Interpol reported this week that online crime, including ransomware and phishing, has increased at an extraordinary rate during the pandemic.
And let’s face it, as Security practitioners we all know that the weakest points in our security armor are the carbon units at the keyboard. Curiosity, growing caution-fatigue, and even plain old human error can lead to some disastrous results. This is particularly true when the never-ending onslaught of ransomware attacks comes hand in hand with the need to work remotely. As we’ve discussed previously, a successfully mounted ransomware compromise can cost your company millions, so it has never been more critical to prepare and take steps to lessen the impact of ransomware.
Here are five key things you should already be doing to prepare for and defend against a ransomware attack:
Back up your data.
It sounds simple, but there’s no need to pay thieves to buy back information if you already have a backed-up copy. You’ll need to consider how current you need that backup data to be, though. If you only back up daily, can you afford to lose the last 24 hours of corporate data? The answer might be yes, or no, but the real key here is the ability to effectively reintegrate the back-up data. Which leads us to…
Have a Disaster recovery plan…And exercise it.
Recovering from back up data is a critical recovery capability. You must ensure that it works the way you think it will through substantive testing and exercise. You should also consider that a ransomware attack will guarantee that the Board is virtually looking over your shoulder for the duration of the recovery. You don’t want that to be the very first time your IT staff have to restore your system from back-ups. Exercise that plan beforehand.
Privilege management.
A good IT Security program empowers and enables your end-users to get their job done. That doesn’t mean every user needs to be a super-user, though. Restricting local admin where possible can prevent a ransomware agent (as well as a host of other unwanted applications) from running in the first place.
Encrypt your data at rest.
Keep your data encrypted. In the event of a successful ransomware compromise, the last thing you want to have to do is explain to your customers why you didn’t safeguard their data.
Train your end users.
This last one is easy to overlook, or even put off, despite being one of the most important. Educate and regularly test your employees through simulated phishing attempts. Your testing regimen should incorporate your Acceptable Use Policy an timely feedback function.
Besides helping to avoid a ransomware attack, these five things are also all part of any mature Cybersecurity program. That means your company should be thinking about doing them, and more, if you aren’t already.
principia/RAID can help you jump start these programs. Call us to talk about how we can help.