Colonial Pipeline Lessons: Ransomware (and Security) Steps Everyone Should Take

From the SolarWinds hack to the Colonial Pipeline ransomware attack, cybersecurity has entered into public consciousness like never before.

How can you avoid falling victim to a cyber attack? Start with the assumption that perfect cybersecurity doesn’t exist, and then make your network and data so hard to hack that cybercriminals give up and look elsewhere.

Rule #1: Don’t Click

The vast majority of malware is delivered via email, so always check links by “mousing” over the text to make sure the link is good, even with people you trust. And don’t open email attachments, especially if you weren’t expecting them.

Secure Personal Devices

Your laptop and phone are the best places to start, especially if you use them for financial transactions or other sensitive activities and data.

It’s best if you pay for antivirus software – $100 or so a year can save you a whole lot of trouble, plus a good AV software suite will cover all your devices and offer other protections too.

If you need to go the free route, your internet service provider may have some good options, so check them out.

Windows users have Microsoft Defender for free, which comes packaged with Windows 10, plus a firewall and encryption (BitLocker) too. Type “security” into the Windows search bar and turn it all on. macOS comes with good security, and Ubuntu does too, and adding a free open source encryption tool can make it even more secure.

Your mobile phones likely aren’t as secure. As free apps go, Kaspersky offers more protection than most, and the company has gone to great lengths to distance itself from its Russian origins.

Don’t neglect updating your devices – cybercriminals begin exploiting vulnerabilities as soon as they learn of them.

Use multi-factor authentication wherever possible, especially with cloud apps like Google docs and social media. Back up your critical data, and store a good copy offline to protect it from ransomware. And limit public wi-fi use too, especially for sensitive uses.

Business Security

All that applies to businesses too. Business security is more complicated, naturally, with data spread among servers, networks, databases, storage devices and the cloud. Endpoint security, encryption, firewalls, multi-factor authentication, and backup matter there too. And train your employees not to do dumb things.

Depending on your on-staff expertise, you may need the help of a managed security service at least some of the time.

And consider “zero trust” technologies for your most critical data, intellectual property, and anything your business can’t do without. There are some relatively inexpensive ways to accomplish that: Illumio, Okta and Duo are a few that come to mind.

Many companies and consumers are tempted to cut corners when it comes to security, but given the potential dangers, you need the most affordable security that protects your critical assets.

Paul Shread has been a technology writer and editor for more than 20 years. His security and data center writing have won awards, and he wrote a small business technology column for Time.com. He is presently editor of eSecurityPlanet.com.

News Around the Web