• 10 Things to Prevent Ransomware

  • Ransomware is at the top of most organization’s concerns when it comes to cybersecurity. It’s not so much that there is a ransomware problem, it’s that there is a basic information security controls problem.

    There are some basic things you can do to prevent a ransomware attack on your organization and in this post we are going to look at 10 of those change you can make to prevent ransomware.

    1. Scan your public facing assets.
      What this means is that identifying any public facing vulnerabilities or services an attack could exploit to gain access to your network. For example, Remote Desktop Protocol which has been leveraged in previous ransomware attacks.
    2. Email spam and malware filtering.
      Ransomware attacks often start as a link or an attachment in an email that entices the user to interact with it. By having protections at the email server, these attack can be blocked before the enter your user’s inbox.
    3. User awareness training.
      Educate your users on how to identify a phishing email, malicious activity, and how to report it. End users are the eyes and ears you can use to help reduce the time to identifying when bad things are happening on your network.
    4. Host based firewalls.
      Host based firewalls when enabled and configured correctly can prevent an attacker from moving laterally on your network. For example, if an attacker gains access to someone’s system in marketing they will be unable to access your critical data because the host based firewall prevents access.
    5. Endpoint protection.
      Endpoint protection can stop ransomware before it has a chance to get started. A good endpoint protection product today includes CPU level inspection, sandboxing, and even built in ransomware protection.
    6. Firewall configuration.
      A next generation firewall can prevent ransomware from being downloaded into the environment. These firewalls include protections like threat prevent, threat extraction, and sandboxing. You should also configure the firewall to only all inbound and outbound ports that are needed while blocking all other ports.
    7. Penetration Testing.
      Penetration testing is when you, or a third party, actually try to hack into the network. This quickly identifies ways an attacker could gain access and cause a breach or launch a ransomware attack.
    8. Vulnerability management.
      Installing patches and updates is an important part of preventing ransomware attacks. Many of the ransomware attacks start by taking advantage of an existing vulnerability in an application or service.
    9. Adopt a security framework.
      Industry standard security frameworks can show you the “ingredients” to create a secure network. These framework includes best practices, policies, procedures, and methodologies to better secure your network and data. Popular frameworks include the CIS Controls and the NIST Cybersecurity Framework.
    10. Formal security program – put someone in charge of security.
      Having a formal security program means having technical controls, administrative controls, and someone to drive security in the organization. Making security the focus of a single person helps ensure that security is a priority for the organization.