What should you have done to prevent ransomware

In last month’s article, we took a slightly different slant when it came to ransomware. As a few of our clients who didn’t have our complete suite of services were hit with ransomware over the past few months, I decided to do a postmortem after we recovered their files. So, the focus this month will be a continuation of what these offices should have done to prevent a ransomware attack.

Disable Macros

Macros were considered magic in the 1990s. We lived in a world of automatic documents and spreadsheets. Unfortunately, it wasn’t long before attackers realized they could automate the same processes to attack our computers. As we quickly approach 2021, macros are seldom used; if you don’t need them, disable them. You can disable macros using Group Policy, in Microsoft Office, or manually on the computer.

Use Secure Passwords

I am amazed at the number of dental offices who sign up for services with IT providers and complain about the password complexity requirements being too long. Our requirements are not long at all. Confirm that your users are using secure passwords and be sure to use secure and unique admin account passwords.

Monitor Your Domain Admin Group

As the years go by, you will find more and more users have been added to the domain admin group on your domain controllers. Users should never be running as domain administrators! Check your domain admin groups, and remove everyone apart from a limited number of users. While you are at it, rename your default administrator accounts.

Turn on Windows Firewall

For ransomware attacks to be successful, they need to propagate across your network. One of the easiest ways for ransomware to propagate is by using push installers. Turn on your Windows Firewall or another personal firewall.

Perimeter firewalls are not enough, so always assume your perimeter has been breached. Even if you are running servers that require dangerous ports to be opened, develop the habit of turning on the firewall and opening those ports. Most servers do not need the Remote Procedure Call (RPC) ports to be opened, and if they do, only open them when it is required.

Don’t Make Users Local Administrators

This week we had a client who hired a new front desk associate, and she needed to install a printer. The installer required her to be a local administrator, and it would have been the easiest thing in the world to make her one.

However, this simplicity comes at a severe cost. Users who are local administrators can knowingly and unknowingly make changes to their system that allow malware to get deep within the operating system.

Create Discrete Administrator Accounts

Even worse than making a user a local administrator is adding the domain users group to the administrators group on the local computer. Not only does the user now have system-level access to their machine, but they also have system-level access to all computers on your network. Make sure you remove regular user accounts from the local administrators group. That includes your own account. If you need administrator access, use a second login.

Although many of these things may seem difficult and time-consuming, they should be second nature to your IT company, which can easily implement them for you.

At the end of the day, the ultimate responsibility lies with you to be as secure as you can and limit your practice’s risk to attacks and people who want to separate you from your data (and your money).