Best Practices to Combat Ransomware

Technological advances have brought both greater benefits and heightened dangers. On the negative side in particular, such has led to a greater complexity in cybersecurity threats, specifically ransomware incidents in which cybercriminals get hold of and encrypt sensitive data or personally identifiable information to disallow access to the data by its owners until "ransom" is paid.

A cause for concern is the rise in ransomware incidents in recent years, as many businesses have suffered significant losses, monetary or otherwise. The good news is that there are ways to effectively combat ransomware by doing these best practices to keep the business’s data and systems protected:

1. Backup Your Data

Back up data to an external hard drive or cloud server regularly, so in the event of a ransomware attack, the computer can be wiped clean to mitigate the risk and reinstall the backup files. Ideally, the data should be backed up at least once a day and keep 3 separate copies of the data on 2 different storage types, with 1 copy offline.

2. Keep All Systems and Software Updated

Always ensure the operating system, web browser, antivirus, and any other software used within the business are updated to the latest version available. With cybercriminals constantly exploiting vulnerabilities at each iteration of systems and software, updates often include newer security features that will protect the system from these evolving threats.

3. Install Antivirus Software & Firewalls

Comprehensive and effective antivirus and anti-malware software can scan, detect, and respond to cyber threats. But it is also important to remember that antivirus software only works at the internal level and can only detect the attack once it is already in the system. As such, it is critical as well to configure the firewall that will serve as the first line of defense against any incoming, external attacks by filtering out and blocking suspicious data packets from entering the system.

Be on the lookout for fake virus detection alerts that pretend to be from your antivirus software, especially through emails or website pop-ups. It is best to ignore these warnings and run an antivirus check from the software directly.

4. Segment Your Network

Dividing a network into multiple smaller networks can help in isolating threats entering your network, such as ransomware, and prevent it from spreading to other systems. And for greater efficiency, each segment should have its own security controls, firewalls, and unique access to prevent ransomware from reaching the target data.

5. Protect Your Emails

With email phishing attacks being the leading cause of malware infections, including ransomware, it is important to remember not to open emails, especially containing attachments, links, or files from unknown addresses or unauthorized sources. Also, update email client apps regularly to ensure the security and protection of your email accounts set up in those apps.

6. Identify Applications to be Whitelisted

Whitelisting, with the help of software such as Windows AppLocker, determines which applications can be downloaded and installed in the network and any unauthorized program or website that is not whitelisted will be restricted or blocked.

7. Endpoint Security

As businesses begin to expand and the number of end-users increases, this creates more endpoints (laptops, smartphones, servers, etc.) that need to be secured, thus the need to secure endpoints to prevent cybercriminals from creating a backdoor access to your network through these endpoints. You can install endpoint protection platforms (EPP) or endpoint detection and response (EDR) for all network users so system administrators can monitor and manage security for each remote device.

Another means to ensure endpoint security is to limit user access and permissions to only the data they need to work through a zero-trust model. Such a measure can help prevent ransomware from spreading between systems, as well as potential misuse of data by those within the organization.

8. Run Regular Security Testing

As ransomware tactics continue to evolve, companies need to run regular cybersecurity tests and assessments to adapt and effectively address evolving threats. In particular, organizations should regularly reevaluate user privileges and access points, identify new system vulnerabilities, create new security protocols, and conduct sandbox testing by testing malicious code against current software in an isolated environment to determine if current security protocols are sufficient.

9. Conduct Security Awareness Training

Because end-users and employees are the most common gateway for cyber attacks, it is critical to provide these end-users with security awareness training that will provide them the knowledge and skills needed to identify and even prevent cyberattacks such as ransomware at the onset.

Even as ransomware becomes more sophisticated in its attacks, applying these practices will greatly help any organization in fending off these attacks and keep their data and system secure, so they can focus on operational efficiency and growth.