Ransomware attacks cost smaller companies an average of $713,000 per incident. The reason lays in a combination of downtime costs and lost business due to reputational harm. No wonder this threat keeps our client’s CISO and security teams up at night. We know it firsthand – helping them to keep data safe is our job as a SaaS data protection company.
We’ve spent years creating data protection software and here is what we’ve discovered along the way: to protect your company systems and data from ransomware, you need to use multiple strategies and tools at the same time. Because relying on one solution like antivirus won’t get you far in case of a full-blown ransomware attack.
Don’t worry, there are solutions that can make your life easier – we speak about them as a part of a strong multilayer ransomware protection strategy we talk about in this article.
In short, here is this approach:
- Data security
- Device security
- Network security
- Application security
- Email security
- Access security
- End-user behavior security
Let’s look at these more closely and also mention some software you can use to shore up your defense.
Table of Contents
№1. Data Security: Airtight Backup
If you don’t have a robust Data Loss Protection (DLP) plan, all your security strategy will fall apart. The core of all the DLP plan is having a ransomware-proof backup that will let you restore data in case you get hit. Backup is literally the first thing you must take care of, so if you don’t have one, set everything aside and start tackling this task.
What you should remember when implementing your backup plan is that backups are not ransomware-proof by default. It means that if your systems are hit with crypto-ransomware, it will slip into the backup copies as well, leaving you with empty hands.
If your backup provider doesn’t have inbuilt ransomware protection, you need to implement the following backup tactics:
1. Stick to the 3-2-1 rule – have a minimum of three copies of your backup, on two mediums, keeping one copy offsite;
2. Backup your data at least three times a day;
3. Enable version control to be able to restore different versions of your data;
Here is the full article about Ransomware backup strategy→
An easier way – you can choose a backup provider with inbuilt ransomware protection. Very few providers on the market grant ransomware protection coming with backup services, making the backed up files isolated and airtight.
Ransomware-proof backup software – SpinBackup
We recommend SpinBackup as a highly secure cloud-to-cloud backup solution for G Suite and Office 365 data. It covers many the security and compliance issues, providing you with 24/7 ransomware protection that:
- Identifies and blocks the ransomware source
- Alerts you about the incident
- Stops the encryption process
- Identifies the number of damaged (encrypted) files
- Runs a granular recovery of encrypted files from the last backed up version
If you get hit, your backups will remain sealed and the encrypted files will be restored right away.
Also, note that there are no strings attached:
- You don’t need to install any software (everything is web-based)
- You can start from 5 licenses and choose a monthly subscription
SpinBackup offers a 15-day trial of backup + ransomware protection for G Suite and Office 365 data.
How does Spin ransomware protection work? Watch this video:
№2. Device Security: Patch Manager and Antivirus Software
Another must-have desktop protection is having an antivirus. Of course antivirus, no matter how good it is, won’t entirely protect you from ransomware (if you thought otherwise, check out why antivirus doesn’t protect from all types of ransomware ). And yet, an antivirus program is a necessary line of defense that secures your devices from viruses, adware, worms, trojans, and others.
How does antivirus help against ransomware, you may ask? It’s simple: since ransomware is often spread as downloadable malware, there is a chance that antivirus will detect and block it before it encrypted any files.
Don’t know where to look for the right software?
№3. Network Security: Firewall
A firewall is your first line of defense or your computer network gatekeepers. Contrary to antivirus software, which requires a very small effort to set up, firewalls usually require special knowledge. Firewalls may come as a piece of software or even hardware, which operates between the user device and the Internet. To put it simply, a firewall is a gatekeeper for the incoming traffic, which may contain a ransom code.
A firewall detects all possible exploits in your network and shields them. Also, it minimizes the risk of lateral movement inside your network and filters all the inbound and outbound traffic. It allows blocking any unsolicited and suspicious websites and attachments.
Don’t know where to look for the right software?
№4.SaaS/Application Security: Application Audit Software
Employees download and use hundreds of third-party apps and extensions every day. No wonder they are becoming a common channel of malware infections, including ransomware.
Take a look at the number of malicious apps detected on G Suite Marketplace in 2019 year:
These risky applications can contain malware that is deployed when a user provides such apps access to their corporate data.
For example, an employee installs an app that allows signing documents online; in order to function, this app requests different kinds of permissions – to Google Docs, local folders, email, and so on. When the permissions are granted, this app can inject ransomware code to every location it has access to.
