Tip #1: Ransomware
Ransomware is malicious software used by an attacker/suspect to unknowing encrypt the complainant's data and then request payment to unlock it. This typically happens on a Friday and the complainant doesn't realize it until the Monday. The encryption takes some time and having the weekend ensures a good portion if not all the data is locked.
This is generally done because Terminal Services (TS)/ Remote Desktop Protocol (RDP) is left open to the world to access.
This is a default application on Windows Operating Systems to allow remote access to the computer. It is typically only password protected which means attackers can continually guess a variety of different passwords a.k.a bruteforce their way in.
However, there is an easy fix. Don’t use Terminal Services / RDP. If you need to then limit it to only specific IP addresses which can access it, setup a Virtual Private Network (VPN) and or enable two-factor authentication (2FA). Whoever is running your IT will know about these technologies and should be able to implement these changes to protect your infrastructure.
If you are a victim of Ransomware then there are really only two options. Pay the ransom or restore from back up. If you have good backups (offline and up to date) then you can restore your environment and patch the security holes. If you know what type of Ransomware your infrastructure is infected with www.nomoreransom.org might have the decryption key. This site also contains additional information about ransomware in general.
Tip #2: Two-Factor Authentication (2FA)
Long complex passwords are good but adding Two-Factor Authentication is even better. So what is Two-Factor Authentication? Basically it’s another password that is unknown, randomly generated that is used in conjunction with the password you know. For example if I log into my email account I type in the password I created then I type in the password that is sent to me through an SMS message or using an authenticator app like Google Authenticator, Authy, Lastpass, Microsoft Authenicator to name a few. The second password is random and used only once and time sensitive.
Why would you want this to use this? If your password ever gets compromised the attacker cannot get in unless they have the second password provided by the Two-Factor Authentication. Most accounts you use will have this feature available and you can enable it with a few clicks. There are two main types, one through and SMS message (secure) and through and authentication app (more secure).
The SMS message is quite convenient but is tied to your phone number. The Two-Factor Authentication app is tied to that app at the time of creation making it way more secure. The codes are time sensitive keep changing after a set period like 30 seconds.
When possible enable Two-Factor Authentication. Most accounts will have this feature and it could save you from being exposed. Many sites have been breached and your username and password have been leaked without you even knowing. There are sites like https://haveibeenpwned.com where you can check to see if your email account have been on a list of data breaches. With Two-Factor Authentication turned on this will give you another layer of protection even if your password is known by the target.