Ransomware Protection Best Practices

Daniel Tobok
E: dtobok@cytelligence.com

Posted on: July 31, 2018

We live in an era of the computer, and cyber attacks have become the new norm. It does not matter if you are a government or a small or medium enterprise down the supply chain of a major manufacturer, the threat of attack is phenomenal. We are more than a few years away from quantum computing and encryption from becoming the new norm, and until then it seems like it is practically impossible to defend against the dark arts which are cyber. However, what if we told you there is a ransomware prevention guide that can help your business build its defences against attacks from a range of locations and devices? Sounds like a great investment, right?

Well in this article we are going to look at 10 best practices to ensure your company has the best defense against ransomware on the market from some of the experts at Cytelligence. From dealing with software to changing the way you think about your own defences, our ransomware prevention tips for users will ensure your company is safe and secure for the coming year!

1. Take an inventory of all your devices

Think about it now, how many devices are around you while you are reading this. If you are like me, you are reading this on a computer, you have a tablet across the way and your phone is on your desk charging, that is three pieces of technology for a single person, now multiple that over a company of twenty of even 2000, and you see why taking an inventory for all your devices is an essential best practice when looking at ransomware protection. You see, one of the best defences against ransomware is, in fact, to understand what types of technology you need to protect. Now this will be a challenge, but keeping a live inventory is a great approach to learn where an issue may occur and how you can best defend against ransomware. If you are stretched thin, a NOC-SOC solution might be the best approach to help identify and monitor all devices that are connected to your network.

2. Automate the patching of software across all devices connected to your network

This seems like a straight forward point, but you would be surprised at how many people fail to do anything when it comes to ransomware protection. The recent WannaCry breach showcases the vulnerability of a security system that does not have automated patching! To truly get the best ransomware protection, you need to invest in a security software that can automate, and push patches to all devices. This would include both the mobile side of the house and towers and laptops within your network. Automating this process removes the possibility of human mistakes, which is always a good thing when you are talking about ransomware protection. It only is made better when you consider when you move towards automation of patches you will be able to limit human capital costs that are generally associated with IT professionals providing your company menial patching tasks to your entire fleet of devices. Instead, it only takes a good IT person and a few minutes to set up your system to always be protected. Plus, as one of the ransomware protection best practices, automation of patching is an easy and simple way to become more compliant and most of all, safer, with a couple clicks of a button!

3. Ensure you have segmented your network

A network breach is the worst-case scenario to come into the office for, but what happens when it happens? This is what makes IT professionals grow grey hair, and when it does happen, you need to be prepared to start the process of how to defend against ransomware to ensure it does not spread. The first line of defence to limit the spread is to in fact segment the network. This could include strategies such as micro segmentation in virtual environments, or macro segmentation to a physical or virtual network. If your IT professional can complete the segmentation, this will allow you to determine what is ransomware virus and start the steps to not only isolate the ransomware attack but stop the spread of the virus to the rest of the system. You must remember, without proper segmentation of the system, your incident response plan will be a struggle to implement due to a virus infecting every corner of your network.

4. Track and log the threats against your network

When it comes to the best way to prevent ransomware it normally all comes down to how you prepare your network, and learn how to best prevent ransomware encryption. There are hundreds of sources when it comes to ransomware protection, but no matter where you are getting your source, always subscribe to real-time threat feeds! These feeds when combined with local threat intelligence will help your organization respond, and defend to the latest threat to your network. If you can consider the future while these viruses are still in the wild, you can build your network up to ensure it does not become an issue once it targets you. Make sure to put an emphasis on threat tracking, and your ransomware prevention will become a little easier over time.

5. Watch and look for trends when it comes to indicators of compromise

Consider this, when you are looking to have ransomware protection, you naturally need to know the trends right? Exactly, so when it comes to ransomware prevention, it is all about matching your inventory of threats against your own network. Not all ransomware protection software will help you with this, but most of the top end choices will feature a trend tracker and highlight any major issues within your network. Naturally, you will either should harden the security, patch the software, isolate the technology or simply replace the unit to ensure that your network does not have a weak link that lets in a virus. Replacing a laptop is worth its weight in gold, especially if you are battling against a full-blown infiltration. Rather than figure out how to fight against ransomware, why not fight the battle before the war and employ trend watching as one of your ransomware prevention best practices!

