How to Protect Against Ransomware Attacks: Best Practices for 2022

15 things you should be doing today to safeguard your sensitive data

protect against ransomware

Reading Time: 9 minutes

Ransomware attackers are all over the news these days. Within the last year, the largest recorded ransom demand exceeded $100 million. That's definitely not pocket change.

The average downtime a company experiences after a ransomware attack is 21 days. (Coveware, 2021)

Could your business survive being down that long? There are new ransomware variants popping up every day. In order to stay safe, you need to have a comprehensive approach to cybersecurity.

WannaCry Ransomware Attack

An unexpected popup demanding bitcoin in exchange for your highjacked files is sure to make anyone want to cry.

Case in point. The WannaCry ransomware attack of 2017 was the perfect example of crypto-based ransomware used by cybercriminals to extort money from 200,000+ victims across the globe.

WannaCry encrypted valuable files and made them unreadable. It caused an estimated $4 billion in losses worldwide.

The Risk of Ransomware

Cyber criminals are trying to exploit the easy targets. Don't be one. The more doors you close, the better your odds are at not becoming a victim.

Below you will find 15 tips that will help you combat ransomware threats. It's a comprehensive list of tactics you can use to avoid a ransomware event.

By implementing these tips and having proper ransomware protection, you will be well on your way to ensuring the protection of your critical data and systems.

Tip #1: Form a Security Team

Solidifying your team is a crucial first step to ensure you are ready when an attack happens.

You will never be 100% safe. So you must be prepared for the battle if and when it arrives on your doorstep.

Cybersecurity experts are in short supply and high demand. On top of that, they are extremely expensive. That means you need outside help.

We recommend you partner with an established cybersecurity firm. In recent years, firms such as Kroll and Rapid7 have emerged to provide small businesses with affordable 24x7 threat detection.

Whether it's the middle of the afternoon or the middle of the night, they will be your first line of defense. They will have the team of experts, security tools, and security software necessary to ensure you are protected when a threat actor strikes.

How it works

Your cybersecurity partner will work with you to understand how you would like them to respond to specific security events. The goal is to ensure a proper response to an event based on the type of event and the systems impacted.

For example, you may decide to respond differently to a compromised employee laptop than you would to a server hosting your accounting system. Your partner will work with you to ensure you are both on the same page with proper event response procedures.

Monitoring endpoints means there will be agents installed on every device within your IT footprint. Agents like VMWare's Carbon Black are used to detect activities such as unauthorized access, installations, and ransomware infection.

Plan to meet with your partner on a monthly or quarterly basis. Staying in constant communication with your security partner is key. They will keep you updated on the latest security threats and what you need to do to stay safe.

Tip #2: Implement Data Backup Procedures

Dependable backups are critical to ensure you can restore your sensitive data in the event of a breach.

You need to make sure you have backup copies that you can restore from in the event of a ransomware attack. Without a reliable data protection solution, you will have no choice but to rebuild your data from scratch or pay the hackers to get your data back.

Backups should be stored on storage devices that are completely disconnected from your network. If your backup systems are tied to your network, then the ransomware will likely be able to encrypt your backups as well, resulting in complete data loss.

Many businesses take backups every day on an external hard drive and move them to an offsite location for storage. Though tedious, this is an easy and economical way for your small business to protect your critical files.

Another option is to back your data up to the cloud. This is more convenient but takes longer and requires a more robust internet connection.

Backing your data up to the cloud is also beneficial if the provider can bring your systems back online from their location. This provides a quicker recovery time in the event of a disaster.

We have worked with many backup solutions over the past 20 years and would recommend one of the following:

Tip #3: Use Proven Antivirus Software

Antivirus software is an important tool in helping prevent against ransomware attacks.

What is antivirus software?

Antivirus software is a set of software programs that you install on a computing device to proactively monitor, detect, and remove malicious programs intending to do harm, such as ransomware, spyware, malware, trojan horses, and worms.

It is designed to prevent damage to a computer by routinely scanning for and blocking suspicious activities, including the running of executable files, editing or deleting files, and editing of registry entries.

Antivirus software can be configured to monitor for changes to important files, notifying you if an unauthorized program attempts to delete or overwrite those files.

Can antivirus software stop ransomware by itself?

Antivirus software is an important tool to help protect against ransomware. It detects many known types of malware and ransomware indexed in its database, which is routinely updated.

But it's important to note that it does not provide a guarantee against ransomware. And it will not stop ransomware once you have it.

Why is this? Antivirus software scans websites and files against KNOWN viruses and malware. It will clearly warn you when it identifies something suspicious so that you can avoid the website or kill the program.

But the problem is that new viruses are coming out all the time. It's quite possible that a malicious program or software gets on your computer or you click on a malicious link that your antivirus has not seen before.

When a threat slips through the cracks, your antivirus solution cannot save you. This is why it's so important to be cautious when downloading software, visiting websites, or clicking links in emails.

Antivirus software can detect potential dangers, but it cannot block a ransomware attack once it has been initiated. Nor can it recover damaged or encrypted files.

Tip #4: Use Strong Passwords and Multi-Factor Authentication (MFA)

MFA can stop 100% of all automated attacks, 96% of bulk phishing attacks, and three-quarters of targeted attacks. (Google)

What makes a password strong?

While this answer may vary, a strong password should meet all of the following criteria:

  • A minimum of 12 characters in length
  • A combination of upper and lower case letters
  • A combination of letters and numbers
  • At least one special character

It takes a hacker only 1 minute to crack a 7-character password consisting of upper case letters, lower case letters, and numbers. This is why it's imperative to increase the length of your passwords and include at least one special character.

