“In an era of data breaches and identity theft, top-notch cyber security is essential for every enterprise, especially those doing business with the federal government. But with hackers constantly shifting tactics and new technologies continually emerging, doing so is a never-ending challenge.”
Here are 5 ways to protect your business from ransomware.
1. Setup a centralized patch management framework to keep your desktops and servers patched and updated against critical vulnerabilities :
Most modern operating systems now come with some type of patch management framework, Microsoft Windows users know this as Windows Updates. Ransomware exploits a critical vulnerability in Windows file sharing service to spread from one host to any host that is missing the critical patch that closes this vulnerability allowing the ransomware to spread with zero user interaction required. Windows Update Service or WUS is a service that allows for a centrally managed patch management framework for your business. Giving you the ability to not only schedule and automate patches but also to receive reports on what patches are installed, missing, and available and this service doesn’t require a paid subscription, or additional license other than a valid Windows server.
2. Use a vulnerability assessment solution to discover vulnerabilities and report vulnerabilities in your business :
Just like the service light on your car’s dashboard warns you of potential problems with your vehicle, you can use a vulnerability assessment server to run weekly or monthly scans of your business after hours and receive a human readable report of what vulnerabilities it has found and the possible solutions to correct the vulnerability. One of the best vulnerability assessment solutions is Nessus, while Nessus Professional costs a few thousand per year, you can use Nessus Essentials a free version that will scan up to 16 IP addresses, there are also a number of open source solutions such as open-vas, nmap etc. The key take away is that you need to know what and where your vulnerabilities are. Automating the scheduling and reporting every 30 days is a simple method of keeping yourself up to date on the ever changing cyber security threats. You want to be proactive.
3. Using network segmentation :
To give a better idea on how network segmentation works, picture the network as a office high rise with the different floors serving the same functions as different network segments. So a fire, flood, or other issue is contained to that floor. Network segmentation functions much the same way. This network segmentation would be used to divide different rolls or functions much the same as a company divides departments to different floors or offices. To further build on this, create different security zones on the firewall instead of the traditional untrusted/trusted model, create a security zone per functional role or group. An example could be remote-access, servers, users, WiFi, internet, and so forth. Finally setting ACL rules on the access layer switches and setting firewall rules to limit traffic between security zones.
4. Securing your DNS, the phone book of the internet :
The importance of securing both a businesses public and private DNS cannot be overstated. Many businesses using third party cloud mail services will add only the minimum required records to get the service working, the MX records. This leaves the business open to email spoofing and phishing attacks. Adding DKIM, SPF and DMARC records, helps identify the mail, tells who is allowed to talk to the mail server, and lets other mail servers know what you do with mail claiming to be from the mail server. Enabling DNSSEC allowing your DNS to be a trusted source by being able to validate DNS lookup. CAA records allows DNS to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. Additionally setting up pi-hole or signing up for either Cisco Umbrella or Cloudflare Teams will reduce the chances of a ransomware attack by blocking domains being used by bad actors or domains that fail validation via DNSSEC. Businesses could always change the public dns being forwarded from 188.8.131.52 to 184.108.40.206.
5. Maintain working backups of all your key systems :
Every business should write down what at a minimum it needs to continue functioning, The list can get pretty large, 2 30 days sets of backups should be kept, one offsite and one on site, with the 30th backup set kept for 12 months. The most important part of this and one that I often see over looked is testing a full restore annually to ensure the documented steps are still valid.