Staying secure against ransomware isn’t just about having the latest security solutions. Good IT security practices, including regular training for employees are essential components of every single security setup. Make sure you’re following these nine best practices:
- Backup regularly and keep a recent backup copy off-line and off-site: There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
- Don’t enable macros in document attachments received via email: Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of infections rely on persuading you to turn macros back on, so don’t do it!
- Don’t give yourself more login power than you need: Don’t stay logged in as an administrator any longer than is strictly necessary and avoid browsing, opening documents or other regular work activities while you have administrator rights.
- Consider installing the Microsoft Office viewers: These viewer applications let you see what documents look like without opening them in Word or Excel. In particular, the viewer software doesn’t support macros, so you can’t enable them by mistake!
- Patch early, patch often: Malware that doesn’t come in via a document often relies on security bugs in popular applications, including Microsoft Office, your browser, Flash and more. The sooner you patch, the fewer holes there are to be exploited.
- Stay up-to-date with new security features in your business applications: For example Office 2016 now includes a control called “Block macros from running in Office files from the internet”, which helps protect against external malicious content without stopping you using macros internally.
If Security is a discussion with your organisation or you would like find out more about securing your online presence, contact your account manager or fill in a contact form.