In 2017, ransomware, the use of weaponized encryption to block access to a computer system or service until a ransom is paid, is all the rage among hackers. In fact, ransomware is now one of the top three most common malware threats.
But the costs of ransomware attacks aren’t limited to a bitcoin payoff. In many cases, the additional costs of disinfecting machines, stabilizing systems, and restoring data can dwarf the initial ransom. To make matters worse, it could be days or even weeks after an attack before your network is fully operational. That makes prevention and preparation for ransomware attacks a worthwhile investment.
So what’s the best way to make sure your organization is prepared to fend off ransomware stick-ups?
Here are a few best practices for preventing ransomware from infecting your organization and for limiting the damage it can do once inside:
- Have a plan. Ransomware is a system of shock and awe. Your attackers are relying on you to panic and give them what they want. For that reason, it’s important to have a plan in place detailing the actions your organization will take in the event of a ransomware attack.
- Back up your data. Your data should be backed up on a daily basis. The 3-2-1 principle is a good rule of thumb here: Keep at least three copies of your data, back up your data on at least two different storage types (cloud and on-premises, for example), and keep at least one backup copy off site. You don’t have to pay hackers to get access to what you still have.
- Educate your users. Phishing emails are the most common method of ransomware distribution, so it’s important to teach your users how to identify suspicious emails and links. You can even go the extra mile and spam your users with fake phishing emails, which will help you identify your most at-risk users.
- Maintain strong perimeter defenses. Anti-malware and anti-virus (AV) are your first line of defense against ransomware, and good ones will be able to detect and stop many ransomware variants. However, it’s unwise to rely solely on AV defenses, as they can easily be subverted by the newest malware variants.
- Block ads. “Malvertisements” are a standard method of distributing ransomware and let hackers target based on location, demographics, browsing habits, and more. You can lower your risk of infection by using ad blockers to keep ads from being served to your users.
- Patch, patch, patch. When it comes to ransomware, every day is Patch Tuesday. Out-of-date applications and operating systems are a favorite target of ransomware attacks—there are several variants of ransomware targeting outdated versions of Flash and Silverlight—so keep your apps up to date.
Don’t Overlook the Importance of Stronger Identity and Access Controls
While the tips above will get you on the right path, you can’t ignore the role that modern identity and access management (IAM) tools play in preventing and minimizing the success of ransomware attacks.
The principle of least privilege says to limit access to applications and data to those who need it when they need it, but for organizations still manually provisioning access requests, that’s easier said than done. In most IT environments, users have more access than they should—especially IT administrators.
When manually provisioning access, human error is a fact of life. Accidental overassignment of permissions, access granted to improper data—these things happen, and they make hackers’ jobs easier. A robust IAM solution will prevent this kind of access creep by ensuring the consistent application of rules and policies across your organization.
Likewise, strong privileged access management (PAM) capabilities, such as time- and location-based access controls, will help implement least privilege and minimize your ransomware attack surface. After all, hackers can’t demand a ransom if they can’t get access to your critical systems.
Strengthen Your Security with Enterprise-Grade Multi-Factor Authentication
One of the easiest ways for hackers to gain access to your systems is by hijacking static passwords, which can easily be cracked and can often be purchased in bulk for pennies on the dark web.
So passwords are clearly inadequate, but the issue can be resolved by implementing multi-factor authentication (MFA) across your privileged users, your business-critical network systems, applications, virtual private networks, and your servers.
By using push notifications and smartphones that your users already have, MFA can be a simple and increasingly inexpensive way to block ransomware attacks, even in the event that credentials are compromised.
In the end, there’s no silver bullet for stopping ransomware attacks. But by following the best practices above and implementing some advanced IAM solutions, you can put your college or university in a much less vulnerable position. It’s your decision: Invest in security today or invest in bitcoins tomorrow.
This article originally appeared in Identity Automation.