Best practices for ransomware prevention
Ransomware statistics are staggering. Simply put, there’s a high probability of any organization being attacked. Perhaps the scariest fact about ransomware is that attacks can happen repeatedly. Imagine the frustration of paying a ransom to get your data back, only to be hit by another attack an hour later. This has happened, and the attackers have no sympathy or mercy for their victims.
Given the seriousness of these attacks, organizations must take the threat seriously and take steps to prevent attacks. A backup should be the last line of defence against ransomware, not the first.
In the past, organizations have relied heavily on user education for malware prevention: If users can be taught to recognize a phishing email, then there’s little chance they’ll click on a malicious link in such a message. Unfortunately, experience has shown that even the best user education won’t completely mitigate the risk of users clicking on malicious links or opening malicious attachments.
A better approach is to assume that user education is ineffective. And a better strategy is to screen messages at the mail server level so phishing messages never make it to users’ mailboxes. Similarly, restrict user permissions in a way that minimizes damage should a ransomware attack occur.
There are a lot of ways of doing this. One particularly effective approach is to use application whitelisting so that users can’t run unauthorized processes. A more common approach is to perform a permissions audit and ensure that users only have write permissions where absolutely necessary. This won’t stop a ransomware infection from occurring, but because ransomware piggybacks on the user’s privileges, it won’t be able to touch anything the user doesn’t have access to. Hence, this approach limits the damage. Another option is to require the IT staff to use nonadministrative accounts unless they’re performing an action that specifically requires administrative privileges.
It’s important to remember phishing email messages are only one source of ransomware. It’s also common for attackers to use phony tech support scams as a means of introducing ransomware onto victim computers. Train end users to recognize the difference between a real phone call from IT and a scam
Ransomware protection bottom line
When it comes to protecting against ransomware, it is best to think of the problem as business continuity. Even if an organization is able to recover from a ransomware attack by restoring backups, the recovery process will take time to complete. As such, organizations shouldn’t focus solely on protecting backups against ransomware; they should also consider how to minimize the disruption caused by a ransomware attack.