Keep Your Organization Safe From Ransomware with These Best Practices

Protect Your Network, Protect Your Users, Protect Your Organization

Maintaining vigilance and having the appropriate preventive and detective safeguards in place is key to protecting your organization from a ransomware attack. 

Here are some tips to securing your organization’s environment: 

• Perform backups of critical data frequently. Make sure to regularly test these backups, so you can be sure your team can access them if necessary. It’s best practice to have offline backups and/or immutable backups. This will remove an attacker’s ability to access or modify backed up data. 
• Patch computers, software, endpoint solutions, and other devices connected to the organizational network regularly to ensure that the latest security fixes are installed and functional. Don’t forget to evaluate existing patch management policies, processes, and any associated technologies to identify areas for improvement.  
• Use and maintain preventative software such as endpoint protection and enterprise detection and response, firewalls, and updated secure email gateway to secure servers, laptops, workstations, and other areas of the environment.
• Utilize properly configured multifactor authentication (MFA) for all remote access to prevent attackers from using compromised credentials to gain access to corporate networks, systems, and cloud environments. The Colonial Pipeline ransomware attack would have been prevented if MFA had been deployed on the company’s remote access VPN. 
• Logging and monitoring tools such as security information event monitoring (SEIM) allow security teams to collect and analyze security event logs from systems and devices throughout the environment for unusual behavior. 
• Conduct continuous security awareness training. Employees will be better equipped to identify threats and can develop better cyber hygiene habits, such as using and updating secure passwords, being conscious of sensitive information they may be sending online or through email and knowing how to spot phishing emails or suspicious links.  
• Regularly conduct team activities such as tabletop exercises so employees can practice appropriate responses to potential threats. This can reduce the amount of time spent trying to identify or recover from a potential incident. 

Work with Resources to Support Your Security Efforts

Working with an external security team or trusted service provider? Consider engaging in the following services if you haven’t already:  

• Have a dedicated security team in incident response life cycle planning and policy development. Proactively establishing an incident management program and plan can make it easier for your organization to respond to an emergency.  
• Review your existing incident management program and plan with an expert perspective and insight to identify areas that need improvement and establish a plan to address them.  
• Computer security incident response team (CSIRT) training can establish processes for specific members of your team to test your organization’s incident management and response processes according to applicable scenarios.  
• A Security Operations Center (SOC) can help monitor organizational systems and networks around the clock for suspicious activity. If your organization doesn’t have a larger security team and security information event monitoring, consider utilizing a managed service to accelerate your SOC program. 
• Building a vulnerability management program can help your organization establish policies and processes that address weaknesses in systems and networks that can be exploited.  
• Consider buying cyber insurance in the event of an incident. Insurance providers will often bring in an incident response and forensics team along with incident coaches to help your organization handle an attack.