Maintain and publish a password policy for your organization. The policy should illustrate the importance of password security and credential use in the organization and strictly prohibit the use of corporate email addresses for personal activities, including personal correspondence, and for login purposes to third-party web applications or software properties.
Use an enterprise-friendly password manager and require employees to use this as part of the security program.
Enable the 2FA or MFA capability on everything used in the business. This includes email, network access, remote access, and any web-based applications. If a web application provider does not support multi-factor authentication, consider switching to one that does. Using an MFA code generator app is more secure than SMS MFA codes.
In order to combat threats, the team needs to be made aware of them. Security awareness training can equip employees with the information they need to identify, report, and prevent cyber attacks. Security awareness training should be ongoing with a well-planned program that includes metrics to monitor its effectiveness.
If remote access is required, use a zero-trust access method or a VPN. Also use two-factor authentication as well.
Keep at least one manual backup of your data offsite in a secure location. This can be done weekly and will save you if the ransomware encrypts your automatic backups.
Utilize host-based encryption where possible to encrypt data at rest. Windows BitLocker or Apple FileVault are examples.
The indicators of compromise (IOCs) related to ransomware are quickly and easily available on the internet or conveniently available in the GroupSense knowledge base for our customers. Use these indicators to enhance the posture of your network security stack.
Have a strong policy about using corporate email for personal use. Restrict access to personal mail on company assets. Use an email security solution to scan for malware, SPAM, and phishing attempts. Most importantly, educate and train employees on email security. Evidence shows these services contribute to a reduction in the likelihood of future phishing events. SANS Institute and Rapid7 offer training services specifically focused on phishing awareness.
Ransomware is a quick and easy path to revenue for criminals. Unfortunately, ransomware isn’t always the first play in a criminal’s playbook. They usually have been in your network for a while and deploy ransomware after they’ve accessed all your data. Fortunately we've put together a free guide for how to handle a ransomware incident.