4U Computer Solutions
0800 48 2667

Explore our Insights

  • BROWSE BY SOLUTIONS
  • Business Continuity, Cyber Security

Stop Ransomware in Its Tracks: What you can do now

Ransomware isn’t a jump scare. It’s a slow build.

In many cases, it begins days, or even weeks, before encryption, with something mundane, like a login that never should have succeeded.

That’s why an effective ransomware defense plan is about more than deploying anti-malware. It’s about preventing unauthorized access from gaining traction.

Here’s a five-step approach you can implement across your small-business environment without turning security into a daily obstacle course.

Why Ransomware Is Harder to Stop Once It Starts

Ransomware is rarely a single event. It’s typically a sequence: initial access, privilege escalation, lateral movement, data access, often data theft, and finally encryption once the attacker can inflict maximum damage.

That’s why relying on late-stage defenses tends to get messy.

Once an attacker has valid access and elevated privileges, they can move faster than most teams can investigate. Microsoft says, “In most cases attackers are no longer breaking in, they’re logging in.”

By the time encryption begins, options are limited. The general guidance from law enforcement and cybersecurity agencies is clear: don’t pay the ransom, there’s no guarantee you’ll recover your data, and payment can encourage further attacks.

There isn’t a silver bullet for preventing a ransomware attack. A ransomware defense plan is most effective when it disrupts the attack before encryption ever begins. That’s why recovery needs to be engineered upfront, not improvised mid-incident.

The goal isn’t “stop every threat forever.” The goal is to break the chain early and limit how far an attacker can move. And if the worst happens, you want recovery to be predictable.

The 5-Step Ransomware Defense Plan

This ransomware defense plan is built to disrupt the attack chain early, contain the damage if access is gained, and ensure recovery is dependable. Each step is practical, easy to implement, and repeatable across small-business environments..

Step 1: Phishing-Resistant Sign-Ins

Most ransomware incidents still begin with stolen credentials. The fastest win is to make “logging in” harder to fake and harder to reuse once compromised.

What this means: “Phishing-resistant” sign-ins are authentication methods that can’t be easily compromised by fake login pages or intercepted one-time codes. It’s the difference between “MFA is enabled” and “MFA still works when someone is specifically targeted.”

Do this first:

  • Enforce strong MFA across all accounts, with priority given to admin accounts and remote access
  • Eliminate legacy authentication methods that weaken your security baseline
  • Implement conditional access rules, such as step-up verification for high-risk sign-ins, new devices, or unusual locations

Step 2: Least Privilege + Separation

What this means: “Least privilege” means each account gets only the access it needs to do its job, and nothing more.

“Separation” means keeping administrative privileges distinct from everyday user activity, so a single compromised login doesn’t hand over control of the entire business.

NIST recommends verifying that “each account has only the necessary access following the principle of least privilege.”

Practical moves:

  • Keep administrative accounts separate from everyday user accounts
  • Eliminate shared logins and minimize broad “everyone has access” groups
  • Limit administrative tools to only the specific people and devices that genuinely require them

Step 3: Close known holes

What this means: “Known holes” are vulnerabilities attackers already know how to exploit, typically because systems are unpatched, exposed to the internet, or running outdated software. This step is about eliminating easy wins for attackers before they can take advantage of them.

Make it measurable:

  • Set clear patch guidelines: critical vulnerabilities addressed immediately, high-risk issues next, and all others on a defined schedule
  • Prioritize internet-facing systems and remote access infrastructure
  • Cover third-party applications as well, not just the operating system

Step 4: Early detection

What this means: Early detection means identifying ransomware warning signs before encryption spreads across the environment.

Think alerts for unusual behavior that enable rapid containment, not a help desk ticket reporting that files suddenly won’t open.

A strong baseline includes:

Step 5: Secure, Tested Backups

What this means: “Secure, tested backups” are backups that attackers can’t easily access or encrypt, and that you’ve verified you can restore successfully when it matters most.

Both NIST’s ransomware guidance and the UK NCSC emphasize that backups must be protected and restorable. NIST specifically calls out the need to “secure and isolate backups.”

Keep backups up-to-date so you can recover “without having to pay a ransom”, and check that you know how to restore your files.

