AVOID RANSOMWARE IN THREE STEPS

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Business

Posted By Gbaf News

Posted on July 28, 2017

Travel is one of many industries that are particularly at risk of cyber-attack because of the use of credit cards to make bookings internationally. So, it’s vitally important to tackle online threats with preparation, detection and mitigation.

AVOID RANSOMWARE IN THREE STEPS2 Online security has never been more critical for businesses. There has been a 300% increase in ransomware attacks from 2015 to 2016, with major cyber-security threats to organisations from hackers and on-line fraudsters looking to exploit any weaknesses they can find.

The WannaCry ransomware attack earlier in 2017 was the tip of the iceberg. In March 2017, Abta, the travel trade organisation, was hit by a cyber-attack that affected 43,000 customers, while Norwich airport’s website had to be taken down and entirely rebuilt over a course of three days because a hacker had breached its security.

Preparation

The first line of defence against any attack is preparation – making sure software is up-to-date, that your business is using anti-malware software, and educating employees and managers about the strong reasons for maintaining security at all time.

Having layers of security is another important element for organisations’ data security. Adding extra protection for vital data assets and hardware makes the attackers’ job even harder, so a thorough review of systems can make a company’s data much more secure.

There are other techniques which can also help. Virtual Account Numbers, or VANS, are temporary account numbers linked to a credit card which expire after making an online purchase. The use of VANS can reduce risk because if an attacker intercepts a VAN then the information cannot be used to make further purchases as the card number will have expired.

For consumers this is particularly useful, but even more so for businesses. For example, providers will automatically generate a card number so that travel agencies can pay suppliers like hotels, car hire companies and tour operators easily and with the knowledge that even if there is a data breach, it will be isolated and the information will be of no use to the attackers.

Detection

Even the best defences sometimes falter, and malware can gain access to your system. Links can be clicked accidentally or a late software patch can result in a temporary window of opportunity.A medium-sized organisation can expect to experience as many as 1,000 virus events in a month.

A file integrity monitoring service, which would flag unusual actions such as encrypting operating system files, is one detection option. By looking across devices, a security information and event management system will be able to analyse events across the network to find any anomalies.

Mitigation

Reducing the impact of ransomware is the last resort – if malware does manage to penetrate your system without detection then it’s possible that your data will be held to ransom. Planning for this eventuality means that instead of paying criminals a ransom, with no guarantee that they won’t ask for more money or that you’ll get access to your data, you can take other steps which will keep your business running. A disaster recovery plan is essential.

Backing up data is key. By having a recent and fully-functional copy of your data, you have the opportunity to restore your systems. It’s important to be able to detect when the ransomware infiltrated your system, so that you can set the right recovery point as well as understanding the process of restoration.

Testing your back-ups is an important element of this process –only by conducting regular and on-going recovery scenarios can you discover whether you could restore your data in the event of a disaster. There is an added benefit for most organisations which add systems and data to their IT environments over time – the test will reveal any gaps in your protection that might have emerged.

Apply the three steps

The three steps to protection from ransomware will create a “defence-in-depth” security environment for organisations. Examining uses for new types of security, such as VANs, is an important consideration to make when looking to strengthen security within a company.

Recommended for you