Ransomware: How to prevent it
In recent years the threat of ransomware has increased. More and more (larger) companies witnessed attacks from cybercriminals who deliberately encrypt your data, hoping you’ll pay to restore data access. Consequences for your business can be serious: data breaches, lack of business continuity, and significant financial impact, to name a few. Did you know that cybercriminals even offer Ransomware-as-a-Service? Ransomware became a well-developed criminal revenue model. What can we do to prevent ransomware attacks? Find out in this blog, including practical prevention tips to help you reduce ransomware risk.
What are the causes?
Many factors affect the chances your organization is at risk for ransomware attacks. The most common way ransomware finds its way to your organization’s vital data is email. Whether it’s effective depends on other factors like email security, user practices, cybersecurity training, or endpoint security.
In a notorious ransomware case at the British National Health Service (NHS), the Wannacry strain infected deprecated Windows XP endpoints. Generally speaking, legacy systems (not only operating systems) are more vulnerable because it takes time to issue (costly) security patches. It also takes time before all devices & apps are updated, especially when efficient device management possibilities lack.
More recently, a large ransomware attack paralyzed a large US oil pipeline network, reminding the world of the serious (societal) impact ransomware could have. And since the European GDPR privacy laws were enacted, fines for data breaches have become higher.
Ransomware impacts crucial aspects of your business, possibly having serious (legal) consequences. In that light, it makes complete sense ransomware prevention is a top priority within enterprises nowadays.
Ransomware and email are inseparable
At a great distance, email is the most used way ransomware gets through within your organization. An unfortunate fact, given we all use email extensively in larger businesses. However, there is a bright side: we actually can take measures.
First of all, it’s always a good idea to rely on an email provider that takes care of security threats like ransomware attacks. Gmail, for example, incorporates the sandbox concept to detect malware within attachments safely. It keeps files isolated in sandboxes so there’s no chance their content could spread.
In the case of Gmail, there are a lot of security settings that could help prevent ransomware. For example, the settings around attachments are really helpful. Since people have become more aware of phishing, cybercriminals became even smarter in spoofing. Gmail provides smart ways to prevent similar domain spoofing or the malicious use of your colleagues’ names.
One of the latest security additions to Gmail is BIMI support: brand indicators for email. In order to get your company logo shown next to your email, you’ll need to register the intellectual property and get it verified by a third party. This makes it nearly impossible for cybercriminals to imitate your brand identity.
Another extremely important countermeasure is cybersecurity training. ‘Do we need that? Really?’, we completely understand this reaction. Although it would surprise you how many colleagues might be prone to phishing! A useful (and also fun!) ways exist to get more insights on how your team or company is doing, like the Security Awareness Training from our partner Knowbe4. You can even send colleagues fake phishing emails… how many will click, or download the fake ransomware?
What more could we do to prevent ransomware attacks
Fortunately, there are a number of measures we can take to prevent ransomware attacks.
Prevention tip #1: It’s all about your security strategy – of course you already know that. Implementing the Zero Trust strategy helps a great deal against data breaches caused by ransomware. Zero Trust is all about trust. A great way to manage this (who gets access to what, where, or why?) is by using Okta. Everybody within your company agrees cyber security is important, but on the other hand, nobody wants their digital work environment to become overly complicated. In fact, security measures easily become counterproductive when they’re not user-friendly. Okta solves that paradox, in the sense that it allows IT administrators to implement smart security rules that even simplify the way we work.
Prevention tip #2: Don’t forget about your endpoints, we can’t say this often enough. The NHS example we mentioned is extreme, and although we can recommend every organization to always upgrade to the latest operating system version, e.g. by using Device Management Software, there’s more to endpoint security… New devices running modern operating systems harbor security dangers as well. Within Google Workspace, Chrome Enterprise, and Okta there are a lot of opportunities for endpoint management & security. Key is the ability to manage large fleets of devices (remotely) to keep them up-to-date, and secure. Don’t let it trick you ‘the Cloud’ doesn’t work well with on-premise solutions, it does – and it even improves secure use of legacy apps. Chrome Enterprise allows IT admins to create, and push extensive sets of security policies that in the end (-point) help reduce ransomware risks.
Prevention tip #3:
Make sure you enforce Multi-Factor Authorization on all your users for example by leveraging the Google Authenticator for example. It seems so simple, but you will be surprised how many passwords are easy to guess. Multi-Factor Authorization adds a second security layer. Of course, you can also take this multiple steps forward by incorporating single sign-on. That way people don’t need to remind passwords at all.
Given the rise of ransomware attacks, and more importantly, the increasing impact, preventing ransomware attacks should be a top priority for enterprise organizations. We don’t claim to hold all wisdom and offer 1 solution to prevent all ransomware attacks. Such a solution simply doesn’t exist, but we believe a comprehensive approach to (Cloud) security will definitely help in preventing ransomware. One of the recurring services we provide for our clients, are regular security checks. We’re happy to help your organization as well, so let us know if you would like to apply for a security check which also includes checking ransomware prevention settings in your Google Workspace environment. Feel free to contact us to learn more about our Security Scans.