Ransomware is on the rise, but security leaders can fight back by implementing the scope of security’s best approaches for beating the bad guys when it comes to ransomware attacks.
1. Back up organizational data
This is the most prominent and most critically important measure any organization should be undertaking to enhance cybersecurity. As bad as a ransomware attack be, not all is lost if an organization has a rigid backup system of critical files. Redundancy in backups can help save enterprise data in the event of a ransomware attack via a local backup of files along with a secondary backup of files, such as files backed up in the cloud.
2. Perform annual security awareness training
While organizations spend an untold sum of money on security tools and solutions, they often fail to invest in security awareness training. After all, the best security tools are worthless without trained, knowledgeable, and competent employees, they are aware of emerging security issues and threats. There are several high-quality and cost-effective security awareness training solutions online. In terms of return on investment when it comes to safeguarding an organization, nothing beats out security attention training. The more acquainted a user is about current growing cybersecurity threats, the safer would be your organization.
3. Improve enterprise email security
Ransomware can enter into your surroundings in several ways, but often, it’s with a click of a link that the trouble begins. Think twice about emails, links, and attachments from unknown or distrustful sources. From a free cruise to the Bahamas to a guaranteed loan up to $50,000, these types of solicitations may very well be nothing more than overeager marketers, but they may also be ransomware attacks. Train employees to never take chances on suspicious emails, links, and attachments.
4. Patch organizational information systems
One of the most fundamentally necessary — yet often ignored — cybersecurity measures is undertaking regular security updates and patching critical systems. Security and patching should be an “across the board” measure, meaning that such initiatives should be applied to the network and infrastructure, production servers, and end-user workstations — all the computing systems that could be impacted by ransomware. High-profile breaches in recent years were often the result of security patches not being devoted to information systems. What organizations need should be clearly defined security and patch management policies, procedures, and methodologies.
5. Protect the network with an IDS
An intrusion detection system (IDS) helps alert security leaders to suspicious network tra ffic and related activity. When adequately fine-tuned by an experienced network engineer, an IDS becomes an essential element of an organization’s information security framework.
6. Using Whitelist applications
Applications that are not allowed on your network should be on the blacklist. Similarly, applications that are allowed should be on the whitelist. The concept is straightforward, but, unfortunately, many organizations fail to employ such basic measures. Whitelisting/blacklisting is a good practice, so make sure your organization implements this strategy.
7. Employ role-based access control
Not every employee needs access to every information system. That’s why organizations need to employ the well-known concept of role-based access control, known as RBAC. In the world of RBAC, users should be given the minimum and necessary access and permissions to systems for which they need to perform their job functions and nothing more.
8. Separate networks
There is an old saying that it’s not a clever idea to put all your eggs in one basket. This is especially true when it comes to cybersecurity. Information systems should be logically and/or physically siloed out into buckets to ensure proper isolation from one environment to the next. An attack against a flat network — where everything is behind one major network which has no segregation — could effectively knock out an organization’s entire information technology (IT) environment. Security leaders should separate the network to the best of their ability to protect the network in the event of an attack.
9. Perform vulnerability scans regularly
Scanning both internal and external-facing networks — known as vulnerability scanning — is essential to identifying critical security gaps and vulnerabilities. This should be fulfilled through a third-party scan.
10. Conduct an annual penetration test
It’s a good idea to perform a penetration test (pen test) annually or at least after substantial changes to an environment, as penetration testing is the single best indicator of how secure an organizational network is. When performed by capable personnel, a pen test provides a shred of meaningful evidence regarding the overall security of the IT environment. Many of today’s regulatory compliance mandates — PCI DSS, security operations center (SOC) audits, and more — require a pen test, and every business should execute an annual penetration test.
11. Monitor who has access to the environment
Access control is not just about internal employees, it’s about who on the externals can and does have access to sensitive enterprise data. Consultants, contractors, managed security services providers — they all are given access to the organizational environment, and that’s where the problem begins. It’s not that these individuals or companies are malicious — the bigger problem is that such access rights go uncontrolled, often left open and unrestricted long after employees or organizations need access. Hackers can often find these windows of opportunity, resulting in breaches.
12. Put in place a complete telecommuting/remote work policy
Everyone is remotely working nowadays, so companies need to have comprehensive guidelines and procedures that outline telecommuting and remote work practices. A good starting point is to begin by developing a telecommuting policy that covers best practices in terms of systems that can be accessed, the types of access used for secure connections, and much more.
13. Prohibit removable media devices
One of the biggest data breaches at the Department of Defense (DoD) happened when unsuspecting DoD personnel inserted USB drives loaded with malicious software onto the country military network. It took the DoD years to recover from the breach, but as a business, your organization may not have years to recover from a cyberattack. Bottom line — ditch the removable media devices and not authorize them on an organization network.
14. Watch where you surf
Safe websites can have a risk of ransomware and other dangerous malware finding their way onto enterprise devices and networks. What you need is to be attentive to such websites that offer enticing offers — and more specifically — websites that you have never heard of before. One of the most shared ways malware can spread is via websites with poisoned advertisings — a well-known concept known as Malvertising. Specifically, Malvertising is using online advertising to spread malware, which typically involves insinuating malicious or malware-laden advertisements into legitimate online advertising networks and webpages.