Make backups real:

  • Keep at least one backup copy isolated from the main environment.
  • Run restore drills on a schedule
  • Define recovery priorities ahead of time, what needs to be restored first, and in what sequence

Stay Out of Crisis Mode

Ransomware succeeds when environments are reactive, when everything feels urgent, unclear, and improvised.

A strong ransomware defense plan does the opposite. It turns common failure points into predictable, enforced defaults.

You don’t need to rebuild your entire security program overnight. Start with the weakest link in your environment, tighten it, and standardize it.

When the fundamentals are consistently enforced and regularly tested, ransomware shifts from a headline-level crisis to a contained incident you’re prepared to manage.

If you’d like help assessing your current defenses and building a practical, repeatable ransomware protection plan, contact us today to schedule a consultation. We’ll help you identify your biggest exposure points and turn them into controlled, measurable safeguards.

  • Cyber Security

8-Character Passwords are Out of Date – How Should You Stay Protected Online?

For years, we’ve been told that “8 characters with a symbol” was safe.

This is no longer true.

According to the 2025 Hive Systems Password Table, a hacker using modern hardware can now crack an 8-character lowercase password in just 57 minutes.

Even with numbers and symbols added, short passwords are often broken in days.

The most effective defense today is length.

A password over 14 characters takes far longer to crack than a short one, regardless of how many special characters you add.

So what can you do?

The best option is to use passphrase passwords! You can easily make these for free with tools like BitWarden’s Passphrase Generator. Here’s an example of a great password that hackers would struggle to crack.

We use BitWarden passphrases for all our internal passwords as well as our client logins, so we know they work! BitWarden is a great password manager – not only does it create these long and hard to remember passwords, but it also stores them for you. Personal plans start free, and business plans are very affordable and scalable for small teams to big corporations.

If you need advice or help setting up cyber security for your business, big or small, we’re here to help!

  • AI & Automation

How to Use AI for Business Productivity While Staying Cyber-Secure

Most organizations have realized that AI is not a sentient system looking to take over the world, but rather an invaluable tool. They have come to utilize it to improve their productivity and efficiency. AI solutions have been installed at an astounding rate. Some are used to automate repetitive tasks and to provide enriched data analysis on a previously unrealized level. While this can certainly boost productivity, it is also troubling from a data security, privacy, and cyber threat perspective. The crux of this conundrum is how the power of AI can be harnessed to remain competitive while eliminating cybersecurity risks.

The Rise of AI

AI is no longer just a tool for massive enterprises. It is a tool every organization can use. Cloud-based systems and machine learning APIs have become more affordable and necessary in the modern-day business climate for small and medium-sized businesses (SMBs).

  • AI has become common in the following ways:
  • Email and meeting scheduling
  • Customer service automation
  • Sales forecasting
  • Document generation and summarization
  • Invoice processing
  • Data analytics

Cybersecurity threat detection AI tools help staff become more efficient, eliminating errors and helping make data-backed decisions. However, organizations need to take steps to limit cybersecurity issues.

AI Adoption Risks

An unfortunate side effect of increasing productivity through the use of AI-based tools is that it also expands the available attack surface for cyber attackers. Organizations must understand that implementing any new technology needs to be done with thoughtful consideration of how it might expose these various threats.

Data Leakage

order to operate, AI models need data. This can be sensitive customer data, financial information, or proprietary work products. If this information needs to be sent to third-party AI models, there must be a clear understanding of how and when this information will be used. In some cases, AI companies can store it, use it for training, or even leak this information for public consumption.

Shadow AI

Many employees use AI tools for their daily work. This might include generative platforms or online chatbots. Without proper vetting, these can cause compliance risks.

Overreliance and Automation Bias

Even when using AI tools, it is important for companies to continue their due diligence. Many users consider AI-generated content to always be accurate when, in fact, it is not. Relying on this information without checking it for accuracy can lead to poor decision-making.

Secure AI and Productivity

The steps necessary to secure potential security risks when utilizing AI tools are relatively straightforward.

Establish an AI Usage Policy

It is critical to set limits and guidelines for AI use prior to installing any AI tools. Be sure to define: · Approved AI tools and vendors · Acceptable use cases · Prohibited data types · Data retention practices Educate users regarding the importance of AI security practices and how to properly use the tools installed to minimize the risk associated with using AI tools.

