Ransomware attacks remain prevalent. You can unknowingly download ransomware onto a computer by opening an email attachment, clicking an ad, or visiting a website that's embedded with malware. The costly disruptions to your operations and loss of critical information is not worth the risk. Through a competitively solicited and publicly awarded cooperative contract with OMNIA Partners and Insight Public Sector, participants have access to a plethora of cybersecurity solutions to prevent and mitigate risk.
Make use of tools like multifactor authentication, as passwords alone are insufficient protection against cyber-attacks. Audit and update backup processes to secure your data. Look to Insight Public Sector as your go-to resource for enterprise-wide security. In this blog, Insight reveals 6 effective and easy ways to protect your organization from ransomware attacks.
1. Choose the right endpoint security solution
When all else fails, your endpoint solution will be your last line of defense; however, not all endpoint security products are created equal. In working with Insight, we make sure the endpoint security solution is properly deployed across your organization and works well for your users and mission.
Most endpoint security solutions protect against automated and manual threats by leveraging the following key capabilities:
- Incoming threat detection and prevention (pre-execution)
- Execution-based threat detection and prevention (on-execution)
- Continuous analysis and remediation post-infection (post-execution)
The unfortunate truth is that each endpoint security solution in the marketplace does not possess the same level of threat intelligence, nor operate with the same level of remediation effectiveness. Insight is here to ensure you choose the optimal solution.
2. Monitor your Active Directory changes
In many cases, agencies do not proactively monitor their Active Directory® (AD) changes, especially, group policies. Attackers can modify an existing group policy to create a scheduled task, which would run an executable at a future date. This is by far the easiest and quickest method for distributing an attack throughout an environment. Monitoring AD changes, particularly during off-hours and weekends, is a very effective way to discover the signs of an attack before it is beyond control.
3. Implement a workstation isolation strategy
Most environments already have access to a perfect solution in Windows® Defender Firewall, which can be managed with AD group policies. Keep in mind, this can be part of a broader endpoint hardening strategy.
4. Implement a vulnerability management program
While patching is extremely important, it is not enough when your security gaps could also be configuration related. The goal of patching is to close security gaps within software applications. However, even with the most up-to-date systems/applications, if your internal systems are relying on insecure protocols (such as NTLMv1), you’re vulnerable to threats. Insight recommends organizations implement a continuous vulnerability management program involving regular scanning of external and internal assets, as well as prioritizing remediation based on the severity of the identified vulnerabilities, which may or may not be patch related.
5. Implement Multifactor Authentication (MFA)
We’ve all been told to use strong passwords, but passwords alone are not enough. In most instances, MFA is not in use. If you only use passwords to authenticate a user, even if they are strong passwords, you are taking on risk. Requiring a second form of authentication helps ensure identity, as it’s usually something that isn’t as easy for an attacker to obtain.
6. Make regular offline backups
Backups must be comprehensive and performed regularly with offline copies. This means the offline copies are not continuously addressable or accessible from production networks.
In one incident, an agency's enterprise backup solution was completely deleted by attackers, however their offline backups in the cloud saved them from several thousands of dollars in ransomware payment. In a different instance, the agency had to pay several hundred thousand dollars, as they had no other choice due to the criticality of the encrypted business systems.
While there are numerous security solutions not on this list that could serve as additional protections against ransomware, the goal is to summarize a few simple and effective strategies that can easily be implemented to provide quick wins in the war against ransomware. Given the prevalence and magnitude of today’s cybersecurity threats, combined with today’s remote work environment, Insight is here to help your organization to avoid becoming the next victim of a cyber- attack.
About Insight Public Sector and OMNIA Partners
Insight Public Sector (Insight) simplifies IT procurement by providing the technologies, implementation skills and management expertise your organization needs. Insight has dedicated, cost-effective solutions for IT procurement, infrastructures, lifecycle management, and cybersecurity. Insight's competitively solicited contract available to education institutions and government entities through OMNIA Partners, ensures you receive their best overall government pricing on our broad portfolio of products and IT service solutions. Not a participant? Become one today!