Ransomware is rampant. Also known as cryptoware, it encrypts a company’s data until the victim pays a ransom. When ransomware infected more than 300,000 systems across more than 150 countries May 12, security suddenly became everybody’s business.
Ransomware attacks constantly change, so tactics that help protect one company might not always work for another. Nonetheless, there are fundamental steps exist that can help.
”Phish-proof” employees. Socially engineered, fraudulent “phishing” emails are the most common way systems get infected with ransomware. Training employees on how to recognize such messages and what to do if they receive any can go a long way in preventing attacks. Prevention training and awareness programs can help employees recognize telltale signs of phishing scams and how to handle them. But don’t stop at training. Constantly run internal tests (sending faux phishing messages) to assure that employees fully understand what’s expected of them.
Configure email systems carefully. Strong spam filters and authentication can help keep ransomware phishing messages from even getting to employee’s inboxes. A cloud-based e-mail analytics solution can be helpful. It’s also important to configure email systems carefully and control how file extensions are displayed.
Know what you have. Many companies do not know all the IT systems in their environments across all subsidiaries and business lines. This makes protecting those system even more difficult. All companies should maintain a complete configuration management data base (CMDB).
Keep infrastructure up to date: Regular patches of operating systems and applications can foil attackers who attempt to exploit known vulnerabilities. Attackers are smart and know what to look for. Other options include removing or limiting local workstation administration rights and installing the right configuration combinations (including virus scanners, firewalls and so on).
Plan for recovery. No prevention or defense plan is infallible. That’s why a strong business continuity plan for recovery is essential. A plan that’s regularly reviewed, updated and tested can make it easier to avoid paying ransom. Recovery objectives must be aligned to the critical tasks within an acceptable timeframe. The plan should include a process for validating backups and periodic snapshots, rather than regularly overwriting previous backups. In the event of a successful attack, you will have a better idea of which backups are “clean” and which are encrypted to reduce the risk of exposure. Kelly Bissell is managing director of Accenture Security.