It sounds simple but, when it comes to ransomware (and many other types of cyber attacks), those five words will put you head and shoulders above most.
Prepare. Know what you have; what’s supposed to be there and what’s not. Then, protect what’s supposed to be there from what’s not. Then, just in case something slips by, make sure you have a good disaster recovery plan (that includes off site backups) in place.
Patch. Bad guys are going to attack your tech or your people. To attack the tech, they need to find a vulnerability or a miss configuration. Timely installation of manufacturer supplied patches will cut your exposure in half. Having a monthly maintenance plan like Cyber Tech Café’s MyIT Program will help ensure that the supplied patches are installed as they are released, with minimal effort on your part. More on addressing the other half in a minute.
Train. If you’ve patched your tech, your people are next (or first) in line. Train them during onboarding and ongoing security awareness training. Engage trusted organizations like Piratica that specialize in this kind of training to conduct security awareness training exercises like phishing, malicious media drops, etc. to get real world data on how your organization would react to a legitimate threat and incorporate those results into your onboarding and ongoing security awareness training.
Test. This is where the rubber hits the road. You’ve done your preparation, you have a disaster recovery plan, you have a solid patch management strategy, you’ve engaged everyone in your organization on your security awareness training program. Now it’s time to test. Engage a trusted company, like Piratica, to test your defenses. Are there vulnerabilities, miscommunications or unsuspecting users that the attacker could leverage to gain access to your organization. If so, address them now so that they aren’t available for the bad guys.
Repeat. Security isn’t a destination, it’s a journey. As soon as the bad guys find a way in, the good guys find a counter so the bad guys liik elsewhere (or differently), starting the process over. Good security isn’t magic, it isn’t hard but it does require planning and persistence. Plan. Patch. Train. Test. Repeat.