8 best practices to prevent your data from being held hostage
Ransomware: The term used to describe malware that denies access to data or systems unless a ransom is paid to a cybercriminal. And whilst 74% of SMEs believe themselves too small to be subject to such a crime, every organisation is susceptible to such attacks.
Fortunately, there are many steps you can take to minimise your organization’s risk. Here are eight best practices we recommend to protect your organization against ransomware attacks:
1. Training and awareness
User training and awareness is paramount, and the first step to safeguard against ransomware. Make sure your staff are treating any suspicious email with caution, looking at the domain name that sent the email and reviewing the legitimacy of the request.
2. Email security
Ensure you have an email security solution in place that scans all attachments besides filtering for spyware and spam. Along with periodic user training and risk assessments, you should also conduct phishing vulnerability tests.
Whether personal or corporate devices, endpoints are particularly at risk if they are not managed by IT, or don’t have the right anti-malware protection. As newer ransomware variants are uniquely hashed, this will mean that signature-based anti-virus solutions will prove ineffective if not updated regularly.
Many users also turn off their virus scans so that it doesn’t slow their system down. To address these limitations, there are endpoint security solutions that use advanced machine learning and artificial intelligence to detect malware. They also have a small footprint, causing minimal performance overhead.
4. Mobile endpoints
Management of endpoints is a growing challenge and, as noted in the 2016 Dell Security Annual Threat Report, mobile devices are particularly vulnerable with emerging ransomware threats on the Android™ platform.
Contact your local IT support provider for specific advice surrounding Android mobile device users. Most ransomware will try to spread from the endpoint to the server/storage where all the data and mission critical applications reside. Segmenting
the network and keeping critical applications and devices isolated on a separate network or virtual LAN can limit the spread.
6. Backup and recovery
Another safeguard against having to pay ransom is a robust backup and recovery strategy. Back up your data regularly. There will be less data loss in case of infection
if there is a remote backup.
Ensure a smarter backup strategy through alignment of a solution that reflects the criticality of your data and the needs of your business through close evaluation or recovery point objectives (RPO) and recovery time objectives (RTO). This will ensure to you recover the most critical data in the least amount of time.
Finally, just having a strategy is not sufficient. Periodic testing of disaster recovery and business continuity is just as important.
7. Encrypted attacks
Having the right enterprise firewall that is able to scan all traffic irrespective of file size is also critical. With the rapid increase in SSL encrypted traffic, there is always a risk of downloading encrypted malware that is invisible to traditional firewalls. Hence it is important to ensure the firewall/IPS is able to decrypt and inspect encrypted traffic without slowing down the network significantly.
8. Monitoring and management
The enterprise firewall should be able to monitor both incoming and outgoing traffic, and block communication with blacklisted IP addresses as ransomware tries to establish contact with its command and control servers. In addition, it is crucial to update your software and operating systems regularly.
For more information on cybersecurity strategies, drop us a line at firstname.lastname@example.org or register for our next cybersecurity event on Tuesday 18th October via the same email address.