Solution providers implementing and managing comprehensive ransomware defenses for small and midsize business clients can augment backup and recovery, mitigation and avoidance solutions with some basic controls that are based on sound, fundamental information security best practices, including:
- Require strong, complex user passwords that are changed at least every 90 days. Lock accounts after a set number of failed log-in attempts. Protect user systems with screen locks and automatically lock users out after a defined period of inactivity.
- Eliminate most local administrative rights, applying the principle of “Least Privilege” to all systems and services. Restricting these privileges can prevent ransomware from running or limit its ability to spread through the network.
- Apply sound patch management strategies to close vulnerabilities in operating systems and apps, particularly third-party applications from vendors such as Oracle (Java) and Adobe. Vulnerable applications are the target of most attacks, so ensuring the latest updates will reduce the number of entry points available to a ransomware attacker.
- Enable host-based anti-exploitation features such as Microsoft Enhanced Mitigation Experience Toolkit (EMET) to monitor, log and disable processes related to common memory-exploitation techniques such as buffer-overflow attacks.
- Tag all e-mails originating from outside the client organization with “[EXTERNAL]” in the subject line to thwart targeted phishing attempts that spoof the organization’s domain.
- Disable auto-run features for external media and disable macros in Microsoft Office documents attached to messages from external senders. Scan all software downloaded from the Internet prior to executing.
- Have an incident response plan with formally documented procedures that all of a client’s key players (management, PR, legal, etc.) are familiar with and involved in on an ongoing basis. The plan should outline specific steps to be taken when ransomware is discovered, including individual responsibilities, business-unit jurisdictions and alternate workflow contingencies.
Keep in mind that Carbonite endpoint and server backup services are an essential element of a ransomware protection strategy for SMBs. Through consistent, persistent and reliable cloud-based backup, Carbonite ensures SMBs will have access to mission-critical data that remains uncorrupted should there be a ransomware attack.
Jessica Couto is Vice President of U.S. Channel Sales & Marketing at Carbonite, a provider of cloud and hybrid backup and disaster recovery solutions for small and midsize businesses.
Guest blogs such as this one are published monthly and are part of Talkin' Cloud's annual platinum sponsorship.