Ransomware attackers are increasingly employing more sophisticated attacks and defeating existing defenses. Use this checklist to develop an effective protection plan for your organization.
1. Protect your email.
Ransomware attacks often start with a phishing email to capture admin or user credentials.
- Block phishing attacks
Attackers use social engineering tactics to bypass traditional email security. Use an email security solution that includes AI-enabled phishing and account takeover protection and alerts when malicious activities are detected.
- Train users
Your users are your last line of defense against phishing attacks. Training needs to be ongoing, as attacks often become more sophisticated over time.
- Implement remediation
Email attacks that evade email security and land in users’ inboxes need to be addressed quickly. Choose an email security solution that enables proactive threat discovery and automates remediation.
2. Secure your applications.
Attackers hack your web applications to gain access to your data.
- Protect web applications
Applications often have open vulnerabilities that can be exploited to access your data. Use an application security solution that defends against web application vulnerabilities such as OWASP Top 10, zero-day, and brute force attacks.
- Protect access to applications
You should only allow access to authorized users and devices for internal applications. Choose a zero-trust access solution that enables role-based access, multi-factor authentication, and continuous user and device identity verification.
- Prevent lateral movement on your network
If attackers gain access to your network, they often attempt to move laterally to find and infect data sources. It would be best to have a network firewall that protects both your on-prem and cloud networks with network segmentation and advanced security services.
3. Back up your data.
Attackers encrypt your data and demand ransom.
- Back up your data
You need to back up all of your data. Remember your on-prem data and data in the cloud/SaaS applications such as Office 365.
- Protect access to applications
Attackers often target your backups to prevent you from being able to recover your data. Encryption, access control, and IP restrictions are all necessary here. You want to make sure that accessing your data is easy for you but difficult for attackers.
- Develop a recovery plan
If you are under attack, you need to be able to quickly deal with the attack, recover your data and avoid paying a ransom. Consider not only your technical response but also your business response. Test your plan in full before there is a problem. Forensics can be helpful in the aftermath of an attack to find vulnerabilities.
Patching – Make sure software is patched and up to date. Attackers look for known vulnerabilities first, so don’t make it easy for them.
Password Security – Enforce strong passwords. Many recent attacks were successful due to weak passwords and ineffective password management practices.
Multi-factor Authentication – Consider requiring a phone app or text-based second-factor authentication for all applications and resources. This is very useful in preventing brute-force login attempts.
Contact us to learn how we can protect your business from ransomware.