Ransomware is on the rise, but security leaders can fight back by implementing a wide range of security best practices for beating the bad guys when it comes to ransomware attacks.
1. Back up organizational data
This is the most obvious and most critically important measure any organization should be undertaking to improve cybersecurity. As bad as a ransomware attack can be, not all is lost if an organization has a regimented backup system of critical files. Redundancy in backups can help save enterprise data in the event of a ransomware attack via a local backup of files along with a secondary backup of files, such as files backed up in the cloud.
2. Perform annual security awareness training
While organizations spend untold sums of money on security tools and solutions, they often fail to invest in security awareness training. After all, the best security tools are worthless without trained, knowledgeable and competent employees who are aware of emerging security issues and threats. There are several high-quality and cost-effective security awareness training solutions online. In terms of return on investment when it comes to protecting an organization, nothing beats out security awareness training. The more knowledgeable a user is about today’s growing cybersecurity threats, the safer your organization will be.
3. Improve enterprise email security
Ransomware can enter an environment in any number of ways, but often, it’s with a click of a link that the trouble begins. Think twice about emails, links and attachments from unknown or suspicious sources. From a free cruise to the Bahamas to a guaranteed loan up to $50,000, these types of solicitations may very well be nothing more than overzealous marketers, but they may also be ransomware attacks. Train employees to never take chances on suspicious emails, links and attachments.
4. Patch organizational information systems
One of the most fundamentally important — yet often ignored — cybersecurity measures is undertaking regular security updates and patching to critical systems. Security and patching should be an “across the board” measure, meaning such initiatives need to be applied to the network and infrastructure, production servers and end-user workstations — all the computing systems that could be affected by ransomware. High-profile breaches in recent years were often the result of security patches not being applied to information systems. What organizations need are clearly defined security and patch management policies, procedures and processes.
5. Protect the network with an IDS
An intrusion detection system (IDS) helps in alerting security leaders to suspicious network traffic and related activity. When properly fine-tuned by an experienced network engineer, an IDS becomes an essential element of an organization’s information security framework.
6. Whitelist applications
Applications that are not allowed on your network need to be blacklisted. Similarly, applications that are allowed should be whitelisted. The concept is straightforward, but, unfortunately, many organizations fail to employ such basic measures. Whitelisting — and/or blacklisting — is a good practice, so make sure your organization is implementing this strategy.
7. Employ role-based access control
Not every employee needs access to every information system. That’s why organizations need to employ the well-known concept of role-based access control, simply known as RBAC. In the world of RBAC, users are only given the minimum and necessary access and permissions to systems for which they need to perform their job functions and nothing more.
8. Separate networks
It is not a clever idea to put all your eggs in one basket, as they old saying goes. This is especially true when it comes to cybersecurity. Information systems should be logically and/or physically siloed out into buckets to ensure proper isolation from one environment to the next. An attack against a flat network — where everything is behind one main network that has no segregation — could effectively knock out an organization’s entire information technology (IT) environment. Security leaders should separate the network to the best of their ability in order to protect the network in the event of an attack.
9. Perform vulnerability scans regularly
Scanning both internal and external facing networks — known as vulnerability scanning — is essential to identifying critical security gaps and vulnerabilities. This can be accomplished through a third-party scan.
10. Conduct an annual penetration test
It’s a good idea to perform a penetration test (pen test) annually or at least after significant changes to an environment, as penetration testing is the single best indicator how secure an organization’s network is. When performed by capable personnel, a pen test provides very meaningful evidence regarding the overall security of one’s IT environment. Many of today’s regulatory compliance mandates — PCI DSS, security operations center (SOC) audits and more — require a pen test, and every business should perform an annual penetration test.
11. Monitor who has access to the environment
Access control is not just about internal employees, it’s about who on the outside can and does have access to sensitive enterprise data. Consultants, contractors, managed security services providers — they all are given access to organizational environment, and that’s where the problem begins. It’s not that these individuals or companies are malicious in nature — the bigger problem is that such access rights go unchecked, often left open and available long after employees or organizations need access. Hackers can often find these windows of opportunities, resulting in breaches.
12. Put in place a comprehensive telecommuting/remote work policy
Everyone is remote working these days, so companies need to have in place comprehensive policies and procedures that outline telecommuting and remote work practices. A good starting point is to begin by developing a telecommuting policy that covers best practices in terms of systems that can be accessed, the types of access used for secure connections and much more.
13. Prohibit removable media devices
One of the biggest data breaches at the Department of Defense (DoD) happened when unsuspecting DoD personnel inserted USB drives loaded with malicious software onto the government’s military network. It took the DoD years to recover from the breach, but as a business, your organization may not have years to recover from a cyberattack. Bottom line — ditch the removable media devices and don’t ever allow them on an organization’s network.
14. Watch where you surf
Safe websites can pose a risk in terms of ransomware and other dangerous malware finding its way onto enterprise devices and network. What you need to be careful of are websites that offer enticing offers — and more specifically — websites that you’ve never heard of before. One of the most common ways that malware can be spread is through websites with poisoned advertisements — a well-known concept known as Malvertising. Specifically, Malvertising is the use of online advertising to spread malware, which typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.