The objective of a ransomware attack is to encrypt or otherwise disable access to critical files on a computer system or network and then demand payment from the affected party. These attacks are designed to infect a company, organization, or even an individual computer. In most cases, if the affected party does not pay by the set deadline, all data will be permanently lost.
With the continued rise of ransomware attacks, organizations must prepare. Below are five tips to assist your organization in mitigating a ransomware event.
One of the most common threats posed to organizations are non-malicious, uninformed employees. Without information security awareness training, these employees may be more susceptible to accidentally downloading email attachments infected with ransomware. Therefore, it is crucial to provide security awareness training that covers multiple attack vectors, including extorting data, phishing for sensitive information, and being directly targeted with malware.
Inbound email content screening is crucial in preventing two common methods that attackers use to impersonate members of your organization: Email Address Spoofing and Display Name Spoofing. Email Address Spoofing is the act of modifying the way an email address and display name appears. Display Name Spoofing is the act of spoofing someone’s display name but not their email address. Various screening methods prevent both types of attacks by filtering spoofed emails and following industry best practices.
Effective patch management helps to fix vulnerabilities your organization may face within different software or applications, which would create more opportunity for a ransomware attack. Most personal computers are configured for automatic patching, but corporate IT environments typically rely on testing patches in an isolated environment before pushing them to users. This delay in patching could be a crucial misstep in your organization’s defense against ransomware. As such, effective patch management will remain vital in preventing attacks.
Confirm anti-virus and firewall software is properly installed. Your organization should also ensure the software is routinely updated and patched to protect against the latest virus definitions. While not entirely foolproof, accomplishing this can remove an attack vector, assist in preventing infection, and remove preexisting malware.
Your organization can deploy a software suite that monitors and generates alerts for your computer systems or networks if suspicious activity is detected. For example, the ransomware RYUK will encrypt files and rename them as “YourFile.txt.RYK.” An active network monitoring solution could detect massive file name changes for that extension. In this case, the attack would be detected immediately and a total loss of data would have been prevented.
A good backup and recovery plan helps recover critical data in the event of a ransomware attack. Ransomware is evolving and not all backups are protected equally, so evaluate your organization’s solution carefully. Ensure the plan is monitored and routinely tested. Protect your backups using encryption and versioning, and store copies of your backup data in multiple locations, including offline or out-of-band locations where appropriate.
There is no visible end to the rise of ransomware attacks. Your organization needs to ensure it has the appropriate security in place given the current threat landscape. For more information on mitigating the likelihood of a ransomware attack in your organization, reach out to our Managed IT Services team.
We are a full-service management consulting and CPA firm covering all aspects of audit, compliance, risk management, accounting, finance, tax, IT risk, and more. Just let us know what you need help with and an expert will be in touch!
Request Your Consultation
