Do you remember the devastation caused by Wannacry, the incredibly sophisticated ransom ware which infected Windows Operating Systems in places as diverse as UK based hospitals and Chinese factory floors two years ago, encrypting data and essentially locking users out of it?

Well, the immediate threat from this tool was controlled when an expert on malware known as Malware Tech surprisingly discovered a URL on which the ransom ware used to send pings before initiating an attack. If the ransom ware found that the URL was unregistered, it got a go ahead to launch the attack, but when Malware Tech registered that domain for its own, it acted as a kill switch, essentially stopping the malicious malware in its tracks.

But the threat from it hasn’t subsided completely yet. It continues to lie dormant in thousands of systems across the globe, waiting for a small event like an internet outage or an accidental release of the URL to get reactivated again.

However, what’s more interesting to note here is that Microsoft had already issued a patch i.e. Microsoft Security Bulletin MS17 – 010, two months before the actual attacks even started which if updated in a system, would have essentially defanged this ransom ware. But many firms failed to update it in time, resulting in millions of dollars being paid in ransom amounts and in additional costs due to wasted productivity and restoration costs.

This implies that the level of cyber security threats to your data and systems has now grown to an alarming magnitude. If you don’t act actively towards managing those gaping holes in your cyber security infrastructures beginning from now, chances are that you will end up bearing part of the damages amounting to the tune of $11.5 billion, which is the expected cost of ransom ware related attacks in 2019.

Committing to do so will require a gargantuan effort on your part as long gone are the days when simple hacks like keeping a stronger password or activating two factor authentications would go towards long lengths in protecting you. Modern cybercriminals can get past these miniscule hurdles just by applying brute force attacks or even mauling your system with a DDoS attack.

Here are 5 steps you must take if you are serious enough to protect your system and data from such intricate ransom ware and malware attacks:

1. Plug Zero Day Vulnerabilities

No system in this world comes flawless. Unintended weaknesses are often left in software which is what cybercriminals primarily target by sending in zero-day exploits. The biggest shortcoming towards plugging such zero-day vulnerabilities comes in the shape of using software that is owned, operated and controlled by single entities, making it harder to weed out the problematic bits that easily.

If you are using such software, look out for patches for these zero day vulnerabilities being issued by the firm and then install them almost immediately. You can also setup your systems for automatic upgrades to such patches.

Another, much greater option that you can take here is to use Open source software, which is far more secure as its managed, run and audited by independent entities, making it harder for cybercriminals to find a crack they can get through from or exploit.

2. Build a Cascading and Walled Data Network

Compartmentalizing employee system access can play a huge role towards ensuring that damage can be restrained from cyber-attacks whenever they occur. Giving access to all sorts of data and system capabilities to each employee is not always necessary for operations to continue sublimely. By charting out the exact amount of access that each job role warrants, you could be saving your firm from a certain disaster waiting to happen.

Acting like breaks that protect all of the dominoes from falling at once, restricted access will not just protect you when the employee itself wants to instigate an attack but will also assist you in keeping a certain malware, that has been accidentally accessed or allowed by a person, limited to a restricted space, saving all of your systems from getting affected together.

3. Avoid older Software

Due to the expensive costs involved in upgrading to newer software and systems each year, most firms continue to deploy and run older versions in their operations. What most firms don’t realize here is that older versions of software heighten the risk to your cyber-security as they are not capable of handling newer forms of attacks due to inherent system weaknesses.

On top of this, many software development firms have this practice of retracting support from older versions of their OS. Cybercriminals wait anxiously for such events to take place as it gives them more leverage and room to mount ransom ware and malware attacks even more easily.

The looming threat regarding this issue was highlighted by a leading industry expert on ransom ware, Mr. Zohar Pinhasi when he commented about a related issue that was going to affect older versions of Windows OS in the upcoming future.

He said that “Windows 2008 and Windows 7 are widely used all around the world.

Microsoft will end support on 1/14/2020 and the Cyber terrorists are waiting for that. Based on our deep Cyber intelligence we gathered, the criminals are already in the works and getting ready for that day. My firm monster cloud strategically works on such issues and is striving hard to make the internet a better place. We want to make people aware in advance so we can stop data thefts in the future.”

Upgrading might cost money but that cost can be counted as a security expenditure that will ultimately result in saving you more money in the long term by protecting you from such devastating ransom ware and malware attacks.

4. Building Employee Awareness towards Spear Phishing

By gathering the personal information that users themselves document on platforms like social media and combining it with data driven, analytical tools, cybercriminals are now sending out incredibly targeted messages infected with malware/ransom ware links. This practice, also popularly known as spear phishing, is much more popular these days as its success rate is far higher than that of randomly sent, infected e-mails, which often end up in our spam.

These malicious emails also land up in our inboxes under the garb of exclusively discounted deals from easily recognizable brands during peak shopping festivals like Black Friday as cybercriminals try and exploit more ingenious ways to achieve their ends.

Training employees to not just identify various forms of threats related to this issue but to alert others about the suspicious messages can significantly reduce the impact that a breach being orchestrated can bring.

Teach them on how to correctly read email addresses and hover over links to read where they’re being redirected to in order to build their knowledge on what a spear phishing email appears like.

5. Start using VPNs

Threats like Man-in-the-middle attacks which can affect people using insecure networks like Public Wi-Fi, can allow cybercriminals to siphon off your valuable financial and personal data without you even knowing it. Leaving your connection vulnerable is not advised in this day and age where hackers don’t leave even a single area from where to target you from. The only protection you have to protect yourself and your online data in this regard is to use a VPN.

A virtual private network re-routes your connection through a secure server while also encrypting your data and making it pass through a safe tunnel, effectively sealing your internet communications off from any intended interference.

The security arsenal of modern day VPNs is so robust that it’s almost impossible for hackers to get through it. For e.g. the AES-256 military grade encryption used as an industry standard in the VPN domain cannot be bypassed even through a brute force attack involving thousands of supercomputers.

Deploying a VPN over your internet connection protects your online anonymity as well as allows you to conduct actions like financial transactions in a highly safe manner.

Conclusion

The ransom ware currently being floated around can encrypt your files in a flash resulting in valuable data being held hostage. Prevalence of anonymous payment methods like crypto currencies like Bit coin have also made it easier for such attacks to be complete successes as paying by that mode leaves virtually no sign of the beneficiary which can be used to track it down.

Building your cyber security safeguards is the only way through which you can ensure notorious ransom ware and malware from bringing your online operations to a complete halt, so act on these 5 steps to make it a lot more difficult for cybercriminals to permeate your systems in 2019.

Richard Agu is a researcher, entrepreneur and freelancer, passionate about entrepreneurship and self-development. Currently, Richard writes for Entrepreneur.com, Goodmenproject.com, among others. Follow him on Linkedin.com by clicking here now.