1. Review and Refine the Backups
Data backup can be a business’ lifeline if it is hit by ransomware. Security of data, therefore, is a critical requirement for any organization. Data backups should be done at regular intervals – not too long as that increases the volume of data loss in case of a ransomware attack; not too short either as that increases backup cost. The backup interval time will vary from organization to organization depending on the frequency of data update and critical nature of the data.
A complete review of the backup process and backup files must be done to ensure all critical aspects are covered. Check that a recent backup is stored offsite which is separate from the network, and that the restore process is tested and working properly. 3-2-1 is a good rule to follow: Keep three copies of your backup on two types of media and one copy offsite.
2. Conduct a Risk Analysis
Invest in third-party cybersecurity risk analysis and security audit. This is an effective way to check the vulnerability of your systems, whether or not they are as secure as they ought to be. While drafting a risk analysis plan, there can be a tendency to overlook weak spots. Do not factor out such human errors.
The audit team should use penetration testing to check vulnerability and security of the systems and their ability to fend off ransomware and other cyberattacks. They should be able to identify areas that need extra attention.
3. Train Employees on Cybersecurity and Cyber Hygiene
Cyber hygiene is generally poor in India. It is important to educate every internal stakeholder about security dos and don’ts, such as don’t click on suspicious link, don’t open email attachments from unknown sources or access sites that are not secure – https versus http, avoid public wifi in places such as airports, railway stations, etc. Are they aware that a simple act of charging a device can lead to it being hacked, depending on the type of power source is used? Tell them how to be secure so their personal data doesn’t land up in the dark web.
There must be a rapid response plan in place so that everyone knows the drill if their computer or device gets infected with malware. This should include training on what to do if a device disconnects from the network, how to isolate infected devices or change passwords regularly, and how to notify the network admin, among others.
4. Patch Known Vulnerabilities
Patch management is mostly done to fix problems within software programs. It helps to analyze existing software programs and detect any potential lack of security features or other upgrades. Thus, it is an integral part of ransomware protection, and yet many organizations tend to keep it aside as patching is a time-consuming and manual process.
It is in the best interest of the organization that a dedicated resource is assigned to regularly patch known weak spots and closely monitor vulnerabilities that can’t be patched immediately. It’s also a good idea to conduct regular checks for unknown vulnerabilities so they stay on the radar. Another vulnerability to look out for is the use of pirated software in the organization. Pirated software may save money initially, but it causes a lot more damage in the long run.
5. Stay Proactive
To wait for a ransomware attack to take place is highly injudicious. Companies must take proactive steps to keep the bad players out, such as:
- Enforcing application and site whitelisting which allows only approved applications to run on the company network;
- Staying informed with news, trends, and updates on cybersecurity and ransomware; and
- Scheduling regular access reviews to ensure privileged access to the network and resources is tightly controlled and monitored.
- A well-trained disaster response and recovery team
- A strategy for business continuity
- Cyber insurance
- An inventory of hardware and software
- Clear instructions on restoring from the backup
- Alternative workspaces and communication tools