Recent news that a hospital in Los Angeles forked over $17,000 in ransom to hackers who infiltrated its record-keeping system, and held the data hostage, renews fears about the safety of our most sensitive information. If hackers can capture records and hold them for ransom – which most companies pay with rapidity, by the way – couldn’t they also compromise the data itself, leading to a compromise in care?
The answer is yes, which is pretty scary. But it appears that, mostly, criminals don’t want to hurt people. They just want to make money – and they know that their victims will take the easiest and quickest path to restoration and simply pay the ransom to retrieve their precious data.
Because no network is invulnerable to the category of cyber-attack known as “ransomware,” the best weapon against them is simply a strong defense. And the best defense is obtained through a layered approach.
The best first line of defense is to have a good firewall. This product filters traffic as it comes into a network. But a firewall out of the box is not enough. It’s important to utilize the firewall’s security services (at additional cost) by licensing the firewalls to unlock features such as:
- Gateway Anti-virus: anti-virus scanning at the firewall level as internet traffic comes in as opposed to an anti-virus that is on the workstation level.
- Intrusion prevention: this feature blocks traffic that is identified as a worm/Trojan/or other type of exploit. It also can be configured to block traffic from certain countries where the attacks are known to originate. For example, you can block all traffic coming from Russia or China, two common places of origin.
- Content filtering: setting up rules based on key words and groups such as “gambling,” “pornography,” “weapons,” etc., as well as categories of sites that are prohibited in a workplace environment, since many of those types of sites contain embedded threats which can infect a user’s machine.
A second layer of defense is to install anti-virus software on the local machine. If traffic does not originate from the internet – such as someone bringing in an infected laptop to the network – it’s important for all other machines to have active anti-virus installed on them.
Of course, technical solutions can never be 100% foolproof, but a layered approach – coupled with consistent monitoring and maintenance, such as patching (which addresses known viruses) – is always non-negotiable.