Large organizations typically have strong password policies. We recommend you think like a large organization and keep your employees as safe as possible.

Helpful Link: Use this handy secure password generator to create strong random passwords quickly and easily.

MFA gives you another layer of protection

Passwords only give you basic protection. As computing power increases, cracking passwords will get easier. That's why adding a second form of authentication is so important.

What is Multi-Factor Authentication?

Multi-Factor Authentication (MFA) is a method of authentication requiring you to provide at least two forms of verification to gain access to a resource.  It requires the combination of "something you know" with "something you have".

For example, your password is something you know and your phone is something you have. So a second form of authentication could be a code sent to your phone via SMS.

MFA is a must-have on all computer systems. As a business, you should be requiring your employees to use MFA on every system you have that supports it.

When looking at new software vendors, pay close attention to whether they support MFA. It is increasingly becoming a security requirement of businesses before they make a purchasing decision.

Authenticator Apps

Many of the systems you log into today support MFA using an Authenticator app on your phone such as Google Authenticator (Apple | Android).

These apps generate a random 6-digit code every 30 seconds on your phone. When logging into one of your systems, you simply look up the 6-digit code at the time of login and provide it as your second form of authentication.

Protecting Your Website

Nobody wants to wake up to their website being defaced because of a weak admin password.

If your website is built on WordPress, there is a wonderful free MFA plugin called WP 2FA that you can download and set up in about 5 minutes.

It allows you to protect the login to your admin area with email-based MFA. Once set up, each time you log in you will be emailed a code to enter after putting in your password.

WP 2FA Plugin

Tip #5: Consider Using Cloud Services

While there are still risks, moving to cloud-based applications will help ensure your security is top notch.

As a small business, it is very difficult to allocate enough time to protecting your systems and users from ransomware. Therefore, you may want to look to cloud service providers to make your life easier.

Cloud service providers typically have robust security protocols in place. This includes feature such as SSL encryption, data-at-rest encryption, and MFA, as discussed previously.

While this does not make you immune to a ransomware attack when using their services, it greatly reduces the likelihood you will experience one.

For example, you may be running your own email server such as Microsoft Exchange. Many new ransomware attacks target Microsoft Exchange specifically. To be safe, you need someone to constantly manage and monitor your Exchange server to keep it safe from threats.

As an alternative, you could move your email to Office 365 or GMail for Business and get rid of your mail server. Not only will you free up time, you'll probably spend much less letting Microsoft or Google handle your email for you.

Cloud service providers leverage economies of scale to provide outstanding services at a fraction of the cost. When it comes to common services such as email, it just makes sense to move to the cloud.

As a reminder, when choosing a cloud providers, only select solutions that provide multi-factor authentication.

Tip #6: Keep your computer systems and software applications up-to-date

Implement a patch management policy to install security updates on a regular basis.

Ransomware thrives by targeting known vulnerabilities in software and hardware. Therefore, you need to make sure that you are routinely patching your systems.

We recommend that you make a list of all the operating systems and software platforms that you use. From there, commit to a routine of checking for and applying updates.

Many businesses go a year or more without updating some of their systems. This is a big mistake. We recommend checking for updates quarterly at a minimum, and ideally monthly.

Windows updates missingProducts such as the Windows operating system and Microsoft Office can be automatically updated weekly through Windows Update.

On Patch Tuesday, as it's called, Microsoft releases security-related patches that are designed to plug recently discovered security holes in their products.

For other software on your computers, you should routinely check for security updates. Older versions of programs will develop software vulnerabilities over time that hackers will exploit.

f you are managing a fleet of computers, it may be cumbersome to try and update each one individually. Use a tool like Automox to deploy software patches to a group of computers no matter where they are located.

Tip #7: Perform Routine Security Awareness Training

You are only as secure as your weakest link. Make sure your employees are appropriately trained.

You need to engage your employees in security training in order to reduce your risk of a ransomware attack.

Don't do training as a one-time marathon session each year. They won't remember what they've learned. Provide training in small doses throughout the year for better retention.

When it comes to ransomware, here are some key areas to focus on in your security training:

Phishing Awareness & Testing

Teach your employees how to recognize phishing emails. This is one of the most common vectors for ransomware. You need to teach your employees that it's good to be skeptical.

If an email looks questionable, train them to stop and ask questions. You'd rather be bothered with a phone call than an actual phishing compromise.

On top of training, you can also conduct routine phishing exercises. This is where you purposely phish your employees to test their skills.

When conducting testing, make sure to use positive reinforcement. Don't reprimand your employee when they make a mistake and fall for a phishing attempt.

If you make employees feel embarrassed, they likely will stay quit when they make a mistake in real life. This is bad for the organization.

Password Security

Make sure you provide your employees with specific guidance on how to create strong passwords.

You should stress to them that they need to avoiding using the same passwords they use personally.

Insider and uncommon threats

Most people only think of ransomware as coming from the outside. That's not the only way in for a motivated hacker.

Teach your employees how to recognize threats that may come from inside the organization.

For example, someone targeting your organization may purposely leave a thumb drive laying on the ground at your office. Their hope is that someone picks it up and inserts it into their computer.

While we all hope this is not the case, it's possible that a disgruntled employee may try to hold your business ransom. When an employee is terminated, it is important that you have a procedure to cut off all access to IT resources immediately.

 

 

Enjoy the article? Spread the Word

Click below to share by email or on social media.

Leave a Reply

Your email address will not be published. Required fields are marked *