What is a ransomware attack? Picture a masked bandit who’s just lifted your social security card and driver’s license from your wallet, threatening to display or destroy your personal data unless you empty your bank account and hand him the cash. In reality he’s encrypted all the data on your devices so you can no longer use them. And he’s planning to publish your personal data publicly unless you pay him a large amount of money. Frightening scenario? Yes! So, how do you prevent such an attack on your business?
Fortunately, the U.S. Government agency, the Cybersecurity and Infrastructure Security Agency (CISA) published in 2020 a Ransomware Guide and highlighted prevention best practices. Here are some of the measures you can take to protect you network, systems and data:
Secure Backups
Regularly maintain encrypted backups of your data offline, testing your procedures frequently. Develop plans for rebuilding your network - software, hardware, and data - should an attack occur.
Response Plan
Develop a cybersecurity incident response plan. Know who should be notified and how the incident should be communicated to all affected parties to avoid a full-blown ransomware attack.
Vulnerability Assessment
Regularly have experts conduct vulnerability testing and address any identified vulnerabilities, i.e. weak areas in the network nefarious actors could exploit. Revise security software immediately, updating malware signatures to detect the newest threats.
User Education
Conduct cybersecurity awareness training, ensuring all users can identify and report potentially malicious communications. Apply email gateway filters to filter out suspicious messages and block IP addresses at the firewall.
Third-Party Consultants and Managed Service Providers (MSP)
The third-party consultants and MSPs you engage should also follow cybersecurity best practices. Ensure your contracts with these professionals outline the healthy cybersecurity protocols you expect them to follow.
Password Security
Implement multiple factor authorization (MFA), requiring multiple levels of authentication for access to your network, systems, and data. Limit user access to your IT resources on a “least privilege” basis, and train users to create strong passwords and to use password safes.
To learn more, consult the CISA MS-ISAC Ransomware Guide at https://www.cisa.gov/stopransomware/ransomware-guide and contract with an IT professional who can assess the vulnerabilities in your IT infrastructure and help you implement healthy cybersecurity practices.