As you may have read in the news, Ransomware attacks continue to be a top security concern for businesses. Making this more difficult, these attacks have been evolving. There have been a fair amount of complex Ransomware attacks lately. The attackers take their time, determining a path in a network to ensure maximum damage.
While there are many security products available to help, a lot of times ensuring routine administrative functions would have potentially prevented the breach or greatly increased the recovery capabilities. While prevention systems are still critical, businesses need to adopt a detection and recovery paradigm. This means ensuring proper business continuity and disaster recovery process are in place and tested to aid in recoverability.
Quick hits that can drastically reduce your risk of ransomeware attacks
- User account security
- Audit and clean up unnecessary admin accounts
- Change admin passwords frequently
- Eliminate the use of shared accounts and passwords wherever possible
- Change root passwords on non-domain joined systems such as switches, routers and hypervisors
- Utilize secure password management software to prevent unsecure storage of passwords, such as excel documents and sticky notes
- Verify passwords comply with password complexity best practices
- Install Multi-factor authentication for all accounts, especially when used for remote connectivity and access to cloud services
- Install and verify daily status of anti-virus and anti-malware services
- Review and verify proper policy settings
- Review and verify policy enforcement
- Review and verify thorough deployment on all business systems and user devices
- System vulnerability patching
- Ensure Windows servers and desktops critical and security patches are being updated regularly
- Review network and server hardware firmware for any known bugs and security vulnerabilities
- Review and strengthen Firewall settings
- Review all policies and tighten them to essential business needs
- Enable Geo Blocking
- Protect backup and recovery systems—ensure backups are running regularly and test your recovery ability.
- Collect System Logs
- Install a logging server to collect logs from all servers and network devices to aid in both detection as well as post breach forensics and recovery.
This is not intended as an all-inclusive list and doesn’t ensure following these steps will protect you from Ransomware attacks. Businesses need to adopt a plan that is tailored to their unique business situation.
EDCi is available to review and discuss your security response plan and help ensure maximum protection and recoverability.
Below are some recent articles reviewing the ransomware threats affecting businesses.