GlobalSign Blog

9 Ways to Protect Your Organization Against Ransomware Attacks

9 Ways to Protect Your Organization Against Ransomware Attacks

In previous articles, we have looked at what types of ransomware attacks  occur and the devastating financial impact it can have on organizations. But what can businesses do to prevent ransomware attacks and limit their impact?

1. Train Your Employees on Cybersecurity

Organizations mut be vigilant in training employees about cybersecurity, the associated threats and how to guard against them. According to Verizon, 82% of data breaches involved human element and providing education on the types of threat actors your business is up against will help to decrease the likelihood of an attack, such as phishing or ransomware occurring. 

2. Backup Your Data and Have a Recovery Plan In Place

Backing up your data on a regular basis will give the best chance to helping business recover from a ransomware infection, as well as minimizing the damage caused. Don’t forget to also protect the backup to protect it from cyberthreats. 

3. Conduct Regular Patching and Updates on Software Used Within The Company

More often than not, ransomware attackers find entry points to systems through software by exploiting their vulnerabilities. Developers generally will actively search for these vulnerabilities and release patches for them. 60% of companies don’t patch their systems on a regular basis, but it’s by doing this, businesses can strengthen and safeguard against any potential weaknesses. 

4. Have the Appropriate Insurance In Place

As threat actors target businesses of all sizes, from large enterprise’s to SME’s, it’s important to make sure your company is insured against ransomware. This is not your traditional business policy but a dedicated ‘cyber liability’ policy. 

The Direct Line Group reported earlier this year that only a quarter (26%) of small business professionals see cybersecurity as a top priority for their organisation and one in six (17%) don’t see it as a priority at all.

5. Invest In Password Security and Multi-Factor Authentication

Single-factor methods of authentication (i.e. username and passwords) are no longer a sufficient security control. Whilst you can invest and strengthen password security through programs such as a password manager, it is also worth considering authentication. 

6. Secure Your Emails with S/MIME

More than 90% of ransomware attacks are executed through phishing emails. Securing your business’ emails can give trust to your customers and stakeholders that the communications received by those within your company are valid and legitimate. You can do this with a protocol called S/MIME. In a nutshell, S/MIME uses two cryptographic functions which can verify the email sender’s identity and protect the communication when in transit on mail servers through the use of encryption. 

By using such a protocol, not only can you increase customer trust but also protect your business by blocking potential phishing attempts, and allow your business to implement remediation.

7. Implement or review your Bring Your Own Device (BYOD) Policy

Since the pandemic, homeworking and hybrid-working have increased in popularity, and with this some employees have being using their own devices to gain access to the company’s network. But with this comes risks; lost or stolen devices, password protection, mobile app breaches, and non-encrypted data and connections. 

If your employees are using their own device, consider implementing a BYOD policy, and if you have one already in place, review it for weaknesses. Read our white paper on BYOD and discover tips on creating a balanced strategy and the solutions available to help protect your company. 

8. Have an Incident Response Plan and Team in Place

Prepare an Incident Response Plan (IRP) as soon as possible, either drafted by your CISO or through a company and legal committee – collectively known as the Incident Response Team (IRT). The IRT members make decisions and delegate tasks within the IRP, including full contact details as well as backup personnel. 

9. Complete regular security audits

Your business should be continuously monitoring assets and deployment of technologies to contain threats. A security audit should be conducted regularly both internally and externally and include reviews of data security, operational security, network security, system security and physical security.

This list is definitely not exhaustive of all the options your business has to help protect your organization against ransomware, but it is a foundation to start building your fort against threat actors. 

Share this Post

Related Blogs