Ransomware Protection: 6 Ways to Shield Your Business from Ransomware Attacks
Just as the Fourth of July weekend was getting underway, news sites began to run stories highlighting yet another large-scale ransomware attack. And this attack didn’t just affect one business; it impacted thousands.
The threat of a ransomware attack on your business may seem equal parts daunting and hard to prevent. However, there are well-established cybersecurity best practices that, when properly implemented and used regularly, offer robust preventative ransomware protection.
So how can your business avoid becoming another ransomware statistic? Follow these six key strategies to add robust ransomware protection to your organization’s security practices.
1. Make Vulnerability Patching and Scanning Second Nature
The only thing worse than falling victim to a ransomware attack is the knowledge that it could have easily been avoided. That’s the case for about 60 percent of all breaches, which involve the exploitation of vulnerabilities for which a patch was already available but was not applied.
It is important to conduct regularly scheduled vulnerability scans to flag systems and applications that could appear on a cybercriminal’s radar. Patching and updating to the latest available versions should be second nature.
It can be difficult to prioritize efforts like these, including the testing that may go into evaluating the impact of new releases. But it is important to give special attention to key pieces of your infrastructure, including domain controllers, database systems, and IoT devices that hold a critical place in the ongoing operation of your company. A good vulnerability management program never ends but provides an exceedingly effective means to minimize the chances of a ransomware attack.
2. Test Your Employees’ Training
It is one thing to take a security awareness course or read case studies about how ransomware attacks have affected other businesses. It is quite another thing to test if the employees at your organization can really apply what they have learned to help stop a potential cyber threat across a range of attack methods, including email, SMS messages, or even phishing phone calls.
One way to test your staff and further raise their awareness is to conduct phishing simulations to demonstrate different techniques in a safe environment. These tests use existing techniques (with benign payloads) to evaluate how well your systems and your end users identify phishing attempts and report them—or how often they fall victim.
Regularly scheduled phishing simulations can not only reinforce their training but also help your security team track progress over time. It is imperative that your employees act as advocates for your organization and be readily able to identify a suspect phishing attack. Your employees can be your strongest link, but left untrained they can also become your weakest link.
3. Leverage Security Tools to Balance Usability and Security
It can be difficult for security professionals to find the right balance between security and usability. But having the right security tools can help your organization enable staff members to get their work done when and where they need to without taking unnecessary security risks.
Here are some tools your organization could consider:
Network Access Control (NAC)
Your organization likely has to account for a dramatic rise in the number and frequency of mobile, tablet, and end user devices accessing your network and databases, locally and remotely. A network access control (NAC) application gives your security team a more streamlined way to maintain the level of visibility, network access, and device security compliance needed to keep your network safe from unauthorized users.
Identity and Access Management (IAM)
Identity and access management (IAM) tools allow you not only to add multi-factor authentication to user access but also to manage application and system access. IAM tools ease the administration of managing user access and enforcing compliance, while still enabling secure user access.
Endpoint Protection (EPP)
Simply stated, endpoint protection (EPP) is absolutely essential in today’s business landscape. EPP provides protection against malware, encrypts removable media and local hard drives, provides host intrusion protection and firewall services, as well as web and application content filtering.
Intrusion Detection and Prevention Systems
An intrusion detection system (IDS) constantly monitors your network and device traffic and packet content and uses what it has defined as “normal” patterns to decide if any suspicious behavior is occurring. If it finds such behavior, the IDS will log the events and notify the administrators of abnormal activity.
An intrusion prevention system (IPS) goes one step further, either by proactively quarantining the suspected malicious traffic or by closing down ports or system access until the suspected events are further investigated.
When used together, IDS and IPS solutions can facilitate normal user activity while flagging and, in some cases, blocking a potential ransomware event before it has a chance to fully infiltrate your network.
4. Ensure Proper Device Configurations
Compared with earlier versions, a modern operating system features native security tools and functions that can complement your enterprise security practices.
That is why we recommend your organization take the time to ensure that all of your devices’ settings and functions are set up in a way that aligns with your overall security policies, including protecting your organization from ransomware attacks. For example:
- Disable administrative access to system tools, settings, and devices if the user does not require them. Minimizing the use of administrative privileges is among the most proactive actions one can take to minimize the impact of ransomware.
- Take advantage of multi-factor authentication to confirm users before enabling access.
- Disable device ports and services that are not being used, such as Remote Desktop, SSH, and SMB.
- Implement email filters at the email gateway to block known malicious messages.
- Create, maintain, and enforce a password management policy for your systems at the domain or enterprise level.
- If not supplied through third-party software,, enable built-in device firewalls and antivirus software. Enable automatic updates to ensure that signatures stay current.
5. Be Ready with Offline and Encrypted Backups of Critical Information
Although you hope you never have to use them, having offline, encrypted backups of critical data can bring peace of mind to your organization.
Having regular backups that follow the recommended 3-2-1 rule is a best practice and can aid in recovery in the wake of a ransomware attack, a natural disaster, or even an upgrade gone wrong.
Take ransomware attack protections to the next level by:
- Ensuring that your organization has up-to-date “gold images” of critical systems and databases if these devices need to be rebuilt
- Developing image “templates” that include operating system and software configurations to aid in quickly deploying rebuilt infrastructure
- Maintaining standby hardware to rebuild systems if primary systems are not recoverable
6. Create and Practice a Ransomware Attack Response Plan
When a breach occurs, are you confident that every key member of your organization knows how to respond to contain the damage and the messaging?
If you hesitate to say “yes,” you aren’t alone; in fact, 77 percent of organizations know that they do not have a cybersecurity incident response plan in place across their enterprise. Of those that do, more than half do not test their plans regularly.
Want to avoid becoming a statistic? Then prioritize taking the time and providing the resources to create, maintain, and exercise a basic cyber incident response plan—and an associated communications plan—that includes response and notification procedures for a ransomware incident.
During the development of the plan and during practice walkthroughs, don’t stop with the key incident response team members; also ensure your end users know their roles and responsibilities in identifying and sounding the alarm about suspicious activity.
Work with a Ransomware Protection Partner
Unfortunately, no ransomware protection method is 100 percent foolproof. But implementing these best practices can help to thwart, stall, and frustrate would-be attackers or, in the event that you are attacked with ransomware, help to limit the impact and speed up recovery.
Cybersecurity is important for all organizations, but there is no one-size-fits-all solution; every organization has different risks, digital assets, threats, priorities, and security policies. Working with a partner with a deep bench of knowledge, technical experience, and established partnerships with industry-leading vendors available to help can be a huge advantage.
Is your organization ready to learn more about how to take your ransomware protection to the next level? Then contact the team at Axians to learn more about our comprehensive, cutting-edge cybersecurity services. While you are at it, download our free resource The Ultimate Guide to Performing a Cybersecurity Risk Assessment.