Ransomware Attack

The threat of ransomware is ever-present and businesses must take proactive measures to protect themselves from potential attacks. A ransomware attack can prove devastating to any business as it not only impedes operations- it also poses a serious risk of a data breach.

Recent ransomware attacks have crippled government agencies, gas pipelines, hospitals, universities, and even entire cities, and led to many organizations paying huge ransom amounts.

With ransomware attacks on the rise, businesses need to learn the basics of security to counter them. This is why we reached out to cybersecurity experts and business owners to share constructive tips on how you can prepare and protect yourself.

As the threat landscape continues to evolve, businesses of all sizes – large and small – must continue to evolve their security posture and practices to defend themselves from the myriad of threats that exist today, such as ransomware, and evolve tomorrow. (Troy Drever, Pure IT.)

Five Ways to Protect Yourself and Your Business against Ransomware Risks

Protecting yourself and your business from a ransomware attack comes down to implementing baseline cybersecurity measures that every organization should have in place at this point. (Kenny Riley, Velocity IT).

Let’s talk about how to protect yourself and your business against ransomware. Here are five things that individuals and organizations should be doing.

Have a Secure Email Platform

Effective ransomware protection, especially in the form of email security, is critical for defending your organization. Ransomware is mainly delivered through email, impersonating innocent attachments and URLs. Therefore, deepening your email security to defend against ransomware is critical.

Unfortunately, your standard email filters and anti-virus scanners do not have the strength to offer appropriate protection against these sophisticated dangers. When asked why effective ransomware protection, especially in the form of email security, is necessary for defending your organization, Joe Cannata of Techsperts, LLC stated that email security can ”filter all inbound and outbound emails and provide URL filtering”.

Email attachments are a significant security threat to individuals and businesses. Every email attachment should be treated with caution, even from senders you believe aren’t a risk.

Email is the most attacked system for organizations. Users should be trained on how to avoid and spot phishing emails. (Eric Schueler​, HRCT).

Ilan Sredni of Palindrome Consulting advises users to ”not click on links or emails you are not 100% sure are good.”

Implement a Zero-Trust Security Model

The traditional security model has proven ineffective against today’s sophisticated ransomware tactics and techniques. Today, businesses need a security model that can adapt to the challenges of the post-COVID-19 pandemic workplace environment and remote workforce.

This can be made possible by embracing a zero-trust security model and zero-trust policies. Zero trust policies are ”policies and agents that restrict changes to a system”, said Cannata.

Your business’s security protection approach must protect devices, applications, and data regardless of their location. Users should ”make sure that all devices are protected with the latest security solution for endpoint protection”, said Sredni. A zero-trust approach that includes endpoint security as a control point not only provides more robust protection, it also helps reduce the risk of compliance violations.

”Multi-Factor Authentication is another key defense used to protect corporate systems from hackers. This security measure is very affordable for all sizes of organizations”, said Drever. MFA is another key component to achieving Zero Trust. Multi-factor authentication adds an additional layer of security that users must go through to successfully access a network, application, or database.

Implement a Cyber Security Awareness Training Plan

Security education and training are key to preventing ransomware from getting into your network in the first place. Users should be regularly educated and trained as threats evolve over time. ”User training creates user awareness and lowers each employee’s risk”, said Cannata.

One of the most important aspects of cybersecurity is education. The end user is the weakest link to a potential cyber attack. Ongoing cybersecurity training and testing is a must. This training is readily available from I.T. service companies to help businesses of all sizes to access high quality, ongoing security training for their staff, said Drever.

”Implement cybersecurity awareness training in your organization to ensure that you and your employees stay up to date with how to properly identify and report suspicious activity and malicious emails. Perform periodic organization-wide phish testing to gauge user awareness”, said Riley.

Have an Incident Response Plan

To protect your business in today’s advanced technology, you should also be prepared for disaster response and recovery. There is no code of ethics that cybercriminals abide by, and you never know when they might hit your business. In the event of ransomware attacks, one of the keys to helping you stay safe is the efficiency of your recovery plan. Always be prepared for the worst by having an incident response that will help protect your business reputation.

Schueler advises individuals and businesses to have and test an incident response plan. ”Having a plan in place when an incident occurs will minimize the chaos and ensure your team is effective at mitigating the damage if and when you have a breach”, said Schueler. Riley advises users to ”create and maintain a basic cybersecurity incident response plan that outlines response and notification procedures for a ransomware event”.

Another key security measure is Managed Threat Response. It’s no longer enough to deploy anti-virus and anti-malware systems. Those systems must be managed 24×7 by a Security Operations Center who are highly skilled and trained in threat hunting and remediation of threats in corporate environments. This is possible today for small organizations who cannot afford their own 24×7 security team to outsource that function to a Managed Services Provider who can provide that service for them (Drever).

Backup Data Regularly

Individuals and businesses should make regular offline backups. Some types of ransomware can delete backups, so it is essential to save your files on external drives or in the cloud. Regular data backups will ensure you don’t lose any files if you are targeted by a ransomware attack. One of the recommendations from Ilan Sredni to users is to ”airgap your backups”.

Ensure that you have proper backups in place and test restores regularly to ensure the integrity of your data. Backups should be encrypted and stored on air-gapped hardware that is inaccessible from the internet and local network of your office to prevent a ransomware event from compromising your backups. (Riley)

”Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups. Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems”, said Schueler.

Build a future-ready organization by using the above tips to limit your vulnerability to ransomware attacks.

*Ransomware Protection Bonus Tips:

  • Make use of DNS filtering to protect end-users that are not behind the corporate firewall from ending up on the wrong website where they can easily be compromised.
  • Patch and update applications and operating systems in a timely manner.
  • Avoid suspicious websites.
  • Have an up-to-date and reliable antivirus solution installed on your device.
  • Use a 3rd party pen tester to test the security of your systems and your ability to defend against sophisticated attacks. Cybercriminals are sophisticated and will find the equivalent of unlocked doors.
  • Audit public-facing internet services, especially remote desktops, and ensure that access is limited to local and VPN traffic only or specific IP addresses that you want to allow.

It won’t take much for ransomware to take over an unprotected device. While the possibility of a ransomware infection is alarming, an alarm may be a good thing for your business.