Backup, Backup, Backup
The first step you should take is to ensure that you are relying on a solid backup plan for your data. While backup technically is not a preventative method, it’s an essential first step to recovery. It’s an insurance policy that you hope you’ll never have to use.
Backup processes must be serialized, meaning that older versions of a backup should be kept for a set period of time. Simply writing over the last version with the most recent version often fails to alleviate the problem, because the most recent backup might be infected.
Backups should always be stored in an offline environment. Ransomware has evolved to the point that it knows to infect an entire connected network, which includes all shared and removeable drives. When creating an offline environment, don’t forget to disconnect the network mapping schemas where necessary. If your network mapping does not acknowledge a backup device, then the ransomware cannot get to it.
Finally, best practices dictate that you should routinely test your backups to make sure that they are capturing all the necessary data and are readily available if you need them.
Layered Approaches
Developing a security program through a layered approach is a fancy way of saying that you shouldn’t rely on a single form of security. Having multiple defenses in place helps ensure that you never receive any viruses in the first place.
Your business should already be utilizing technologies such as anti-virus software, web filtering and firewalls. Modern enterprise security software now contains personal firewalls and web filtering alongside the more traditional anti-malware. Talk to your local network security experts to learn what other technologies might be available to you.
Keep up to date
When it comes to network security, “setting it and forgetting it” simply will not work. Ransomware evolves, so your security approach needs to evolve with it. After adopting a layered approach, ensuring that operating system patches are installed as soon as they are available is essential.
Ransomware attacks are usually triggered by opportunity rather than specific events. Ransomware is designed to take advantage of network or system vulnerabilities that might be present rather than targeting precise system inadequacies. This is the reason why cybercriminals broadcast ransomware as widely as possible, in hopes that they may get that one in a thousand victim whose system is vulnerable.
Privileges and policies
How many people have a key to the front door of your house? Everybody you know, or just a few, chosen and trusted people? Your network is no different. We hope you trust your employees to do the right things. But that doesn’t mean everybody should be given free reign.
Ensure your employees’ privileges are vetted and are locked down. Different levels of employee should be accorded different levels of network access. It’s not about egos, or even trust. It’s about ensuring that if that brand-new employee unwittingly opens up an infected email that the damage can be contained based on their limited network privileges. If a network administrator, who has the highest level of network access, does the same thing, then perhaps it’s time for a new network administrator.
Enforceable, posted policies are always a good idea. If an employee is routinely reminded of the network and hardware usage policies that they should be following, they are more apt to stick to them and the risk of your network becoming infected is lessened.
Restoring a network after an infection is highly disruptive, and can be just as costly as paying a ransom. Make the effort to apply the proper security measures today so that you might avoid either consequence.
For more information on how to prevent ransomware attacks, please contact us.