Insights
INSIGHTS
All Topics
Four Steps To Mitigating Malware
30 Sep 2020by Cub Llewelyn Davies
Experts from the NCSC offer guidance on dealing with a ransomware attack
Over the last six months, we have witnessed an unprecedented change in the way we live and work. As more and more of our lives move into the digital realm, we spend an increasing amount of time online.
Whilst this has had a great effect on the UK charity sector – enabling charities to continue running vital fundraising operations and service delivery – it has given rise to a new wave of cyber crime.
This change in the public’s digital behaviour has led to a change in the nature of cyber attacks, as well as a change in the way they are conducted. One of the key changes is the growing threat from ransomware attacks.
This is why NCSC have updated their mitigating malware and ransomware guidance to ensure that it reflects the changing nature of the incidents we are dealing with.
This guidance restates the main messages within the NCSC Small Charities Guide with a few notable changes.
Specifically, the NCSC have:
- Added a new section to help organisations prepare for an incident
- Updated information the attackers’ modus operandi
- Provided additional detail regarding backups, preventing malware from being delivered, spreading to devices, and running on them
- Re-emphasised key messaging on what to do if your organisation has already been infected with malware
Related Articles
Whilst we recognise that not all charities have crack teams of security architects at their disposal, we believe this guidance provides an achievable set of actions that most organisations will be able to implement. For this reason, the NCSC have also included additional and updated references to resources, which will help you prepare and respond to malware attacks.
Malware attacks, in particular those utilising ransomware, can be devastating for organisations because computer systems are no longer available to use, and in some cases, data may never be recovered. If recovery is possible, it can take several weeks, but your charities reputation could take a lot longer to recover. This can have drastic knock-on consequences for your organisation’s fundraising and public relations campaigns.
The updated guidance and steps listed below will help your charity deal with the effects of malware (which includes ransomware). It provides actions to help organisations prevent a malware infection, but if you’ve already been infected with malware, please refer to the NCSC’s list of urgent steps to take
The four main mitigation steps can be summarised as follows:
Step 1: Make regular backups
Up-to-date backups are the most effective way of recovering from a ransomware attack.
Step 2: Prevent malware from being delivered and spreading to devices
Reduce the likelihood of malicious content reaching your devices through a combination of:
- Filtering to only allow file types you would expect to receive
- Blocking websites that are known to be malicious
- Actively inspecting content
- Using signatures to block known malicious code
Step 3: Prevent malware from running on devices
A ’defence in depth’ approach assumes that malware will reach your devices.
You should therefore take steps to prevent malware from running.
Step 4: Prepare for an incident
Identify your critical assets and determine the impact to these if they were affected by a malware attack.
Following the updated guidance and steps listed above will decrease the likelihood of your charity becoming infected, reduce the spread of malware throughout your organisation and minimise the impact of the infection.
By following these four steps you will give your organisation the best possible chance of mitigating the effects of a malware or ransomware attack.
Learn More
Read more about the NCSC guidance
More on this topic
Related Content
Recommended Products
21 Nov 2024by Josie Sparling
How one charity more than doubled its event’s incomeSponsored Article
21 Nov 2024by Ioan Marc Jones
How to make Christmas cards and fundraise for charity
Our Events
Charity Digital Academy
Our courses aim, in just three hours, to enhance soft skills and hard skills, boost your knowledge of finance and artificial intelligence, and supercharge your digital capabilities. Check out some of the incredible options by clicking here.
© 2022 Charity Digital Trust. All rights reserved