Choose Enterprise-Grade AI Platforms

One way to secure AI platforms is by ensuring that they offer the following: · GDPR, HIPAA, or SOC 2 compliant · Data residency controls · Do not use customer data for training · Provide encryption for data at rest and in transit

Segment Sensitive Data Access

Adopting role-based access controls (RBAC) provides better restrictions on data access. It allows AI tools access to only specific types of information.

Monitor AI Usage

It is essential to monitor AI usage across the organization to understand what information is being accessed and how it is being utilized, including: · Which users are accessing which tools

  • Cyber Security

Not sure what your ESET screen is trying to tell you?

If you use ESET on your computer, you’ve probably seen the big coloured bar across the top of the window: green, yellow, or red.

But what do those colours actually mean? And when is it time to give 4U Computer Solutions a call?

Here’s a simple guide to help you tell the difference between “all good” and “needs attention”.

When ESET is showing a green banner that says “You are protected”, you’re in good shape.

This means:

  • ESET is installed and running properly
  • Your virus definitions are up to date
  • Real-time scanning is active in the background
  • No urgent problems have been detected

You don’t need to do anything special when ESET is green. Just keep using your computer as normal and let it quietly do its job blocking threats in the background.

Tip: If you’re curious, you can still run a manual scan every now and then – especially before a big project or after plugging in a USB drive.

A yellow banner means ESET has spotted something that’s not quite right, but it’s usually not an emergency.

Common yellow warnings include:

  • Overdue scan – It’s been a while since your last full computer scan.
  • Outdated operating system – Windows or macOS updates are missing.
  • Pending restart – Your computer needs a reboot to finish installing updates.
  • License reminders – Your ESET license might be close to expiring.
  • Minor configuration issue – A setting isn’t ideal, but you’re not completely unprotected.

What to do:

  1. Read the message on the yellow banner. ESET will normally tell you exactly what it’s unhappy about.
  2. Click the suggested action (for example, “Run scan”, “Restart computer”, or “See options”).
  3. If the yellow status doesn’t go away after you’ve followed the instructions – or you’re not sure what it’s asking for – give us a call and we’ll sort it.

Yellow is ESET’s way of saying: “You’re mostly safe, but something needs tidying up.”

A red banner is serious. It means there’s a problem that could leave your device, data, or business exposed.

A red ESET screen can be caused by:

  • Expired license – Protection has stopped because the subscription has run out.
  • Real-time protection disabled – ESET can’t actively scan files as you use them.
  • Detected threat not resolved – Malware was found and still needs action.
  • Failed updates – ESET can’t download the latest protection modules.
  • Critical system issue – For example, some security components in Windows aren’t working correctly.

What to do immediately:

  1. Read the red message carefully. Look for buttons like “Fix issue”, “Restart device”, or “Clean threat”.
  2. If you’re unsure what to click, or the red warning keeps coming back, contact 4U Computer Solutions straight away.
  3. Avoid logging into internet banking, accessing confidential files, or plugging in USB drives until the issue is resolved.

Red doesn’t always mean you’ve been hacked – but it does mean your protection is not working as it should, so it’s best to treat it as urgent.

How to Quickly Check Your ESET Status

You don’t always have to open the full program to see what’s going on:

  • On Windows, look for the ESET icon near the clock (bottom right).
    • Green icon = protected
    • Yellow icon = warning
    • Red icon = problem

If it’s yellow or red, double-click the icon to open ESET and see the full message.

When in Doubt, Ask Us

Security alerts can look scary, and it’s not always obvious whether something is urgent or not. That’s where we come in.

If your ESET screen is:

  • Green – relax, you’re protected.
  • Yellow – try the suggested action; contact us if it doesn’t clear.
  • Red – treat it as urgent and call us as soon as possible.

Our team at 4U Computer Solutions can remotely check your device, renew licenses, clean up infections, and make sure everything is running the way it should.

Whether it’s a simple restart or something more serious, we’re here to keep you protected.

4ucs-favicon

About 4U Computer Solutions

We’re a Taranaki-based managed service provider with long-standing experience supporting small and medium businesses across networking, servers, cloud, and security, backed by our own datacentre.

Need Help?
  • BROWSE BY TOPICS

Got a Question?

Fill out the form below.

Technical Support Request

Fill out the form below.