Unlike many other attacks and malware types, the goal of ransomware is as well known as the method: Critical data is encrypted until the victim pays for the key.
For some industries, the question isn’t whether organisations will be hit, but when. After that, the questions tend toward the practical: How can companies avoid becoming a victim, and how should they respond when their best efforts are ineffective?
Three keys to your protection
There are three vital keys to avoid losing money, your business, or your job over ransomware. All three involve preparation long before the attack begins.
The first key to look at is backup:
- Solid, defensive backup
- Defence against advanced persistent attacks
- Authentication—keeping unauthorised people out of your network can be the key to avoiding seeing your name in the paper next to the word “victim”
A surprising number of ransomware reports include news that the victim organisation didn’t have a working backup of their data. So, to review: Back up according to an established protocol (something like 3-2-1 is a good start if you don’t have a plan), and regularly test to make sure that you can actually recover data from your backup.
2. Go farther than the perimeter
An intruder might camp in your network for weeks or months before he or she springs the trap. You must have intrusion prevention or similar security systems in operation so that you can recognise unusual or unauthorised traffic from within your network—not just attacks from the outside.
3. Lock it down
Companies must prevent workstations and user accounts from becoming attack vectors.
Windows 10 provides a vast array of identification, authentication, and authorisation features. Current-generation laptop and desktop workstations have the hardware components built in to take advantage of those features.
A thorough review of security measures to protect against ransomware must include a close look at workstations to see whether they provide the facilities necessary to protect the total network from attack.
Ransomware is a large and growing problem because it’s effective and profitable. The perpetrators are good at what they do, but you can be better by making sure that you have an uninfected backup at a secure location, you are doing everything possible to keep the attackers out of your workstations and your network, and you have systems in place to recognise intrusion when your defensive efforts fail. Take these three major steps, and the odds are in your favour for avoiding being labelled “victim” in news reports.