Ransomware is one of the biggest cybersecurity risks currently facing organizations. Indeed, our sister company found in Q1 2021, almost one in three publicly disclosed security incidents was the result of ransomware.
Recent attacks on Colonial Pipeline and JBS have demonstrated the real-world consequences of attacks and should be a wake-up call to organizations who don’t yet have a plan in place to mitigate the threat.
But what exactly should you be doing? We help you answer that question in this blog, providing five things you can do to protect your organization from ransomware.
How to protect yourself from ransomware
1. Regularly back up your systems
The main objective of ransomware attacks is for attackers to take your data and lock you out of your systems.
Now that they have the only copies of your information, its value increases dramatically and encourages the victim to pay a huge sum to get it back. (And, of course, the threat of it being leaked online further tempts organizations to pay up.)
However, if you have backups of your data, you are not beholden to the attackers. You can simply disconnect infected devices from the network, wipe them and rebuild them in a safe environment.
For that to work, you must make sure that your backup procedure follows the rule of three. That is to say, you should have three copies of your data (a production copy and two backups) on two different media, with one off-site copy that you can use in the event of disaster recovery.
2. Apply patches as soon as they are released
Vendors often release updates that fix vulnerabilities that could be exploited. As soon as a patch is announced, criminals are alerted about the weaknesses, so you need to address the issues as soon as possible.
You should be looking at both your operating system and software, as weaknesses in either of these can be leveraged to conduct attacks.
To help manage this process, you should look at patch management and ensure that updates are applied automatically where possible.
3. Deploy firewalls
Firewalls and gateways provide a basic level of protection where a user connects to the Internet.
Although antivirus software helps protect the system against unwanted programs, a firewall helps to keep attackers or external threats from gaining access to your system in the first place.
You should look at both hardware firewalls, which protect your network from the outside, and software firewalls, which protect individual users’ computers.
4. Beware of MSPs (managed service providers)
If cybercriminals can’t breach your systems directly, they may well be able to via someone in your supply chain – and MSPs (managed service providers) pose a particular risk.
That’s because a successful attack can have knock-on effects for dozens, if not hundreds, of business networks. This is good news for attackers, because the more disruption they cause, the more pressure there is for the affected organization to pay up.
It also makes sense that an MSPs security systems might be weaker than an organization’s internal protections. With many different databases and connections, there is a wider surface area for vulnerabilities.
Whenever you’re looking to work with an MSP, it’s therefore worthwhile taking the time to review their security practices. If their practices don’t meet your standards, you should look elsewhere.
5. Prepare for social engineering attacks
Many ransomware infections begin with infected attachments within phishing emails. The attackers imitate a genuine sender – such as a trusted organization or individual – in an attempt to trick recipients into opening an attachment.
It’s one of the easiest ways to break into an organization’s systems, because you don’t need to spend time looking for technological weaknesses if you can exploit someone already on the inside.
Phishing staff awareness training should already be near the top of your agenda when it comes to cybersecurity, but you might also consider educating staff on the risks of ransomware specifically.
What should you do when you’re under attack?
As important as it is to implement measures to prevent ransomware attacks, it’s equally important to consider what happens if something goes wrong.
It only takes one mistake for disaster to strike – and when that happens, every second counts.
You must respond quickly and follow a systematic, structured approach to the recovery process.
To help organizations achieve this, IT Governance created its cyber security incident response service.
Expert consultants will guide you through every step, from identifying the source of the breach and how to stem the damage to notifying the appropriate people and returning to business as usual.