MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

7 Steps to Avoid a CryptoWall or CryptoLocker Infection

Posted June 9, 2016by Hunter Smith

The big words in malware these days are CryptoLocker and CryptoWall, the two stalwarts of an emerging group of malware known as “ransomware.” And that term is a very apt categorization of what this type of malicious software does: it literally holds your data and files hostage, demanding ransom payment in order to unlock and regain access to your personal information.

If that sounds scary and consequential, it should; CryptoWall has infected more than 625,000 PCs and over 5.25 billion files in the past 3 years. One attack group extorted an estimated $325 million in the US alone in 2015.

Simply put, this is a scary infection, one you don’t want any part of. And, like most medical infections, the best course of action is not in finding a cure, but rather in taking preventative steps.

Here are seven steps to take to avoid a CryptoWall or CryptoLocker infection, and save yourself and your clients a lot of money, and a lot of unwanted headaches.

Defend Yourself

Your first line of defense against CryptoLocker, CryptoWall or any malicious software is to keep active and up-to-date security software on your computer and networks. This software stays on guard for any suspicious activity, oftentimes able to prevent malware infection before any real damage is done. Many of your clients might choose not to pay for antivirus software; that would be a grave mistake. There are several free or low-cost options for both anti-malware and antivirus (AV). Here are a few:

Antivirus Protection

  • Webroot*

  • Microsoft Security Essentials

  • ClamAV

  • F-Secure

  • McAfee

  • TrendMicro

  • AVG

  • Kaspersky

Anti-Malware Protection

  • Malwarebytes*

  • Super Antispyware

  • Emsisoft

  • Spybot

 

*Included for all Continuum Partners

Please keep in mind, however, that buying antivirus solutions off-the-shelf will not protect SMBs as much as working with MSPs who bundle AV into their services. With your expert guidance, you can ensure settings and rules are configured correctly, revisited frequently and adjusted as is needed. 

Manage Network Traffic

You should strictly control what traffic is on your or your clients’ networks. Keep in mind that flat networks are particularly vulnerable to a massive malware infection. Make sure that your clients’ networks are properly zoned and that users see and interact only to the respective level of privilege required. Which brings us to our next preventative step:

Restrict Access

A good rule of thumb is to use the Rule of Least Privilege. Simply put, users should only have access to what they need to do work, i.e. giving them the least amount of privilege required for them. It would be crazy to give all members of your clients’ organization unfettered access to the entire network or all devices. 

Use Layers

Like your mom used to tell you before going out on a cold day, the importance of layering up cannot be overstated. Firewalls and antivirus combinations alone aren’t enough. Especially for firewalls, consider using application layer firewalls. Make sure that they have the capability to proxy, as well as reverse proxy. Whenever possible, publish all services through reverse proxies, to avoid subject-to-object direct access.

Practice Safe Security Awareness

Most malware infections are a result of careless user behavior - clicking on suspicious links, opening up phishing emails from unknown senders, visiting potentially harmful websites, etc. Emphasize the need to be careful and extra-vigilant to your clients and the members of their organization. Documentation for safe security awareness measures are a good idea.

 

Learn More about Cybersecurity Tips for Clients and Employees

Backup Everything

Even all the aforementioned preventative measures are not always enough to stave off these malicious malware. This is why we recommend running regular backups of your important files and storing them on a cloud-based backup service. At least you’ll gain the peace of mind knowing that your backup copies can be safely accessed were the originals to be taken hostage.

A good rule of thumb is the 3-2-1 principle: three copies, two different media, one separate location.

Have a Business Continuity Plan in Place

It’s not enough to just adhere to the 3-2-1 principle; you need to have a full backup and disaster recovery plan in place. Creating a business continuity plan is a classic hope-for-the-best-but-prepare-for-the-worst contingency, one that might prove invaluable in your nightmare scenario of a Cryptolocker infection.

Your comprehensive business continuity plan should include a backup and disaster recovery solution, recovery time objective (to ensure as little downtime as possible), cost-of-downtime calculations and, most importantly, a communication plan to ensure that your clients are assuaged and confident that you will get their business back up and running after such a disaster. 

A CryptoWall or CryptoLocker infection can be devastating, but it doesn’t have to be a death knell with the right backup and disaster recovery processes in place. But don’t let it get to that point - be vigilant and be aware and avoid that CryptoLocker infection in the first place.

We've written more CryptoLocker and information security content since this post was first published. Check out:

WEBINAR-Demystifying-the-threat-landscape-with-webroot

As Chief Information Officer (CIO), Hunter is expected to take Continuum's IT operations to the next level of performance as our company continues its rapid growth and expansion. Most recently, Hunter served as Senior Vice President and Chief Technology Officer for Acadian Asset Management. Prior to Acadian, Hunter held positions at Plymouth Rock Companies as Director of Enterprise Technology Services as well as positions at Hobbs/Madison, MFS Investment Management and CSC Consulting. Hunter has a bachelor’s degree in computer science from Dartmouth College. He is responsible for all IT resources for Continuum’s U.S. and India locations.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus