While you may be hearing that the total number of ransomware attacks declined in 2018, that doesn’t mean your data is safe.
How do you truly protect your business? Here’s our checklist:
- A major vector for an attack is an attachment in an email. You can do a couple things to safeguard from this vector. First, scan all attachments with a good anti malware solution and make sure the definitions are up to date and your solution provider has some protection from zero day attacks. Secondly, and maybe most important, is to train your staff to be weary of attachments –even if they come from a trusted source. If it looks suspicious, do not open it. If it is something that you feel may be important or it appears to come from someone you know, contact them and ask if they sent it. Another related vector is malicious websites that are a conduit for malware. Be sure your anti malware solution can block suspicious websites and web links.
- Have a Bring Your Own Device (BYOD) policy and a solution of managing and mitigating the impact these devices have on the security of your environment. You need control over the notebooks, mobile devices, and tablets that enter your network. Your solution must provide you with sufficient visibility into what’s connected to your network and what those devices are doing. You need to be able to enforce policies that prevent users from accessing compromised websites or downloading suspicious files.
- Run modern operating systems. Systems like Windows 7 may be user favorites and may support some legacy applications, but they are the cyber criminals’ dream. They lack the sophisticated built-in defenses found in operating systems like Windows 10. If your business uses Macs, you are not immune. Be sure to get users on the latest version of Mac OS as quickly as possible.
- Patch every server, network device and endpoint with the latest security patch. This is critical as it can be an effective vector for attack and many IT departments are lax about patching.
- Secure your network by deploying a layered approach; protecting your endpoints, network, email, and DNS layer. Do not ignore IoT devices. They are vulnerabilities too! They’re often ignored or even unknown to the IT department, but by removing simple points of vulnerability, you can effectively block the attack before it enters your infrastructure.
- Protect your assets by segmenting your network to prevent an attack from being able to spread. Segmented networks will limit the number of resources that that can be attacked from a single entry point. This also allows you to deploy the strongest defenses where the highest value services and data reside without burdening the entire network with the expense and complexity of these defenses. This is all intended to ensure that your entire network is not compromised in a single attack and any damage that does occur is in the lowest value portions of the infrastructure.
- Closely monitor network activity. This allows you to identify patterns of attacks before they can cause real damage. Deploy a good Security Information and Event Management (SIEM) tool and use it.
- Most importantly, have a business continuity plan that details how to respond in the event of an attack. Carefully choreograph all the steps you need to take and what your users need to do to be sure they do not make the situation worse and are ready to resume work once your systems are back online. Core to this plan is a disaster recovery solution that is designed to restore your critical business functions quickly enough to avoid the effect of a prolonged outage. This is your life vest when all else fails and the criminal gains sufficient access to your systems to cause major damage. It is the only option available today that can foil every known attack.
- Orchestration eliminates the panic by allowing you to rely on a pre-planned, automated, and tested recovery. To be effective, the business continuity solution needs to continuously protect your data and has orchestration that automatically restores your entire infrastructure, including servers, network devices and storage to an offsite virtualized environment. The automated orchestration is a key element because it translates to speed and predictability of the restore process when your team is operating under the pressure of an outage.
As we know, ransomware is on the rise and it is clearly here to stay. Ransomware is doing some real damage to businesses, and increasing in its sophistication to better target vulnerabilities. All businesses are at risk unless you take action to lower your susceptibility to an attack. The true fix is an effective business continuity plan that restores your systems and gets users back online as quickly as possible. For more information: Shane Nesbitt, IT Consultant – (330) 750-1428