This risk with apps is a part of a bigger problem called “Shadow IT”, which we fully address in the article Shadow IT management: rules and tools. But here are some fundamental rules that can eliminate your risk of being infected:
1. Create a procedure for the application approval and the evaluation criteria;
2. Create an ever-growing list of allowed and blocked applications;
3. Prevent users from accessing the blocked applications within your domain;
4. Monitor, assess, and block (if needed) all unauthorized apps connected to your domain.
If you manage a G Suite domain with many users, we advise you to use specifically dedicated application audit tools for these purposes. Otherwise, it is almost impossible to track what users download, what permissions they grant to applications or extensions, and whether the app is risk-free.
Application audit software – SpinSecurity (for G Suite users)
№5. Email Security: Anti-Spam Filtering
Phishing emails with malicious links in them are confirmed by cybersecurity experts to be the leading cause of ransomware, being responsible for 67% of successful attacks in 2019-2020. Logically, by reducing the number of phishing emails your employees get, you decrease the likelihood of employees clicking on the link.
There are few ways to set up phishing and malware protection for your email:
1. If you use G Suite as your business suite, follow the steps on this page.
Don’t know where to look for the right software?
Here are the best email security tools by rating if you look for a third-party solution.
Check out 10 types of ransomware you need to stay away from in 2020 →
№6. Access Security: Authorization and Sharings Management
Many organizations have a clear understanding of job roles and who does what within their team, but only some manage computer user roles as attentively as required.
You have to determine the users and the data access they have. It should be clear, who can write to a database or specific data set within your database, and how to temporarily acquire or surrender a role in the case when an employee gains new responsibilities – all these processes should be planned. Having a correct employee exit procedure is important as well.
Moreover, for maximum transparency, safety, and efficiency we recommend tracking as many user activities as possible. Having proper software can minimize the human factor and keep your corporate network safe even in case your employees fail to follow your cybersecurity guidelines.
If you are an Office 365 user, you may want to check more about roles and permissions in the Security and Compliance Center.
№7.Authentication Security: Set Up Password Policy and Enable Two-Factor Verification
Strong authentication practices prevent your system from unauthorized access, like brute-force attacks, password stuffing, and account hijacking.
Weak authentication practices like the lack of a strong password policy and two-step verification make it a piece of cake for a hacker to penetrate your system and inject ransomware.
Weak password policy is the reason behind up to 81% of data breaches. Thus, we recommend you to create a strong password policy and ensure your employees understand and follow it.
Here are some of the main rules:
- Create a unique password for your work. It shouldn’t be the same as in your social media.
- Don’t make your password too short. It should include eight characters at least.
- Use various characters: upper- and lowercase letters, digits, and symbols.
- Never create too obvious passwords like 123456, qwerty, abcdef.
- Change your passwords regularly.
Two-factor verification (or 2FA) provides the second step of checking whether a user is authorized to enter. Ensure 2FA is installed and used to access data in your corporate network.
2FA may prove user identity in a number of different ways. For example, by generating a unique code by a special app like Google Authenticator. The code can be sent via a text message, email, etc.
2FA requires both email and mobile phone to get access to an account. Having the second check in place dramatically decreases the risk of unauthorized access, and thus limits the ransomware attacks too.
№8. End-User Behavior Security: Train Your Employees
In most cases, the end-user is the one that performs an action that triggers a ransomware attack. Security awareness training for your employees, although not being a panacea, can decrease the number of unaware or careless employees up to 90%, which drastically lowers their chances of clicking the wrong link.
Make sure that you have an easy to understand cybersecurity training conducted, and all the information is efficiently learned. Then, ensure that people know how to safely behave over the internet and within your internal IT infrastructure. Some testing (and rewards) will help too.
One of the best ways to educate your employees is by running a mock phishing attack. You can send out fake phishing emails and watch people clicking the links. After that, explain that in real life they might have caused a ransomware infection.
Don’t know where to look for the right cybersecurity training?
Here are the best security awareness training by rating
To Keep In Mind
We get that these measures may seem like a lot, especially if you have a tiny IT department with limited time and a tight budget. And yet, before you decide to cut yourself some slack, we urge you to consider the following:
Around 60% of small-to-medium businesses close after experiencing a ransomware attack because they can’t stomach the losses.
If you’d known the extent of damage that comes with ransomware, all the prevention wouldn’t seem so daunting. After all, better safe than sorry.
So follow these rules and your defenses won’t fall short.
Read next: Ransomware 2.0 is a new generation of attacks that targets cloud data. Learn more →