Reduce the Risk of Ransomware: 5 Ways to Stay Ahead of the Threat

Reduce the Risk of Ransomware: 5 Ways to Stay Ahead of the Threat

Ransomware has become a common threat to businesses in our highly digitized world, rampant primarily because it is a simple, yet effective way for an attacker to make money from a target organization. Hacker groups who target victims with ransomware have the same goals as any for-profit business: Make as much money as possible — efficiently. This means that the individuals and groups responsible for ransomware attacks have mapped out strategies to target organizations. Does your organization have a strategy for protection?

The ideal planning for ransomware involves prevention, but in today’s connected world, there is no guarantee a ransomware attack can be stopped, even by the most prepared organization. However, there are ways to reduce the overall impact when an organization is hit with ransomware. In this blog, we will break down five steps you can take to prepare for a ransomware attack. 

1. Continuous Patching of All Connected Systems

If you’ve been in IT for a while, you likely remember the period during which users would run Internet Explorer 6 for years after it was wise to do so for compatibility. In fact, it wasn’t uncommon for an organization to have multiple versions of IE running on machines through virtualization for compatibility with various legacy systems.

Today, that strategy will lead to ransomware. Today’s connected environment requires a near-continuous patching strategy of servers, network equipment, and end-points. If a vulnerability is found, hackers will move to exploit it immediately.

2. Limit Remote Access to Infrastructure

Limiting remote access to your physical infrastructure may be inconvenient at times, but it’s necessary to aid in preventing ransomware. In fact, when Facebook was hit with a lengthy outage back in October of 2021, one of the reasons it was down for so long was the difficulty of accessing its physical infrastructure. However, as Facebook’s engineering team said in a post-mortem blog, significantly increased day-to-day security is preferable over the convenience of a speedier recovery from an outage.

Consider which aspects of your infrastructure should only be accessed when physically connected to it. If it’s accessible to your team, it’s potentially accessible to bad actors as well.

3. Training, Training, and More Training

Employee awareness training is one of your best preventions in avoiding ransomware. Even if a ransomware threat comes through, making employees aware of potential attacks may enable you to mitigate damage. Training should cover topics like:

  1. What ransomware is
  2. Possible paths into your network
  3. How you can prevent a potential attack
  4. Where to ask questions if you have a concern about an email, file attachment, etc.

4. Protect Your Backups (and Test Your Recovery)

We’ve written previously about IBM’s SafeGuarded Copy, and it’s one of the most effective ransomware prevention strategies you’ll find. SafeGuarded Copy creates backup snapshots on a schedule. Those backups are then stored with a logical air gap between them and the data they back up — in a location where the backups cannot be infected by ransomware.

With an air-gapped backup, you’ll have an effective recovery plan in place, but we’d encourage you to take it a step further. Your team should also make time to test your backup recovery process as part of your regular routines.

5. Manage All Endpoint Devices

Bringing your own device might still be a hot topic in remote and hybrid workforces, but consider a more radical idea: You need to maintain all endpoint devices that access critical infrastructure in your device management strategy, regardless of who owns them.

If you have devices accessing your corporate network that your team isn’t managing, you have a potential security problem. There is no audit trail on those devices, what documents they’ve downloaded, what patches they have in place, etc.

If you plan to implement a BYOD policy, develop a management system around those devices. Both Apple and Microsoft have strategies to manage corporate data on devices while protecting end-user privacy. 

Ransomware is a problem that’s not going away, and unfortunately, should be seen not as an “if,” but as a “when.” Our cybersecurity experts have decades of experience in protecting businesses against ever-evolving threats. Contact us today for a consultation around training, air-gapped backups, device management, and more.

Leave a reply

Your email address will not be published.