With cyberattacks constantly making headlines, it is only a matter of time before a company may have to deal with the ramifications of its systems being compromised. Companies such as insurance firms, doctors’ offices, etc.--those with access to clients’ personal data--should have best practices in place to help guard themselves against ransomware and malware attacks.
Businesses should consider securing their network with a multilayer approach. By combing email and web security solutions with an endpoint anti-virus, organizations will be more thorough in protecting security gaps. Web protection platforms complement email security and AV endpoints by blocking malware at the source, and by scanning networks in search of previously untraced malware.
Another thing businesses should consider to protect their systems is a cloud-based strategy. This will allow solutions to be updated daily and ensure protection from new threats. Also, by having an online back-up solution, users can roll back all information to before the system was infected, undoing any damage.
Lastly, advanced spam filters can help eliminate your risk of a ransomware or malware attack. Advanced filters can ban email from regions where you are not conducting business, or you can change security settings to block macro-embedded Word documents or Excel files--both common entry points for ransomware.
However, as we know, nothing is foolproof, and at some point, you and your business may have to deal with a malicious attack. Because of this, it is important to have a good recovery plan in place to help mitigate time lost while trying to recover. If your systems have been compromised, knowing exactly what needs to be done, how it needs to be done and the timeline in which it needs to be done is imperative.
Here are a few tips that can help get you back up and running sooner rather than later:
1. Properly segment networks: Properly segmenting networks and limiting shared drives can make recovering from a malware event much easier. Doing so helps limit the spread of the infection inside a network and protects sensitive data from attackers attempting to pivot inside of the network.
2. Perform backups: Be prepared to wipe a workstation entirely and restore from backups. This is especially urgent in the case of a ransomware infection where the files have been encrypted by the attacker. Make sure you are backing up at proper intervals to ensure minimal data loss. Be sure to test your backups to ensure data integrity, and know that what is needed is being captured. You may also want to practice recovering from a backup. This will provide anticipated downtime and indicates areas where improvement may be made for a real attack.
3. Ensure that data is being stored properly: All sensitive customer and company data should be stored, sent and received using strong encryption. In the event you do suffer a data breach, this will make it much more difficult for the attackers to make use of the stolen data.
4. Identify suspicious activity in your DNS logs: It’s always a good idea to do this whether you have been breached or not. You can identify infected endpoints on your network by finding this activity in your DNS logs. In the event of an infection or breach, focus on these logs for finding other potentially compromised endpoints that may have otherwise gone undetected.
5. Implement alternate systems: Have alternate systems available to ensure continuity of operations while recovering.
This guest blog is part of a Channel Futures sponsorship.