Defending against ransomware requires more than just implementing detection and response measures.
It’s important to understand that “protection” is more than prevention. It’s about:
The goal is to turn your network into an impenetrable fortress – building resilience through end-to-end protection, a cyber-aware culture, and micro-segmented architecture that simply isn’t that attractive to would-be attackers.
Overall your ransomware protection strategy must defend your business on all fronts. With that in mind, here are six ransomware protection best practices for reducing your cyber risk.
Establish End–to-End Visibility Across Your Entire Network
Like so many digital strategies, implementing Zero Trust best practices starts with end-to-end visibility – you can’t protect what you can’t see.
Here, your goal is establishing a clear picture of your entire digital footprint and filling any obvious gaps that could put your organization at risk.
Harden Your Security Posture
Once you’ve gotten the lay of the land, torn down security silos, and flagged critical blind spots and gaps, it’s time to start hardening your security posture. While this isn’t a comprehensive list, here are some of the most important things you can do to strengthen your defenses:
Make Identity and Access Management a Priority
According to a recent Microsoft report, identity has become one of the most important lines of defense against ransomware. From a protection perspective, preventing ID abuse is critical. It’s also the first place you’ll want to investigate in the event of a security incident.
A few things you can do to prevent ransomware from entering your system:
Always Back Up Your Files
Backing up all files and maintaining copies of those backups in a secure, separate location is one of the most important things you can do to prevent your data from being stolen, encrypted, and held for ransom. A few things to keep in mind as you put together your backup strategy:
Educate and Train Your Team
Employees can be your greatest risk or your best line of defense when it comes to ransomware attacks. Poorly-trained employees can undermine even the most sophisticated protections. All it takes is one person downloading an infected file or clicking a malicious link and, just like that, bad actors gain access to your network.
The good news is arming your team with some basic skills is one of the best (and easiest) ways to defend your business from ransomware attacks.
Ad-hoc cyber security training won’t cut it. Gartner recommends building an adaptive, ongoing program that connects cyber education and awareness programs to business outcomes — just like any other business strategy.
Here’s a look at what that might entail:
Develop Your Ransomware Response Plan (or Several)
While prevention is the best medicine, there’s no way to guarantee that you won’t fall victim to ransomware at one point or another. As such, our last “ransomware protection best practice,” looks beyond prevention and focuses instead on preparation.
Bridget Quinn Choi, Principal at Booz Allen Hamilton, told Protocol that organizations often have ransomware recovery plans in place, but there are lots of gaps when it comes to response times and achieving business continuity post-disaster. She says that many times, these gaps are driven by unclear objectives, a lack of testing, and a poor understanding of what’s expected in an incident response.
After COVID and everything we’ve seen since those initial lockdowns, the only thing we can count on is more uncertainty. Putting together incident response plans for different scenarios (i.e. data breaches, compromised backups, stolen credentials) can facilitate smart decision-making and quick action when disaster strikes – no matter what kind of disaster is on the horizon.
At a bare minimum, you’ll want to cover business continuity, data protection, and how to respond to a ransomware attack. But – it’s worth noting that cyber incidents come in many different “flavors” and you’ll want to consider those nuances as you develop a response plan. Like, how will you:
Your incident response plan will be informed by your business model, strategy, and the regulations that dictate how these things are done within your industry. But – you’ll want to make sure that you clearly define and document your game plan, communicate it to key employees, and run routine stress tests to ensure that you’re ready to fend off threat actors of all stripes – sophisticated gangs, commodity attackers, or something in-between.
Look, the best way to avoid becoming a ransomware victim is to be proactive about prevention – but there’s always a possibility that ransomware will find its way inside your network – even if you’ve done everything right.
Admiral Consulting Group can help you get started on your ransomware defense journey. Take this quick Microsoft security assessment to identify gaps in your security posture, and we’ll go from there. You can also contact us to learn more about our services, expertise, and what it’s like to work with us.