Ransomware Prevention Best Practices
June 24, 2021
25 min read
We’ve written about ransomware many times, from how to identify potential weaknesses ransomware can exploit in your environment to the impact that it’s had on the healthcare and public health sectors throughout 2020 — it’s a common threat that is becoming more frequent.
Cryptocurrency enables ransomware attackers as it allows them to accept untraceable payment. According to a Coveware report from Q1 of 2021, the average ransom payment is $220,298, an increase of 43% from Q4 2020. Ransom payment is only a fraction of the overall cost of a ransomware attack. According to Sophos, the average cost to recover is $1.85m.
While there are plenty of resources available to help your organization respond quickly and efficiently in the event of an incident, the best way to protect your organization, employees, and data is to take steps to be proactive and mitigate ransomware attacks.
Our team of security experts has put together tips for ransomware prevention and preparedness, so your organization can be proactive about one of the fastest-growing threats in cyber security.
Ransomware Best Practices Guide for a Proactive Approach
Protect Your Network, Protect Your Users, Protect Your Organization
Maintaining vigilance and having the appropriate preventive and detective safeguards in place is key to protecting your organization from a ransomware attack.
Here are some tips to securing your organization’s environment:
- Perform backups of critical data frequently. Make sure to regularly test these backups, so you can be sure your team can access them if necessary. It’s best practice to have offline backups and/or immutable backups. This will remove an attacker’s ability to access or modify backed up data.
- Patch computers, software, endpoint solutions, and other devices connected to the organizational network regularly to ensure that the latest security fixes are installed and functional. Don’t forget to evaluate existing patch management policies, processes, and any associated technologies to identify areas for improvement.
- Use and maintain preventative software such as endpoint protection and enterprise detection and response, firewalls, and updated secure email gateway to secure servers, laptops, workstations, and other areas of the environment.
- Utilize properly configured multifactor authentication (MFA) for all remote access to prevent attackers from using compromised credentials to gain access to corporate networks, systems, and cloud environments. The Colonial Pipeline ransomware attack would have been prevented if MFA had been deployed on the company’s remote access VPN.
- Logging and monitoring tools such as security information event monitoring (SEIM) allow security teams to collect and analyze security event logs from systems and devices throughout the environment for unusual behavior.
- Conduct continuous security awareness training. Employees will be better equipped to identify threats and can develop better cyber hygiene habits, such as using and updating secure passwords, being conscious of sensitive information they may be sending online or through email and knowing how to spot phishing emails or suspicious links.
- Regularly conduct team activities such as tabletop exercises so employees can practice appropriate responses to potential threats. This can reduce the amount of time spent trying to identify or recover from a potential incident.
Work with Resources to Support Your Security Efforts
Working with an external security team or trusted service provider? Consider engaging in the following services if you haven’t already:
- Have a dedicated security team in incident response life cycle planning and policy development. Proactively establishing an incident management program and plan can make it easier for your organization to respond to an emergency.
- Review your existing incident management program and plan with an expert perspective and insight to identify areas that need improvement and establish a plan to address them.
- Computer security incident response team (CSIRT) training can establish processes for specific members of your team to test your organization’s incident management and response processes according to applicable scenarios.
- A Security Operations Center (SOC) can help monitor organizational systems and networks around the clock for suspicious activity. If your organization doesn’t have a larger security team and security information event monitoring, consider utilizing a managed service to accelerate your SOC program.
- Building a vulnerability management program can help your organization establish policies and processes that address weaknesses in systems and networks that can be exploited.
- Consider buying cyber insurance in the event of an incident. Insurance providers will often bring in an incident response and forensics team along with incident coaches to help your organization handle an attack.