The goal of ransomware is simple: to hold your data hostage until a ransom is paid to its captor. The effects are devastating. The NotPetya ransomware is estimated to have cost businesses up to $10 billion. Its sibling, WannaCry, tallied somewhere between $4 billion and $8 billion in losses to business.
The costs of ransomware can vary based on the data held, but there’s also lost time and productivity from workstations no one can access. IT resources dedicated to reacting to the downtime only ramp up the internal costs of these attacks. Businesses can feel completely dead in the water for hours or days at a time when due to the employee downtime ransomware creates.
In short, ransomware is one of the most pressing threats of our time. These malicious programs force their way in through email, or via drive-by downloads as users seek out the resources they need to do their work.
The high cost of failure is preventable if businesses adapt and enforce these best practices.
Identify and Take Action Against Existing Threats
The first step in ransomware prevention is to take action against any existing threats. That protection begins with a strong firewall, but extends to endpoint security policies and alert systems. Don’t stop at eradicating the threat.
Make sure you’re set up for first response to future threats, while safeguarding important data from infected devices such as USB drives. It’s equally important to locally manage your network so IT can stop the propagation of an existing threat before it spreads to critical infrastructure.
Automate Patches for Workstations and Devices
The exploit that allowed WannaCry to wreak havoc was patched in 2017 by Microsoft. Businesses were hit hard because their IT teams were too bogged down to manage the infrastructure efficiently, leaving the end user responsible for critical updates. Your IT team needs an efficient method to test and deploy these patches to workstations remotely.
Critical patching should also not be left to a human, even a technically skilled member of IT administration. There are too many ways for the patching process to go wrong, therefore automation with remote monitoring is the best possible process for patch deployment.
Secure Backups of Stable Systems
Once a tested patch is deployed and the system is stabilized, the next step is to create a backup of sensitive data. It is recommended to keep data both locally and in the cloud, ensuring access under a variety of risk scenarios.
There are two reasons to secure backups. The first is obvious: there’s no guarantee your data will return unharmed if you pay the ransom. The second reason is to prevent data corruption from the ransom process.
Identify Non-compliant Devices and Take Action
Alongside automating your patches is another crucial step: identifying devices that are noncompliant. Mobile devices and workstations that travel offsite may not receive frequent updates if they are at the user’s home, or another remote location, unless the functionality is always-on and already present on the user’s device.
Companies would benefit from a mechanism to identify these noncompliant devices and patch them on or offsite. A secondary measure worth considering is proximity-based controls, where IT can shut down a specific application or device based on its proximity to the network.
Proactive, Not Reactive
These policies and best practices are designed to take a proactive stance against malware, but they also simplify the overhead that comes with administration. IT spends less time testing and configuring with automated patch deployment.
Continuous backups ensure data integrity, while proximity-based controls and network security measures provide greater control over each endpoint. Micro Focus ZENworks is an identity-centric solution to endpoint security.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.