Ransomware. The word should send a shiver down any responsible IT support person's spine. There's nothing worse than being told not only that you've been infected by a virus preventing you from getting to any of your data on your network, but on top of it to be told that you have to pay someone $'s to get your information back!
Remember the example of Hollywood Presbyterian Medical Center who announced that not only were they hit by ransomware, but that they paid $17,000 to get their information back. The first thing that ran through my mind was NOT why did they pay it, but rather - why did they have to pay it? Clearly it was because they didn't have an adequate backup in place.
There are a number of things that you should be doing in the normal day to day of running your IT that would not only limit the probability of being hit, but more importantly, if you do get hit, ways to ensure that your business will function with nary a blip as your IT team responds. These are all standard practices we have in place for protecting our clients.
The following are 8 components you should have in place ensuring you're as protected as possible to prevent ransomware from hitting you in the first place, as well as being able to limit your exposure should you get hit:
- Make sure your users are properly trained and aware of potential threats. Your users are your front line of defense. From a technical perspective, you can have the most secure network in the world, but it's only as tight as your users who are on it. If someone clicks on the wrong link or goes to the wrong website, you can easily be compromised.
- Conduct training with pseudo phishing attacks so that your users can learn what phishing is all about and how to react to a seemingly innocuous email. Here's more information on what an effective cybersecurity user awareness training program looks like.
- Implement security policies within your network to lock down user rights and remove local Administrator level rights from users. This prevents most ransomware from running because the program simply doesn't have the needed rights to do so. We use a GPO (Group Policy Object) for our clients to do this automatically. This ensures all new users to the network are covered by this policy automatically.
- Ensure all of the computers on your network are protected by a current and business level Anti-Virus system and that it's being managed by someone. Simply thinking that because you have AV on your systems, you're protected - is not an appropriate mindset. It's critical that this key layer in protection is complete (across all machines) and is kept up-to-date at all times.
- Ensure that your email system is protected by an enterprise level Anti-Spam system. Often times this can be incorporated into an "Intrusion Protection System" as part of a firewall offering. If you're running Office 365, don't be led to believe their built-in protection is enough. It isn't.
- Ensure that your network is protected by an enterprise level firewall, it's configured correctly, and is continuously monitored. We've had a ton of success with SonicWALLs over the years for our clients.
- Implement a methodical and disciplined patch and upgrade procedure so that all of your workstations and servers are updated with the latest security patches provided by the vendors. Make sure to keep the firmware up-to-date on all of your network devices as well (switches, routers, and firewalls). This is an often overlooked vulnerability.
- Implement a solid backup approach leveraging a solution built on imaged based backups. Also, make sure that your backups are tested on a recurring basis so that you know it works. There's nothing more frustrating than needing a backup only to find out that it's no good.
I can't stress enough the importance of this last bullet point. Too often, without a reliable backup you're just simply dead in the water when responding to an attack. Backups are like insurance. You don't want to pay for it because you don't want to use it, but how glad are you to have it in place when you need it!
Everything else listed are all items of great importance and none should be left off the list. These are all real and meaningful ways that will make a difference in your ability to prevent your network from being hit in the first place.
That said (and again, I can't stress this enough), backup, backup, backup! Remember Hollywood Presbyterian. Their approach to backup (and the lack thereof) cost them $17,000 plus the cost of downtime (they were down for at least 10 days!). And it's so easily preventable. Knock wood - the only time we run into ransomeware these days is when we're contacted by a new prospective client looking for help in cleaning things up for them. And this is because they're not following one of these 8 rules.
Have you or do you know of anyone who's been hit by ransomware? Share your experience with us in the Comments section below or send me an email if you'd like to discuss this in more detail.
On a related note, if you'd like to see how your security precautions stack up, please download our free Cyber Security Report Card and evaluate how you're doing.