How to protect your clients from ransomware infections

Customers of all sizes face the threat of ransomware, infections that have become both a challenge and an IT security opportunity for channel companies.

On the challenge side, a 2016 Datto Inc. study of managed service providers revealed that 91% of the respondents reported their customers have experienced ransomware infections, with 40% of those clients reporting six or more attacks over a 12-month span. The opportunity for channel partners is to work with clients to deploy ransomware prevention approaches.

In this Ask the Expert, Scott Beck, president of BeckTek, a technology management firm based in Riverview, New Brunswick, Canada, provides tips for helping clients address the risk of ransomware infections. Beck has been an ASCII Group member since 2016.

It was only 2013 that CryptoLocker, the first modern ransomware virus, burst onto the scene and in four short years this phenomenon has grown into a billion-dollar industry. 

The technology has also become more devastating with newer worm-like versions able to spread across complete networks and encrypt whole hard drives, not just files and folders. The newest "feature" has the bad guys taking data offsite prior to encryption so they can blackmail companies that don't pay the original ransom. It's no wonder such infections are now considered data breaches by most regulatory laws.

The following tips can help protect your clients from being the next ransomware victim. 

It's surprising the number of business owners and executives that are still unaware of the dangers of ransomware and the devastating impact it can have.

Educate them: It's surprising the number of business owners and executives that are still unaware of the dangers of ransomware and the devastating impact it can have. Hold webinars, seminars and training sessions to get the word out. The cause for most infections is human error. Host education sessions with your clients' staff to educate them to be on the lookout for suspicious activity.

Lockdown admin usage: Users should never be allowed to run as local administrators on their machines. Restricting admin status helps minimize the damage should a user accidently stumble upon a virus.

Advanced Endpoint Protection (AEP): Antivirus products depend on definitions to protect against known infections, an approach which isn't much help against new viruses. Most of this new wave of AEP products are behavior-based and have other built-in protections such as computer forensics and rollback features to quickly bring systems back online should an event occur.

Image-based backups: Having such backups allow you to restore client servers faster and get back up and running more quickly. It's important to test the images at least monthly to ensure recovery is viable. The time to run a fire drill is NOT during a fire.

While there is no magic bullet to protect clients from such infections, these basic steps can help minimize the risks and damage of ransomware.