. If you accidently delete a file or ransomware infects your PC, assuming your backups have been properly protected and tested, you can use them to restore your data. Cloud storage solutions are not designed for this scenario.
Security Best Practices
Despite the alarm that the WannaCry virus caused, if simple best practices had been followed, Windows would be as secure as the alternatives.
The vulnerability that WannCry exploited was fixed in a patch issued by Microsoft in March. This was for all supported versions of Windows. The vulnerability did not affect Windows 10 and Windows XP has been out of support for a few years. If you were not paying Microsoft an exorbitant fee for a custom support agreement, your systems would have been vulnerable. That is not Microsoft’s fault, however. Even though it was not obliged to, Microsoft released an emergency patch for Windows XP to help stop the spread of the virus.
Admin Privileges and Application Control
Removing admin privileges from users can be a pain point but it is necessary. Otherwise, Windows cannot be adequately secured. Additionally, application control should be used whenever possible. It helps to provide a last layer of defense against malicious win32 software.
The release of Windows 10 S this summer will go a long way to improve the security for many users, as only software downloaded from the Windows Store can be installed. Users of Windows 10 S do not have admin rights and application control is not required to block win32 applications.
Restrict Use of Domain Admin Accounts
It is common to see IT staff using domain admin credentials to log in to users’ PCs. If those PCs are compromised, then so is your entire domain. Game over.
Domain admin accounts should only be used to access domain controllers. Everyday tasks in Active Directory can be performed by delegating the necessary rights to IT staff and PCs can be supported by providing helpdesk users local admin access through a designated group.
Upgrade to Windows 10
Security is a game of cat and mouse. Microsoft updates Windows 10 twice a year to provide consumers and enterprises with the latest security defenses. Windows 10 Enterprise includes advanced security features, such as Credential Guard, Device Guard, and Windows Defender Advanced Threat Protection. The fall release of Windows 10 will include Windows Defender Application Guard for Microsoft Edge, which allows enterprises to ensure that untrusted websites are isolated using hardware virtualization.
In this article, I explained how attackers target businesses indiscriminately and outlined some steps for securing your devices.