Your Checklist for Addressing the Next Outbreak of Ransomware.
Just like any doomsday preppers out there, in the IT industry we always try to prepare for the next disaster. The numerous ransomware outbreaks in the last two years have put the spotlight back to Preparedness and Disaster Recovery. Ransomware can encrypt your data and may or may not encrypt it if you pay the ransom. There are better ways to prepare for this than having a payoff ready to go.
So here is your Disaster Checklist for managing the next Ransomware Outbreak.
* Manage Your Backups
If you have data backups, maintain them regularly. If you don’t, get a backup solution in place ASAP. Data backups are essential. Not only do they provide a place from which to recover data that may be corrupted, held hostage, etc, but they also provide a way to recover files that were accidentally erased, or multiple versions of files in the past.
It used to be that data backups had to follow the Rule of Three. One physical backup (RAID array, or Mirrored Drive), one scheduled backup (Retrospect, Time Machine, Etc) and one offsite backup (Crashplan, MOB Backup, Backblaze.) These days, many companies incorporate the physical backup and Cloud backup only. The point is to have a backup strategy though; and to implement it.
* Configure Your Network
Just like the larger sailing ships have compartments which can be closed off to prevent flooding through the entire ship, so to can networks be segmented to prevent malicious software from spreading. The appliance that does this is the Firewall: a network security system designed to prevent unauthorized access to or from a private network. In addition firewalls can be setup to accept traffic from known sources. Just like sailing your ship in safe waters. Look into investing into a router that allows setting up multiple segments and has IP filtering.
* Setup a Schedule to Patch, Update or Replace
As security threats present themselves, the big computer companies put out patches or updates to keep computers and network equipment secure. Apple, Microsoft, Linux, and the many network vendors (Cisco, Meraki) “drop” patches frequently. A computer that is up to date with all security patches is less likely to be compromised. Sometimes a machine is so old that it can no longer be patched. Then it is time to consider replacing it. Your computer security is only as good as the weakest link.
* Implement Corporate-Wide Anti-virus and Email Security Programs.
If you are not already using anti-virus programs to protect your systems, START NOW. If you are, just like keeping up with patches and updates, your clients need to have the latest virus definition engines. You need to keep up to date with every machine. In addition, there are several options out there for Email security. Such vendors as Trend Micro and Norton can protect both incoming and outgoing email and intercept SPAM, Viruses, and Malware before it even arrives in your inbox.
* Educate Your Staff in Security
One of the ways in which malicious software enters a company is through inappropriate or unsecured email, file sharing, 3rd party programs and applications. Users need to know how to identify phishing expeditions in their email, the dangers of downloading or file sharing, and the importance of not sharing computer security information in any form except with authorized personnel.
* Protect your Endpoints.
Endpoint security is essential when dealing with Mobile devices, laptops, and wireless coming into your company network from the outside. Each device with a remote connecting to the network creates a potential entry point for security threats. Some of the above checklists assit with endpoint security; the router filters traffic, the anti-virus and email security programs protect communications, and staff education addresses the employee’s role in protecting themselves. One of the other ways to protect your endpoints are to have strong password strategies. These may include 2-factor authentication and frequent password expiration, Another way to protect information coming into the network from mobile devices is the use of VPN (Virtual private Networks) to communicate over a secured and encrypted connection to your corporate network. VPN's can be setup between almost any laptop, and many phones and tablets to securely access data from a remote location.
A disaster is never pleasant, but if you are prepared you can recover from them with minimal downtime.