Ransomware can destroy or devastate an organization in minutes. In the last few months, ransomware attacks affected high-profile groups; from the government of Costa Rica, to healthcare systems, to Maple Leaf Foods, influencing the availability of government services, access to critical care and supermarket products.
For cyber criminals, ransomware deployment is a lucrative business, as organizations have shown willingness to pay tens of millions in order to retrieve stolen data. But a payout isn’t the way out, as it doesn’t guarantee safe data return or prevent continued hacking attempts.
A hyper-strategic ransomware attack prevention plan can empower your leaders and prevent attackers from gaining a foothold in your ecosystem. Leverage this ransomware prevention checklist to address ransomware’s proliferation and to avoid the expensive, time-consuming, and nerve-wracking restoration of environments.
What is a ransomware attack?
A ransomware attack is a malware attack intended to prevent a user or organization from accessing computer files. By encrypting files and requesting ransom payment in exchange for the decryption key, attackers force organizations to decide on whether paying a ransom is the fastest and easiest way to recover files. In many cases, it is. However, paying for file recovery comes with downsides, and file recovery is not guaranteed.
Ransomware represents the most prominent and visible type of malware out there. In recent years, ransomware attacks have rendered hospitals inoperable, crippled local governments, and caused damage to multiple organizations simultaneously.
The best means of contending with ransomware attacks involves preventing them from happening in the first place. In retaining a ransomware prevention strategy and by checking off items on a ransomware prevention checklist, your organization can stay ahead of ransomware threats.
Ransomware prevention checklist – table of contents
- Employee ransomware threat education
- Up-to-date firewalls and antivirus
- Email filtering systems
- Regular security assessments and data scans
- Access controls
- Endpoint protection
- Ongoing monitoring of networks and devices
- Two-factor authentication
- Backup data
- Security check-ups
Ransomware prevention checklist
1. Employee ransomware threat education. Organizations must provide information security training to employees. This should include information about ransomware attacks; from how they start, to how to respond to them.
Because ransomware attacks are commonly distributed via email, training should also cover email security threats. Learning modules should contain information about phishing, malicious attachments, removable media (USBs) and phony links.
For successful training, training should be ongoing as opposed to an annual event. Consistently introduce new information to employees, especially those who work from home. Cyber attacks that start in home-office locations can prove particularly challenging to detect ahead of damage infliction.
Training employees to detect security threats, including ransomware, saves organizations time and money. Investing the resources in employee training reduces the risk of an expensive cyber security incident.
2. Up-to-date firewalls and antivirus. Most organizations already own firewalls and/or antivirus software. However, these systems aren’t so effective when they’re outdated. Ensure that firewall and antivirus software are up-to-date.
In improving your ransomware prevention game, consider next generation firewalls (NGFWs). These tools retain the most advanced threat prevention and have a consolidated management schematic. NGFWs can also reduce security complexity and lower overall security costs.
3. Install an email filtering system. While the majority of email clients (Google, Outlook) offer built-in spam filtering, these types of programs can’t catch more sophisticated email threats. Ensure that all potentially malicious content is caught. Invest in an email filtering tool that can secure all incoming emails.
Look for an email security solution that deploys via API, detects anomalies, and that can offer defense-in-depth.
Some email security software can even identify messages from compromised vendors. The software then prevents compromised vendor emails from appearing in users’ inboxes.
4. Regular security assessments and data scans. Conducting regular security assessments is critical. Regular security assessments enable administrators to aggregate risk. It can also help organizations identify vulnerabilities. More knowledge about which risks exist will help administrators decide on how to best offset the risks.
Risk assessments also provide a path for categorizing data. Data can be categorized according to level of sensitivity. This categorization becomes useful as organizations go about assigning access controls.
5. Access controls. Access controls ensure that highly sensitive data is only accessible by users who genuinely need access to this information in order to complete day-to-day tasks. Access controls help preserve the security of data. The zero trust security framework and identity access management software can mitigate information risk. In turn, this reduces the likelihood of experiencing a credential-theft based data breach that exposes sensitive organizational information.
