Learn how to stop cyber-attacks in their tracks with the ebook the ThreatLocker® team has put together with their decades of cybersecurity experience. The ebook includes the steps you need to take in order to better protect against ransomware. You’ll also see why the need for a policy-driven, Zero Trust, endpoint security solution has never been greater.
Default Deny
Starting with a default deny approach will enable any application to be blocked regardless of whether it is known or unknown malware. Default Deny has long been considered the gold standard in protecting businesses from known and unknown executables. Unlike antivirus, Default Deny puts you in control over what software, scripts, executables, and libraries can run on your endpoints and servers. This approach not only stops malicious software but also stops other unpermitted applications from running. This process greatly minimizes cyber threats and other rouge applications running on your network.
Add Dual Factor Authentication to Management Tools and Servers
Add Dual Factor Authentication onto your RMMs, Antivirus, Remote Control Software, and any other platform that could allow access to both you and your customers’ systems. Dual factor authentication should not be considered enhanced security for I.T. or MSP tools. It should be standard. Most platforms are free, so it makes it easy to enable this extra layer of security across all applications.
Lock Down your Perimeter Firewall
Protecting your perimeter firewall helps to better protect you against hackers. When you leave ports such as RDP open you become vulnerable to malicious attacks. First and foremost you need to lock down all direct connections to Remote Desktop or similar services. If you do need to publish RDS, do so using a Remote Desktop Gateway server and protect the gateway with dual-factor authentication.
Restrict User Access
Training your employees around the risks associated with cyber threats, and showing them what not to click often isn’t enough. We need to help them better protect themselves and with Ringfencing, you can do just that.
Ringfencing allows you to define rulesets governing how an application can interact with other applications, and what resources an application can access. For example – If both PowerShell and Microsoft Office are required in your environment, that does not mean that Microsoft Office needs to be able to interact with PowerShell. Create Ringfencing policies to stop user frontend applications from interacting with system tools. Then create policies to stop applications like RegSRV32 and PowerShell from accessing the internet.
Don’t Just Look for Malware, Look for the Footholds
Antivirus software often focuses on searching for active malware, but far too often dead services or scheduled tasks are left dormant causing no harm until a set date and time. Use additional layers such as threat hunting to detect and remediate these threats. “Cyber threat hunters bring a human element to enterprise security, complementing automated systems. They are skilled IT security professionals who search, log, monitor and neutralize threats before they can cause serious problems”, reports IBM. Threat hunters will dedicate their time to finding hidden malware so they can prevent a cyber-attack from happening. Not only does this add an extra layer of reliability to any cyber security stack, but it also minimizes the damage that the attack could have caused.
Set Default Lockout Group Policies
A lockout policy enables administrators to determine how long a user should be locked out of their account. For example, if a user were to forget their password a certain amount of times, the user would automatically be locked out. This enables the administrator to ensure that an attacker can’t use a dictionary or a brute force attack to try and guess the user’s password. This process is free and can be completed in no time at all. Admins need to simply set the default lock policy on computers to 10 minutes, or a reasonable number. Leaving machines unlocked, or forgetting your password will leave your machine vulnerable to cyber-attacks. Always assume hackers have the means to exploit any computer at any time and start locking your machine or setting lockout group policies.
Patch your Computers
In 2017, Equifax were hit with a huge data breach. More than 143 million U.S consumers were affected, sensitive information was stolen, including credit card numbers, phone numbers, social security numbers, etc. The result? Equifax had to pay almost $1billion in legal fees and additional charges. Their reputation was compromised, their customers were fleeing, and their future was up in the air. During the investigation, it was discovered that the breach was the result of an unpatched web application. Hackers were able to get in and hijack their computer systems and network. As you can see, patching is not optional. Always make sure your machines are up-to-date and patched with the latest software.
Disable Macros
Macros are automated input sequences used to imitate mouse action or keyboard clicks. These programmable patterns are then used to automate work and trim down the time it takes to complete tasks on programs such as Microsoft Excel and Word.
