How to Keep Clients Safe from Ransomware Forever

NOVEMBER 11TH, 2019
The FBI recently issued a PSA on the impact of ransomware on U.S. businesses. The frequency of ransomware (and other cybercrime) is going up, according to the FBI. Over the past year, ransomware infections at businesses have risen a staggering 365 percent. You’ve heard stats like these, and you’ve probably taken steps to thwart ransomware. But are your clients totally fortified? In this piece, we’ll look at three areas of focus that will help you solve the ransomware problem forever.

Prevention

The best way to stop ransomware is to prevent it. There are two categories to think about.

1. Education

Your clients have probably heard of ransomware, but do they know how it works? Do they know how to avoid it? If it ends up on their machines, do they know how to respond? Create an education program that helps them understand what ransomware does, why it’s essential to prevent it, and what to do if they get it.

2. Systems

The FBI has over a dozen recommendations for preventing ransomware. This includes obvious advice like spam filters, firewalls, and antivirus, but there are many less obvious steps to take like setting software restriction policies and disabling remote desktop protocols. Consider using a centralized patch management system. Many IT teams should also categorize data based on its organizational value and separate the different categories of data from one another. This allows you to restrict access to the most critical data and ensure that only admins can use it when necessary. For a full list of the FBI’s recommended precautions, check out this report.

Recovery

You may not be able to prevent every malware attack. What happens when a customer calls and tells you they have ransomware and the clock is ticking? If you’ve been taking regular backups, you can tell them not to worry. Backups might be your last line of defense against ransomware, but they’re also the key to fixing just about any issue you might encounter—assuming they’re set up correctly ahead of time. Here are some things to consider:
  • Full backup images – Storing files and folders in the cloud is a way to keep documents and other assets safe, but safe isn’t the same as useful—even if ransomware doesn’t affect files you need, you might still suffer from downtime. Make sure you have a backup image of every device and a quick way to recover, so data is safe and ready to use quickly.
  • Backup schedules and retention policies – A backup doesn’t do any good if it contains the malware you’re trying to get rid of. It’s wise to take full and incremental backups and set up retention policies. This ensures that when it’s time to recover, you’ll always have a clean backup.
    inline
  • Create redundancy – What would you do if ransomware locked up the storage device that contains your backups? To avoid this, make sure to have a backup stored on external devices and kept offline. It’s also wise to replicate backups to the cloud and even mirror them if they contain critical data. With enough redundancy and recovery options, there’s almost nothing that can keep your clients down for long.

Reporting

After a ransomware incident, identify where the threat came from and how it happened. Knowing this will help you sharpen your training program and identify potential weak points, whether they’re users, systems, or both. Be diligent in your information collection and use everything you learn to beef up prevention efforts. Last, be sure to report cybercrimes to the FBI so the agency is aware of the issues and can use the data in investigations.

Conclusion

Ransomware has cost people and companies billions, but it doesn’t have to. Firewalls, spam filters, and antivirus are great, but a solid backup is the best failsafe if ransomware makes it through. As long as you and your clients have backups, you’ll never be the victim.