Did you know that October is National Cyber Security Awareness Month (NCSAM), both in the United States and Europe? NCSAM is a public awareness campaign that inspires businesses and individuals to take proactive measures to protect themselves from cyber threats. In celebration of the month, we will be posting a series of blogs that provide you with helpful tips and information to assist you in keeping your organization safeguarded from today’s cyber threats. This blog is the first in our series, please check back often for more installments!
At an annual price tag of around 11.5 billion dollars, ransomware is big business for criminals and a big headache for business. Whether it’s an entire major US city or a small mom-and-pop company, cyber attackers are unleashing ransomware on enterprises and organizations of all sizes.
Today, October 1st, marks the first day of National Cyber Security Awareness Month, and we’re kicking the month off by talking about ransomware.
In the fight against ransomware, the best strategy is to prevent becoming a victim in the first place. But where can you begin? The following best practices can help you avoid ransomware attacks against your organization.
- Back Up Your Data and Files
With the advent of more reliable networks and cloud-based storage, many of us have simply gotten out of the habit of backing up files and data. However, in the event of a ransomware attack, it may be possible to use these backups in lieu of paying the ransom. At a minimum, they will allow you to decide for yourself whether the cost of restoring from backup is more or less costly than the requested ransom.
There is also a second reason why it is extremely important to have those backups. Even if you are willing to pay the ransom, keep in mind that you are placing your trust in the hands of a cybercriminal. What confidence do you have that they will actually provide you the decryption key once you pay? Or even worse, you pay, they give you a key, and you still can’t recover your files. The ransomware may have bugs, or may not work in your environment. Keep in mind that ransomware is not commercial software that has been run through rigorous quality assurance testing.
Since it is not wise to place trust in your attacker, it is important that you consistently back up your important files, preferably using air-gapped storage. Enable automatic backups, if possible, for your employees, so you don’t have to rely on them to remember to execute regular backups on their own.
- Educate Employees to Recognize Potential Threats
Speaking of employees, user education has always been a key element in avoiding malware infections. This same principle also applies to ransomware. The basics of knowing where files came from, why the employee is receiving them, and whether or not they can trust the sender continue to be useful tools your employees should use before opening files and emails.
The most common infection methods used in ransomware campaigns are still spam and phishing emails. Quite often, user awareness can prevent an attack before it occurs. Take the time to educate your users, and ensure that if they see something unusual, they report it to your security teams immediately.
- Limit Access to Those That Need It
In order to minimize the potential impact of a successful ransomware attack against your organization, ensure that users only have access to the information and resources required to execute their jobs. Taking this step significantly reduces the possibility of a ransomware attack moving laterally throughout your network. Addressing a ransomware attack on one user system may be a hassle, but the potential implications of a network-wide attack can be dramatically greater.
- Keep Signature-Based Protections Up-To-Date
From the information security side of things, it is certainly beneficial to keep antivirus and other signature-based protections in place and up-to-date. While signature-based protections alone are not sufficient to detect and prevent sophisticated ransomware attacks designed to evade traditional protections, they are an important component of a comprehensive security posture. Up-to-date antivirus protections can safeguard your organization against known malware that has been seen before and has an existing and recognized signature.
- Implement Multi-Layered Security, Including Advanced Threat Prevention Technologies
They always say that the best defense is a good offense, and implementing a multi-layered approach to security provides the best opportunity to fend off ransomware and the damage it could cause. In addition to traditional, signature-based protections like antivirus and IPS, organizations need to incorporate additional layers to prevent against new, unknown malware that has no known signature. Two key components to consider are threat extraction (file sanitization) and threat emulation (advanced sandboxing). Each element provides distinct protection, that when used together, offer a comprehensive solution for protection against unknown malware at the network level and directly on endpoint devices.
Implementing a few key preventative measures in the fight against ransomware can be the difference between staying safe and becoming a victim. Always back up your data to ensure you have it available in the event your files are encrypted. Educate your employees to recognize and avoid potential threats, and limit their access to only those systems and files that they actually need to successfully execute their jobs. Keep your antivirus and other signature-based protections up-to-date to prevent the preventable. And, implement advanced threat prevention solutions as part of a multi-layered approach to security to prevent unknown attacks, like ransomware, against your organization.