Unfortunately, hackers can exploit macros, turning them into malicious viruses that will hijack machines. With so many businesses across the globe now using automated programs to complete tasks, macro attacks are dramatically increasing. You can avoid macro attacks by simply disabling them on your machine using a group policy or doing it manually. If you don’t need them, it’s better to disable them before it’s too late.
Use Secure Passwords
Using a strong and secure password is a vital step when it comes to better protecting your data. Hackers are extremely clever. They use software to crack passwords, enabling them to crack even the toughest of passwords. Having a long and complex password full of numbers, capital letters, special characters, etc, will help your data stay protected. There are a huge variety of password generator tools available, and password managers, which will help you generate an unhackable password and keep your data safe. The more you do to protect your data, the harder it will be for hackers to gain access to it.
Monitor your Domain Admins Groups
Monitoring your domain admin group is a vital step to becoming better protected. It is important you know who operates within this group and when new users are added. If a user is added without permission, or without the need to be a domain admin, you will increase the risk of a security breach. Your group should be limited to the minimum and monitored closely for any suspicious activity. If a hacker already has access to your system, it won’t take them long to insert themselves as a domain admin. In doing so they will have access to every machine, across every network. Once they carry out their attack, the effects will wreak havoc. Locking down your domain admin group will stop this from happening. It’s important to get ahead of the game before the hacker even has the chance to win.
Turn on the Windows Firewall
Did you know that ransomware attacks can propagate across your network? One of the easiest ways for ransomware to propagate is by using push installers. As scary as this may sound, there are ways you can mitigate this type of attack from happening.
Don’t Make Users Local Administrators
It is important to note that users who are local administrators can knowingly and unknowingly make changes to their system which can allow malware to infect the operating system. It is also worth noting that you probably won’t want to add domain user groups to the administrator group. If an attack is going to happen, doing the above will enable the attack to wreak havoc on your machines and network. Make sure you remove regular user accounts from the local administrator’s group. That includes your own account. If you need administrator access, use a second login.
For the full ebook and an overview of the ThreatLocker platform, see 12 Steps to Prevent Ransomware.
As a Holland, Michigan Managed Service Provider (MSP), we offer more than just server disaster recovery and break-fix IT support. We evaluate and organize your network, keeping your data backed up and secure—at all times. Don’t wait for server disaster to find a qualified Managed Services Provider. Reach out to Shoreline Technology Solutions today. Our information technology company will evaluate your network free-of-charge and provide you with best-in-class hardware and cloud-based solutions. We’re excited to hear from you!
President / Network Architect
Mark Kolean always had a fascination with technology from the time he was 3 and his gift of the Atari 2600 to current. In 1990 at the age of 14 Mark got his first job in customer support for a mail order business supporting Tandy TSR-80 computer software shipped on cassette tape. A few years later Mark was building hundreds of 286, 386, and 486 computers for the new emerging DOS & Windows 3.1 computers that had exploded on the market.
After a college career studying business and technology Mark Started Shoreline Computer Systems in 1999 at the height of the dot.com boom with the looming crisis of the year2k bug just around the corner. In the early 2000’s a lot of work was done with early network systems including Lantastic, Novell, and Windows NT Server. Mark became a community contributor to the Small Business Specialist community that revolved around Small Business Server 2000-2011 which focused on single or dual server environments for businesses up to 50 in size. Networks during this time frame mostly had a break fix relationship in which work was billed only when a problem occurred.
In the 2010’s Microsoft released their first cloud based software called Microsoft BPOS which would in later become known as Microsoft Office 365. This introduced a new model in technology with pay as you go subscription services. Starting in 2013 Mark’s team at Shoreline Computer System rebranded as Shoreline Technology Solutions to focus on the transition to become proactive and less reactive to data backup and security needs. Starting in 2018 all customers are required to have a backup management plan in place as a center point with the full understanding that if STS isn’t watching the customer’s data, then no one is.
Now in Mark’s 22 years of business he is building a company emphasis of how to help customers retire servers and build networks completely in the cloud.
Leave a Reply