How to implement the best protection against ransomware
(1 votes, average: 5.00 out of 5)
Loading...Ransomware has probably overtaken spyware as the form of malware companies hate most. The bad news is that its massive growth looks set to continue for the foreseeable future. The good news is that it is possible to protect your organization against ransomware as long as you use an effective strategy. With that in mind, here is a quick guide to implementing the best protection against ransomware.
Robust anti-malware tools are a must
You need a reputable anti-malware scanner that can check both websites and downloads, including email attachments. Ideally, it should also have an integrated firewall. You can get a firewall on its own but it’s generally more convenient to get one which is literally designed to work with your anti-malware product. That saves you the time and effort needed to configure both products so that they work together in harmony instead of seeing each other as threats and going into battle.
Cloud-based anti-malware products are very much preferable to locally-hosted ones. They can be updated more quickly (because the update takes effect as soon as it is deployed on the server) and they also shift the storage and processing burdens onto the back-end servers thus freeing up resources on local devices.
You need to update your operating system and applications promptly
First of all, it is strongly recommended that you stick to using operating systems and applications which are still supported by their vendor. The reason why the WannaCry attack was so successful was that it exploited known vulnerabilities in products that had ceased to be supported by Microsoft even though they were still in relatively widespread use.
For completeness, if you really need to keep an old computer running, for example, to have access to a particular application, then it’s highly advisable to keep it offline.
Secondly, it is strongly recommended that you apply all updates and patches as soon as they are released, at least if they relate to security. Returning to the example of WannaCry, although the main impact was felt by people still using Windows XP and Windows 7, some of it was born by people who had simply failed to install the patch Microsoft released at the end of March 2017. That was some 6 weeks prior to the start of the WannaCry attack.
In short, you need to take a good, hard look at how quickly you update your operating system and applications and if you’re not updating them in short order then you either need to sort out your in-house processes or arrange for a managed IT services vendor to take care of updating your systems.
You need to have rules about how people access the corporate network and what they do on it
The number one rule of accessing the corporate network needs to be that you do it from a safe connection. If all your employees are working out of a designated business location, then all you have to do is make sure that you maintain your own security. These days, however, it’s increasingly likely that companies will have remote and/or mobile workers or, at the very least, that employees will work remotely/on the move, at least some of the time.
For employees who are mostly remote/mobile, the safest approach is likely to be to insist that they connect over a VPN. That creates one rule they have to follow in all situations and one set of instructions as to how to follow that rule. For employees who are only out of the office occasionally, it might be simpler and more cost-effective to insist that they either connect from home or from a mobile-data connection which you supply. This avoids the need to install a VPN but also avoids the hazards of people connecting to the corporate network over free WiFi.
The number two rule of accessing the corporate network needs to be that you use it safely. These days this means that companies need to think seriously about whether or not they are going to allow their networks to be used for anything other than strictly work-related activities and, if so, to what extent and under what conditions.
Data backups are your last line of defense against ransomware
Data backups don’t exactly protect you against ransomware but they can protect you against the consequences of a ransomware attack – if you implement them properly. The key point to remember is that automated backups to local systems will generally just transfer infected files from the production system into the backup system. This means you absolutely need an off-site data backup complete with precautions to ensure that it is only ever populated with clean files.
Please click now to start your free 30-day trial of Xcitium AEP.
Related Sources:
Endpoint Detection and Response