Ransomware. The word sends shivers down responsible IT support person's spine. There's nothing worse than being told not only that you've been infected by a virus preventing you from getting to anything on your network, but on top of it to be told that you have to pay someone $'s to get your information back!
Look at the recent example of Hollywood Presbyterian Medical Center who recently announced that not only were they hit by ransomware, but that they paid $17,000 to get their information back. The first thing that ran through my mind was NOT why did they pay, but rather - clearly they didn't have a backup.
There are a number of things that you should be doing in the normal day to day of running your IT that would not only limit the probability of being hit, but more importantly, if you do get hit, ways to ensure that your business will function with nary a blip as your IT team responds.
The following are 8 key items that you should have in place to ensure you're as prepared as possible to prevent ransomware in the first place as well as being prepared to limit your exposure should you be hit:
- Make sure your users are properly trained and aware of potential threats. Your users are your front line of defense. From a technical perspective, you can have the most secure network in the world, but it's only as tight as your users who are on it. If someone clicks on the wrong link or goes to the wrong website, you can easily be compromised.
- Conduct training with pseudo phishing attacks so that your users can learn what phishing is all about and how to react to a seemingly innocuous email.
- Implement security policies within your network to lock down user rights and remove local administrator level rights from users. This prevents most ransomware from running because the program simply doesn't have the needed rights to do so. We use a GPO (Group Policy Object) for our clients to automatically. This ensures all new users to the network are covered by this policy automatically.
- Ensure all of your computers on your network are protected by a current and business level Anti-Virus system and that it's being managed by someone. It's critical that it's kept up-to-date at all times.
- Ensure that your email system is protected by an enterprise level Anti-Spam system. Often times this can incorporated into an "Intrusion Protection System" as part of a firewall offering.
- Ensure that your network is protected by an enterprise level firewall, it's configured correctly, and is continuously monitored. We've had a ton of success with Dell SonicWALLs for most of our clients.
- Implement a methodical and disciplined patch and upgrade procedure so that all of your workstations and servers are updated with the latest security patches provided by the vendors. Make sure to keep the firmware up-to-date on all of your network devices as well (switches, routers, and firewalls). This is an often overlooked vulnerability.
- Implement a solid backup approach leveraging a solution built on imaged based backups. Also, make sure that your backups are tested on a recurring basis so that you know it works. There's nothing more frustrating than needing a backup only to find out that it's no good.
It can't be stressed enough the importance of this last bullet point. Too often, without a reliable backup you're just dead in the water when responding to an attack.
Everything else listed are items of great importance. These are all real and meaningful ways that will make a difference in your ability to prevent your network from being hit in the first place. But, Backup, backup, backup! Remember Hollywood Presbyterian. Their (lack of a) backup cost them $17,000 let alone the 10 days they were down!
Have you or do you know of anyone who's been hit by ransomware? Share your experience with us in the Comments section below.
On a related note, if you'd like to see how your security precautions stack up, please download our free Cyber Security Report Card and evaluate how you're doing.