Ransomware attacks are in the news daily. They seem unstoppable. But the truth is that with the correct defenses in place, you can stop most of them. This blog series will review the seven protective measures that, if you have them in place, will put you in the best position to detect and stop most attacks. With each step, a series of best practices on how to manage the technology or process involved is included.
Here are the seven steps:
1. Utilize Backups
2. Protect Endpoints
3. Secure and Monitor VPN Activity
4. Monitor and Protect Your Network
5. Deploy Strong Authentication
6. Practice Continuous Improvement
7. Cyber Insurance
Some steps, like backups and strong authentication, are well documented, but others, like monitoring your network, are not often discussed, yet it is critical to your defense. Together, they provide your best defense against ransomware.
One: Utilize Backups
A data backup strategy should always be your starting point for ransomware defense. It is the best means to restore your business operations to the previous state before the ransomware attack occurred, and you can avoid paying the ransom if the ransomware does not steal your data. A successful backup strategy will minimize downtime and reduce costly business disruption. It’s essential to follow these best practices to ensure the effectiveness of your backup strategy:
1. Back up your data and systems regularly, ideally on an automated 30-day or less schedule. In more than one case, a cyber insurance payout did not occur because the backup system operations were not in the required policy window.
2. Test your backups periodically to verify their integrity and the ability to restore data successfully.
Monitor that all backups are running normally, and alert if they suddenly stop – ransomware attacks will try to disrupt your backups during an attack.
3. Implement a multi-tiered backup strategy, including on-site and off-site backups and offline. Advanced ransomware will look for those backup systems and turn them off to optimize attack success.
4. Removing ransomware from your systems often requires wiping and reinstalling the infected machines. Therefore include backups that capture all your data. Doing so allows you to rebuild your systems with a clean slate, eliminating any traces of ransomware.
We all know backups are your first, last line of defense. Following these best practices will ensure your backup program will truly protect you. Next week we will talk about endpoint defense best practices. Stay tuned.
Bill Munroe
CyGlass, VP of Marketing
Reach out to CyGlass to learn more
