Ransomware is a four-letter word, just with extra letters. It’s more sophisticated and strategic in 2020, with cybercriminals targeting organizations instead of consumers to get higher ransom payments. Attacks on organizations increased as much as 363% last year and unprepared organizations pay a price that’s not financial. Lost productivity and the time and resources it takes to recover can never be recouped.
How prepared is your organization? Answer these 10 questions to find your strengths and weaknesses:
1. Are your employees fully trained on ransomware prevention?
Every employee should be aware that mistakenly clicking a malicious link can download ransomware into your organization’s IT ecosystem. How can employees distinguish between links that are safe and ones that aren’t? That’s what the training is for. While scams keep evolving and getting more sophisticated, phishing emails and links in social media are still the most common ransomware delivery mechanisms. Compromised websites continue to be a risk, too.
Vigilant employees are your first line of defense. Working with a reputable cybersecurity awareness training company to train all of your employees is the single most cost-effective investment you can make in preventing ransomware attacks.
2. Are all of your computers patched and up to date?
Ransomware is not a virus — it’s a malware that locates vulnerabilities in your system. If any of your computers are running an operating system (OS) that’s not been patched with the latest security updates, those computers likely have exploitable vulnerabilities. Computers running Windows 7 (or any outdated operating system) are at much higher risk. A single unpatched computer can bring your entire organization to a standstill.
3. Is your antivirus software sophisticated enough?
The most effective antivirus software adds layers of protection. Before downloading a file, it automatically opens it in a Sandbox, or a safe zone that allows for checking for malicious content, which creates a protective two-step process that blocks suspicious downloads.
The most effective anti-virus software also includes zero-day threat detection. Zero-day threats are software or hardware vulnerabilities that do not yet have patches available. When hackers discover the existence of a zero-day vulnerability, they quickly write code to exploit it, then include that code in the ransomware package. To block zero-day attacks, next-gen antivirus uses threat intelligence, behavioral analytics, and machine-learning code analysis.
4. Do you require multi-factor authentication (MFA) for every login?
Even the most highly trained employees can’t guard against ransomware if their passwords get cracked. Password best practices protect against ransomware by making passwords hard to crack. If criminals can access an employee’s computer, they can easily download ransomware.
Using single sign-on is the most secure way to go for your organization. It reduces the required number of passwords employees have to remember to one. Everything in the network is securely integrated so once an employee logs in, they can access all of the apps they need to get their work done.
5. Have you removed all executive email addresses from your website?
How likely is it that your employees would click on a link from their boss? Probably pretty likely. Phishing that makes use of spoofed email addresses are especially effective. If an email looks legitimate and it’s someone with authority, the instinct is to click. That click could download ransomware.
6. Do you have a verifiable smartphone policy that protects your network?
Malware on smartphones can make its way onto your network if your employees don’t keep personal data separate from business data. And if a phone is lost or stolen, sensitive data can be used in ransomware scams if the phone wasn’t locked down with a passcode, fingerprint, or facial recognition.
Having a Bring Your Own Device (BYOD) policy is critical to protecting against ransomware, as is training your employees on how to adhere to it. Use modern platforms to verify proper configurations — Office365 and newer versions of exchange can verify if a passcode is present or if biometric security is enabled — and continually monitor network activity for any breaches. When you find improper BYOD use, enforce your policy.
7. Do you block the use of unauthorized USB drives?
USB drives can lead to all sorts of problems, including ransomware. If an employee plugs in an infected flash drive to his or her computer or clicks on an infected file that’s on the drive, they just inadvertently opened the door to ransomware. In addition, there’s a known ransomware strain called Spora that propagates itself by hiding on a computer then infecting other USB drives when they’re connected.
Banning the use of USB drives has become a common practice for some companies, including IBM. But make sure you offer an efficient alternative to moving files around, such as using a secure cloud platform. Otherwise, employees will be tempted to use a workaround that may be equally or more risky. Allowing only authorized USB drives is a good option.
8. Does your email gateway include advanced features?
Email gateways that include reputation screening and protect against impersonation also protect against ransomware. Infected emails are much less likely to make it through.
Reputation screening looks at the reputation of the sender — has your company received email from this sender before? Is the sender on a blacklist? How many recipients of emails from this sender have opened, replied to, or forwarded the emails? Impersonation screening uses granular-level techniques to ensure senders are who they say they are, including your CEO. These next-gen email protections effectively guard against man-in-the-middle attacks in addition to ransomware.
9. Is your incident response plan (IRP) ready to go?
Your IRP should include processes and procedures specifically for ransomware. They should not only ensure that you can restore from backup effectively but assign specific roles and responsibilities in case of a ransomware attack. Employees need to know what to do and how to do it, such as isolating any affected device immediately and powering off any device that may have been affected but is not yet completely corrupted.
10. Are your backups ransomware-resistant?
Ransomware can encrypt backups that are connected to your network. And you can’t restore from encrypted backups.
To be ransomware-resistant, your backups need to be offline, isolated from your networks, and in a different physical location from your servers. They also need to be inaccessible to devices that can be infected by ransomware, including computers and mobile devices. Switching to a third-party, cloud-based disaster recovery (DR) solution is a good way to reduce this risk and it might save you some money, too. It’s typically less expensive and faster than traditional DR solutions.
Did you answer YES to these questions?
If you answered YES to all of these questions, your organization is successfully protecting itself against ransomware — you are ready. If you did not, take a good look at what you need to do to improve your readiness.
While it’s important to note that no organization is ever 100% safe from a ransomware attack, following these best practices will add layers of protection that can significantly reduce the odds. The last item – ransomware-resistant backups – helps determine how quickly you can recover if you are attacked.
Why you shouldn’t pay the ransom
If you do get attacked before you can make the above security improvements, paying the ransom should be your last recovery option. You don’t know for sure if you’ll be given the decryption key after you pay or if the cybercriminals will increase the demand or attack you again later. Paying ransoms also encourages more ransomware attacks.
The best way to avoid having to choose whether or not to pay a ransom is to plan in advance. Due diligence pays off — it takes an average of 127 days to recover from a ransomware attack.