CHECK RDP LINK
RDP – or Remote Desk Protocol – is Microsoft tech that allows a local PC to connect to a remote device. You’d use it if you’ve worked from home. And many people neglect to close their open RDP links when they’ve finished with the connection, allowing cyber criminals easy access.
Scan for open ports regularly and start using multi-factor authentication (where you generate a login code on another device) if you don’t already.
Noticed new software on your device lately? It’s probably not an update.
Hackers typically gain access to one device, and then use particular software tools to access the entire network. Look out for anything you haven’t noticed before, but particularly apps called Angry IP, Advanced Port Scanner, and Microsoft Process Explorer.
Noticed a new admin on your system? It’s worth double checking that your IT team hasn’t added the new person.
Cyber criminals will set themselves up as administrators so that they can download the tools they need to carry out their attack of your network. And to do this, as well as the software mentioned above, they may also use other software called Process Hacker, IOBitUninstaller, or PCHunter.
These are all pieces of software that your business may legitimately use, but they can be used to uninstall security.
Of course, to carry out the perfect attack, your security software needs to be disabled. Some things called Active Controller and domain controllers will be disabled when the attack is imminent, and it’s likely that your back-up will be corrupted too.
Ensure that someone is regularly checking that software is active, and your backup is working as it should be.
Remember, ransomware attacks are usually slow, so these things won’t all appear at once. Vigilance is key here. Keep an eye out for anything unusual, and if you do spot something, no matter how minor, report it straight away. It could help stop a huge, costly attack on your business.