- Protecting against ransomware needs to be embedded within every part of the organization. It is important clearly defined security policies are in place, trained upon and monitored for compliance. Implementing a security framework, such as NIST, can help ensure the appropriate level of controls are in place across the company. Policies and defined procedures surrounding back-up processes, incident management, disaster recovery and business continuity drastically reduce the risk associated with ransomware.
- Back-ups
- Back-up critical data often,
- Verify back-ups are protected against ransomware through encryption or offline storage,
- Verify back-ups can be restored,
- Verify your back-up configuration, platform and/or software solution are appropriate. Azure has a very impressive solution and set-up https://docs.microsoft.com/en-us/azure/backup/guidance-best-practices and software tools (such as Veeam) can also be helpful.
- Network security: Today’s security strategies are dependent upon appropriate network segmentation and firewall configuration.
- Install a firewall with intrusion prevention, zero-day sandboxing, and machine learning ransomware protection.
- Verify your firewall restricts access to VPN users and only allows authorized IP addresses.
- Disable non-essential ports and secure open ports by applying intrusion prevention protection.
- Enable transport layer security inspection to ensure threats are not entering your network through encrypted traffic flows
- Automatically isolate infected systems.
- Restrict access on a least privilege need to know basis to all systems, including the network, applications, file shares, on-line software solutions and services and cloud environments. Access should be restricted to privileges required by employees to perform job responsibilities. Access to administrative privileges and system accounts should be restricted, appropriately secured, and monitored. Multifactor authentication should be utilized when users access sensitive accounts, systems or data.
- Ensure all files are stored within your organization’s cloud/environment. Regardless of your organization’s size, all files should be stored in a secure cloud environment (e.g. OneDrive, Google Drive, iCloud) and policies should dictate files not be saved locally or elsewhere. Be sure to configure the following security if it’s not already enabled:
- Multi-factor authentication
- File restoration features
- Version control
- Only cloud storage services verified for use by your security team should be utilized.
While this is not a comprehensive list, it should give you a great start. If you are interested in earning continued professional education hours while learning more, the following webinar is available: Protect Your Data from Hackers, Virus and Phishing Schemes (illumeo.com)