All I Want For Christmas is... Ransomware?

Written by

We are fast approaching the busiest time of year for retail, both online and offline, with Black Friday and Cyber Monday huge in the US and becoming a growing trend in the UK. This is then followed by ‘Mega Monday’, ‘Sofa Sunday’, Christmas, then the January sales.

A report from Mintel earlier this year found that 25% of consumers in the UK said they will be shopping online more for Christmas 2014. For the last few years retailers have predicted electronic gadgets would be top of consumer wish lists, and that looks set to continue this year with the ever-growing popularity of wearable technology, smartphones and tablets.

Due to the widespread adoption of Bring Your Own Device (BYOD) it’s highly likely that a number of these devices will end up in the workplace. This could backfire on organizations who may find themselves unwrapping some very unpleasant ‘gifts’, such as ransomware, come the New Year.

So how should businesses ensure that unwanted malware and infections do not enter the workplace? Here five tips that should be shared throughout an organization.

1. Register Devices Instantly

With the risk of security threats on the increase, one thing manufacturers are getting better at is notifying users of vulnerabilities and potential threats. It requires hardly any effort to register a device, but it is often overlooked. By registering, your employees are ensuring the delivery of immediate and direct infection alerts, empowering them to take appropriate action as soon as a threat appears.   

2. Patch and Update Devices Accordingly

It’s fairly common for users to delay updating their devices due to time constraints and a fear of change. However, with these updates come the latest firmware to address any known security issues and provide important protection. With new threats constantly arising, updating devices regularly must be actively encouraged.

3. Turn off Unused Features

Unnecessary apps that come pre-installed that are unsafe or downloaded unknowingly can often open a device up to risk of infection. A simple way to protect against un-needed or unused apps is to look through your device’s settings and disable them. The apps associated with network-attached storage are a good starting point. This will limit the opportunities for infection on devices and potentially networks.

4. Make Use of Existing Security Features

Most devices come with security features installed, such as a lockout function after a number of failed password attempts. Many devices even allow control over which IP addresses are allowed configuration capabilities, and most have anti-virus built in. However, large numbers of users are unaware of these features and, as a result, more often than not they go unused. Taking advantage of these built-in options is a really simple way to boost security.

5. Constant Monitoring

Last but certainly not least, one of the best ways to avoid risk and prevent infection is to continually monitor devices. Activity logs, reports and performance metrics are vital to help detect any compromise of a device or network.

The Christmas period is primetime for cyber-criminals. With large numbers of devices falling into the hands of naïve consumers, criminals are ready and waiting with malware designed to take over any connected device that could give them access to any number of organizations and businesses. It’s vitally important for businesses to therefore take simple but effective security measures to protect their networks, without compromising the clear advantage of employees’ willingness to adopt BYOD practices. 

About the Author

Ian Trump is an ITIL certified IT consultant with 17 years of experience in IT security and information technology. He is a board member of the Canadian Cyber Defense Challenge and IC2, as well as an editorial review board member for the EDP Audit, Control, and Security newsletter. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch. In 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. As CTO for Octopi Managed Services Inc., he is currently managing all IT projects for the Canadian Museum for Human Rights.

What’s hot on Infosecurity Magazine?