As is the case with many types of cybersecurity threats, shielding one’s company from ransomware attacks calls for measures that simultaneously build the strongest protections possible while also adopting mitigation strategies that assume those measures will fail.
Here are some essential steps that can lessen a company’s vulnerability while also enable a more robust recovery in the event an attack succeeds:
- Strengthen passwords. Require employees to create strong passwords and reset them regularly using a password-management tool.
- Implement multifactor authentication. MFA is especially important when employees are remotely accessing your company’s system, including email.
- Segment your data. Build firewalls within your network. Give employees access just to the files and systems they need. Limit the number of system administrators. Make sure the firewalls within Windows OS are set up properly.
- Keep your software current. Download updates and patches as soon as they’re available.
- Train your staff. Know how the latest malware will look to them, and make sure they know how to recognize and report it and other phishing scams.
- Back up data strategically, using multiple methods. Cybersecurity expert Albert Zhichun Li suggests using an “appending-only backup type, which makes it harder for attackers to change/encrypt/delete previously backed-up data.”
- Practice caution. After verifying the sender, proceed with caution before opening attachments, especially if they are zipped or compressed.
- Consider using continuous data protection. This backup method can minimize operational disruptions during an attack.
- Have a plan in place in case your system is attacked anyway. You’ll be glad you did.