Five Ways to Mitigate Ransomware Damage

Lost files, denied access, ransom payments in the $100,000 range or higher… With the impact that hackers can have on your network and your business, we have always stressed the importance of a solid ransomware protection plan. By anticipating these attacks, you can prevent serious damage to your company’s financial picture and trustworthy reputation.

However, a good ransomware protection plan does more than just block attacks. It sets up your network so that if a hacker does succeed, the impact is minimized. Here are the steps you should take to reduce the possibility and scope of ransomware damage.

Make Sure Your Backups are Solid and Secure

We can’t tell you how many times we’ve seen business owners who thought they had backups, only to find that the data wasn’t there when they needed it. Too many businesses are doing the bare minimum to back up files, creating gaps in security that can be exploited. Here’s what you need to do to ensure that your backups are doing what they should:

• Segregate your backup solution; in other words, it should be on a different domain so that it’s not visible to the rest of your network. Otherwise, you leave both sets of data vulnerable to attack. Keep them on a separate network and, if possible, off site. (That said, they still need to be easily accessible to allow for quick data recovery.)
• Run backups every day and test them often. Lots of things can go wrong during a data backup, such as incompatibility between your applications and your backup software, storage media failure, and other programs locking files so the backup cannot read them. Check these backups to make sure all of the intended data is being collected and not corrupted in the process.

Adopt the Principle of Least Privilege

Also called POLP, the principle of least privilege is an approach in which each user in your business have just enough permissions to perform his or her particular job. This can include access to applications, devices and systems, as well as file permissions (whether you can read, write, execute, or delete). As a result, most users are restricted as to what they can do on your business network.

Why is this important when mitigating ransomware damage? Because ransomware is only as powerful as the user who opens the door and lets it in. The more access he or she has to the system, the more areas that the ransomware can infect. By taking a POLP approach to your network, fewer people have access to large swaths of your system—making ransomware less devastating to your business.

Patch and Update Your Systems Regularly

Unpatched or unmaintained computers, and other technology components, are a highly successful avenue of attack for hackers. The best way to prevent this is to ensure that your systems are updated regularly. If you are not sure whether your system is up to date, you should contact your IT provider.

Use a Top Notch Firewall with Advanced Features

Not all firewalls are created equal. To be a truly effective line of defense, yours should be a dedicated device designed from the start to be a firewall and have advanced threat management features. This includes:

• Anti-virus filtering – A separate anti-virus engine on the firewall adds another strong layer of protection to your entire network.
• Deep packet inspection – This makes sure that the data coming in is what it claims to be.
• Heuristic pattern detection – uses artificial intelligence to look for characteristics of malicious code (instead of just looking for the code itself). This helps combat the zero day threats as soon as they are released
• Content filtering – The firewall looks for types of content that are more likely to harbor ransomware and other threats and blocks it from your business network.
• GeoLocation filtering – It’s been proven that the majority of the attacks are launched from outside of the United States. Proactively blocking traffic to and from those off-shore locations helps to reduce the threat and minimize the impact of an attack.
• Intrusion prevention and detection – The firewall actively monitors your internet traffic for suspicious activity and blocks anything that is suspect.

School is In Session: Education and Testing

In almost every recent ransomware attack we’ve seen, it all started when an unsuspecting employee opened a malicious email and either clicked a link or downloaded a file. The fact is, it takes just ONE person to start an attack. So make sure that your entire staff, and any contractors with access to your system, know the signs of an email offensive.

This is why James Moore’s Technology Solutions Consulting offers CyberSecurity Training (CST) powered by Barracuda, a phishing education and testing solution for your company. Employees are provided data sheets, videos, interactive training and more to teach them best email security practices. They are also tested regularly to see how well their new knowledge is being applied.

While nobody can guarantee that a hacker will never hit your business, you can play a big role in reducing ransomware damage should an attack succeed. With these easy steps you can potentially save your business hundreds of thousands of dollars and countless hours of frustration and despair—not a bad tradeoff.

Contact our Technology Solutions Consulting team today if you have any questions on how to mitigate ransomware damage. And don’t forget to take our free self-assessment to gauge your organization’s readiness for an attack.