What is your plan to backup, monitor, and recover?
Ransomware attacks are becoming more rampant now that criminals have learned they are an effective way to make money in a short amount of time. Attackers do not even need any programming skills to launch an attack because they can obtain code that is shared among the many hacker communities. There are even services that will collect the ransom via Bitcoin on behalf of the attackers and just require them to pay a commission. This all makes it more difficult for the authorities to identify an attacker.
6-step plan to prevent ransomware attacks
1. Employee training: Your ransomware prevention plan should include training employees on what ransomware is and the method attackers primarily use to initiate attacks — phishing. This training should be conducted regularly.
2. Patch servers, devices and apps: Organizations must have a process for patching servers, network devices and applications. Many organizations do not stay up to date on patching their applications. Attackers know this, and they primarily target them. Patching progress, procedures and policies should be reviewed for effectiveness monthly or quarterly.
3. Antivirus tools on end points: You should also have a plan to use antivirus on your end points. Focus on using tools that can track suspicious behavior because many ransomware attacks are specifically designed to avoid being detected by signature-based antivirus programs.
4. Back up your data: Many organizations that have paid a ransom did so because they did not properly back up their data. Your backup process must be documented. Include your recovery point objective (RPO) and recovery time objective (RTO) in your disaster recovery plan, and test it each year to verify the objectives can be met.
5. Test your backups: You should test your backups regularly to verify all critical data is backed up. Also, it is important to make sure your backup data is protected from ransomware attacks. With the popularity of network-based backups, many organizations run their backup devices on the same network or VLAN as their standard production network. This should be avoided to prevent your backup data from being a victim of a ransomware attack.
6. Conduct vulnerability assessments: Vulnerability assessments that holistically review the security posture of an organization are beneficial in preventing a ransomware attack. These assessments should verify that the appropriate procedures to prevent ransomware attacks are being followed consistently.
These 6 tips on prevention are from Network World.
CITON has just the defense software you need to protect your business from ransomware. The attacks can cause serious damage and loss of data if a proper recovery plan is not in place.