Former cybercriminal gives tips for companies to protect themselves from ransomware

Ransomware attacks are still on the rise, being one of the fastest growing examples of cybercrime during the pandemic. Studies show that, until September

, the category had an increase of 90% in cases compared to the same period last year, with huge attacks being carried out on large companies, such as the NBA and JBS.

  • 8 tips to improve the security and privacy of your Facebook account
  • tips to avoid attacks, fraud and scams on mobile
  • 7 tips to avoid falling into online financial pyramid scams

The basic security procedures against virtual kidnapping attacks are already well disseminated on the internet, especially the tip to be careful with what is clicked or downloaded during the computer use. However, for a former criminal in the area, there are tips that can help even more companies to protect themselves from this type of scam.

Giovanni Natale, who in the virtual world goes by the name of “Johnny Xmas”, participated in many cyber crimes during his youth, but left that life behind and became a security expert presenting , on the Entrepreneur website, 5 not-so-common tips for protecting companies from ransonware attacks.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

The expert’s tips

Have multi-factor authentication for all employees

Multifactor authentication means that users, after entering the username and password, have to validate access with a code, which can be sent by SMS, email or other means. According to “Xmas”, attackers are devastated when faced with such security, since the time in which the validation code expires, usually 10 seconds, is too short for them to try to force entry by guessing the combination. It’s a simple tip, but, according to the expert, very effective.

Check if outsourced services have adequate security methods

For companies that use outsourced services, for example, in the payment or human resources sectors, it is important to verify that the security solution used by them is effective, especially if these outsourced workers have access to network infrastructure of the company they are serving.

“Xmas” suggests that, before signing any contract, both the data protection procedures of the outsourced services and security audits previously carried out by them should be checked , so that you have full knowledge of what type of company they are doing business with.

Avoid using personal computers at the home-office

“Xmas” states that it is important that employees who work at home-office use only corporate computers provided by the company. These machines have the same antivirus and protection solutions installed on the devices used in the company itself, and have access to the same security updates – two factors not possible on personal computers, which means that if they do, the corporate network may have a vulnerability unknown to the security industry.

Have a dedicated IT and security team

It is necessary that companies have a team dedicated to IT and security, with employees who have experience in the area to be able to manage the demands of these sectors. The team should also be responsible for submitting security policy projects, where the permitted uses of the company’s hardware are defined.

The team should also be responsible for recording all updates security and firewall configuration for the company’s network. In addition, it must be audited frequently, so that the actions being taken under its command are always known to the company.

If there is any doubt whether a company really needs this team, “Xmas ” believes that if the company is big enough to need an external website and its own e-mail to be up and running, it needs an IT professional, too.

Perform and audit backups

Backing up content that is saved in the cloud, especially critical company files, is important, as is auditing them. “Xmas” recommends that every backup, after performed, has its content tested, mainly to check if the cloud service or even the external disk used are working correctly.

According to the security specialist, many sectors of the company may think that, just because they have performed the backups, the data is already safe. However, as there is a large amount of files being copied, there is a possibility that some of them will be lost in the process. Auditing prevents this, as the check realizes what information is missing or not transferred correctly and performs the copy again.

Source: Entrepreneur

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

Related Articles

Back to top button