top of page
Top 5 Ways to Protect
Your Company
From Ransomware
to Guard Your Company from Ransomware in 2021...
Top 5 Ways
Protect Your Business
From ransomware attacks that may cost you millions
In a recent survey conducted by PWC, Canadian CEO’s ranked cybersecurity as the #1 threat to growth in Canada in 2021. This is shocking considering the COVID-19 pandemic is predicted to impact our economy and work environments well into the latter half of the year. The message is clear: cybersecurity, more specifically, ransomware is a serious risk to businesses of all sizes. However, for many businesses, they are unsure how to guard against this threat and how to secure their corporate assets and IT systems.
Ransomware Attacks
Have become increasingly more sophisticated...
And have even challenged the resources and capabilities of some of the worlds leading IT firms such as Microsoft, FireEye, and SolarWinds. In the Colonial pipeline attack, experts reported a new variation of Ransomware that appears to commercialize the process, meaning that any criminal could essentially purchase a managed attack service and execute the attack with little or no technical skill or experience. All this activity has led to a heightened risk for Canadian corporations that they may experience damages due to lost employee productivity or, in the worst case, the need to pay a ransom to restore your IT systems.
01. Educate Your Users
And have even challenged the resources and capabilities of some of the worlds leading IT firms such as Microsoft, FireEye, and SolarWinds. In the Colonial pipeline attack, experts reported a new variation of Ransomware that appears to commercialize the process, meaning that any criminal could essentially purchase a managed attack service and execute the attack with little or no technical skill or experience. All this activity has led to a heightened risk for Canadian corporations that they may experience damages due to lost employee productivity or, in the worst case, the need to pay a ransom to restore your IT systems.
02. Protect Your Email
The #1 entry point for ransomware is Email. Therefore, it is critical that we do all we can to prevent the attack from entering through this channel. A common mistake that smaller corporations make is to use a basic email service through a small email service provider. Or perhaps they rely on their Internet Service Provider (ISP) to provide them with email as an add-on service because it is free. These services lack the advanced features and capabilities required to identify malicious email and handle them appropriately. We recommend organizations use Microsoft 365 email service with an additional email filtering service such as Zero Spam to protect your user’s email accounts and significantly reduce the amount malicious email entering your network. These services are highly successful at blocking emails before they reach your user’s inboxes by scanning all inbound emails to detect unsafe attachments, web links, and email spoofing.
03. Invest in EDR
Anti-virus software has been in use for a long-time, but they are plagued by major issues that make them ineffective at stopping ransomware. Most platforms do a reasonable job at stopping attacks that have been seen before. The problem, however, is that most large ransomware attacks have a unique element to them that bypasses the AV software. The other challenge is that traditional AV software requires regular updates, and if these are missed, the door is open for attack. Modern (End-user Detection and EDR systems use a different approach to detect suspicious activity. They use technologies such as artificial intelligence, machine learning, and storylines to track activity and behavior of every file and application on a user’s machine and can act if they see suspicious behaviors. These behaviors are not needed to be known to the software through a prior attack or through a signature database, they are detected through pattern recognition and machine learning. For example, a common characteristic at the outset of a ransomware attack is to lock many files on the user’s machine. Modern EDR systems recognize this behavior as being suspicious and will immediately take action to isolate the machine, despite not knowing the variant of the attack. Another important aspect of the EDR service is the response element. When suspicious behavior is detected, the security operations center is notified immediately, and engineers can investigate the situation. This allows them to quickly identify the issue, isolate the machine, and notify the end user. Sometimes, this quick action can be the difference between an incident that is isolated to a single machine and a company-wide ransomware infection.
04. Backup Your Data
The rise of ransomware has significantly increased the importance of data backups and the role they play in your business continuity plan. You are far more likely to be faced with a restore event, either workstation or server, than you were in years past. This requires the assurance that a recent backup of the machine or data is available on quick notice. For most companies, this task consumes their IT resources, and they lose their diligent focus on backups. We recommend that you automate your backup process by using products such as Veeam Backup & Restore and Backup Radar for execution of the backup jobs and reporting of the daily statuses.
05. Copy Your Backups
Now that you have implemented your backup policy and have become very diligent at running the daily process, you are feeling very protected against disaster, right? Well, the bad news is that the attacker and the ransomware software knows of your intentions to restore quickly and knows a successful restore will foil their plans to cash in on a ransom. Nearly all ransomware attacks will certainly attempt to lock or destroy your backup copies. They do this by seeking out file types and extensions on the network that are commonly associated with backup copies. It is best practice to protect your backup copies by isolating them from the production network and by guarding them with a firewall. Our recommendation is to use an offsite data center, which can be a public cloud or private cloud depending on data security requirements, and we copy the local backups to the offsite facility. We then add further protection to the offsite backup servers by installing a firewall in front of them, and limit traffic from only the primary backup servers at your main site. This results in a restorable copy of your data being available, even if the worst-case scenario strikes your production network.
We're Here to Help
Don't Roll the Dice on Your Future
2021 is certain to bring many major attacks on Canadian corporations that will punish them via lost productivity or monetary damages. According to Netapp, the average time to fully recover from a ransomware attack in 2020 was an astonishing 14 days. The threat of ransomware has never been greater, and now is the best time to act and protect your business. If you would like more information about how to best protect your business from a ransomware infection, please reach out to Epic and get started today.
bottom of page