Have you heard about “ransomware”? Imagine you log on to your computer and see a notice that says all your files have been encrypted. Sure enough, you can’t read any of them. But the ransomware company can decrypt them for a fee. Typically the small businesses that get infected have anti-virus software. This hack is so profitable that there are new versions of this malware all the time, and the bad guys are making versions that can tear through that single layer of defense like tearing paper.

I suspect you have anti-virus installed already too. But that is probably the only security layer you have. What if you could prevent the ransomware from ever getting to your computer and testing your anti-virus software? What if the internet itself blocked it?

There’s an even more important defense against this type of malware, and it’s absolutely free. Because it is so simple, and free, I’m listing it as the first layer of defense for data security.

It’s called “DNS filtering”.

The DNS system is the Internet’s address book. If a party is happening at “Tom’s house” you need Tom’s address. So you look in your contacts and see that Tom’s address is 123 Main Street. You are going to a party! When you type a URL like “acumenconsultingcompany.com” into your browser the browser does a look up also. Every web site is on a server connected to the Internet, and is identified by a string of digits called an “IP address”. Computers are great with numbers, but we remember names better. The “Domain Name System” (DNS) stores that number and links it to the domains on that server.

When the browser asks for “acumenconsultingcompany.com” the DNS system looks up the domain, and replies “go to IP address 162.211.87.138”. There are millions of servers on the Internet that have the DNS information stored, and it is constantly updated. For the geeky among us, it is fascinating to read how it all works, and it gets a lot more technical. But for our purposes today, let’s just remember that the DNS system has the server address linked to the domain name, and there are millions of servers that are part of DNS. Your computer connects to one of these DNS servers every time you click a new link or enter a new domain name into the address bar.

By Б.Өлзий (Own work) [CC BY-SA 4.0], via Wikimedia Commons

Did you know that your computer has a favorite DNS server? What if we put that DNS server to work for us, and told it not to allow us to visit any site that had been reported as having malware. Reporting happens very quickly. The anti-malware software companies have to program an update to protect their customers from it, and that takes some time. But the offending server that has the malware on it is reported very quickly.

OpenDNS has been providing this service for years. Because the DNS system is free and open by nature, anyone can use their public DNS servers and get the benefit of their early warning system. Here’s the link to set up your laptop, desktop, or network to use their DNS servers: OpenDNS Set Up Guide. I recommend using the DNS settings for each computer individually, as it then covers you when you are out and about.

OpenDNS also has some services that cost extra, like content filtering to prevent employees from visiting adult sites, and configurable filtering to block any category of site like social media. Cisco purchased OpenDNS some time ago and the commercial version is called “Umbrella”. You can read more about it at the Cisco Umbrella site. The minimum purchase is $380 per year ($38 per year per computer, with a minimum of 10 computers). That’s pretty steep for most of us. Let me know if you are interested in a “group buy” and I’ll see if Acumen can offer it at a better price point. I haven’t checked into that because most of us don’t really need the extra content filtering. But the malware protection? Heck yes!

Remember, anyone can use the public DNS servers they have set up and get the advantage of DNS filtering. My colleagues in the “managed services” industry tell me that they have eliminated ransomware attacks by following the simple instructions listed here. I have been using OpenDNS for years, and it works seamlessly. Do it today!

Acumen Consulting offers services to employ these four layers for you, so if you have an immediate need, please contact me. You can also download and install our new free app, Acumen Advisor that alerts you to problems with PC health when they happen.