Access control allows for tracking of activities and analysis of information for the purpose of discovering potential access violations. Access control models vary. Organizations commonly use:
– Role-based access control (RBAC). This type of access control grants access permissions based on whether or not access is necessary for employees to perform job duties. Permissions can be granted either individually or in groups, based on prescribed roles and business needs.
-Discretionary access control. This type of access control allows the owner of a file or system to decide on who has access. Access remains at the owner’s discretion. Discretionary access control (DAC) may be used in conjunction with RBAC, or not.
-Mandatory access control (MAC). This type of access control involves a central security authority that distributes access to resources based on certain categorizations. In this type of system an individual may not have the ability to modify a file or resource, despite the fact that they may ‘own’ the file. Government and military organizations that handle sensitive information sometimes use MAC systems.
There is no one-size-fits all approach when it comes to access control.
6. Endpoint protection. Get endpoint protection with built-in Anti-Ransomware protection. These types of comprehensive endpoint security solutions can protect against a variety of complex threats.For simple administration, select an endpoint security suite that allows for centralized management via a single management console.
7. Ongoing monitoring of networks and devices. Manage your networks via a single network management solution. Such solutions allow for responsible monitoring of the state of the network. They also allow administrators to easily take action that can improve network security and performance.
Network management offers a holistic view of an organization’s network across multiple different vendors and devices. As a result, organizations can understand network patterns and more easily identify anomalies.
Network monitoring also makes it possible for an organization to determine which devices are network connected. Insights into this information help improve network security overall.
8. Two-factor authentication. Two-factor authentication or multi-factor authentication require for users to provide two or more pieces of evidence to an authentication mechanism. This type of authentication complicates system access for cyber criminals who attempt to infiltrate via stolen credentials.
9. Patching. Patch management resolves vulnerabilities on software and in applications susceptible to cyber attacks. IT and cyber security professionals should strive to ensure that all software is patched and updated. Otherwise cyber criminals can potentially exploit vulnerabilities, leading to a ransomware attack. Patching represents one of the most important mitigation techniques when it comes to reducing your organization’s risk of encountering ransomware.
10. Backup data. Organizations that cannot restore data from backup systems often feel forced to pay cyber criminal ransoms. Avoid paying millions. Ensure that your organization retains a strong data backup strategy. Leverage the 3-2-1 principle. This entails storing data in three separate locations, on two types of storage devices, with one copy located off-site. In the event of a ransomware attack, restoring from data backups is cost-effective, comprehensive and less complex than other options.
11. Get a security check-up. Major cyber security vendors offer assessment tools that organizations can leverage to identify attacks already operating within enterprise ecosystems. Tools from Check Point Software are available at no charge.
Additional ransomware prevention tips
Another consideration for organizations includes deception technology. While it’s not an essential cyber security tool, deception technologies can help protect systems. When deployed correctly, deception technologies imitate servers, applications and/or data, leaving hackers ‘going the wrong way’ if they manage to get into your systems.
Another advantage of deception technology? It gives organizations another tool through which to discover hackers lurking in systems. The faster that organizations find hackers, the less damage organizations are likely to see.
Ransomware resource roundup
Would you like more ransomware insights?
Explore these resources:
- CISO’s Guide to Ransomware eBook
- How to execute a successful ransomware tabletop exercise
- Ransomware-as-a-Service: Exposing the Underground Economy…
- 7 noteworthy ransomware predictions for the new year
- Reconsidering your Cyber Strategy: The Case for a Consolidated Architecture
Ransomware can disrupt your organization at any moment. A ransomware attack on your enterprise can also affect your vendors, partners and clients. Downstream consequences include supply chain issues, litigation, financial penalties, and loss of business.
It’s best to prevent ransomware. Reread this ransomware prevention checklist on a regular basis to ensure that your organization’s security measures up.
Lastly, to receive cutting-edge cyber security news, exclusive interviews, expert analyses and security resources, please sign up for the CyberTalk.org newsletter.