10 Steps of Ransomware Readiness: Prescriptive Guidance

by | Jul 9, 2020 | Security

Ransomware attacks are a very real threat and are continually evolving and changing. Before you’re even aware of the ransomware, bad actors may be emailing your vendors, suppliers and/or customers to find their next target and downloading sensitive or proprietary information. Preparation is key and there are 10 steps you can take to help keep you protected.

10 Steps of Ransomware Readiness

Ransomware readiness is an ever-evolving process. To make it less overwhelming, you can take it one step at a time – first crawl, then walk, then run. We’ve put together 10 components of ransomware readiness to guide you through the various phases. Make sure you have addressed the items in each phase before moving onto the next one.

crawl

  1. Next-generation firewall: How is your firewall? How is it updated? Are you still using a traditional firewall or have you moved to a NextGen firewall?
  2. Next-generation antivirus and malware detection: Is your antivirus and malware detection ready for today’s evolving threats? How frequently are these solutions updated?
  3. Backups: Do you have local backups? Recovery backups? Offline backups? Have you tested recovery from your backups?
  4. Patch policies: How often are devices patched? What about servers? How do you approach out-of-band patches?
  5. Admin policies: Do you have separate admin accounts? What about multi-factor authentication (MFA)? Have you implemented identity access management (IAM) and regular log reviews?

walk

  1. Advanced email protection: Do you have zero-day malware protection? Time-of-click verification for email links? Anti-phishing policies?
  2. Security review of Office 365: Are you using the default installation? Have you taken steps to harden security? Are you conducting periodic log reviews?
  3. Port scans, including IPs and RDPs: How often are you conducting port scans? Annually is the bare minimum, quarterly is okay, but more often is best.
  4. Security awareness: How often is security awareness training conducted? How do you know whether everyone has completed the training and understands what’s at stake? What other programs do you have in place (phishing tests, posters, tips and reminders, etc.)?
  5. Internet security (DNS): Are you filtering by URL? Is it being conducted at the firewall level? Does it include remote users?

run

Ready to run? Or need a little more assistance at the crawl or walk levels? At Peters & Associates, we work with businesses of all sizes to improve their cybersecurity stance. We know organizations are dealing with new challenges from all sides, and we’re ready to help.

Ransomware is constantly evolving. Our guide can help you dig more deeply into how to crawl, walk and then run with ransomware readiness.