June 4, 2019 | Categories: Blog CISO |

Do you feel confident your critical data will be recoverable in a ransomware attack? If not, your business could be in trouble. Ransomware attacks literally hold an organization’s data hostage. In the worst-case scenario, anything the hacker gets access to could be rendered completely inaccessible to you, bringing work to a stop, costing precious time and money, and potentially affecting lives.

But there are ransomware prevention steps you can take to mitigate the risk of a ransomware attack having a devastating impact on your organization. Here are three ways to ensure you know how to prepare for a ransomware attack.

1. Have a Good Endpoint Security System in Place

The first step in how to prepare for a ransomware attack is to have a good endpoint security can help your organization avoid unnecessary risk. Endpoint security ensures that only the people you want on your network can get access, even when your employees have to login off-site or from personal devices.

CylanceProtect is one such system that uses science-driven AI to prevent attacks before hackers can wreak havoc in your network. Sophos InterceptX helps protect against attacks and data breaches by using real-time threat intelligence from SophosLabs to correlate all kinds of suspicious behaviors that could indicate an impending attack on your data.

2. Diversify Your Storage Solutions

Most organizations rely on stored data for even the most basic day-to-day activities. If your data is stolen or rendered inaccessible as the result of a ransomware attack, your business grinds to a halt. Even worse, most organizations are more vulnerable than you might imagine. With an over-reliance on password security and security teams that are understaffed or non-existent, organizations are left vulnerable when — not if — a ransomware attack occurs.

Take the recent breach at vfemail.net for example.

On February 11, 2019, VFE fell victim to a ransomware attack that remotely wiped all of their data, including the backups they had stored in the cloud. In a statement, the company reported, “At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost.”

Like many organizations, VFE believed their data was safe in the password-protected cloud. Unfortunately, however, any backups that are connected to a business network — including those in the cloud — are vulnerable to attack once a hacker is inside the network.

For this reason, it can be safer to add offline storage for backups. Tape, flash, and disk storage solutions keep copies of data away from networks where they can be vulnerable to attack, with tape being the most cost-effective.

Strategic use of these resources is key, as you want to balance the security and insurance of offline storage with the ease of access to your regular network. In other words, you need to figure out what data you can afford to lose, and so how often you need to update your backup content.

One way of thinking about this is by articulating a Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for your organization. The RTO is the maximum amount of time your organization can go without regular operations. The RPO is the point from which your data must be restored after an attack has erased it. Your RTO and RPO should reflect the unique needs of your organization and ensure that a setback caused by a ransomware attack doesn’t turn into a catastrophe.

3. Educate Your Team

A chain is only as good as its weakest link, and that is ever-so-true when it comes to an organization’s data security. One of the best ways for how to prepare for a ransomware attack is to ensure that every single person at the organization undergoes training and is given documentation on how to protect data at a basic level. 

For example, many companies these days have employees who work remotely, use their own devices to access the business network, and use the Internet as part of their work. Almost everyone uses email for business. Ransomware can infect networks through someone clicking on a bad link or downloading the code inadvertently off a website. Giving your team the tools and education to help them identify suspicious links, websites, and emails is ground zero for risk mitigation.

Setting up lunch and learns or creating ongoing training sessions gives employees opportunities to ask questions and see live demos and examples of ransomware and other malware attempts. Make sure to document the vital information and keep it in an accessible location (or in a physical booklet) so that all employees can refer to it for refreshers.

When In Doubt, Trust the Experts

If you’re lost on how to prepare for a ransomware attack and need help preparing for potential data security breaches, the CISOs for hire at MRK know how to put together a customized plan to get your company in a good position to mitigate risks and reduce vulnerabilities. Contact us today to discuss how we can best protect your business.