6. Harden your endpoints and access points above the industry standard

When you consider the threats in the environment today, why would you only protect to the industry standard? Considering that the standard for defence companies in the United States Technology and Industrial Base is already a few years outdated, you need to consider investing in proper endpoint and access point security. At a bare minimum, when you are looking at the best way to prevent ransomware, you need to ensure that all devices coming onto your network meet your security requirements and that your network can scan any new piece of hardware for unpatched or infected devices or traffic in milliseconds. This kind of security may seem a little overbearing, but when considering ransomware protection, every step towards a more secure network is a step in the right direction.

7. Implement security controls at all levels

When you are looking at how to prevent ransomware on Mac or PC, it is a best practice to implement security controls at all levels. From dealing with a simple signature during the encryption process to moving to a move behavioural based solution, it all starts with all level security. You see, when you are looking to prevent ransomware encryption, the best use-case is to consider the dumbest person in your organization, and what types of threats they may cause to your network. When you build your ransomware protection efforts from that case, you will be able to detect and thwart attacks with ease, even if they are able to get through your firewall or other perimeter defences. This is where your company should aim to get to, an all-level security component that will help ensure your company is part of the best practices in ransomware prevention group!

8. Use Security automation to your advantage

Security automation is truly a lifesaver when you looking to help your IT department to serve up the best protection against ransomware. See many companies can pass over basic security tasks such as scanning and tracking outside threats to an automated process, which then leaves them time to tackle bigger threats to the network. Things such as cryptolocker prevention and basic external tracking will help build the database and are all best done by an automated script. However, you do need an IT team that is able to check on the security automation, as the script is only as good as those who write it. Companies such as IBM and Apple utilise security automation daily, and there is no reason why your small or medium enterprise needs to be a human workforce when it comes to ransomware protection. Thus, when you consider what is the best defense against ransomware, you should know by now that it is an integrated security effort that naturally includes security automation.

9. Back up critical systems to a separate server

Have you ever backed up your computer to only have it crash a few days later and you are thanking the lord or any other deity that you finally backed it up? Well, when it comes to your company’s critical systems, one of the best ransomware prevention tips for users is to in fact back it up! When you are dealing with ransomware, you are never sure where it started, and of course where it ended up. That is why it is critical to have a copy of any critical date or resources to be stored off-network. This will allow you to independently protect backups from ransomware, and give your IT professionals the tools to help restore and resume operation as soon as possible if an attack does occur. Point three on these best practices in ransomware prevention was to segment your system, and one of these key segments is always your backups! Make sure to include any personal files, proprietary information and data, as well as, crucial documents to ensure all segments of your business can be backed up with ease! Backing up critical systems and data is a ransomware protection best practice I can back 100% of the time for any business or individual.

10. Create and maintain an integrated security environment that always is learning and improving

There are hundreds of ransomware types, and when it comes best ransomware protection and security practices, there are a few things that every company should be implying. One of the most important facts is to consider every new ecosystem or device that you bring online as a threat. Now, this may seem a little ridiculous, but when dealing with how to prevent ransomware, treating outside objects like a threat is not new. You will need to utilise a fully integrated deployable security environment that is able to complete orchestration and analysis from a central hub while limiting the effect on the device itself. A slow device is not your objective here, what you need is to be able to deploy a security fabric that still lets the device and the network operate at peak efficiency. An IT system that masters this, will be able to truly be on the list of professionals that know the best ransomware protection best practices by heart.

We have listed the top 10 best practices in ransomware protection for companies, but is that all you can do? Well of course not, and as cyber and ransomware viruses are an evolving subject, things will change. Here at Cytelligence, we offer all our business and individual customers with a comprehensive and professional level of auditing that will truly showcase your system’s vulnerabilities. Once the audit is completed, we will work with your IT staff to patch up and eradicate these weaknesses and assist you in ensuring that your data is safe, no matter the level of attack on your networks. If you are an IT professional with some experience, what did we miss? Comment below with your best practices in ransomware protection or ransomware prevention, and start a conversation!