What is the best anti-ransomware strategy?
There are three key elements to a good anti-ransomware strategy. These are effective software tools, robust policies (backed with enforcement and education), and a solid data backup process.
Effective software tools
You need an anti-malware product that can scan both websites and downloadable files, including email attachments. It’s usually preferable if it also has an integrated firewall. You can buy a separate firewall, but this is often more expensive. Additionally, you then have to configure both products to work with each other rather than seeing each other as potential threats.
At this point, it’s generally best to look for cloud-based security products. There are two main reasons for this. First of all, with cloud-based products, updates are effective as soon as they are deployed on the server. You don’t have to download and install them. When you think about the frequency with which security products need to be updated, this is actually a meaningful benefit.
Secondly, as the sheer volume of malware increases, so does the amount of resources needed to run an effective anti-malware system. Just storing the malware definitions can be a significant challenge. It, therefore, makes sense to push this work onto back-end servers rather than local computers and mobile devices.
Antivirus tools are meant to supplement robust IT security processes, not replace them. In particular, they are created on the assumption that you will keep your operating system(s) and applications updated with the latest updates/patches as soon as they are released.
This is a major vulnerability at many companies and is if not responsible for then at least a factor in a large number of security breaches. If you know that there are routine delays applying updates/patches then you either need to make internal changes so they are applied promptly or get a managed IT services vendor to take care of it for you.
You also need to think carefully about how people access the corporate network and what they are allowed to do on it. If you have remote workers, then you need to ensure that they can connect safely regardless of where they are. The most obvious solution may be to use VPNs and while these are very effective they can also be cumbersome, especially for people who only travel a small percentage of the time. For these people, a mobile data solution may be simpler and more convenient.
Last but definitely not least, you need to think about how your company’s internet connection is used. Over recent years, there has been a growing tendency to take a relaxed attitude to people using the company internet in their lunch-break. Sadly, this may be one perk that needs to be reversed or at least reined in, for security reasons. The good news is that, while limiting (or prohibiting) personal use of the company internet connection is unlikely to be welcomed, these days, it’s also unlikely to be a big deal either as most people have their own smartphones and tablets.
For completeness, any usage policies (internet or otherwise) have to be backed by fair enforcement. Part of fair enforcement means recognizing what has gone before. In other words, if you’ve been ignoring the fact that people have been breaking the rules, then you cannot just start issuing sanctions without any prior warning.
Usually, the best course of action is, to be honest about the fact that enforcement has been lax and send employees a notification that from X date, this will change. In the run-up to X date, send them a few reminders, along with links to where they can find the policy and information about the sanctions which will be applied if they continue to ignore it. Then when X date rolls around, send another reminder and actually start doing what your policy says.
A solid data backup process
One of the many reasons why companies fear ransomware so much is because it is so easy for infected files to be transferred into a local data backup system, overwriting healthy ones in the process. This completely defeats the purpose of having a data backup in the first place. The way to deal with this is to have an off-site backup (or a backup in another cloud).
This can sometimes be challenging to implement if you are working in a public cloud, but it is definitely worth making the effort. Having an off-site data backup will not help to keep your data safe from ransomware attacks, but can be used to lay the foundations for a full cloud business-continuity/disaster recovery strategy.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response
implement the best protection against ransomware