Checklist: How to Prevent a Ransomware Attack
In our last article we defined what exactly ransomware is and how it’s becoming one of the top threats to small and medium sized businesses in 2016.
The best offense against ransomware is a good defense. Ransomware doesn’t have to be one of your company’s worries, if you put the correct preventative measures into place. In fact, there are 4 things to implement now to avoid being the ransomware hacker’s next victim.
1) Strong Prevention Security is required to keep hackers from being able to infiltrate and encrypt your data.
- Strong email security with real-time reputation inspection, anti-spam, anti-malware anti-phishing
- Strong corporate level endpoint security including APT, adv. malware detection, app. white listing, and C&C awareness
- Use “server specific” endpoint security on your servers. Server protection is different than desktop security
- Restriction of unapproved program execution (user controls).
- Aggressive patch management on all system files and applications.
- Strong gateway security (UTM firewall with APT, Anti-malware, app. control, IDS, Web filter, SSL, reputation checking)
- Some form of APT solution for firewalls, networks, email, and endpoints.
- “Defense in depth” security strategy with overlapping protections (such as gateway + endpoint + network).
- Use security experts for:
- Secure setup. Inappropriate setup provides poor security even with great security products
- Ongoing security management (configuration changes, updates, maintenance, monitoring, compliance)
- Training on phishing (regular surprise phishing drills) and education
2) Unified Security Monitoring (SIEM)
Having the infrastructure in place to prevent an infiltration allows you to keep hackers at bay, but these systems don’t provide integrated security monitoring of evolving and intelligent threats – such as ransomware. Security monitoring allows you to continually scan and analyze activity on your infrastructure for malware, C&C detection, file integrity monitoring, IDS, vulnerability scanning, alerting, prevention and forensics. It enables you to not only put the gate in front of your data, but the watch guards, as well.
3) Server Monitoring
Finally, you should strongly consider employing server monitoring software to alert on heavy, anomalous disk usage. Any odd usage or activity on your server would be a major red flag that a hacker was weaseling its way into your infrastructure.
4) Instant Restore
Using a quality data & systems backup that runs frequently and has an “Instant Restore” capability is the best first step you can take in removing the power that ransomware hackers hold over small, medium and large businesses. By doing so, even if a hacker infiltrates your systems, you can potentially restore all or most of your data quickly.
You should also store your data so that only the backup program/system can access the backed up data (offline from network system) to avoid your backups from getting encrypted by ransomware.
New backup technologies that provide remote server recovery and quick system and data recovery are required for companies who value uptime. Do not rely on file replication or shadow copies that might be vulnerable to encryption by ransomware.
It is critical to understand that ransomware hackers and software are extremely intelligent and evolving all the time in order to outsmart your security systems. Deploying only basic security or poorly configuring your security will not be enough to keep your company protected from a ransomware attack. If you value your company’s up-time, key data or need to be regulation compliant then you must take a full-scale approach to your protection.eSecurity Solutions protects all sizes of business from ransomware attacks by providing security risk assessments, advanced malware solutions and managed security. Contact us to get a Security Assessment and to discover your current risk level for a ransomware attack.