BLOG

Twenty Things For Ransomware Protection

We are at an especially vulnerable moment in our transition to a digital economy. As mentioned in the last blog, Australia government has an announcement on cybersecurity issues recently happened. It points out an interesting point that the biggest problem is the human factor, especially when it comes to ransomware. It becomes very critical that each organization needs to take steps to protect the network or network attached elements.

While each corporation has its own network environment, without talking about too much details, here are 20 things from Fortinet experts that any organisation can begin to implement today to reduce their risk from ransomware and other advanced threats.

1. Wherever possible, patch and update operating systems, devices, and software. Make this a priority for your remote workers – especially those using personal devices to connect to the corporate network.

2. For devices that can’t be patched, ensure that appropriate proximity controls and alerts are in place.

3. Make sure that all endpoint devices have advanced security installed, such as anti-exploit and EDR solutions.

4. Also make sure that access controls, such as multifactor authentication and even Network Access Control solutions are in place

5. Use NAC to inspect and block bring-your-own-devices that do not meet security policy

6. Segment your network into security zones to prevent the spread of infection and tie access controls to dynamic segmentation.

7. Use inventory tools and IOC lists to prioritize which of your assets are at the most risk.

8. Update your network IPS signatures, as well as device antivirus and anti-malware tools.

9. Back-up systems and then store those backups offline – along with any devices and software you may need in the event of a network recovery.

10. Make sure that ransomware recovery is part of your BCDR, Identify your recovery team, run drills, and pre-assign responsibilities so systems can be restored quickly in the event of a successful breach.

11. Update your email and web security gateways to check and filter out email attachments, websites, and files for malware.

12. Make sure that CDR (content disarm and recovery) solutions are in place to deactivate malicious attachments.

13. Use a sandbox to discover, execute, and analyze new or unrecognized files, documents, or programs in a safe environment.

14. Block advertisements and social media sites that have no business relevance

15. Use zero-trust network access that includes virus assessments so users can’t infect business-critical applications, data, or services

16. Use application whitelisting to prevent unauthorized applications from being downloaded or run.

17. Prevent unauthorized SaaS applications with a CASB solution.

18. Use forensic analysis tools to identify where an infection came from, how long it has been in your environment, ensure you have removed all of it from every device, and ensure it doesn’t come back

19. Plan around the weakest link in your security system – the people who use your devices and applications. Training is essential but limited. Proper tools, such as secure email gateways, for example, can eliminate most if not all phishing emails and malicious attachments.

20. Leverage people, technology, and processes to quickly gather threat intelligence about active attacks on your networks and act on it, using automation where possible. This is crucial to stopping an advanced attack in its tracks.